1269 commits

Author	SHA1	Message	Date
Offensive Security	f52bbcb598	DB: 2017-11-28 ... 15 new exploits	2017-11-28 19:14:29 +00:00
Offensive Security	1eca65f43e	DB: 2017-11-27 ... 1 new exploits i.Scribe SMTP Client 2.00b - wscanf Remote Format String (PoC) i.Scribe SMTP Client 2.00b - 'wscanf' Remote Format String (PoC) MemHT Portal 4.0.1 - user agent Persistent Cross-Site Scripting MemHT Portal 4.0.1 - 'User Agent' Persistent Cross-Site Scripting	2017-11-27 10:06:43 +00:00
Offensive Security	2126b71b1f	DB: 2017-11-27 ... 1 new exploits Avaya OfficeScan (IPO) < 10.1 - ActiveX Buffer Overflow Avaya IP Office (IPO) < 10.1 - ActiveX Buffer Overflow Avaya OfficeScan (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH) Avaya IP Office (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH)	2017-11-27 05:02:18 +00:00
Offensive Security	c62b253bde	DB: 2017-11-26 ... 2 new exploits ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)	2017-11-26 05:02:31 +00:00
Offensive Security	66dc3007b7	DB: 2017-11-25 ... 1 new exploits Linksys SPA941 - \377 Character Remote Denial of Service Linksys SPA941 - '\377' Character Remote Denial of Service Caucho Resin 3.1 - \web-inf Traversal Arbitrary File Access Caucho Resin 3.1 - '/web-inf' Traversal Arbitrary File Access Google Urchin 5.7.3 - \Report.cgi' Authentication Bypass Google Urchin 5.7.3 - 'Report.cgi' Authentication Bypass Dojo Toolkit 1.4.1 - '\dijit\tests\_testCommon.js?theme' Cross-Site Scripting Dojo Toolkit 1.4.1 - 'doh\runner.html' Multiple Cross-Site Scripting Vulnerabilities Dojo Toolkit 1.4.1 - '/dijit/tests/_testCommon.js?theme' Cross-Site Scripting Dojo Toolkit 1.4.1 - '/doh/runner.html' Multiple Cross-Site Scripting Vulnerabilities	2017-11-25 05:02:11 +00:00
Offensive Security	d304cc3d3e	DB: 2017-11-24 ... 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00
Offensive Security	68825c6583	DB: 2017-11-24 ... 2 new exploits Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow (PoC) Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow Sun SUNWlldap Library Hostname - Buffer Overflow Sun SUNWlldap Library Hostname - Local Buffer Overflow Microsoft Windows XP - 'explorer.exe' Buffer Overflow Microsoft Windows XP - 'explorer.exe' Local Buffer Overflow Solaris Runtime Linker (SPARC) - 'ld.so.1' Buffer Overflow Solaris Runtime Linker (SPARC) - 'ld.so.1' Local Buffer Overflow FirstClass Desktop 7.1 - Buffer Overflow FirstClass Desktop 7.1 - Local Buffer Overflow xsplumber - 'strcpy()' Buffer Overflow xsplumber - 'strcpy()' Local Buffer Overflow BSDi 3.0 inc - Buffer Overflow Privilege Escalation BSDi 3.0 inc - Local Buffer OverflowPrivilege Escalation expect (/usr/bin/expect) - Buffer Overflow expect (/usr/bin/expect) - Local Buffer Overflow xsoldier 0.96 (RedHat 6.2) - Buffer Overflow xsoldier 0.96 (RedHat 6.2) - Local Buffer Overflow Seyon 2.1 rev. 4b i586-Linux (RedHat 4.0/5.1) - Overflow Seyon 2.1 rev. 4b i586-Linux (RedHat 4.0/5.1) - Local Overflow splitvt < 1.6.5 - Overflow splitvt < 1.6.5 - Local Overflow SquirrelMail - 'chpasswd' Buffer Overflow SquirrelMail - 'chpasswd' Local Buffer Overflow AIX lquerylv - Buffer Overflow Privilege Escalation AIX lquerylv - Local Buffer OverflowPrivilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Buffer Overflow Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow Privilege Escalation zgv - '$HOME' Buffer Overflow Solaris 2.4 passwd / yppasswd / nispasswd - Overflows zgv - '$HOME' Local Buffer Overflow Solaris 2.4 passwd / yppasswd / nispasswd - Local Overflows htpasswd Apache 1.3.31 - Overflow htpasswd Apache 1.3.31 - Local Overflow Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Buffer Overflow Privilege Escalation Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow Privilege Escalation Oracle Database Server 10.1.0.2 - Buffer Overflow Oracle Database Server 10.1.0.2 - Local Buffer Overflow WinRAR 3.30 - 'Filename' Buffer Overflow (1) WinRAR 3.30 - 'Filename' Buffer Overflow (2) WinRAR 3.30 - 'Filename' Local Buffer Overflow (1) WinRAR 3.30 - 'Filename' Local Buffer Overflow (2) Oracle Database Server 9i/10g - 'XML' Buffer Overflow Oracle Database Server 9i/10g - 'XML' Local Buffer Overflow Microsoft HTML Help Workshop - '.hhp' Buffer Overflow (1) Microsoft HTML Help Workshop - '.hhp' Local Buffer Overflow (1) Microsoft HTML Help Workshop - '.hhp' Buffer Overflow (2) Microsoft HTML Help Workshop - '.hhp' Buffer Overflow (3) Microsoft HTML Help Workshop - '.hhp' Local Buffer Overflow (2) Microsoft HTML Help Workshop - '.hhp' Local Buffer Overflow (3) Microsoft Visual Studio 6.0 sp6 - '.dbp' Buffer Overflow Microsoft Visual Studio 6.0 sp6 - '.dbp' Local Buffer Overflow Pico Zip 4.01 - 'Filename' Buffer Overflow Pico Zip 4.01 - 'Filename' Local Buffer Overflow PowerZip 7.06.38950 - 'Filename Handling' Buffer Overflow PowerZip 7.06.38950 - 'Filename Handling' Local Buffer Overflow AtomixMP3 < 2.3 - '.m3u' Buffer Overflow BlazeVideo HDTV Player 2.1 - '.PLF' Buffer Overflow (PoC) AtomixMP3 < 2.3 - '.m3u' Local Buffer Overflow BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow (PoC) Microsoft Help Workshop 4.03.0002 - '.cnt' Buffer Overflow Microsoft Help Workshop 4.03.0002 - '.cnt' Local Buffer Overflow Microsoft Help Workshop 4.03.0002 - '.HPJ' Buffer Overflow Microsoft Help Workshop 4.03.0002 - '.HPJ' Local Buffer Overflow FreeBSD mcweject 0.9 'Eject' - Buffer Overflow Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Local Buffer OverflowPrivilege Escalation Corel Paint Shop Pro Photo 11.20 - '.clp' Buffer Overflow Adobe Photoshop CS2 / CS3 - '.bmp' Buffer Overflow ABC-View Manager 1.42 - '.psp' Buffer Overflow FreshView 7.15 - '.psp' Buffer Overflow Corel Paint Shop Pro Photo 11.20 - '.clp' Local Buffer Overflow Adobe Photoshop CS2 / CS3 - '.bmp' Local Buffer Overflow ABC-View Manager 1.42 - '.psp' Local Buffer Overflow FreshView 7.15 - '.psp' Local Buffer Overflow IrfanView 4.00 - '.iff' Buffer Overflow Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png' Buffer Overflow IrfanView 4.00 - '.iff' Local Buffer Overflow Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png' Local Buffer Overflow Live for Speed S1/S2/Demo - '.mpr replay' Buffer Overflow Live for Speed S1/S2/Demo - '.mpr replay' Local Buffer Overflow Live for Speed S1/S2/Demo - '.ply' Buffer Overflow Live for Speed S1/S2/Demo - '.spr' Buffer Overflow Live for Speed S1/S2/Demo - '.ply' Local Buffer Overflow Live for Speed S1/S2/Demo - '.spr' Local Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.ty' Buffer Overflow (SEH) VideoLAN VLC Media Player 0.9.4 - '.ty' Local Buffer Overflow (SEH) Cain & Abel 4.9.23 - '.rdp' Buffer Overflow Cain & Abel 4.9.23 - '.rdp' Local Buffer Overflow CoolPlayer 2.19 - 'PlaylistSkin' Buffer Overflow CoolPlayer 2.19 - 'PlaylistSkin' Local Buffer Overflow Free Download Manager 3.0 Build 844 - '.torrent' Buffer Overflow Free Download Manager 3.0 Build 844 - '.torrent' Local Buffer Overflow BulletProof FTP Client 2009 - '.bps' Buffer Overflow (SEH) BulletProof FTP Client 2009 - '.bps' Local Buffer Overflow (SEH) cTorrent/DTorrent - '.torrent' Buffer Overflow cTorrent/DTorrent - '.torrent' Local Buffer Overflow CoolPlayer Portable 2.19.1 - '.m3u' Buffer Overflow (1) CoolPlayer Portable 2.19.1 - '.m3u' Buffer Overflow (2) CoolPlayer Portable 2.19.1 - 'Skin' Buffer Overflow CoolPlayer Portable 2.19.1 - '.m3u' Local Buffer Overflow (1) CoolPlayer Portable 2.19.1 - '.m3u' Local Buffer Overflow (2) CoolPlayer Portable 2.19.1 - 'Skin' Local Buffer Overflow Zoom Player Pro 3.30 - '.m3u' Buffer Overflow (SEH) Zoom Player Pro 3.30 - '.m3u' Local Buffer Overflow (SEH) Mini-stream ASX to MP3 Converter 3.0.0.7 - '.RAM' Buffer Overflow Mini-stream ASX to MP3 Converter 3.0.0.7 - '.RAM' Local Buffer Overflow Live For Speed 2 Version Z - '.mpr' Buffer Overflow (SEH) Live For Speed 2 Version Z - '.mpr' Local Buffer Overflow (SEH) NScan 0.9.1 - 'Target' Buffer Overflow NScan 0.9.1 - 'Target' Local Buffer Overflow Audio Lib Player - '.m3u' Buffer Overflow (SEH) Audio Lib Player - '.m3u' Local Buffer Overflow (SEH) Alleycode HTML Editor 2.2.1 - Buffer Overflow Alleycode HTML Editor 2.2.1 - Local Buffer Overflow Millenium MP3 Studio 2.0 - '.m3u' Buffer Overflow Millenium MP3 Studio 2.0 - 'mpf' Buffer Overflow Millenium MP3 Studio 2.0 - '.m3u' Local Buffer Overflow Millenium MP3 Studio 2.0 - 'mpf' Local Buffer Overflow Xion Audio Player 1.0 121 - '.m3u' Buffer Overflow (2) Xion Audio Player 1.0 121 - '.m3u' Local Buffer Overflow (2) Alleycode 2.21 - Overflow (SEH) (PoC) Alleycode 2.21 - Local Overflow (SEH) (PoC) Serenity Audio Player Playlist - '.m3u' Buffer Overflow Millenium MP3 Studio 2.0 - 'pls' Buffer Overflow Serenity Audio Player Playlist - '.m3u' Local Buffer Overflow Millenium MP3 Studio 2.0 - 'pls' Local Buffer Overflow Adobe Illustrator CS4 14.0.0 - Encapsulated Postscript '.eps' Buffer Overflow Adobe Illustrator CS4 14.0.0 - Encapsulated Postscript '.eps' Local Buffer Overflow M3U To ASX-WPL 1.1 - '.m3u' Buffer Overflow Microsoft HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (1) Audacity 1.2.6 - '.gro' Buffer Overflow M3U To ASX-WPL 1.1 - '.m3u' Local Buffer Overflow Microsoft HTML Help Workshop 4.74 - '.hhp' Local Buffer Overflow (1) Audacity 1.2.6 - '.gro' Local Buffer Overflow Ghostscript < 8.64 - 'gdevpdtb.c' Buffer Overflow PointDev IDEAL Administration 2009 9.7 - Buffer Overflow (Metasploit) HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) gAlan 0.2.1 - Buffer Overflow (1) Ghostscript < 8.64 - 'gdevpdtb.c' Local Buffer Overflow PointDev IDEAL Administration 2009 9.7 - Local Buffer Overflow (Metasploit) HTML Help Workshop 4.74 - '.hhp' Local Buffer Overflow (Metasploit) gAlan 0.2.1 - Local Buffer Overflow (1) Audio Workstation 6.4.2.4.3 - '.pls' Buffer Overflow (Metasploit) Audio Workstation 6.4.2.4.3 - '.pls' Local Buffer Overflow (Metasploit) Easy RM to MP3 Converter 2.7.3.700 - Buffer Overflow Easy RM to MP3 Converter 2.7.3.700 - Local Buffer Overflow Easy RM to MP3 27.3.700 (Windows XP SP3) - Overflow Easy RM to MP3 27.3.700 (Windows XP SP3) - Local Overflow Easy RM to MP3 2.7.3.700 - Buffer Overflow Easy RM to MP3 2.7.3.700 - Local Buffer Overflow Mini-stream RM-MP3 Converter 3.1.2.1 - '.m3u' Buffer Overflow Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit) Mini-stream RM-MP3 Converter 3.1.2.1 - '.m3u' Local Buffer Overflow Media Jukebox 8.0.400 - Local Buffer Overflow (SEH) (Metasploit) Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) Mini-stream 3.0.1.1 - Local Buffer Overflow (Metasploit) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) DJ Studio Pro 5.1.6.5.2 - Local Overflow (SEH) PlayMeNow 7.3/7.4 - Buffer Overflow (Metasploit) PlayMeNow 7.3/7.4 - Local Buffer Overflow (Metasploit) Audiotran 1.4.1 (Windows XP SP2/SP3 English) - Buffer Overflow Audiotran 1.4.1 (Windows XP SP2/SP3 English) - Local Buffer Overflow Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (1) Rosoft Media Player 4.4.4 - Local Buffer Overflow (SEH) (1) VideoLAN VLC Media Player 0.8.6 a/b/c/d (Win32 Universal) - '.ass' Buffer Overflow VideoLAN VLC Media Player 0.8.6 a/b/c/d (Win32 Universal) - '.ass' Local Buffer Overflow RM Downloader - '.m3u' Buffer Overflow (SEH) RM Downloader - '.m3u' Local Buffer Overflow (SEH) SOMPL Player 1.0 - Buffer Overflow SOMPL Player 1.0 - Local Buffer Overflow Winamp 5.572 - Overflow (SEH) Winamp 5.572 - Local Overflow (SEH) Yahoo Player 1.0 - '.m3u' / '.pls' / '.ypl' Buffer Overflow (SEH) Yahoo Player 1.0 - '.m3u' / '.pls' / '.ypl' Local Buffer Overflow (SEH) Yahoo Player 1.0 - '.m3u' Buffer Overflow Yahoo Player 1.0 - '.m3u' Local Buffer Overflow KenWard's Zipper 1.400 - Buffer Overflow (2) KenWard's Zipper 1.400 - Local Buffer Overflow (2) ZipScan 2.2c - Overflow (SEH) PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow ZipScan 2.2c - Local Overflow (SEH) PHP 6.0 Dev - 'str_transliterate()' Local Buffer Overflow PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow (NX + ASLR Bypass) PHP 6.0 Dev - 'str_transliterate()' Local Buffer Overflow (NX + ASLR Bypass) WM Downloader 3.0.0.9 - Buffer Overflow (Metasploit) WM Downloader 3.0.0.9 - Local Buffer Overflow (Metasploit) AVCON H323Call - Buffer Overflow IDEAL Migration 4.5.1 - Buffer Overflow (Metasploit) AVCON H323Call - Local Buffer Overflow IDEAL Migration 4.5.1 - Local Buffer Overflow (Metasploit) SyncBack Freeware 3.2.20.0 - Overflow (SEH) SyncBack Freeware 3.2.20.0 - Local Overflow (SEH) Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - 'OpenSession()' Buffer Overflow Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - 'OpenSession()' Local Buffer Overflow IP2location.dll 1.0.0.1 - Function 'Initialize()' Buffer Overflow Mediacoder 0.7.3.4672 - Overflow (SEH) IP2location.dll 1.0.0.1 - Function 'Initialize()' Local Buffer Overflow Mediacoder 0.7.3.4672 - Local Overflow (SEH) Free WMA MP3 Converter 1.1 - Buffer Overflow (SEH) Free WMA MP3 Converter 1.1 - Local Buffer Overflow (SEH) Easy CD-DA Recorder 2007 - Buffer Overflow (SEH) Easy CD-DA Recorder 2007 - Local Buffer Overflow (SEH) ActivePerl 5.8.8.817 - Buffer Overflow Power Tab Editor 1.7 (Build 80) - Buffer Overflow Rosoft Audio Converter 4.4.4 - Buffer Overflow ActivePerl 5.8.8.817 - Local Buffer Overflow Power Tab Editor 1.7 (Build 80) - Local Buffer Overflow Rosoft Audio Converter 4.4.4 - Local Buffer Overflow FieldNotes 32 5.0 - Buffer Overflow (SEH) FieldNotes 32 5.0 - Local Buffer Overflow (SEH) BlazeDVD 6.0 - Buffer Overflow (Metasploit) RM Downloader 3.1.3 - Buffer Overflow (SEH) BlazeDVD 6.0 - Local Buffer Overflow (Metasploit) RM Downloader 3.1.3 - Local Buffer Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovwebsnmpsrv.exe' Buffer Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovwebsnmpsrv.exe' Local Buffer Overflow (SEH) MoreAmp - Buffer Overflow (SEH) (Metasploit) MoreAmp - Local Buffer Overflow (SEH) (Metasploit) ZipCentral - '.zip' Buffer Overflow (SEH) ZipCentral - '.zip' Local Buffer Overflow (SEH) WM Downloader 3.1.2.2 2010.04.15 - Buffer Overflow (SEH) HTML Email Creator 2.42 build 718 - Buffer Overflow (SEH) WM Downloader 3.1.2.2 - Buffer Overflow (1) WM Downloader 3.1.2.2 2010.04.15 - Local Buffer Overflow (SEH) HTML Email Creator 2.42 build 718 - Local Buffer Overflow (SEH) WM Downloader 3.1.2.2 - Local Buffer Overflow (1) Microsoft Windows - 'win32k.sys' Driver 'CreateDIBPalette()' Buffer Overflow Mini-stream Ripper 3.1.2.1 - Buffer Overflow (DEP Bypass) myMP3-Player 3.0 - Buffer Overflow Microsoft Windows - 'win32k.sys' Driver 'CreateDIBPalette()' Local Buffer Overflow Mini-stream Ripper 3.1.2.1 - Local Buffer Overflow (DEP Bypass) myMP3-Player 3.0 - Local Buffer Overflow Mediacoder 0.7.5.4710 - Buffer Overflow Mediacoder 0.7.5.4710 - 'Universal' Buffer Overflow (SEH) Mediacoder 0.7.5.4710 - Local Buffer Overflow Mediacoder 0.7.5.4710 - 'Universal' Local Buffer Overflow (SEH) Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (2) Rosoft Media Player 4.4.4 - Local Buffer Overflow (SEH) (2) MicroP 0.1.1.1600 - 'mppl' Buffer Overflow MicroP 0.1.1.1600 - 'mppl' Local Buffer Overflow Audiotran 1.4.2.4 - Overflow (SEH) Audiotran 1.4.2.4 - Local Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Local Overflow (SEH) BACnet OPC Client - Buffer Overflow (1) DJ Studio Pro 8.1.3.2.1 - Overflow (SEH) BACnet OPC Client - Local Buffer Overflow (1) DJ Studio Pro 8.1.3.2.1 - Local Overflow (SEH) Audiotran 1.4.2.4 - Overflow (SEH) (DEP Bypass) Audiotran 1.4.2.4 - Local Overflow (SEH) (DEP Bypass) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) (Metasploit) MP3 Workstation 9.2.1.1.2 - Local Overflow (SEH) (Metasploit) iworkstation 9.3.2.1.4 - Overflow (SEH) Digital Music Pad 8.2.3.3.4 - Overflow (SEH) (Metasploit) iworkstation 9.3.2.1.4 - Local Overflow (SEH) Digital Music Pad 8.2.3.3.4 - Local Overflow (SEH) (Metasploit) Xion Audio Player 1.0.127 - '.m3u' Buffer Overflow Xion Audio Player 1.0.127 - '.m3u' Local Buffer Overflow Fat Player 0.6b - '.wav' Buffer Overflow (SEH) Fat Player 0.6b - '.wav' Local Buffer Overflow (SEH) MiniShare 1.4.0 < 1.5.5 - 'users.txt' Buffer Overflow MiniShare 1.5.5 - Buffer Overflow (SEH) GSPlayer 1.83a Win32 Release - Buffer Overflow MiniShare 1.4.0 < 1.5.5 - 'users.txt' Local Buffer Overflow MiniShare 1.5.5 - Local Buffer Overflow (SEH) GSPlayer 1.83a Win32 Release - Local Buffer Overflow Free CD to MP3 Converter 3.1 - Buffer Overflow Free CD to MP3 Converter 3.1 - Local Buffer Overflow Free CD to MP3 Converter 3.1 - Buffer Overflow (SEH) MP3-Nator 2.0 - Buffer Overflow (SEH) Free CD to MP3 Converter 3.1 - Local Buffer Overflow (SEH) MP3-Nator 2.0 - Local Buffer Overflow (SEH) Realtek Audio Control Panel 1.0.1.65 - Buffer Overflow Realtek Audio Microphone Calibration 1.1.1.6 - Buffer Overflow Realtek HD Audio Control Panel 2.1.3.2 - Buffer Overflow Realtek Audio Control Panel 1.0.1.65 - Local Buffer Overflow Realtek Audio Microphone Calibration 1.1.1.6 - Local Buffer Overflow Realtek HD Audio Control Panel 2.1.3.2 - Local Buffer Overflow MP3-Nator - Buffer Overflow (SEH) (DEP Bypass) MiniShare 1.5.5 - 'users.txt' Buffer Overflow (Egghunter) MP3-Nator - Local Buffer Overflow (SEH) (DEP Bypass) MiniShare 1.5.5 - 'users.txt' Local Buffer Overflow (Egghunter) Mediacoder 0.7.5.4792 - Buffer Overflow (SEH) Mediacoder 0.7.5.4797 - '.m3u' Buffer Overflow (SEH) Video Charge Studio 2.9.5.643 - '.vsc' Buffer Overflow (SEH) Mediacoder 0.7.5.4792 - Local Buffer Overflow (SEH) Mediacoder 0.7.5.4797 - '.m3u' Local Buffer Overflow (SEH) Video Charge Studio 2.9.5.643 - '.vsc' Local Buffer Overflow (SEH) FreeAmp 2.0.7 - '.m3u' Buffer Overflow PowerShell XP 3.0.1 - Buffer Overflow FreeAmp 2.0.7 - '.m3u' Local Buffer Overflow PowerShell XP 3.0.1 - Local Buffer Overflow Aesop GIF Creator 2.1 - '.aep' Buffer Overflow Altarsoft Audio Converter 1.1 - Buffer Overflow (SEH) Aesop GIF Creator 2.1 - '.aep' Local Buffer Overflow Altarsoft Audio Converter 1.1 - Local Buffer Overflow (SEH) Word Splash Pro 9.5 - Buffer Overflow MP3 CD Converter Professional - Buffer Overflow (SEH) Word Splash Pro 9.5 - Local Buffer Overflow MP3 CD Converter Professional - Local Buffer Overflow (SEH) Music Animation Machine MIDI Player - Buffer Overflow (SEH) Music Animation Machine MIDI Player - Local Buffer Overflow (SEH) Enzip 3.00 - Buffer Overflow BS.Player 2.57 - Buffer Overflow (SEH Unicode) Enzip 3.00 - Local Buffer Overflow BS.Player 2.57 - Local Buffer Overflow (SEH Unicode) Magic Music Editor - Buffer Overflow Nokia MultiMedia Player 1.0 - Overflow (SEH Unicode) Magic Music Editor - Local Buffer Overflow Nokia MultiMedia Player 1.0 - Local Overflow (SEH Unicode) eXtremeMP3 Player - Buffer Overflow (SEH) A-PDF All to MP3 Converter 2.0.0 - '.wav' Buffer Overflow eXtremeMP3 Player - Local Buffer Overflow (SEH) A-PDF All to MP3 Converter 2.0.0 - '.wav' Local Buffer Overflow A-PDF All to MP3 Converter 2.0.0 - '.wav' Buffer Overflow (SEH) A-PDF All to MP3 Converter 2.0.0 - '.wav' Local Buffer Overflow (SEH) CodeBlocks 8.02 - 'cbp' Buffer Overflow CodeBlocks 8.02 - 'cbp' Local Buffer Overflow AOL Desktop 9.6 - '.rtx' Buffer Overflow AOL Desktop 9.6 - '.rtx' Local Buffer Overflow MoviePlay 4.82 - '.lst' Buffer Overflow CuteZip 2.1 - Buffer Overflow MoviePlay 4.82 - '.lst' Local Buffer Overflow CuteZip 2.1 - Local Buffer Overflow Elecard AVC_HD/MPEG Player 5.7 - Buffer Overflow Elecard AVC_HD/MPEG Player 5.7 - Local Buffer Overflow Adobe - 'util.printf()' Buffer Overflow (Metasploit) (1) Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (1) Adobe - 'Collab.getIcon()' Buffer Overflow (Metasploit) (1) Adobe - 'Collab.getIcon()' Local Buffer Overflow (Metasploit) (1) VUPlayer - '.m3u' Buffer Overflow (Metasploit) VUPlayer - '.m3u' Local Buffer Overflow (Metasploit) Adobe - 'util.printf()' Buffer Overflow (Metasploit) (2) Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (2) Fat Player Media Player 0.6b0 - Buffer Overflow (Metasploit) Fat Player Media Player 0.6b0 - Local Buffer Overflow (Metasploit) Steinberg MyMP3Player 3.0 - Buffer Overflow (Metasploit) Steinberg MyMP3Player 3.0 - Local Buffer Overflow (Metasploit) WM Downloader 3.1.2.2 - Buffer Overflow (Metasploit) (2) WM Downloader 3.1.2.2 - Local Buffer Overflow (Metasploit) (2) Altap Salamander 2.5 PE Viewer - Buffer Overflow (Metasploit) VUPlayer - '.cue' Buffer Overflow (Metasploit) Altap Salamander 2.5 PE Viewer - Local Buffer Overflow (Metasploit) VUPlayer - '.cue' Local Buffer Overflow (Metasploit) A-PDF WAV to MP3 1.0.0 - Buffer Overflow (Metasploit) S.O.M.P.L 1.0 Player - Buffer Overflow (Metasploit) gAlan 0.2.1 - Buffer Overflow (Metasploit) (2) A-PDF WAV to MP3 1.0.0 - Local Buffer Overflow (Metasploit) S.O.M.P.L 1.0 Player - Local Buffer Overflow (Metasploit) gAlan 0.2.1 - Local Buffer Overflow (Metasploit) (2) BACnet OPC Client - Buffer Overflow (Metasploit) (2) BACnet OPC Client - Local Buffer Overflow (Metasploit) (2) Adobe - 'Collab.collectEmailInfo()' Buffer Overflow (Metasploit) Adobe - 'Collab.collectEmailInfo()' Local Buffer Overflow (Metasploit) Microsoft Visual Basic - '.VBP' Buffer Overflow (Metasploit) Adobe - 'Collab.getIcon()' Buffer Overflow (Metasploit) (2) Microsoft Visual Basic - '.VBP' Local Buffer Overflow (Metasploit) Adobe - 'Collab.getIcon()' Local Buffer Overflow (Metasploit) (2) Movavi VideoSuite 8.0 MediaPlayer - '.m3u' Buffer Overflow Movavi VideoSuite 8.0 MediaPlayer - '.m3u' Local Buffer Overflow ABBS Audio Media Player - '.m3u' / '.LST' Buffer Overflow ABBS Audio Media Player 3.0 - '.lst' Buffer Overflow (SEH) ABBS Electronic Flash Cards 2.1 - '.fcd' Buffer Overflow ABBS Audio Media Player - '.m3u' / '.LST' Local Buffer Overflow ABBS Audio Media Player 3.0 - '.lst' Local Buffer Overflow (SEH) ABBS Electronic Flash Cards 2.1 - '.fcd' Local Buffer Overflow POP Peeper 3.7 - Overflow (SEH) CORE MultiMedia Suite 2011 CORE Player 2.4 - '.m3u' Buffer Overflow Mediacoder 2011 RC3 - '.m3u' Buffer Overflow POP Peeper 3.7 - Local Overflow (SEH) CORE MultiMedia Suite 2011 CORE Player 2.4 - '.m3u' Local Buffer Overflow Mediacoder 2011 RC3 - '.m3u' Local Buffer Overflow Word List Builder - Buffer Overflow (SEH) MPlayer (r33064 Lite) - Buffer Overflow + ROP Word List Builder - Local Buffer Overflow (SEH) MPlayer (r33064 Lite) - Local Buffer Overflow+ ROP MikeyZip 1.1 - '.zip' Buffer Overflow MikeyZip 1.1 - '.zip' Local Buffer Overflow VeryTools VideoSpirit Pro 1.70 - '.visprj' Buffer Overflow (Metasploit) Wordtrainer 3.0 - '.ord' Buffer Overflow VeryTools VideoSpirit Pro 1.70 - '.visprj' Local Buffer Overflow (Metasploit) Wordtrainer 3.0 - '.ord' Local Buffer Overflow PlaylistMaker 1.5 - '.txt' Buffer Overflow PlaylistMaker 1.5 - '.txt' Local Buffer Overflow SimplyPlay 66 - '.pls' Buffer Overflow SimplyPlay 66 - '.pls' Local Buffer Overflow Wireshark 1.4.1 < 1.4.4 - Overflow (SEH) Wireshark 1.4.1 < 1.4.4 - Local Overflow (SEH) Subtitle Processor 7.7.1 - Buffer Overflow (SEH Unicode) NetOp Remote Control 8.0/9.1/9.2/9.5 - Buffer Overflow Subtitle Processor 7.7.1 - Local Buffer Overflow (SEH Unicode) NetOp Remote Control 8.0/9.1/9.2/9.5 - Local Buffer Overflow PHP 5.3.5 - 'socket_connect()' Buffer Overflow Chasys Media Player 2.0 - Buffer Overflow (SEH) PHP 5.3.5 - 'socket_connect()' Local Buffer Overflow Chasys Media Player 2.0 - Local Buffer Overflow (SEH) CoolPlayer Portable 2.19.2 - Buffer Overflow Sonique 1.96 - '.m3u' Buffer Overflow SpongeBob SquarePants Typing - Buffer Overflow (SEH) CoolPlayer Portable 2.19.2 - Local Buffer Overflow Sonique 1.96 - '.m3u' Local Buffer Overflow SpongeBob SquarePants Typing - Local Buffer Overflow (SEH) The KMPlayer 3.0.0.1440 (Windows 7) - '.mp3' Buffer Overflow (ASLR Bypass) The KMPlayer 3.0.0.1440 (Windows 7) - '.mp3' Local Buffer Overflow (ASLR Bypass) FreeAmp 2.0.7 - '.fat' Buffer Overflow FreeAmp 2.0.7 - '.pls' Buffer Overflow FreeAmp 2.0.7 - '.fat' Local Buffer Overflow FreeAmp 2.0.7 - '.pls' Local Buffer Overflow PHP 5.3.6 - Buffer Overflow (ROP) (PoC) PHP 5.3.6 - Local Buffer Overflow (ROP) (PoC) Word List Builder 1.0 - Buffer Overflow (Metasploit) Wordtrainer 3.0 - '.ord' Buffer Overflow (Metasploit) CoolPlayer Portable 2.19.2 - Buffer Overflow (Metasploit) Word List Builder 1.0 - Local Buffer Overflow (Metasploit) Wordtrainer 3.0 - '.ord' Local Buffer Overflow (Metasploit) CoolPlayer Portable 2.19.2 - Local Buffer Overflow (Metasploit) ZipGenius 6.3.2.3000 - '.zip' Buffer Overflow ZipGenius 6.3.2.3000 - '.zip' Local Buffer Overflow MPlayer Lite r33064 - '.m3u' Buffer Overflow (DEP Bypass) Zinf Audio Player 2.2.1 - '.pls' Buffer Overflow (DEP Bypass) ABBS Audio Media Player 3.0 - Buffer Overflow (Metasploit) ABBS Electronic Flashcards 2.1 - Buffer Overflow (Metasploit) FreeAmp 2.0.7 - '.fat' Buffer Overflow (Metasploit) MPlayer Lite r33064 - '.m3u' Local Buffer Overflow (DEP Bypass) Zinf Audio Player 2.2.1 - '.pls' Local Buffer Overflow (DEP Bypass) ABBS Audio Media Player 3.0 - Local Buffer Overflow (Metasploit) ABBS Electronic Flashcards 2.1 - Local Buffer Overflow (Metasploit) FreeAmp 2.0.7 - '.fat' Local Buffer Overflow (Metasploit) CoolPlayer Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (1) CoolPlayer Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) (1) DVD X Player 5.5 Pro - Overflow (SEH + ASLR + DEP Bypass) ScadaTEC ModbusTagServer & ScadaPhone - '.zip' Buffer Overflow DVD X Player 5.5 Pro - Local Overflow (SEH + ASLR + DEP Bypass) ScadaTEC ModbusTagServer & ScadaPhone - '.zip' Local Buffer Overflow Wav Player 1.1.3.6 - '.pll' Buffer Overflow Wav Player 1.1.3.6 - '.pll' Local Buffer Overflow Muse Music All-in-One 1.5.0.001 - '.pls' Buffer Overflow (DEP Bypass) Muse Music All-in-One 1.5.0.001 - '.pls' Local Buffer Overflow (DEP Bypass) GTA SA-MP - 'server.cfg' Buffer Overflow (Metasploit) GTA SA-MP - 'server.cfg' Local Buffer Overflow (Metasploit) Mini-stream Ripper 3.0.1.1 - Buffer Overflow (Metasploit) (3) Mini-stream Ripper 3.0.1.1 - Local Buffer Overflow (Metasploit) (3) Microsoft Excel 2007 - '.xlb' Buffer Overflow (MS11-021) (Metasploit) Microsoft Excel 2007 - '.xlb' Local Buffer Overflow (MS11-021) (Metasploit) BS.Player 2.57 - Buffer Overflow (SEH Unicode) (Metasploit) BS.Player 2.57 - Local Buffer Overflow (SEH Unicode) (Metasploit) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) (Metasploit) DJ Studio Pro 5.1.6.5.2 - Local Overflow (SEH) (Metasploit) Socusoft Photo 2 Video 8.05 - Buffer Overflow Socusoft Photo 2 Video 8.05 - Local Buffer Overflow RM Downloader 3.1.3.3.2010.06.26 - '.m3u' Buffer Overflow (Metasploit) RM Downloader 3.1.3.3.2010.06.26 - '.m3u' Local Buffer Overflow (Metasploit) Bitsmith PS Knowbase 3.2.3 - Buffer Overflow BlazeVideo HDTV Player 6.6 Professional - Overflow (SEH + ASLR + DEP Bypass) Bitsmith PS Knowbase 3.2.3 - Local Buffer Overflow BlazeVideo HDTV Player 6.6 Professional - Local Overflow (SEH + ASLR + DEP Bypass) GSM SIM Editor 5.15 - Buffer Overflow (Metasploit) xRadio 0.95b - Buffer Overflow (Metasploit) Shadow Stream Recorder 3.0.1.7 - Buffer Overflow (Metasploit) GSM SIM Editor 5.15 - Local Buffer Overflow (Metasploit) xRadio 0.95b - Local Buffer Overflow (Metasploit) Shadow Stream Recorder 3.0.1.7 - Local Buffer Overflow (Metasploit) SkinCrafter ActiveX Control 3.0 - Buffer Overflow SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow Fred N. van Kempen dip 3.3.7 - Buffer Overflow (1) Fred N. van Kempen dip 3.3.7 - Buffer Overflow (2) Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow (1) Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow (2) TFM MMPlayer - '.m3u' / '.ppl' Buffer Overflow (Metasploit) TFM MMPlayer - '.m3u' / '.ppl' Local Buffer Overflow (Metasploit) Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Buffer Overflow Sun Solaris 7.0 - '/usr/bin/lpset' Buffer Overflow Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Local Buffer Overflow Sun Solaris 7.0 - '/usr/bin/lpset' Local Buffer Overflow Xcmail 0.99.6 - Buffer Overflow Xcmail 0.99.6 - Local Buffer Overflow Slackware Linux 3.1 - '/usr/X11/bin/SuperProbe' Buffer Overflow Armidale Software Yapp Conferencing System 2.2 - Buffer Overflow Slackware Linux 3.1/3.2 - 'color_xterm' Buffer Overflow (1) Slackware Linux 3.1/3.2 - 'color_xterm' Buffer Overflow (2) Slackware Linux 3.1 - '/usr/X11/bin/SuperProbe' Local Buffer Overflow Armidale Software Yapp Conferencing System 2.2 - Local Buffer Overflow Slackware Linux 3.1/3.2 - 'color_xterm' Local Buffer Overflow (1) Slackware Linux 3.1/3.2 - 'color_xterm' Local Buffer Overflow (2) IBM AIX 4.2.1 - '/usr/bin/portmir' Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 - 'ping' Buffer Overflow IBM AIX 4.2 - '/usr/sbin/lchangelv' Buffer Overflow IBM AIX 4.2.1 - '/usr/bin/portmir' Local Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 - 'ping' Local Buffer Overflow IBM AIX 4.2 - '/usr/sbin/lchangelv' Local Buffer Overflow RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Buffer Overflow (1) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Buffer Overflow (2) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Local Buffer Overflow (1) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Local Buffer Overflow (2) URL Hunter - Buffer Overflow DEP Bypass Solaris 2.5.1 - 'kcms' Buffer Overflow (1) Solaris 2.5.1 - 'kcms' Buffer Overflow (2) URL Hunter - Local Buffer OverflowDEP Bypass Solaris 2.5.1 - 'kcms' Local Buffer Overflow (1) Solaris 2.5.1 - 'kcms' Local Buffer Overflow (2) Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Buffer Overflow Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Local Buffer Overflow Xi Graphics Accelerated X 4.0.x/5.0 - Buffer Overflow VMware 1.0.1 - Buffer Overflow Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (2) Xi Graphics Accelerated X 4.0.x/5.0 - Local Buffer Overflow VMware 1.0.1 - Local Buffer Overflow Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Local Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Local Buffer Overflow (2) Samba < 2.0.5 - Overflow Samba < 2.0.5 - Local Overflow RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Buffer Overflow (1) RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Buffer Overflow (2) RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Local Buffer Overflow (1) RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Local Buffer Overflow (2) Martin Stover Mars NWE 0.99 - Buffer Overflow DIGITAL UNIX 4.0 d/e/f / AIX 4.3.2 / CDE 2.1 / IRIX 6.5.14 / Solaris 7.0 - Buffer Overflow Martin Stover Mars NWE 0.99 - Local Buffer Overflow DIGITAL UNIX 4.0 d/e/f / AIX 4.3.2 / CDE 2.1 / IRIX 6.5.14 / Solaris 7.0 - Local Buffer Overflow DIGITAL UNIX 4.0 d/f / AIX 4.3.2 / CDE 2.1 / IRIX 6.5.14 / Solaris 7.0 / SunOS 4.1.4 - Buffer Overflow DIGITAL UNIX 4.0 d/f / AIX 4.3.2 / CDE 2.1 / IRIX 6.5.14 / Solaris 7.0 / SunOS 4.1.4 - Local Buffer Overflow BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow (1) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow (2) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Local Overflow (1) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Local Overflow (2) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (1) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (2) IRIX 6.5 / Solaris 7.0 / Turbolinux 4.2 - 'uum' Buffer Overflow Turbolinux 3.5 b2 - 'canuum' Buffer Overflow Yamaha MidiPlug 1.1 b-j MidiPlug - Buffer Overflow Hylafax Hylafax 4.0.2 - Buffer Overflow xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (1) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Local Buffer Overflow (2) IRIX 6.5 / Solaris 7.0 / Turbolinux 4.2 - 'uum' Local Buffer Overflow Turbolinux 3.5 b2 - 'canuum' Local Buffer Overflow Yamaha MidiPlug 1.1 b-j MidiPlug - Local Buffer Overflow Hylafax Hylafax 4.0.2 - Local Buffer Overflow SCO Unixware 7.0 - 'xlock(1)' 'Username' Buffer Overflow SCO Unixware 7.0 - 'xlock(1)' 'Username' Local Buffer Overflow FreeBSD 3.3 - 'gdc' Buffer Overflow FreeBSD 3.3 - 'gdc' Local Buffer Overflow FreeBSD 3.3 - 'xmindpath' Buffer Overflow FreeBSD 3.3 - 'angband' Buffer Overflow FreeBSD 3.3 - 'xmindpath' Local Buffer Overflow FreeBSD 3.3 - 'angband' Local Buffer Overflow RSA Security RSAREF 2.0 - Buffer Overflow SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'xauto' Buffer Overflow RSA Security RSAREF 2.0 - Local Buffer Overflow SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'xauto' Local Buffer Overflow SCO Unixware 7.1 pkgcat - Buffer Overflow SCO Unixware 7.1 pkginstall - Buffer Overflow SCO Unixware 7.1 pkgcat - Local Buffer Overflow SCO Unixware 7.1 pkginstall - Local Buffer Overflow VDOLive Player 3.0.2 - Buffer Overflow VDOLive Player 3.0.2 - Local Buffer Overflow SCO Open Server 5.0.5 / IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library - Buffer Overflows SCO Open Server 5.0.5 / IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library - Local Buffer Overflows Inter7 vpopmail (vchkpw) 3.4.11 - Buffer Overflow Inter7 vpopmail (vchkpw) 3.4.11 - Local Buffer Overflow Microsoft Clip Art Gallery 5.0 - Buffer Overflow Microsoft Clip Art Gallery 5.0 - Local Buffer Overflow Sam Hawker wmcdplay 1.0 beta1-2 - Buffer Overflow (1) Sam Hawker wmcdplay 1.0 beta1-2 - Buffer Overflow (2) Sam Hawker wmcdplay 1.0 beta1-2 - Local Buffer Overflow (1) Sam Hawker wmcdplay 1.0 beta1-2 - Local Buffer Overflow (2) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (1) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (2) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (3) Solaris 2.6/7.0 - 'lpset -r' Local Buffer Overflow (1) Solaris 2.6/7.0 - 'lpset -r' Local Buffer Overflow (2) Solaris 2.6/7.0 - 'lpset -r' Local Buffer Overflow (3) SuSE Linux 6.3/6.4 Gnomelib - Buffer Overflow SuSE Linux 6.3/6.4 Gnomelib - Local Buffer Overflow Solaris 2.6/7.0/8 - 'netpr' Buffer Overflow (1) Solaris 2.6/7.0/8 - 'netpr' Buffer Overflow (2) Solaris 2.6/7.0/8 - 'netpr' Local Buffer Overflow (1) Solaris 2.6/7.0/8 - 'netpr' Local Buffer Overflow (2) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (2) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Local Buffer Overflow (2) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (1) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (2) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (3) Mandriva Linux Mandrake 7.0 - Buffer Overflow Mandriva Linux Mandrake 7.0 - Local Buffer Overflow BSD 'mailx' 8.1.1-10 - Buffer Overflow (1) mailx 8.1.1-10 (BSD/Slackware) - Buffer Overflow (2) BSD 'mailx' 8.1.1-10 - Local Buffer Overflow (1) mailx 8.1.1-10 (BSD/Slackware) - Local Buffer Overflow (2) Sam Lantinga splitvt 1.6.3 - Buffer Overflow Solaris 2.5/2.6/7.0/8 ufsrestore - Buffer Overflow Sam Lantinga splitvt 1.6.3 - Local Buffer Overflow Solaris 2.5/2.6/7.0/8 ufsrestore - Local Buffer Overflow Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - Buffer Overflow (ASLR + DEP Bypass) IRIX 6.5.x - '/usr/sbin/gr_osview' Buffer Overflow SGI IRIX 6.2 - 'libgl.so' Buffer Overflow IRIX 6.5.x - '/usr/sbin/dmplay' Buffer Overflow IRIX 6.2/6.3 - '/bin/lpstat' Buffer Overflow Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - Local Buffer Overflow (ASLR + DEP Bypass) IRIX 6.5.x - '/usr/sbin/gr_osview' Local Buffer Overflow SGI IRIX 6.2 - 'libgl.so' Local Buffer Overflow IRIX 6.5.x - '/usr/sbin/dmplay' Local Buffer Overflow IRIX 6.2/6.3 - '/bin/lpstat' Local Buffer Overflow IRIX 5.3/6.x - '/usr/bin/mail' Buffer Overflow IRIX 5.3/6.x - '/usr/bin/mail' Local Buffer Overflow CoolPlayer Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (2) CoolPlayer Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) (2) CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) CoolPlayer+ Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) Exim Buffer 1.6.2/1.6.51 - Overflow Exim Buffer 1.6.2/1.6.51 - Local Overflow Jan Hubicka Koules 1.4 - 'Svgalib' Buffer Overflow Jan Hubicka Koules 1.4 - 'Svgalib' Local Buffer Overflow aSc Timetables 2017 - Buffer Overflow aSc Timetables 2017 - Local Buffer Overflow IBM AIX 4.x - '/usr/bin/setsenv' Buffer Overflow IBM AIX 4.3 - '/usr/lib/lpd/digest' Buffer Overflow IBM AIX 4.x - 'enq' Buffer Overflow IBM AIX 4.3.x - '/usr/lib/lpd/piobe' Buffer Overflow IBM AIX 4.x - '/usr/bin/setsenv' Local Buffer Overflow IBM AIX 4.3 - '/usr/lib/lpd/digest' Local Buffer Overflow IBM AIX 4.x - 'enq' Local Buffer Overflow IBM AIX 4.3.x - '/usr/lib/lpd/piobe' Local Buffer Overflow Rob Malda ASCDC 0.3 - Buffer Overflow (1) Rob Malda ASCDC 0.3 - Buffer Overflow (2) Rob Malda ASCDC 0.3 - Local Buffer Overflow (1) Rob Malda ASCDC 0.3 - Local Buffer Overflow (2) Solaris 2.5/2.6/7.0/8 tip - Buffer Overflow Solaris 2.5/2.6/7.0/8 tip - Local Buffer Overflow DG/UX 4.20 lpsched - 'Error Message' Buffer Overflow DG/UX 4.20 lpsched - 'Error Message' Local Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 CDE - '/usr/dt/bin/dtsession' Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 CDE - '/usr/dt/bin/dtsession' Local Buffer Overflow Solaris 2.5/2.6/7.0/8 - 'mailx -F' Buffer Overflow (1) Solaris 2.5/2.6/7.0/8 - 'mailx -F' Buffer Overflow (2) Solaris 2.5/2.6/7.0/8 - 'mailx -F' Local Buffer Overflow (1) Solaris 2.5/2.6/7.0/8 - 'mailx -F' Local Buffer Overflow (2) Solaris 8 mailtool - Buffer Overflow Solaris 8 mailtool - Local Buffer Overflow kosch suid wrapper 1.1.1 - Buffer Overflow kosch suid wrapper 1.1.1 - Local Buffer Overflow Rxvt 2.6.1/2.6.2 - Buffer Overflow Rxvt 2.6.1/2.6.2 - Local Buffer Overflow cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Buffer Overflow (1) cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Buffer Overflow (2) cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Buffer Overflow (3) cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (1) cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (2) cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (3) Solaris 8 libsldap - Buffer Overflow (1) Solaris 8 libsldap - Buffer Overflow (2) Solaris 2.6/2.6/7.0/8 whodo - Buffer Overflow Solaris 8 libsldap - Local Buffer Overflow (1) Solaris 8 libsldap - Local Buffer Overflow (2) Solaris 2.6/2.6/7.0/8 whodo - Local Buffer Overflow Xvt 2.1 - Buffer Overflow Xvt 2.1 - Local Buffer Overflow AIX 4.2/4.3 - '/usr/lib/lpd/pio/etc/piomkapqd' Buffer Overflow AIX 4.2/4.3 - '/usr/lib/lpd/pio/etc/piomkapqd' Local Buffer Overflow SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Buffer Overflow SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Local Buffer Overflow Internet Download Manager - Buffer Overflow (SEH) Internet Download Manager - Local Buffer Overflow (SEH) GNU Screen 3.9.x Braille Module - Buffer Overflow GNU Screen 3.9.x Braille Module - Local Buffer Overflow IBM Informix SE 7.25 sqlexec - Buffer Overflow (1) IBM Informix SE 7.25 sqlexec - Buffer Overflow (2) IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1) IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (2) QNX RTOS 6.1 - 'PKG-Installer' Buffer Overflow QNX RTOS 6.1 - 'PKG-Installer' Local Buffer Overflow HP CIFS/9000 Server A.01.05/A.01.06 - Buffer Overflow HP CIFS/9000 Server A.01.05/A.01.06 - Local Buffer Overflow NCMedia Sound Editor Pro 7.5.1 - Overflow (SEH + DEP Bypass) NCMedia Sound Editor Pro 7.5.1 - Local Overflow (SEH + DEP Bypass) HP Tru64/OSF1 DXTerm - Buffer Overflow HP Tru64/OSF1 DXTerm - Local Buffer Overflow PLIB 1.8.5 - 'ssg/ssgParser.cxx' Buffer Overflow PLIB 1.8.5 - 'ssg/ssgParser.cxx' Local Buffer Overflow HPUX 10.20/11 Wall Message - Buffer Overflow HPUX 10.20/11 Wall Message - Local Buffer Overflow HT Editor 2.0.20 - Buffer Overflow (ROP) (PoC) HT Editor 2.0.20 - Local Buffer Overflow (ROP) (PoC) Microsoft Windows XP/2000 - 'RunDLL32.exe' Buffer Overflow Microsoft Windows XP/2000 - 'RunDLL32.exe' Local Buffer Overflow XBlast 2.6.1 - 'HOME Environment' Buffer Overflow XBlast 2.6.1 - 'HOME Environment' Local Buffer Overflow ViRobot Linux Server 2.0 - Overflow ViRobot Linux Server 2.0 - Local Overflow Nvidia Display Driver Service (Nsvr) - Buffer Overflow Nvidia Display Driver Service (Nsvr) - Local Buffer Overflow VirtualDJ Pro/Home 7.3 - Buffer Overflow HexChat 2.9.4 - Overflow VirtualDJ Pro/Home 7.3 - Local Buffer Overflow HexChat 2.9.4 - Local Overflow FuzeZip 1.0.0.131625 - Buffer Overflow (SEH) WinArchiver 3.2 - Buffer Overflow (SEH) FuzeZip 1.0.0.131625 - Local Buffer Overflow (SEH) WinArchiver 3.2 - Local Buffer Overflow (SEH) AudioCoder 0.8.18 - Buffer Overflow (SEH) AudioCoder 0.8.18 - Local Buffer Overflow (SEH) ABBS Audio Media Player 3.1 - '.lst' Buffer Overflow ABBS Audio Media Player 3.1 - '.lst' Local Buffer Overflow AudioCoder - '.m3u' Buffer Overflow (Metasploit) AudioCoder - '.m3u' Local Buffer Overflow (Metasploit) Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) Adrenalin Player 2.2.5.3 - '.m3u' Local Buffer Overflow (SEH) AdobeCollabSync - Buffer Overflow Adobe Reader X Sandbox Bypass (Metasploit) AdobeCollabSync - Local Buffer OverflowAdobe Reader X Sandbox Bypass (Metasploit) PHP 5.0.0 - 'tidy_parse_file()' Buffer Overflow PHP 5.0.0 - 'tidy_parse_file()' Local Buffer Overflow Adrenalin Player 2.2.5.3 - '.wax' Buffer Overflow (SEH) Adrenalin Player 2.2.5.3 - '.wax' Local Buffer Overflow (SEH) Adrenalin Player 2.2.5.3 - '.asx' Buffer Overflow (SEH) Adrenalin Player 2.2.5.3 - '.asx' Local Buffer Overflow (SEH) Mediacoder (.lst) - Buffer Overflow (SEH) Mediacoder - '.m3u' Buffer Overflow (SEH) Mediacoder PMP Edition 0.8.17 - '.m3u' Buffer Overflow Mediacoder (.lst) - Local Buffer Overflow (SEH) Mediacoder - '.m3u' Local Buffer Overflow (SEH) Mediacoder PMP Edition 0.8.17 - '.m3u' Local Buffer Overflow Static HTTP Server 1.0 - Overflow (SEH) AudioCoder (.lst) - Buffer Overflow (Metasploit) Adrenalin Player 2.2.5.3 - '.wvx' Buffer Overflow (SEH) Static HTTP Server 1.0 - Local Overflow (SEH) AudioCoder (.lst) - Local Buffer Overflow (Metasploit) Adrenalin Player 2.2.5.3 - '.wvx' Local Buffer Overflow (SEH) ABBS Audio Media Player - '.LST' Buffer Overflow (Metasploit) ABBS Audio Media Player - '.LST' Local Buffer Overflow (Metasploit) Easy LAN Folder Share 3.2.0.100 - Buffer Overflow (SEH) Easy LAN Folder Share 3.2.0.100 - Local Buffer Overflow (SEH) Chasys Draw IES - Buffer Overflow (Metasploit) Chasys Draw IES - Local Buffer Overflow (Metasploit) glibc and eglibc 2.5/2.7/2.13 - Buffer Overflow glibc and eglibc 2.5/2.7/2.13 - Local Buffer Overflow Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow (SEH) Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow (SEH) Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Local Buffer Overflow (SEH) Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Local Buffer Overflow (SEH) BlazeDVD Pro Player 7.0 - '.plf' Buffer Overflow (SEH) BlazeDVD Pro Player 7.0 - '.plf' Local Buffer Overflow (SEH) VideoCharge Studio 2.12.3.685 - Buffer Overflow (SEH) VideoCharge Studio 2.12.3.685 - Local Buffer Overflow (SEH) Watermark Master 2.2.23 - Buffer Overflow (SEH) BlazeDVD 6.2 - '.plf' Buffer Overflow (SEH) AudioCoder 0.8.22 - '.m3u' Buffer Overflow (SEH) Watermark Master 2.2.23 - Local Buffer Overflow (SEH) BlazeDVD 6.2 - '.plf' Local Buffer Overflow (SEH) AudioCoder 0.8.22 - '.m3u' Local Buffer Overflow (SEH) Steinberg MyMp3PRO 5.0 - Buffer Overflow (SEH) (DEP Bypass + ROP) Steinberg MyMp3PRO 5.0 - Local Buffer Overflow (SEH) (DEP Bypass + ROP) VideoSpirit Pro 1.90 - Buffer Overflow (SEH) VideoSpirit Pro 1.90 - Local Buffer Overflow (SEH) VideoSpirit Lite 1.77 - Buffer Overflow (SEH) VideoSpirit Lite 1.77 - Local Buffer Overflow (SEH) Watermark Master 2.2.23 - '.wstyle' Buffer Overflow (SEH) Watermark Master 2.2.23 - '.wstyle' Local Buffer Overflow (SEH) Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH Unicode) Light Alloy 4.7.3 - '.m3u' Local Buffer Overflow (SEH Unicode) GOM Player 2.2.53.5169 - '.reg' Buffer Overflow (SEH) GOM Player 2.2.53.5169 - '.reg' Local Buffer Overflow (SEH) Total Video Player 1.3.1 (Settings.ini) - Buffer Overflow (SEH) Total Video Player 1.3.1 (Settings.ini) - Local Buffer Overflow (SEH) Kingsoft Office Writer 2012 8.1.0.3385 - '.wps' Buffer Overflow (SEH) Kingsoft Office Writer 2012 8.1.0.3385 - '.wps' Local Buffer Overflow (SEH) Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) (ASLR + DEP Bypass) Adrenalin Player 2.2.5.3 - '.m3u' Local Buffer Overflow (SEH) (ASLR + DEP Bypass) Publish-It 3.6d - '.pui' Buffer Overflow (SEH) Publish-It 3.6d - '.pui' Local Buffer Overflow (SEH) Easy CD-DA Recorder - '.pls' Buffer Overflow (Metasploit) Easy CD-DA Recorder - '.pls' Local Buffer Overflow (Metasploit) Gold MP4 Player 3.3 - Buffer Overflow (SEH) Total Video Player 1.3.1 - 'Settings.ini' Buffer Overflow (SEH) (Metasploit) Gold MP4 Player 3.3 - Local Buffer Overflow (SEH) Total Video Player 1.3.1 - 'Settings.ini' Local Buffer Overflow (SEH) (Metasploit) ALLPlayer 5.8.1 - '.m3u' Buffer Overflow (SEH) Calavera UpLoader 3.5 - Buffer Overflow (SEH) ALLPlayer 5.8.1 - '.m3u' Local Buffer Overflow (SEH) Calavera UpLoader 3.5 - Local Buffer Overflow (SEH) ALLPlayer - '.m3u' Buffer Overflow (Metasploit) KMPlayer 3.8.0.117 - Buffer Overflow ALLPlayer - '.m3u' Local Buffer Overflow (Metasploit) KMPlayer 3.8.0.117 - Local Buffer Overflow MP3Info 0.8.5a - Buffer Overflow (SEH) MP3Info 0.8.5a - Local Buffer Overflow (SEH) Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation Free WMA MP3 Converter 1.8 - '.wav' Buffer Overflow Free WMA MP3 Converter 1.8 - '.wav' Local Buffer Overflow i-FTP 2.20 - Buffer Overflow (SEH) i-FTP 2.20 - Local Buffer Overflow (SEH) Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow (SEH) Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Local Buffer Overflow (SEH) BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Ruby) VFU 4.10-1.1 - Buffer Overflow BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby) VFU 4.10-1.1 - Local Buffer Overflow Advantech AdamView 4.30.003 - '.gni' Buffer Overflow (SEH) Advantech AdamView 4.30.003 - '.gni' Local Buffer Overflow (SEH) i-FTP Schedule - Buffer Overflow (Metasploit) i-FTP Schedule - Local Buffer Overflow (Metasploit) T-Mobile Internet Manager - Buffer Overflow (SEH) Congstar Internet Manager - Buffer Overflow (SEH) T-Mobile Internet Manager - Local Buffer Overflow (SEH) Congstar Internet Manager - Local Buffer Overflow (SEH) MooPlayer 1.3.0 - 'm3u' Buffer Overflow (SEH) (1) MooPlayer 1.3.0 - 'm3u' Local Buffer Overflow (SEH) (1) Publish-It 3.6d - Buffer Overflow (SEH) Publish-It 3.6d - Local Buffer Overflow (SEH) Publish-It - '.PUI' Buffer Overflow (SEH) (Metasploit) Publish-It - '.PUI' Local Buffer Overflow (SEH) (Metasploit) MooPlayer 1.3.0 - 'm3u' Buffer Overflow (SEH) (2) MooPlayer 1.3.0 - 'm3u' Local Buffer Overflow (SEH) (2) Mediacoder 0.8.34.5716 - '.m3u' Buffer Overflow (SEH) Mediacoder 0.8.34.5716 - '.m3u' Local Buffer Overflow (SEH) VideoCharge Express 3.16.3.04 - Buffer Overflow VideoCharge Professional + Express Vanilla 3.18.4.04 - Buffer Overflow VideoCharge Vanilla 3.16.4.06 - Buffer Overflow VideoCharge Express 3.16.3.04 - Local Buffer Overflow VideoCharge Professional + Express Vanilla 3.18.4.04 - Local Buffer Overflow VideoCharge Vanilla 3.16.4.06 - Local Buffer Overflow BulletProof FTP Client 2010 - Buffer Overflow (DEP Bypass) BulletProof FTP Client 2010 - Local Buffer Overflow (DEP Bypass) Jildi FTP Client 1.5.6 - Buffer Overflow (SEH) Jildi FTP Client 1.5.6 - Local Buffer Overflow (SEH) 1 Click Audio Converter 2.3.6 - Activex Buffer Overflow 1 Click Audio Converter 2.3.6 - Activex Local Buffer Overflow Blueberry Express 5.9.0.3678 - Buffer Overflow (SEH) Blueberry Express 5.9.0.3678 - Local Buffer Overflow (SEH) Tomabo MP4 Player 3.11.3 - '.m3u' Buffer Overflow (SEH) Tomabo MP4 Player 3.11.3 - '.m3u' Local Buffer Overflow (SEH) PDF Shaper 3.5 - Buffer Overflow (Metasploit) PDF Shaper 3.5 - Local Buffer Overflow (Metasploit) Microsoft HTML Help Compiler 4.74.8702.0 - Overflow (SEH) Microsoft HTML Help Compiler 4.74.8702.0 - Local Overflow (SEH) VideoCharge Studio - Buffer Overflow (SEH) (Metasploit) VideoCharge Studio - Local Buffer Overflow (SEH) (Metasploit) Multiple ChiefPDF Software 2.0 - Buffer Overflow Multiple ChiefPDF Software 2.0 - Local Buffer Overflow ZSNES 1.51 - Buffer Overflow FENIX 0.92 - Buffer Overflow BSIGN 0.4.5 - Buffer Overflow Boxoft WAV to MP3 Converter - 'convert' Buffer Overflow ZSNES 1.51 - Local Buffer Overflow FENIX 0.92 - Local Buffer Overflow BSIGN 0.4.5 - Local Buffer Overflow Boxoft WAV to MP3 Converter - 'convert' Local Buffer Overflow AutoCAD DWG and DXF To PDF Converter 2.2 - Buffer Overflow AutoCAD DWG and DXF To PDF Converter 2.2 - Local Buffer Overflow VeryPDF HTML Converter 2.0 - Buffer Overflow (SEH/ToLower() Bypass) VeryPDF HTML Converter 2.0 - Local Buffer Overflow (SEH/ToLower() Bypass) Logitech Webcam Software 1.1 - 'eReg.exe' Buffer Overflow (SEH Unicode) Logitech Webcam Software 1.1 - 'eReg.exe' Local Buffer Overflow (SEH Unicode) ZTE PC UI USB Modem Software - Buffer Overflow IKEView R60 - Buffer Overflow Local (SEH) ZTE PC UI USB Modem Software - Local Buffer Overflow IKEView R60 - Local Buffer OverflowLocal (SEH) GNU Coreutils 'sort' Text Utility - Buffer Overflow Total Commander 8.52 (Windows 10) - Buffer Overflow Total Commander 8.52 - Buffer Overflow GNU Coreutils 'sort' Text Utility - Local Buffer Overflow Total Commander 8.52 (Windows 10) - Local Buffer Overflow Total Commander 8.52 - Local Buffer Overflow Symantec Encryption Desktop 10 - Buffer Overflow Privilege Escalation Symantec Encryption Desktop 10 - Local Buffer OverflowPrivilege Escalation VeryPDF Image2PDF Converter - Buffer Overflow (SEH) Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (SEH) VeryPDF Image2PDF Converter - Local Buffer Overflow (SEH) Boxoft WAV to MP3 Converter 1.1 - Local Buffer Overflow (SEH) Blat 2.7.6 SMTP / NNTP Mailer - Buffer Overflow Blat 2.7.6 SMTP / NNTP Mailer - Local Buffer Overflow TCPing 2.1.0 - Buffer Overflow TCPing 2.1.0 - Local Buffer Overflow IBM i Access 7.1 - Buffer Overflow Code Execution IBM i Access 7.1 - Local Buffer OverflowCode Execution FTPShell Client 5.24 - Buffer Overflow FTPShell Client 5.24 - Local Buffer Overflow Oracle - 'HtmlConverter.exe' Buffer Overflow Oracle - 'HtmlConverter.exe' Local Buffer Overflow Core FTP Server 1.2 - Buffer Overflow (PoC) Core FTP Server 1.2 - Local Buffer Overflow (PoC) MP3 WAV to CD Burner 1.4.24 - Buffer Overflow (SEH) MP3 WAV to CD Burner 1.4.24 - Local Buffer Overflow (SEH) Mediacoder 0.8.43.5830 - '.m3u' Buffer Overflow (SEH) VUPlayer 2.49 (Windows 7) - '.m3u' Buffer Overflow (DEP Bypass) Mediacoder 0.8.43.5830 - '.m3u' Local Buffer Overflow (SEH) VUPlayer 2.49 (Windows 7) - '.m3u' Local Buffer Overflow (DEP Bypass) My Video Converter 1.5.24 - Buffer Overflow (SEH) My Video Converter 1.5.24 - Local Buffer Overflow (SEH) VirusChaser 8.0 - Buffer Overflow (SEH) VirusChaser 8.0 - Local Buffer Overflow (SEH) Disk Sorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow DiskBoss Enterprise 7.8.16 - 'Import Command' Buffer Overflow Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow Disk Sorter Enterprise 9.5.12 - 'Import Command' Local Buffer Overflow DiskBoss Enterprise 7.8.16 - 'Import Command' Local Buffer Overflow Sync Breeze Enterprise 9.5.16 - 'Import Command' Local Buffer Overflow Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Buffer Overflow (SEH) Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Local Buffer Overflow (SEH) Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH) Gemalto SmartDiag Diagnosis Tool < 2.5 - Local Buffer Overflow (SEH) Easy MOV Converter 1.4.24 - 'Enter User Name' Buffer Overflow (SEH) Easy MOV Converter 1.4.24 - 'Enter User Name' Local Buffer Overflow (SEH) JAD Java Decompiler 1.5.8e - Buffer Overflow Flat Assembler 1.7.21 - Buffer Overflow JAD Java Decompiler 1.5.8e - Local Buffer Overflow Flat Assembler 1.7.21 - Local Buffer Overflow Easy AVI DivX Converter 1.2.24 - Buffer Overflow (SEH) Easy AVI DivX Converter 1.2.24 - Local Buffer Overflow (SEH) DNSTracer 1.9 - Buffer Overflow DNSTracer 1.9 - Local Buffer Overflow ALLPlayer 7.4 - Buffer Overflow (SEH Unicode) Internet Download Manager 6.28 Build 17 - Buffer Overflow (SEH Unicode) ALLPlayer 7.4 - Local Buffer Overflow (SEH Unicode) Internet Download Manager 6.28 Build 17 - Local Buffer Overflow (SEH Unicode) Easy DVD Creater 2.5.11 - Buffer Overflow (SEH) Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Easy DVD Creater 2.5.11 - Local Buffer Overflow (SEH) Disk Pulse Enterprise 9.9.16 - 'Import Command' Local Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Local Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Local Buffer Overflow Easy DVD Creator 2.5.11 - Buffer Overflow (SEH) Easy WMV/ASF/ASX to DVD Burner 2.3.11 - Buffer Overflow (SEH) Easy RM RMVB to DVD Burner 1.8.11 - Buffer Overflow (SEH) Easy Vedio to PSP Converter 1.6.20 - Buffer Overflow (SEH) Easy DVD Creator 2.5.11 - Local Buffer Overflow (SEH) Easy WMV/ASF/ASX to DVD Burner 2.3.11 - Local Buffer Overflow (SEH) Easy RM RMVB to DVD Burner 1.8.11 - Local Buffer Overflow (SEH) Easy Vedio to PSP Converter 1.6.20 - Local Buffer Overflow (SEH) CyberLink LabelPrint < 2.5 - Buffer Overflow (SEH Unicode) CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode) DiskBoss Enterprise 8.4.16 - 'Import Command' Buffer Overflow Dup Scout Enterprise 10.0.18 - 'Import Command' Buffer Overflow DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow Dup Scout Enterprise 10.0.18 - 'Import Command' Local Buffer Overflow ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow ASX to MP3 3.1.3.7 - '.m3u' Local Buffer Overflow Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Buffer Overflow (SEH) Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Local Buffer Overflow (SEH) VX Search 10.2.14 - 'Proxy' Buffer Overflow (SEH) VX Search 10.2.14 - 'Proxy' Local Buffer Overflow (SEH) Samba 2.2.x - Buffer Overflow SETI@home Clients - Buffer Overflow Samba 2.2.x - Remote Buffer Overflow SETI@home Clients - Remote Buffer Overflow GtkFtpd 1.0.4 - Buffer Overflow GtkFtpd 1.0.4 - Remote Buffer Overflow IPSwitch IMail LDAP Daemon/Service - Buffer Overflow IPSwitch IMail LDAP Daemon/Service - Remote Buffer Overflow Monit 4.1 - Buffer Overflow Monit 4.2 - Buffer Overflow Monit 4.1 - Remote Buffer Overflow Monit 4.2 - Remote Buffer Overflow PHF (Linux/x86) - Buffer Overflow PHF (Linux/x86) - Remote Buffer Overflow Ability Server 2.34 - FTP 'STOR' Buffer Overflow Ability Server 2.34 - FTP 'STOR' Remote Buffer Overflow TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Buffer Overflow TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Remote Buffer Overflow Ability Server 2.34 (Unix) - FTP 'STOR' Buffer Overflow Ability Server 2.34 (Unix) - FTP 'STOR' Remote Buffer Overflow DMS POP3 Server 1.5.3 build 37 - Buffer Overflow CoffeeCup FTP Clients (Direct 6.2.0.62) (Free 3.0.0.10) - Buffer Overflow DMS POP3 Server 1.5.3 build 37 - Remote Buffer Overflow CoffeeCup FTP Clients (Direct 6.2.0.62) (Free 3.0.0.10) - Remote Buffer Overflow Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - '/bin/login' Buffer Overflow Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - '/bin/login' Remote Buffer Overflow PHP 4.3.7 - 'openlog()' Buffer Overflow PHP 4.3.7 - 'openlog()' Remote Buffer Overflow NodeManager Professional 2.00 - Buffer Overflow NodeManager Professional 2.00 - Remote Buffer Overflow GlobalScape Secure FTP Server 3.0 - Buffer Overflow GlobalScape Secure FTP Server 3.0 - Remote Buffer Overflow Microsoft Windows Message Queuing - Buffer Overflow Universal (MS05-017) (v.0.3) Microsoft Windows Message Queuing - Remote Buffer Overflow Universal (MS05-017) (v.0.3) CA BrightStor ARCserve Backup - 'dsconfig.exe' Buffer Overflow CA BrightStor ARCserve Backup - 'dsconfig.exe' Remote Buffer Overflow Mirabilis ICQ 2003a - Buffer Overflow Download Shellcode Mirabilis ICQ 2003a - Remote Buffer Overflow Download Shellcode MailEnable Enterprise Edition 1.1 - 'EXAMINE' Buffer Overflow MailEnable Enterprise Edition 1.1 - 'EXAMINE' Remote Buffer Overflow Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Buffer Overflow Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Remote Buffer Overflow Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow Evince Document Viewer - 'DocumentMedia' Buffer Overflow Evince Document Viewer - 'DocumentMedia' Remote Buffer Overflow Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Buffer Overflow Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Remote Buffer Overflow dproxy-nexgen (Linux x86) - Buffer Overflow dproxy-nexgen (Linux x86) - Remote Buffer Overflow IPIX Image Well - ActiveX 'iPIX-ImageWell-ipix.dll' Buffer Overflow IPIX Image Well - ActiveX 'iPIX-ImageWell-ipix.dll' Remote Buffer Overflow LeadTools Raster Thumbnail Object Library - 'LTRTM14e.dll' Buffer Overflow LeadTools Raster Thumbnail Object Library - 'LTRTM14e.dll' Remote Buffer Overflow AMX Corp. VNC ActiveX Control - 'AmxVnc.dll 1.0.13.0' Buffer Overflow AXIS Camera Control (AxisCamControl.ocx 1.0.2.15) - Buffer Overflow AMX Corp. VNC ActiveX Control - 'AmxVnc.dll 1.0.13.0' Remote Buffer Overflow AXIS Camera Control (AxisCamControl.ocx 1.0.2.15) - Remote Buffer Overflow Postcast Server Pro 3.0.61 / Quiksoft EasyMail - 'emsmtp.dll 6.0.1' Buffer Overflow Postcast Server Pro 3.0.61 / Quiksoft EasyMail - 'emsmtp.dll 6.0.1' Remote Buffer Overflow EasyMail MessagePrinter Object - 'emprint.dll 6.0.1.0' Buffer Overflow EasyMail MessagePrinter Object - 'emprint.dll 6.0.1.0' Remote Buffer Overflow Persits Software XUpload Control - 'AddFolder()' Buffer Overflow IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Buffer Overflow Persits Software XUpload Control - 'AddFolder()' Remote Buffer Overflow IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Remote Buffer Overflow IBM Domino Web Access Upload Module - 'dwa7w.dll' Buffer Overflow IBM Domino Web Access Upload Module - 'dwa7w.dll' Remote Buffer Overflow StreamAudio ChainCast ProxyManager - 'ccpm_0237.dll' Buffer Overflow NUVICO DVR NVDV4 / PdvrAtl Module 'PdvrAtl.DLL 1.0.1.25' - Buffer Overflow StreamAudio ChainCast ProxyManager - 'ccpm_0237.dll' Remote Buffer Overflow NUVICO DVR NVDV4 / PdvrAtl Module 'PdvrAtl.DLL 1.0.1.25' - Remote Buffer Overflow RTS Sentry Digital Surveillance - 'CamPanel.dll 2.1.0.2' Buffer Overflow RTS Sentry Digital Surveillance - 'CamPanel.dll 2.1.0.2' Remote Buffer Overflow HP Virtual Rooms WebHPVCInstall Control - Buffer Overflow HP Virtual Rooms WebHPVCInstall Control - Remote Buffer Overflow Move Networks Upgrade Manager Control - Buffer Overflow Move Networks Upgrade Manager Control - Remote Buffer Overflow MySpace Uploader - 'MySpaceUploader.ocx 1.0.0.4' Buffer Overflow MySpace Uploader - 'MySpaceUploader.ocx 1.0.0.4' Remote Buffer Overflow FaceBook PhotoUploader - 'ImageUploader4.ocx 4.5.57.0' Buffer Overflow FaceBook PhotoUploader - 'ImageUploader4.ocx 4.5.57.0' Remote Buffer Overflow dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow dBpowerAMP Audio Player 2 - '.m3u' Remote Buffer Overflow Move Networks Quantum Streaming Player Control - Buffer Overflow D-Link MPEG4 SHM Audio Control - 'VAPGDecoder.dll 1.7.0.5' Buffer Overflow Symantec BackupExec Calendar Control - 'PVCalendar.ocx' Buffer Overflow Move Networks Quantum Streaming Player Control - Remote Buffer Overflow D-Link MPEG4 SHM Audio Control - 'VAPGDecoder.dll 1.7.0.5' Remote Buffer Overflow Symantec BackupExec Calendar Control - 'PVCalendar.ocx' Remote Buffer Overflow Black Ice Software Annotation Plugin - 'BiAnno.ocx' Buffer Overflow (2) Black Ice Software Annotation Plugin - 'BiAnno.ocx' Remote Buffer Overflow (2) FlashGet 1.9.0.1012 - 'FTP PWD Response' Buffer Overflow (SafeSEH) FlashGet 1.9.0.1012 - 'FTP PWD Response' Remote Buffer Overflow (SafeSEH) EasyMail - ActiveX 'emmailstore.dll 6.5.0.3' Buffer Overflow EasyMail - ActiveX 'emmailstore.dll 6.5.0.3' Remote Buffer Overflow NaviCOPA Web Server 3.0.1 - Buffer Overflow / Script Source Disclosure NaviCOPA Web Server 3.0.1 - Remote Buffer Overflow / Script Source Disclosure Serv-U Web Client 9.0.0.5 - Buffer Overflow (2) Serv-U Web Client 9.0.0.5 - Remote Buffer Overflow (2) Xion Audio Player 1.0 121 - '.m3u' Buffer Overflow (1) Xion Audio Player 1.0 121 - '.m3u' Remote Buffer Overflow (1) Novell eDirectory 8.8sp5 - Buffer Overflow Novell eDirectory 8.8sp5 - Remote Buffer Overflow Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (1) (Metasploit) Solaris TelnetD - 'TTYPROMPT' Remote Buffer Overflow (1) (Metasploit) Solaris sadmind adm_build_path - Buffer Overflow (Metasploit) Solaris sadmind adm_build_path - Remote Buffer Overflow (Metasploit) NTPd 4.0.99j-k readvar - Buffer Overflow (Metasploit) NTPd 4.0.99j-k readvar - Remote Buffer Overflow (Metasploit) Borland Interbase 2007 - 'PWD_db_aliased' Buffer Overflow (Metasploit) Pegasus Mail Client 4.51 - Buffer Overflow (PoC) Serv-U Web Client 9.0.0.5 - Buffer Overflow (1) Borland Interbase 2007 - 'PWD_db_aliased' Remote Buffer Overflow (Metasploit) Pegasus Mail Client 4.51 - Remote Buffer Overflow (PoC) Serv-U Web Client 9.0.0.5 - Remote Buffer Overflow (1) Borland Interbase 2007/2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'jrd8_create_database' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'open_marker_file' Remote Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'jrd8_create_database' Remote Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'INET_connect' Remote Buffer Overflow (Metasploit) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - 'apply.cgi' Buffer Overflow (Metasploit) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - 'apply.cgi' Remote Buffer Overflow (Metasploit) Xtacacsd 4.1.2 - 'report()' Buffer Overflow (Metasploit) Xtacacsd 4.1.2 - 'report()' Remote Buffer Overflow (Metasploit) SAP GUI VSFlexGrid.VSFlexGridL sp 14 - Buffer Overflow SAP GUI VSFlexGrid.VSFlexGridL sp 14 - Remote Buffer Overflow Ada Image Server 0.6.7 - 'imgsrv.exe' Buffer Overflow Ada Image Server 0.6.7 - 'imgsrv.exe' Remote Buffer Overflow Hero DVD Remote 1.0 - Buffer Overflow HP Application Recovery Manager - 'OmniInet.exe' Buffer Overflow Hero DVD Remote 1.0 - Remote Buffer Overflow HP Application Recovery Manager - 'OmniInet.exe' Remote Buffer Overflow EFS Software Easy Chat Server 2.2 - Buffer Overflow EFS Software Easy Chat Server 2.2 - Remote Buffer Overflow AOL 9.5 - Phobos.Playlist 'Import()' Buffer Overflow (Metasploit) AOL 9.5 - Phobos.Playlist 'Import()' Remote Buffer Overflow (Metasploit) ProSSHD 1.2 20090726 - Buffer Overflow ProSSHD 1.2 20090726 - Remote Buffer Overflow Image22 ActiveX 1.1.1 - Buffer Overflow Image22 ActiveX 1.1.1 - Remote Buffer Overflow XFTP 3.0 Build 0239 - 'Filename' Buffer Overflow XFTP 3.0 Build 0239 - 'Filename' Remote Buffer Overflow Apple Mac OSX EvoCam Web Server 3.6.6/3.6.7 - Buffer Overflow Apple Mac OSX EvoCam Web Server 3.6.6/3.6.7 - Remote Buffer Overflow UFO: Alien Invasion 2.2.1 (Windows 7) - Buffer Overflow (ASLR + DEP Bypass) UFO: Alien Invasion 2.2.1 (Windows 7) - Remote Buffer Overflow (ASLR + DEP Bypass) Hero DVD - Buffer Overflow (Metasploit) Hero DVD - Remote Buffer Overflow (Metasploit) Barcodewiz Barcode ActiveX Control 3.29 - Buffer Overflow (SEH) Barcodewiz Barcode ActiveX Control 3.29 - Remote Buffer Overflow (SEH) Easy FTP 1.7.0.11 - 'NLST' / 'NLST -al' / 'APPE' / 'RETR' / 'SIZE' / 'XCWD' Buffer Overflow Easy FTP 1.7.0.11 - 'NLST' / 'NLST -al' / 'APPE' / 'RETR' / 'SIZE' / 'XCWD' Remote Buffer Overflow Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Buffer Overflow (PoC) Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow (PoC) Novell iPrint Client - ActiveX Control 'debug' Buffer Overflow (Metasploit) Novell iPrint Client - ActiveX Control 'debug' Remote Buffer Overflow (Metasploit) Oracle Java 6 - OBJECT tag 'launchjnlp'/'docbase' Buffer Overflow Oracle Java 6 - OBJECT tag 'launchjnlp'/'docbase' Remote Buffer Overflow DATAC RealWin SCADA Server 1.06 - Buffer Overflow XBMC 9.04.1r20672 - 'soap_action_name' POST UPnP 'sscanf' Buffer Overflow DATAC RealWin SCADA Server 1.06 - Remote Buffer Overflow XBMC 9.04.1r20672 - 'soap_action_name' POST UPnP 'sscanf' Remote Buffer Overflow Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Remote Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 6 - ActiveX 'TifMergeMultiFiles()' Buffer Overflow Freefloat FTP Server - Buffer Overflow Viscom Image Viewer CP Gold 6 - ActiveX 'TifMergeMultiFiles()' Remote Buffer Overflow Freefloat FTP Server - Remote Buffer Overflow Kolibri 2.0 - 'HEAD' Buffer Overflow RET (SEH) Kolibri 2.0 - 'HEAD' Remote Buffer Overflow RET (SEH) FTPGetter 3.58.0.21 - 'PASV' Buffer Overflow FTPGetter 3.58.0.21 - 'PASV' Remote Buffer Overflow NTP daemon readvar - Buffer Overflow (Metasploit) NTP daemon readvar - Remote Buffer Overflow (Metasploit) Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1) Samba 2.2.2 < 2.2.6 - 'nttrans' Remote Buffer Overflow (Metasploit) (1) Sun Solaris sadmind - 'adm_build_path()' Buffer Overflow (Metasploit) Sun Solaris sadmind - 'adm_build_path()' Remote Buffer Overflow (Metasploit) Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (2) (Metasploit) Solaris TelnetD - 'TTYPROMPT' Remote Buffer Overflow (2) (Metasploit) WinComLPD 3.0.2 - Buffer Overflow (Metasploit) WinComLPD 3.0.2 - Remote Buffer Overflow (Metasploit) SapLPD 6.28 - Buffer Overflow (Metasploit) SapLPD 6.28 - Remote Buffer Overflow (Metasploit) Oracle 8i - TNS Listener 'ARGUMENTS' Buffer Overflow (Metasploit) Oracle 8i - TNS Listener 'ARGUMENTS' Remote Buffer Overflow (Metasploit) D-Link TFTP 1.0 - 'Filename' Buffer Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - 'Filename' Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - 'Mode' Buffer Overflow (Metasploit) D-Link TFTP 1.0 - 'Filename' Remote Buffer Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - 'Filename' Remote Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - 'Mode' Remote Buffer Overflow (Metasploit) TFTPD32 < 2.21 - 'Filename' Buffer Overflow (Metasploit) TFTPD32 < 2.21 - 'Filename' Remote Buffer Overflow (Metasploit) CitectSCADA/CitectFacilities ODBC - Buffer Overflow (Metasploit) MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit) CitectSCADA/CitectFacilities ODBC - Remote Buffer Overflow (Metasploit) MOXA Device Manager Tool 2.1 - Remote Buffer Overflow (Metasploit) DATAC RealWin SCADA Server - Buffer Overflow (Metasploit) DATAC RealWin SCADA Server - Remote Buffer Overflow (Metasploit) Omni-NFS Server - Buffer Overflow (Metasploit) Omni-NFS Server - Remote Buffer Overflow (Metasploit) EMC AlphaStor Agent - Buffer Overflow (Metasploit) EMC AlphaStor Agent - Remote Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (1) CA BrightStor ARCserve for Laptops & Desktops LGServer - Remote Buffer Overflow (Metasploit) (1) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (2) CA BrightStor ARCserve for Laptops & Desktops LGServer - Remote Buffer Overflow (Metasploit) (2) CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (3) CA BrightStor ARCserve Message Engine 0x72 - Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - Remote Buffer Overflow (Metasploit) (3) CA BrightStor ARCserve Message Engine 0x72 - Remote Buffer Overflow (Metasploit) CA BrightStor ARCserve License Service - 'GCR NETWORK' Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - 'rxsSetDataGrowthScheduleAndFilter' Buffer Overflow (Metasploit) CA BrightStor ARCserve License Service - 'GCR NETWORK' Remote Buffer Overflow (Metasploit) CA BrightStor ARCserve for Laptops & Desktops LGServer - 'rxsSetDataGrowthScheduleAndFilter' Remote Buffer Overflow (Metasploit) Firebird Relational Database - 'SVC_attach()' Buffer Overflow (Metasploit) IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (Metasploit) (1) Firebird Relational Database - 'SVC_attach()' Remote Buffer Overflow (Metasploit) IBM Tivoli Storage Manager Express CAD Service - Remote Buffer Overflow (Metasploit) (1) SAP Business One License Manager 2005 - Buffer Overflow (Metasploit) SAP Business One License Manager 2005 - Remote Buffer Overflow (Metasploit) Asus Dpcproxy - Buffer Overflow (Metasploit) Asus Dpcproxy - Remote Buffer Overflow (Metasploit) Microsoft Windows RSH daemon - Buffer Overflow (Metasploit) IBM Tivoli Storage Manager Express RCA Service - Buffer Overflow (Metasploit) Microsoft Windows RSH daemon - Remote Buffer Overflow (Metasploit) IBM Tivoli Storage Manager Express RCA Service - Remote Buffer Overflow (Metasploit) BigAnt Server 2.2 - Buffer Overflow (Metasploit) BigAnt Server 2.50 SP1 - Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_create_database()' Buffer Overflow (Metasploit) BomberClone 0.11.6 - Buffer Overflow (Metasploit) BigAnt Server 2.2 - Remote Buffer Overflow (Metasploit) BigAnt Server 2.50 SP1 - Remote Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_create_database()' Remote Buffer Overflow (Metasploit) BomberClone 0.11.6 - Remote Buffer Overflow (Metasploit) Borland Interbase - 'isc_create_database()' Buffer Overflow (Metasploit) Borland Interbase - 'isc_create_database()' Remote Buffer Overflow (Metasploit) NetTransport Download Manager 2.90.510 - Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_attach_database()' Buffer Overflow (Metasploit) NetTransport Download Manager 2.90.510 - Remote Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_attach_database()' Remote Buffer Overflow (Metasploit) Bopup Communications Server - Buffer Overflow (Metasploit) UFO: Alien Invasion IRC Client (Windows) - Buffer Overflow (Metasploit) Borland Interbase - 'isc_attach_database()' Buffer Overflow (Metasploit) Bopup Communications Server - Remote Buffer Overflow (Metasploit) UFO: Alien Invasion IRC Client (Windows) - Remote Buffer Overflow (Metasploit) Borland Interbase - 'isc_attach_database()' Remote Buffer Overflow (Metasploit) Borland Interbase - 'SVC_attach()' Buffer Overflow (Metasploit) Borland Interbase - 'SVC_attach()' Remote Buffer Overflow (Metasploit) Borland Interbase - 'Create-Request' Buffer Overflow (Metasploit) Borland Interbase - 'Create-Request' Remote Buffer Overflow (Metasploit) Realtek Media Player Playlist - Buffer Overflow (Metasploit) Realtek Media Player Playlist - Remote Buffer Overflow (Metasploit) SecureCRT 4.0 Beta 2 SSH1 - Buffer Overflow (Metasploit) SecureCRT 4.0 Beta 2 SSH1 - Remote Buffer Overflow (Metasploit) PuTTy.exe 0.53 - Buffer Overflow (Metasploit) PuTTy.exe 0.53 - Remote Buffer Overflow (Metasploit) Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Buffer Overflow (Metasploit) Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Remote Buffer Overflow (Metasploit) IBM Lotus Domino Web Access Upload Module - Buffer Overflow (Metasploit) IBM Lotus Domino Web Access Upload Module - Remote Buffer Overflow (Metasploit) Macrovision Installshield Update Service - Buffer Overflow (Metasploit) Macrovision Installshield Update Service - Remote Buffer Overflow (Metasploit) SAP AG SAPgui EAI WebViewer3D - Buffer Overflow (Metasploit) SAP AG SAPgui EAI WebViewer3D - Remote Buffer Overflow (Metasploit) Symantec BackupExec Calendar Control - Buffer Overflow (Metasploit) Symantec BackupExec Calendar Control - Remote Buffer Overflow (Metasploit) RealNetworks RealPlayer - '.SMIL' Buffer Overflow (Metasploit) RealNetworks RealPlayer - '.SMIL' Remote Buffer Overflow (Metasploit) AOL Radio AmpX - ActiveX Control 'ConvertFile()' Buffer Overflow (Metasploit) AOL Radio AmpX - ActiveX Control 'ConvertFile()' Remote Buffer Overflow (Metasploit) NCTAudioFile2 2.x - ActiveX Control 'SetFormatLikeSample()' Buffer Overflow (Metasploit) NCTAudioFile2 2.x - ActiveX Control 'SetFormatLikeSample()' Remote Buffer Overflow (Metasploit) Winamp Ultravox Streaming Metadata 'in_mp3.dll' - Buffer Overflow (Metasploit) Winamp Ultravox Streaming Metadata 'in_mp3.dll' - Remote Buffer Overflow (Metasploit) Racer 0.5.3 Beta 5 - Buffer Overflow (Metasploit) Racer 0.5.3 Beta 5 - Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) Xlink FTP Server - Buffer Overflow (Metasploit) Xlink FTP Server - Remote Buffer Overflow (Metasploit) Xlink FTP Client - Buffer Overflow (Metasploit) Xlink FTP Client - Remote Buffer Overflow (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - 'LIST' Buffer Overflow (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - 'LIST' Remote Buffer Overflow (Metasploit) NetTerm NetFTPD - 'USER' Buffer Overflow (Metasploit) NetTerm NetFTPD - 'USER' Remote Buffer Overflow (Metasploit) MiniShare 1.4.1 - Buffer Overflow (Metasploit) MiniShare 1.4.1 - Remote Buffer Overflow (Metasploit) Private Wire Gateway - Buffer Overflow (Metasploit) BadBlue 2.5 - 'ext.dll' Buffer Overflow (Metasploit) Private Wire Gateway - Remote Buffer Overflow (Metasploit) BadBlue 2.5 - 'ext.dll' Remote Buffer Overflow (Metasploit) IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (Metasploit) (2) IBM Tivoli Storage Manager Express CAD Service - Remote Buffer Overflow (Metasploit) (2) IA WebMail Server 3.x - Buffer Overflow (Metasploit) IA WebMail Server 3.x - Remote Buffer Overflow (Metasploit) Now SMS/Mms Gateway - Buffer Overflow (Metasploit) Now SMS/Mms Gateway - Remote Buffer Overflow (Metasploit) Hewlett-Packard (HP) Power Manager Administration - Buffer Overflow (Metasploit) Hewlett-Packard (HP) Power Manager Administration - Remote Buffer Overflow (Metasploit) IPSwitch WhatsUp Gold 8.03 - Buffer Overflow (Metasploit) IPSwitch WhatsUp Gold 8.03 - Remote Buffer Overflow (Metasploit) Apache Tomcat mod_jk 1.2.20 - Buffer Overflow (Metasploit) httpdx - 'h_handlepeer()' Buffer Overflow (Metasploit) Apache Tomcat mod_jk 1.2.20 - Remote Buffer Overflow (Metasploit) httpdx - 'h_handlepeer()' Remote Buffer Overflow (Metasploit) Alt-N SecurityGateway 1.0.1 - 'Username' Buffer Overflow (Metasploit) Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (Metasploit) IBM TPM for OS Deployment 5.1.0.x - 'rembo.exe' Buffer Overflow (Metasploit) IBM TPM for OS Deployment 5.1.0.x - 'rembo.exe' Remote Buffer Overflow (Metasploit) Novell Groupwise Messenger Client - Buffer Overflow (Metasploit) Novell Groupwise Messenger Client - Remote Buffer Overflow (Metasploit) GAMSoft TelSrv 1.5 - 'Username' Buffer Overflow (Metasploit) GoodTech Telnet Server 5.0.6 - Buffer Overflow (Metasploit) YahooPOPs (YPOPS) 0.6 - Buffer Overflow (Metasploit) SoftiaCom wMailServer 1.0 - Buffer Overflow (Metasploit) GAMSoft TelSrv 1.5 - 'Username' Remote Buffer Overflow (Metasploit) GoodTech Telnet Server 5.0.6 - Remote Buffer Overflow (Metasploit) YahooPOPs (YPOPS) 0.6 - Remote Buffer Overflow (Metasploit) SoftiaCom wMailServer 1.0 - Remote Buffer Overflow (Metasploit) IPSwitch IMail LDAP Daemon/Service - Buffer Overflow (Metasploit) IPSwitch IMail LDAP Daemon/Service - Remote Buffer Overflow (Metasploit) Symantec Alert Management System Intel Alert Originator Service - Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'CreateBinding()' Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'EarthAgent.exe' Buffer Overflow (Metasploit) Symantec Remote Management - Buffer Overflow (Metasploit) Symantec Alert Management System Intel Alert Originator Service - Remote Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - Remote Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'CreateBinding()' Remote Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'EarthAgent.exe' Remote Buffer Overflow (Metasploit) Symantec Remote Management - Remote Buffer Overflow (Metasploit) Borland Interbase - 'PWD_db_aliased()' Buffer Overflow (Metasploit) Borland Interbase - 'open_marker_file()' Buffer Overflow (Metasploit) Borland Interbase - 'PWD_db_aliased()' Remote Buffer Overflow (Metasploit) Borland Interbase - 'open_marker_file()' Remote Buffer Overflow (Metasploit) Borland Interbase - 'jrd8_create_database()' Buffer Overflow (Metasploit) Borland Interbase - 'INET_connect()' Buffer Overflow (Metasploit) Borland Interbase - 'jrd8_create_database()' Remote Buffer Overflow (Metasploit) Borland Interbase - 'INET_connect()' Remote Buffer Overflow (Metasploit) ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Buffer Overflow (Metasploit) ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Remote Buffer Overflow (Metasploit) Linksys WRT54 Access Point - 'apply.cgi' Buffer Overflow (Metasploit) Linksys WRT54 Access Point - 'apply.cgi' Remote Buffer Overflow (Metasploit) Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (Metasploit) (1) Apple iPhone MobileSafari LibTIFF - 'browser' Remote Buffer Overflow (Metasploit) (1) UFO: Alien Invasion IRC Client (OSX) - Buffer Overflow (Metasploit) UFO: Alien Invasion IRC Client (OSX) - Remote Buffer Overflow (Metasploit) Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (Metasploit) (2) Apple iPhone MobileSafari LibTIFF - 'email' Remote Buffer Overflow (Metasploit) (2) HP Network Node Manager (NMM) - CGI 'webappmon.exe OvJavaLocale' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe execvp' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe OvJavaLocale' Remote Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe execvp' Remote Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe schdParams' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe schdParams' Remote Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Remote Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe main' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe main' Remote Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe ovutil' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe ovutil' Remote Buffer Overflow (Metasploit) SPlayer 3.7 (build 2055) - Buffer Overflow SPlayer 3.7 (build 2055) - Remote Buffer Overflow Citrix Provisioning Services 5.6 - 'streamprocess.exe' Buffer Overflow (Metasploit) Citrix Provisioning Services 5.6 - 'streamprocess.exe' Remote Buffer Overflow (Metasploit) Sielco Sistemi Winlog - Buffer Overflow (Metasploit) Sielco Sistemi Winlog - Remote Buffer Overflow (Metasploit) HP OmniInet.exe Opcode 20 - Buffer Overflow (Metasploit) HP OmniInet.exe Opcode 20 - Remote Buffer Overflow (Metasploit) Freefloat FTP Server - Buffer Overflow (Metasploit) Freefloat FTP Server - Remote Buffer Overflow (Metasploit) Blue Coat Authentication and Authorization Agent (BCAAA) 5 - Buffer Overflow (Metasploit) Blue Coat Authentication and Authorization Agent (BCAAA) 5 - Remote Buffer Overflow (Metasploit) Freefloat FTP Server - 'LIST' Buffer Overflow Freefloat FTP Server - 'LIST' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'MKD' Buffer Overflow Freefloat FTP Server - 'MKD' Buffer Overflow (Metasploit) Freefloat FTP Server 1.0 - 'MKD' Remote Buffer Overflow Freefloat FTP Server - 'MKD' Remote Buffer Overflow (Metasploit) Freefloat FTP Server 1.0 - 'REST' / 'PASV' Buffer Overflow Freefloat FTP Server - 'REST' Buffer Overflow (Metasploit) Freefloat FTP Server 1.0 - 'ACCL' Buffer Overflow Freefloat FTP Server 1.0 - 'REST' / 'PASV' Remote Buffer Overflow Freefloat FTP Server - 'REST' Remote Buffer Overflow (Metasploit) Freefloat FTP Server 1.0 - 'ACCL' Remote Buffer Overflow KnFTP Server - Buffer Overflow KnFTP Server - Remote Buffer Overflow Freefloat FTP Server - Buffer Overflow (DEP Bypass) Freefloat FTP Server - Remote Buffer Overflow (DEP Bypass) HP Power Manager - 'formExportDataLogs' Buffer Overflow (Metasploit) HP Power Manager - 'formExportDataLogs' Remote Buffer Overflow (Metasploit) KnFTP 1.0 - Buffer Overflow (DEP Bypass) (Metasploit) KnFTP 1.0 - Remote Buffer Overflow (DEP Bypass) (Metasploit) RhinoSoft Serv-U FTPd Server < 4.2 - Buffer Overflow (Metasploit) RhinoSoft Serv-U FTPd Server < 4.2 - Remote Buffer Overflow (Metasploit) TFTP Server 1.4 - ST 'RRQ' Buffer Overflow TFTP Server 1.4 - ST 'RRQ' Remote Buffer Overflow Linux BSD-derived Telnet Service Encryption Key ID - Buffer Overflow (Metasploit) Linux BSD-derived Telnet Service Encryption Key ID - Remote Buffer Overflow (Metasploit) Savant Web Server 3.1 - Buffer Overflow (Egghunter) NetOp Remote Control Client 9.5 - Buffer Overflow (Metasploit) Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter) NetOp Remote Control Client 9.5 - Remote Buffer Overflow (Metasploit) Sysax 5.53 - SSH 'Username' Buffer Overflow Unauthenticated Remote Code Execution (Egghunter) Sysax 5.53 - SSH 'Username' Remote Buffer Overflow Unauthenticated Remote Code Execution (Egghunter) FlashFXP 4.1.8.1701 - Buffer Overflow Sysax 5.53 - SSH 'Username' Buffer Overflow (Metasploit) FlashFXP 4.1.8.1701 - Remote Buffer Overflow Sysax 5.53 - SSH 'Username' Remote Buffer Overflow (Metasploit) Netmechanica NetDecision HTTP Server 4.5.1 - Buffer Overflow (Metasploit) Netmechanica NetDecision HTTP Server 4.5.1 - Remote Buffer Overflow (Metasploit) UltraVNC 1.0.2 Client - 'vncviewer.exe' Buffer Overflow (Metasploit) UltraVNC 1.0.2 Client - 'vncviewer.exe' Remote Buffer Overflow (Metasploit) RabidHamster R4 - Log Entry 'sprintf()' Buffer Overflow (Metasploit) RabidHamster R4 - Log Entry 'sprintf()' Remote Buffer Overflow (Metasploit) Sielco Sistemi Winlog 2.07.14 - Buffer Overflow (Metasploit) Sielco Sistemi Winlog 2.07.14 - Remote Buffer Overflow (Metasploit) Sielco Sistemi Winlog 2.07.16 - Buffer Overflow Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow BSD 4.2 - 'fingerd' Buffer Overflow BSD 4.2 - 'fingerd' Remote Buffer Overflow Stalker Internet Mail Server 1.6 - Buffer Overflow Stalker Internet Mail Server 1.6 - Remote Buffer Overflow Qualcomm Eudora Internet Mail Server 1.2 - Buffer Overflow Qualcomm Eudora Internet Mail Server 1.2 - Remote Buffer Overflow Lynx 2.8 - Buffer Overflow Lynx 2.8 - Remote Buffer Overflow WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Buffer Overflow (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Buffer Overflow (2) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Remote Buffer Overflow (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Remote Buffer Overflow (2) Muhammad A. Muquit wwwcount 2.3 - 'Count.cgi' Buffer Overflow Netscape Messaging Server 3.55 & University of Washington imapd 10.234 - Buffer Overflow Muhammad A. Muquit wwwcount 2.3 - 'Count.cgi' Remote Buffer Overflow Netscape Messaging Server 3.55 & University of Washington imapd 10.234 - Remote Buffer Overflow ISC BIND (Linux/BSD) - Buffer Overflow (1) ISC BIND (Multiple OSes) - Buffer Overflow (2) ISC BIND (Linux/BSD) - Remote Buffer Overflow (1) ISC BIND (Multiple OSes) - Remote Buffer Overflow (2) Cat Soft Serv-U FTP Server 2.5 - Buffer Overflow Cat Soft Serv-U FTP Server 2.5 - Remote Buffer Overflow SmartDesk WebSuite 2.1 - Buffer Overflow SmartDesk WebSuite 2.1 - Remote Buffer Overflow University of Washington pop2d 4.4 - Buffer Overflow University of Washington pop2d 4.4 - Remote Buffer Overflow Microsoft IIS 4.0 - Buffer Overflow (1) Microsoft IIS 4.0 - Buffer Overflow (2) Microsoft IIS 4.0 - Buffer Overflow (3) Microsoft IIS 4.0 - Buffer Overflow (4) Microsoft IIS 4.0 - Remote Buffer Overflow (1) Microsoft IIS 4.0 - Remote Buffer Overflow (2) Microsoft IIS 4.0 - Remote Buffer Overflow (3) Microsoft IIS 4.0 - Remote Buffer Overflow (4) Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Buffer Overflow Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Remote Buffer Overflow ToxSoft NextFTP 1.82 - Buffer Overflow Fujitsu Chocoa 1.0 beta7R - 'Topic' Buffer Overflow CREAR ALMail32 1.10 - Buffer Overflow ToxSoft NextFTP 1.82 - Remote Buffer Overflow Fujitsu Chocoa 1.0 beta7R - 'Topic' Remote Buffer Overflow CREAR ALMail32 1.10 - Remote Buffer Overflow Hybrid Ircd 5.0.3 p7 - Buffer Overflow Hybrid Ircd 5.0.3 p7 - Remote Buffer Overflow BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (1) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (2) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Remote Buffer Overflow (1) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Remote Buffer Overflow (2) Washington University WU-FTPD 2.5.0 - 'message' Buffer Overflow Washington University WU-FTPD 2.5.0 - 'message' Remote Buffer Overflow Omnicron OmniHTTPd 1.1/2.4 Pro - Buffer Overflow Omnicron OmniHTTPd 1.1/2.4 Pro - Remote Buffer Overflow BTD Studio Zom-Mail 1.0.9 - Buffer Overflow BTD Studio Zom-Mail 1.0.9 - Remote Buffer Overflow IBM HomePagePrint 1.0 7 - Buffer Overflow IBM HomePagePrint 1.0 7 - Remote Buffer Overflow Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (1) Poison Ivy 2.3.2 (C2 Server) - Buffer Overflow (Metasploit) Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (2) Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Remote Buffer Overflow (1) Poison Ivy 2.3.2 (C2 Server) - Remote Buffer Overflow (Metasploit) Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Remote Buffer Overflow (2) Admiral Systems EmailClub 1.0.0.5 - Buffer Overflow Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Buffer Overflow Admiral Systems EmailClub 1.0.0.5 - Remote Buffer Overflow Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Remote Buffer Overflow ETL Delegate 5.9.x/6.0.x - Buffer Overflow ETL Delegate 5.9.x/6.0.x - Remote Buffer Overflow Solaris 2.3/2.4/2.5/2.5.1/2.6/7.0 snoop - 'print_domain_name' Buffer Overflow WolfPack Development XSHIPWARS 1.0/1.2.4 - Buffer Overflow Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (1) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (2) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (3) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (4) Solaris 2.3/2.4/2.5/2.5.1/2.6/7.0 snoop - 'print_domain_name' Remote Buffer Overflow WolfPack Development XSHIPWARS 1.0/1.2.4 - Remote Buffer Overflow Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (1) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (2) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (3) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Remote Buffer Overflow (4) ZBServer Pro 1.5 - Buffer Overflow (1) ZBServer Pro 1.5 - Buffer Overflow (2) ZBServer Pro 1.5 - Remote Buffer Overflow (1) ZBServer Pro 1.5 - Remote Buffer Overflow (2) Hughes Technologies Mini SQL (mSQL) 2.0.11 - 'w3-msql' Buffer Overflow Hughes Technologies Mini SQL (mSQL) 2.0.11 - 'w3-msql' Remote Buffer Overflow Qualcomm qpopper 3.0 - 'LIST' Buffer Overflow Qualcomm qpopper 3.0 - 'LIST' Remote Buffer Overflow Michael Sandrof IrcII 4.4-7 - Buffer Overflow Michael Sandrof IrcII 4.4-7 - Remote Buffer Overflow Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Buffer Overflow UoW IMAPd Server 10.234/12.264 - Buffer Overflow Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Remote Buffer Overflow UoW IMAPd Server 10.234/12.264 - Remote Buffer Overflow ALLMediaServer 0.8 - Buffer Overflow (Metasploit) ALLMediaServer 0.8 - Remote Buffer Overflow (Metasploit) LCDProc 0.4 - Buffer Overflow LCDProc 0.4 - Remote Buffer Overflow NetWin DNews 5.3 Server - Buffer Overflow NetWin DNews 5.3 Server - Remote Buffer Overflow Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (1) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (3) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Remote Buffer Overflow (1) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Remote Buffer Overflow (3) Novell ZENworks Configuration Management Preboot Service 0x06 - Buffer Overflow (Metasploit) Novell ZENworks Configuration Management Preboot Service 0x21 - Buffer Overflow (Metasploit) Novell ZENworks Configuration Management Preboot Service 0x06 - Remote Buffer Overflow (Metasploit) Novell ZENworks Configuration Management Preboot Service 0x21 - Remote Buffer Overflow (Metasploit) Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3 / Mail Server 5.0.1/5.0.2/5.0.3 - Buffer Overflow Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3 / Mail Server 5.0.1/5.0.2/5.0.3 - Remote Buffer Overflow Concatus IMate Web Mail Server 2.5 - Buffer Overflow Concatus IMate Web Mail Server 2.5 - Remote Buffer Overflow SapporoWorks WinProxy 2.0/2.0.1 - Buffer Overflow SapporoWorks WinProxy 2.0/2.0.1 - Remote Buffer Overflow DALnet Bahamut IRCd 4.6.5 - 'SUMMON' Buffer Overflow DALnet Bahamut IRCd 4.6.5 - 'SUMMON' Remote Buffer Overflow Michael Lamont Savant Web Server 2.1/3.0 - Buffer Overflow Michael Lamont Savant Web Server 2.1/3.0 - Remote Buffer Overflow Infopulse GateKeeper 3.5 - Buffer Overflow Infopulse GateKeeper 3.5 - Remote Buffer Overflow OReilly Software WebSite Professional 2.3.18/2.4/2.4.9 - 'webfind.exe' Buffer Overflow OReilly Software WebSite Professional 2.3.18/2.4/2.4.9 - 'webfind.exe' Remote Buffer Overflow NAI Net Tools PKI Server 1.0 - 'strong.exe' Buffer Overflow NAI Net Tools PKI Server 1.0 - 'strong.exe' Remote Buffer Overflow MediaHouse Software Statistics Server LiveStats 5.2 - Buffer Overflow MediaHouse Software Statistics Server LiveStats 5.2 - Remote Buffer Overflow Luca Deri ntop 1.2 a7-9/1.3.1 - Buffer Overflow Luca Deri ntop 1.2 a7-9/1.3.1 - Remote Buffer Overflow RobTex Viking Server 1.0.6 Build 355 - Buffer Overflow RobTex Viking Server 1.0.6 Build 355 - Remote Buffer Overflow eEye Digital Security IRIS 1.0.1 / SpyNet CaptureNet 3.0.12 - Buffer Overflow eEye Digital Security IRIS 1.0.1 / SpyNet CaptureNet 3.0.12 - Remote Buffer Overflow Mobius DocumentDirect for the Internet 1.2 - Buffer Overflow Mobius DocumentDirect for the Internet 1.2 - Remote Buffer Overflow Cisco Secure ACS for Windows NT 2.42 - Buffer Overflow Cisco Secure ACS for Windows NT 2.42 - Remote Buffer Overflow UoW Pine 4.0.4/4.10/4.21 - 'From:' Buffer Overflow UoW Pine 4.0.4/4.10/4.21 - 'From:' Remote Buffer Overflow Nevis Systems All-Mail 1.1 - Buffer Overflow Nevis Systems All-Mail 1.1 - Remote Buffer Overflow Samba 1.9.19 - 'Password' Buffer Overflow Samba 1.9.19 - 'Password' Remote Buffer Overflow Joe Kloss RobinHood 1.1 - Buffer Overflow Joe Kloss RobinHood 1.1 - Remote Buffer Overflow Microsoft Windows Media Player 7.0 - '.asx' Buffer Overflow Microsoft Windows Media Player 7.0 - '.asx' Remote Buffer Overflow Oops Proxy Server 1.4.22 - Buffer Overflow (1) Oops Proxy Server 1.4.22 - Buffer Overflow (2) Oops Proxy Server 1.4.22 - Remote Buffer Overflow (1) Oops Proxy Server 1.4.22 - Remote Buffer Overflow (2) AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Buffer Overflow AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Remote Buffer Overflow SWSoft ASPSeek 1.0 - 's.cgi' Buffer Overflow SWSoft ASPSeek 1.0 - 's.cgi' Remote Buffer Overflow FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Buffer Overflow FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow OpenBSD 2.x < 2.8 FTPd - 'glob()' Buffer Overflow FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Remote Buffer Overflow FreeBSD 4.2-stable - FTPd 'glob()' Remote Buffer Overflow OpenBSD 2.x < 2.8 FTPd - 'glob()' Remote Buffer Overflow Netscape SmartDownload 1.3 - Buffer Overflow Netscape SmartDownload 1.3 - Remote Buffer Overflow WFTPD 3.0 - 'RETR' / 'CWD' Buffer Overflow WFTPD 3.0 - 'RETR' / 'CWD' Remote Buffer Overflow Xinetd 2.1.8 - Buffer Overflow Xinetd 2.1.8 - Remote Buffer Overflow Microsoft Visual Studio RAD Support - Buffer Overflow Microsoft Visual Studio RAD Support - Buffer Overflow (MS03-051) (Metasploit) Microsoft Visual Studio RAD Support - Remote Buffer Overflow Microsoft Visual Studio RAD Support - Remote Buffer Overflow (MS03-051) (Metasploit) Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Buffer Overflow Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Remote Buffer Overflow xloadimage 4.1 - Buffer Overflow xloadimage 4.1 - Remote Buffer Overflow NCSA HTTPd 1.x - Buffer Overflow (1) NCSA HTTPd 1.x - Buffer Overflow (2) NCSA HTTPd 1.x - Remote Buffer Overflow (1) NCSA HTTPd 1.x - Remote Buffer Overflow (2) AOLServer 3 - 'Authentication String' Buffer Overflow (1) AOLServer 3 - 'Authentication String' Buffer Overflow (2) AIX 4.1/4.2 - 'pdnsd' Buffer Overflow AOLServer 3 - 'Authentication String' Remote Buffer Overflow (1) AOLServer 3 - 'Authentication String' Remote Buffer Overflow (2) AIX 4.1/4.2 - 'pdnsd' Remote Buffer Overflow EFTP 2.0.7 337 - Buffer Overflow Code Execution / Denial of Service EFTP 2.0.7 337 - Remote Buffer Overflow Code Execution / Denial of Service Oracle9iAS Web Cache 2.0 - Buffer Overflow Oracle9iAS Web Cache 2.0 - Remote Buffer Overflow Ipswitch WS_FTP Server 1.0.x/2.0.x - 'STAT' Buffer Overflow Ipswitch WS_FTP Server 1.0.x/2.0.x - 'STAT' Remote Buffer Overflow ActivePerl 5.6.1 - 'perlIIS.dll' Buffer Overflow (1) ActivePerl 5.6.1 - 'perlIIS.dll' Buffer Overflow (2) ActivePerl 5.6.1 - 'perlIIS.dll' Buffer Overflow (3) ActivePerl 5.6.1 - 'perlIIS.dll' Remote Buffer Overflow (1) ActivePerl 5.6.1 - 'perlIIS.dll' Remote Buffer Overflow (2) ActivePerl 5.6.1 - 'perlIIS.dll' Remote Buffer Overflow (3) Solaris 2.x/7.0/8 - Derived 'login' Buffer Overflow Solaris 2.x/7.0/8 - Derived 'login' Remote Buffer Overflow BrowseFTP Client 1.62 - Buffer Overflow BrowseFTP Client 1.62 - Remote Buffer Overflow Boozt 0.9.8 - Buffer Overflow Boozt 0.9.8 - Remote Buffer Overflow John Roy Pi3Web 2.0 For Windows - Buffer Overflow John Roy Pi3Web 2.0 For Windows - Remote Buffer Overflow Phusion WebServer 1.0 - 'URL' Buffer Overflow Phusion WebServer 1.0 - 'URL' Remote Buffer Overflow Essentia Web Server 2.1 - 'URL' Buffer Overflow Essentia Web Server 2.1 - 'URL' Remote Buffer Overflow Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (1) Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (2) Matu FTP Server 1.13 - Buffer Overflow Youngzsoft CMailServer 3.30/4.0 - Remote Buffer Overflow (1) Youngzsoft CMailServer 3.30/4.0 - Remote Buffer Overflow (2) Matu FTP Server 1.13 - Remote Buffer Overflow Microsoft Internet Explorer 5/6 / Microsoft ISA Server 2000 / Microsoft Proxy Server 2.0 Gopher Client - Buffer Overflow Microsoft Internet Explorer 5/6 / Microsoft ISA Server 2000 / Microsoft Proxy Server 2.0 Gopher Client - Remote Buffer Overflow ATPhttpd 0.4b - Buffer Overflow ATPhttpd 0.4b - Remote Buffer Overflow Trillian 0.x IRC Module - Buffer Overflow Trillian 0.x IRC Module - Remote Buffer Overflow Avaya WinPMD UniteHostRouter - Buffer Overflow (Metasploit) Avaya WinPMD UniteHostRouter - Remote Buffer Overflow (Metasploit) ghttpd 1.4.x - 'Log()' Buffer Overflow ghttpd 1.4.x - 'Log()' Remote Buffer Overflow TFTPD32 2.50 - 'Filename' Buffer Overflow TFTPD32 2.50 - 'Filename' Remote Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Remote Buffer Overflow PGP4Pine 1.75.6/1.76 - 'Message Line' Buffer Overflow PGP4Pine 1.75.6/1.76 - 'Message Line' Remote Buffer Overflow Freefloat FTP Server - 'PUT' Buffer Overflow Freefloat FTP Server - 'PUT' Remote Buffer Overflow Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (4) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Remote Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Remote Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Remote Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Remote Buffer Overflow (4) Aladdin Knowledge System Ltd - 'ChooseFilePath' Buffer Overflow (Metasploit) Aladdin Knowledge System Ltd - 'ChooseFilePath' Remote Buffer Overflow (Metasploit) HP Intelligent Management Center UAM - Buffer Overflow (Metasploit) HP Intelligent Management Center UAM - Remote Buffer Overflow (Metasploit) Microsoft Internet Explorer 5 - Remote 'URLMON.dll' Buffer Overflow Microsoft Internet Explorer 5 - Remote 'URLMON.dll' Remote Buffer Overflow Yahoo! Voice Chat ActiveX Control 1.0.0.43 - Buffer Overflow Yahoo! Voice Chat ActiveX Control 1.0.0.43 - Remote Buffer Overflow MNOGoSearch 3.1.20 - 'search.cgi?UL' Buffer Overflow (1) MNOGoSearch 3.1.20 - 'search.cgi?UL' Buffer Overflow (2) MNOGoSearch 3.1.20 - 'search.cgi?UL' Remote Buffer Overflow (1) MNOGoSearch 3.1.20 - 'search.cgi?UL' Remote Buffer Overflow (2) Alt-N WebAdmin 2.0.x - 'USER' Buffer Overflow (1) Alt-N WebAdmin 2.0.x - 'USER' Buffer Overflow (2) Alt-N WebAdmin 2.0.x - 'USER' Remote Buffer Overflow (1) Alt-N WebAdmin 2.0.x - 'USER' Remote Buffer Overflow (2) Freefloat FTP Server - 'USER' Buffer Overflow Freefloat FTP Server - 'USER' Remote Buffer Overflow PLD Software Ebola 0.1.4 - Buffer Overflow PLD Software Ebola 0.1.4 - Remote Buffer Overflow Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server - Buffer Overflow Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server - Remote Buffer Overflow Metamail 2.7 - Multiple Buffer Overflow/Format String Handling Vulnerabilities Metamail 2.7 - Multiple Buffer Overflow / Format String Handling Vulnerabilities Enterasys NetSight - 'nssyslogd.exe' Buffer Overflow (Metasploit) Enterasys NetSight - 'nssyslogd.exe' Remote Buffer Overflow (Metasploit) LHA 1.x - Buffer Overflow / Directory Traversal LHA 1.x - Remote Buffer Overflow / Directory Traversal Novell eDirectory 8 - Buffer Overflow (Metasploit) Novell eDirectory 8 - Remote Buffer Overflow (Metasploit) Citadel/UX 5.9/6.x - 'Username' Buffer Overflow (1) Citadel/UX 5.9/6.x - 'Username' Buffer Overflow (2) Citadel/UX 5.9/6.x - 'Username' Remote Buffer Overflow (1) Citadel/UX 5.9/6.x - 'Username' Remote Buffer Overflow (2) Freefloat FTP Server 1.0 - 'Raw' Buffer Overflow Freefloat FTP Server 1.0 - 'Raw' Remote Buffer Overflow Raven Software Soldier Of Fortune 2 - Buffer Overflow Raven Software Soldier Of Fortune 2 - Remote Buffer Overflow Cool PDF Image Stream - Buffer Overflow (Metasploit) Cool PDF Image Stream - Remote Buffer Overflow (Metasploit) KNet Web Server 1.04b - Buffer Overflow (SEH) BigAnt Server 2.97 - DDNF 'Username' Buffer Overflow KNet Web Server 1.04b - Remote Buffer Overflow (SEH) BigAnt Server 2.97 - DDNF 'Username' Remote Buffer Overflow MinaliC WebServer 2.0.0 - Buffer Overflow MinaliC WebServer 2.0.0 - Remote Buffer Overflow 2Fax 3.0 Tab Expansion - Buffer Overflow 2Fax 3.0 Tab Expansion - Remote Buffer Overflow Light HTTPD 0.1 (Windows) - Buffer Overflow Light HTTPD 0.1 (Windows) - Remote Buffer Overflow PGN2WEB 0.3 - Buffer Overflow PGN2WEB 0.3 - Remote Buffer Overflow Mesh Viewer 0.2.2 - Buffer Overflow Mesh Viewer 0.2.2 - Remote Buffer Overflow CSV2XML 0.5.1 - Buffer Overflow CSV2XML 0.5.1 - Remote Buffer Overflow PCAL 4.x - Calendar File 'getline' Buffer Overflow PCAL 4.x - Calendar File 'get_holiday' Buffer Overflow PCAL 4.x - Calendar File 'getline' Remote Buffer Overflow PCAL 4.x - Calendar File 'get_holiday' Remote Buffer Overflow Microsoft MSN Messenger 6.2.0137 - '.png' Buffer Overflow Microsoft MSN Messenger 6.2.0137 - '.png' Remote Buffer Overflow Convert-UUlib 1.04/1.05 Perl Module - Buffer Overflow Convert-UUlib 1.04/1.05 Perl Module - Remote Buffer Overflow Clever's Games Terminator 3: War of the Machines 1.16 Server - Buffer Overflow Clever's Games Terminator 3: War of the Machines 1.16 Server - Remote Buffer Overflow PCMan FTP Server 2.0.7 - Buffer Overflow PCMan FTP Server 2.0.7 - Remote Buffer Overflow PCMan FTP Server 2.07 - 'PASS' Buffer Overflow PCMan FTP Server 2.07 - 'PASS' Remote Buffer Overflow MinaliC WebServer 2.0.0 - Buffer Overflow (Egghunter) MinaliC WebServer 2.0.0 - Remote Buffer Overflow (Egghunter) Intrasrv 1.0 - Buffer Overflow (Metasploit) Intrasrv 1.0 - Remote Buffer Overflow (Metasploit) PCMan FTP Server 2.07 - 'STOR' Buffer Overflow PCMan FTP Server 2.07 - 'STOR' Remote Buffer Overflow freeFTPd 1.0.10 - 'PASS' Buffer Overflow (SEH) freeFTPd 1.0.10 - 'PASS' Remote Buffer Overflow (SEH) freeFTPd 1.0.10 - 'PASS' Buffer Overflow (SEH) (Metasploit) freeFTPd 1.0.10 - 'PASS' Remote Buffer Overflow (SEH) (Metasploit) freeFTPd 1.0.10 - 'PASS' Buffer Overflow (Metasploit) freeFTPd 1.0.10 - 'PASS' Remote Buffer Overflow (Metasploit) NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Buffer Overflow NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow Supermicro Onboard IPMI - 'close_window.cgi' Buffer Overflow (Metasploit) Supermicro Onboard IPMI - 'close_window.cgi' Remote Buffer Overflow (Metasploit) PHP 5.1.6 - 'Imap_Mail_Compose()' Buffer Overflow PHP 5.1.6 - 'Imap_Mail_Compose()' Remote Buffer Overflow LANDesk Management Suite 8.7 Alert Service - 'AOLSRVR.exe' Buffer Overflow LANDesk Management Suite 8.7 Alert Service - 'AOLSRVR.exe' Remote Buffer Overflow BlueSkyChat ActiveX Control 8.1.2 - Buffer Overflow BlueSkyChat ActiveX Control 8.1.2 - Remote Buffer Overflow OpenBase 10.0.x - Buffer Overflow / Remote Command Execution OpenBase 10.0.x - Remote Buffer Overflow / Remote Command Execution GlobalLink 'GLChat.ocx' 2.5.1 - ActiveX Control 'ChatRoom()' Buffer Overflow GlobalLink 'GLChat.ocx' 2.5.1 - ActiveX Control 'ChatRoom()' Remote Buffer Overflow LamaHub 0.0.6.2 - Buffer Overflow LamaHub 0.0.6.2 - Remote Buffer Overflow WinComLPD Total 3.0.2.623 - Buffer Overflow / Authentication Bypass WinComLPD Total 3.0.2.623 - Remote Buffer Overflow / Authentication Bypass PCMan FTP Server 2.07 - 'ABOR' Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Buffer Overflow PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Remote Buffer Overflow haneWIN DNS Server 1.5.3 - Buffer Overflow (SEH) haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (SEH) Ghostscript 8.0.1/8.15 - 'zseticcspace()' Buffer Overflow Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow PECL 3.0.x - Alternative PHP Cache Extension 'apc_search_paths()' Buffer Overflow PECL 3.0.x - Alternative PHP Cache Extension 'apc_search_paths()' Remote Buffer Overflow PCMan FTP Server 2.07 - Buffer Overflow PCMan FTP Server 2.07 - Remote Buffer Overflow Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Remote Buffer Overflow (Metasploit) Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Remote Buffer Overflow (Metasploit) Novell ZENworks Desktop Management 6.5 - ActiveX Control 'CanUninstall()' Buffer Overflow Novell ZENworks Desktop Management 6.5 - ActiveX Control 'CanUninstall()' Remote Buffer Overflow Hummingbird HostExplorer 6.2/8.0 - ActiveX Control 'PlainTextPassword()' Buffer Overflow Hummingbird HostExplorer 6.2/8.0 - ActiveX Control 'PlainTextPassword()' Remote Buffer Overflow PyCrypto ARC2 Module - Buffer Overflow PyCrypto ARC2 Module - Remote Buffer Overflow Novell eDirectory 8.8 - '/dhost/modules?I:' Buffer Overflow Novell eDirectory 8.8 - '/dhost/modules?I:' Remote Buffer Overflow SmartVMD 1.3 - ActiveX Control 'VideoMovementDetection.dll' Buffer Overflow SmartVMD 1.3 - ActiveX Control 'VideoMovementDetection.dll' Remote Buffer Overflow Yokogawa CS3000 - 'BKESimmgr.exe' Buffer Overflow (Metasploit) Yokogawa CS3000 - 'BKESimmgr.exe' Remote Buffer Overflow (Metasploit) Xfig and Transfig 3.2.5 - '.fig' Buffer Overflow Xfig and Transfig 3.2.5 - '.fig' Remote Buffer Overflow Ericom AccessNow Server - Buffer Overflow (Metasploit) Ericom AccessNow Server - Remote Buffer Overflow (Metasploit) WinSoftMagic Photo Editor - '.png' Buffer Overflow WinSoftMagic Photo Editor - '.png' Remote Buffer Overflow D-Link Devices - 'Authentication.cgi' Buffer Overflow (Metasploit) D-Link Devices - 'hedwig.cgi' Buffer Overflow in Cookie Header (Metasploit) D-Link Devices - 'Authentication.cgi' Remote Buffer Overflow (Metasploit) D-Link Devices - 'hedwig.cgi' Remote Buffer Overflow in Cookie Header (Metasploit) Serenity Audio Player 3.2.3 - '.m3u' Buffer Overflow Serenity Audio Player 3.2.3 - '.m3u' Buffer Overflow (Metasploit) Serenity Audio Player 3.2.3 - '.m3u' Remote Buffer Overflow Serenity Audio Player 3.2.3 - '.m3u' Remote Buffer Overflow (Metasploit) X-Motor Racing 1.26 - Buffer Overflow / Multiple Denial of Service Vulnerabilities X-Motor Racing 1.26 - Remote Buffer Overflow / Multiple Denial of Service Vulnerabilities Yokogawa CS3000 - 'BKFSim_vhfd.exe' Buffer Overflow (Metasploit) Yokogawa CS3000 - 'BKFSim_vhfd.exe' Remote Buffer Overflow (Metasploit) Enemy Territory: Quake Wars 1.5.12642.33243 - Buffer Overflow Enemy Territory: Quake Wars 1.5.12642.33243 - Remote Buffer Overflow Mozilla Firefox and SeaMonkey Plugin Parameters - Buffer Overflow Mozilla Firefox and SeaMonkey Plugin Parameters - Remote Buffer Overflow Kolibri WebServer 2.0 - Buffer Overflow (EMET 5.0 / EMET 4.1 Partial Bypass) Kolibri WebServer 2.0 - Remote Buffer Overflow (EMET 5.0 / EMET 4.1 Partial Bypass) Belkin N750 - 'jump?login' Buffer Overflow Belkin N750 - 'jump?login' Remote Buffer Overflow ESTsoft ALZip 8.12.0.3 - '.zip' Buffer Overflow ESTsoft ALZip 8.12.0.3 - '.zip' Remote Buffer Overflow Monkey's Audio - '.ape' Buffer Overflow Monkey's Audio - '.ape' Remote Buffer Overflow Microsoft Excel - Buffer Overflow Microsoft Excel - Remote Buffer Overflow OpenMyZip 0.1 - '.zip' Buffer Overflow OpenMyZip 0.1 - '.zip' Remote Buffer Overflow Achat 0.150 beta7 - Buffer Overflow (Metasploit) Achat 0.150 beta7 - Remote Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'MKD' Buffer Overflow PCMan FTP Server 2.0.7 - 'MKD' Remote Buffer Overflow WebDrive 12.2 (Build #4172) - Buffer Overflow (PoC) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow (PoC) FileZilla Client 2.2.x - Buffer Overflow (SEH) PCMan FTP Server 2.0.7 - 'PUT' Buffer Overflow FileZilla Client 2.2.x - Remote Buffer Overflow (SEH) PCMan FTP Server 2.0.7 - 'PUT' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow Achat 0.150 beta7 - Buffer Overflow Achat 0.150 beta7 - Remote Buffer Overflow AVM FRITZ!Box < 6.30 - Buffer Overflow AVM FRITZ!Box < 6.30 - Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow (Metasploit) Poison Ivy 2.1.x (C2 Server) - Buffer Overflow (Metasploit) Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit) TFTP Server 1.4 - 'WRQ' Buffer Overflow (Egghunter) TFTP Server 1.4 - 'WRQ' Remote Buffer Overflow (Egghunter) Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow VX Search Enterprise 9.0.26 - 'Login' Buffer Overflow Sync Breeze Enterprise 8.9.24 - 'Login' Buffer Overflow Dup Scout Enterprise 9.0.28 - 'Login' Buffer Overflow Disk Sorter Enterprise 9.0.24 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.0.32 - 'Login' Buffer Overflow Disk Pulse Enterprise 9.0.34 - 'Login' Remote Buffer Overflow VX Search Enterprise 9.0.26 - 'Login' Remote Buffer Overflow Sync Breeze Enterprise 8.9.24 - 'Login' Remote Buffer Overflow Dup Scout Enterprise 9.0.28 - 'Login' Remote Buffer Overflow Disk Sorter Enterprise 9.0.24 - 'Login' Remote Buffer Overflow Disk Savvy Enterprise 9.0.32 - 'Login' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'DELETE' Buffer Overflow Freefloat FTP Server 1.0 - 'ABOR' Buffer Overflow Freefloat FTP Server 1.0 - 'RMD' Buffer Overflow Freefloat FTP Server 1.0 - 'HOST' Buffer Overflow PCMan FTP Server 2.0.7 - 'DELETE' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'ABOR' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'RMD' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'HOST' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'RENAME' Buffer Overflow PCMan FTP Server 2.0.7 - 'UMASK' Buffer Overflow Freefloat FTP Server 1.0 - 'DIR' Buffer Overflow Freefloat FTP Server 1.0 - 'RENAME' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'UMASK' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'DIR' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'ACCT' Buffer Overflow Freefloat FTP Server 1.0 - 'SITE ZONE' Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Buffer Overflow PCMan FTP Server 2.0.7 - 'ACCT' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'SITE ZONE' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Remote Buffer Overflow Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow' (Metasploit) Disk Pulse Enterprise 9.0.34 - 'Login' Remote Buffer Overflow (Metasploit) VX Search Enterprise 9.1.12 - 'Login' Buffer Overflow Sync Breeze Enterprise 9.1.16 - 'Login' Buffer Overflow Disk Sorter Enterprise 9.1.12 - 'Login' Buffer Overflow Dup Scout Enterprise 9.1.14 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'Login' Buffer Overflow Disk Pulse Enterprise 9.1.16 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow VX Search Enterprise 9.1.12 - 'Login' Remote Buffer Overflow Sync Breeze Enterprise 9.1.16 - 'Login' Remote Buffer Overflow Disk Sorter Enterprise 9.1.12 - 'Login' Remote Buffer Overflow Dup Scout Enterprise 9.1.14 - 'Login' Remote Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'Login' Remote Buffer Overflow Disk Pulse Enterprise 9.1.16 - 'Login' Remote Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'GET' Remote Buffer Overflow Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH) DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow Dup Scout Enterprise 9.1.14 - Remote Buffer Overflow (SEH) DiskBoss Enterprise 7.4.28 - 'GET' Remote Buffer Overflow DiskBoss Enterprise 7.5.12 - 'POST' Buffer Overflow (SEH) DiskBoss Enterprise 7.5.12 - 'POST' Remote Buffer Overflow (SEH) WinaXe Plus 8.7 - Buffer Overflow WinaXe Plus 8.7 - Remote Buffer Overflow Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH) Disk Savvy Enterprise 9.4.18 - Remote Buffer Overflow (SEH) SysGauge 1.5.18 - Buffer Overflow SysGauge 1.5.18 - Remote Buffer Overflow FTPShell Client 6.53 - Buffer Overflow Azure Data Expert Ultimate 2.2.16 - Buffer Overflow FTPShell Client 6.53 - Remote Buffer Overflow Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow Disk Sorter Enterprise 9.5.12 - 'GET' Buffer Overflow (SEH) Disk Sorter Enterprise 9.5.12 - 'GET' Remote Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET 'PassWD' Remote Buffer Overflow (SEH) Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Buffer Overflow Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH) Sync Breeze Enterprise 9.5.16 - 'GET' Remote Buffer Overflow (SEH) LabF nfsAxe 3.7 FTP Client - Buffer Overflow (SEH) LabF nfsAxe 3.7 FTP Client - Remote Buffer Overflow (SEH) EFS Easy Chat Server 3.1 - Buffer Overflow (SEH) EFS Easy Chat Server 3.1 - Remote Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow Easy File Sharing Web Server 7.2 - 'POST' Remote Buffer Overflow Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow (DEP Bypass) SpyCamLizard 1.230 - Buffer Overflow Easy File Sharing Web Server 7.2 - 'POST' Remote Buffer Overflow (DEP Bypass) SpyCamLizard 1.230 - Remote Buffer Overflow Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (DEP Bypass) Easy File Sharing Web Server 7.2 - GET 'PassWD' Remote Buffer Overflow (DEP Bypass) FTPGetter 5.89.0.85 - Buffer Overflow (SEH) FTPGetter 5.89.0.85 - Remote Buffer Overflow (SEH) DiskBoss Enterprise 8.2.14 - Buffer Overflow DiskBoss Enterprise 8.2.14 - Remote Buffer Overflow Dup Scout Enterprise 9.9.14 - Buffer Overflow (SEH) Disk Savvy Enterprise 9.9.14 - Buffer Overflow (SEH) Sync Breeze Enterprise 9.9.16 - Buffer Overflow (SEH) Disk Pulse Enterprise 9.9.16 - Buffer Overflow (SEH) Dup Scout Enterprise 9.9.14 - Remote Buffer Overflow (SEH) Disk Savvy Enterprise 9.9.14 - Remote Buffer Overflow (SEH) Sync Breeze Enterprise 9.9.16 - Remote Buffer Overflow (SEH) Disk Pulse Enterprise 9.9.16 - Remote Buffer Overflow (SEH) Gh0st Client (C2 Server) - Buffer Overflow (Metasploit) Gh0st Client (C2 Server) - Remote Buffer Overflow (Metasploit) Sielco Sistemi Winlog 2.07.16 - Buffer Overflow (Metasploit) Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow (Metasploit) Lockstep Backup for Workgroups 4.0.3 - Buffer Overflow (Metasploit) Disk Pulse Server 2.2.34 - 'GetServerInfo' Buffer Overflow (Metasploit) haneWIN DNS Server 1.5.3 - Buffer Overflow (Metasploit) Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow (Metasploit) Disk Pulse Server 2.2.34 - 'GetServerInfo' Remote Buffer Overflow (Metasploit) haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (Metasploit) Sync Breeze Enterprise 10.0.28 - Buffer Overflow Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow VX Search Enterprise 10.1.12 - Buffer Overflow Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit) VX Search Enterprise 10.1.12 - Remote Buffer Overflow Sync Breeze Enterprise 10.1.16 - Remote Buffer Overflow (SEH) (Metasploit) Ayukov NFTP FTP Client < 2.0 - Buffer Overflow Ayukov NFTP FTP Client < 2.0 - Remote Buffer Overflow Avaya OfficeScan (IPO) < 10.1 - 'SoftConsole' Buffer Overflow (SEH) Avaya OfficeScan (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH) Dup Scout Enterprise 10.0.18 - 'Login' Buffer Overflow Sync Breeze Enterprise 10.1.16 - 'POST' Buffer Overflow Dup Scout Enterprise 10.0.18 - 'Login' Remote Buffer Overflow Sync Breeze Enterprise 10.1.16 - 'POST' Remote Buffer Overflow	2017-11-24 05:02:25 +00:00
Offensive Security	6f71665f8a	DB: 2017-11-23 ... 28 new exploits Apache 2.0.45 - 'APR' Crash IPD (Integrity Protection Driver) - Denial of Service Ubuntu 6.06 DHCPd - Remote Denial of Service Ubuntu 6.06 - DHCPd Remote Denial of Service Core FTP LE 2.1 build 1612 - Local Buffer Overflow (PoC) CuteFTP 8.3.3 - 'create new site' Local Buffer Overflow (PoC) Adobe Reader - Escape From '.PDF' Oracle Solaris - 'su' Crash SunOS 4.1.3 - kmem setgid /etc/crash Solaris 2.5.1 - 'Ping' System Panic (Denial of Service) Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1) - IP Options Linux Kernel 2.0/2.1/2.2 - 'autofs' Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / SuSE Linux 6.1) - IP Options Linux Kernel 2.0/2.1/2.2 - 'autofs' Denial of Service S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service SuSE Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize' Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize' (Denial of Service) Adobe Flash - Use-After-Free in Drawing Methods 'this' Adobe Flash - Drawing Methods 'this' Use-After-Free Symantec AntiVirus - Integer Overflow in TNEF Decoder Symantec AntiVirus - TNEF Decoder Integer Overflow Apple iOS/macOS - NSKeyedArchiver Heap Corruption Due to Rounding Error in 'TIKeyboardLayout initWithCoder:' Apple iOS/macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in 'CAMediaTimingFunctionBuiltin' Apple iOS/macOS - 'TIKeyboardLayout initWithCoder:' NSKeyedArchiver Heap Corruption Due to Rounding Error Apple iOS/macOS - 'CAMediaTimingFunctionBuiltin' NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking Microsoft Edge Chakra - Incorrect Usage of 'PushPopFrameHelper' in 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Microsoft Edge Chakra - Incorrect Usage of 'TryUndeleteProperty' Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrect Usage of 'PushPopFrameHelper' (Denial of Service) Microsoft Edge Chakra - 'TryUndeleteProperty' Incorrect Usage (Denial of Service) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath' Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow' Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath' (Denial of Service) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow' (Denial of Service) Microsoft Edge Chakra - 'Parser::ParseCatch' does not Handle 'eval' Microsoft Edge Chakra - 'Parser::ParseCatch' Does Not Handle 'eval()' (Denial of Service) Microsoft Edge Chakra - Accesses to Uninitialized Pointers in 'StackScriptFunction::BoxState::Box' Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service) Xen - Unbounded Recursion in Pagetable De-typing Xen - Pagetable De-typing Unbounded Recursion Vonage VDV-23 - Denial of Service WebKit - 'WebCore::TreeScope::documentScope' Use-After-Free WebKit - 'WebCore::InputType::element' Use-After-Free WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free WebKit - 'WebCore::AXObjectCache::performDeferredCacheUpdate' Use-After-Free WebKit - 'WebCore::RenderText::localCaretRect' Out-of-Bounds Read WebKit - 'WebCore::SimpleLineLayout::RunResolver::runForPoint' Out-of-Bounds Read WebKit - 'WebCore::SVGPatternElement::collectPatternAttributes' Out-of-Bounds Read WebKit - 'WebCore::Style::TreeResolver::styleForElement' Use-After-Free WebKit - 'WebCore::DocumentLoader::frameLoader' Use-After-Free WebKit - 'WebCore::RenderObject::previousSibling' Use-After-Free WebKit - 'WebCore::FormSubmission::create' Use-After-Free IBM DB2 - Universal Database 7.2 'db2licm' Local IBM DB2 - Universal Database 7.2 'db2licm' Local Overflow OpenBSD - 'ibcs2_exec' Kernel Local OpenBSD - 'ibcs2_exec' Kernel Code Execution SuSE Linux 9.0 - YaST Configuration Skribt Local SuSE Linux 9.0 - YaST Configuration Skribt Overwrite Files BSDi 3.0/4.0 - rcvtty[mh] Local BSDi 3.0/4.0 - 'rcvtty[mh]' Privilege Escalation Solaris locale - Format Strings 'noexec stack' Solaris 2.6/7.0 - 'locale' Format Strings noexec stack Overflow RedHat 6.1 man - 'egid 15' Local RedHat 6.1 - 'man' Local Overflow / Privilege Escalation splitvt < 1.6.5 - Local splitvt < 1.6.5 - Overflow IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Privilege Escalation Slackware 7.1 - '/usr/bin/mail' Local Slackware 7.1 - '/usr/bin/mail' Privilege Escalation GLIBC 2.1.3 - LD_PRELOAD Local GLIBC 2.1.3 - 'LD_PRELOAD' Privilege Escalation Resolv+ (RESOLV_HOST_CONF) - Linux Library Local Resolv+ (RESOLV_HOST_CONF) - Linux Library Command Execution LibXt - 'XtAppInitialize()' Overflow *xterm LibXt - 'XtAppInitialize()' Local Overflow *xterm ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Overflow AOL Instant Messenger AIM - 'Away' Message Local OpenBSD - 'ftp' ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Local Overflow AOL Instant Messenger AIM - 'Away' Message Local Overflow OpenBSD - 'ftp' Local Overflow IPD (Integrity Protection Driver) - Local XV 3.x - '.BMP' Parsing Local Buffer Overflow htpasswd Apache 1.3.31 - Local htpasswd Apache 1.3.31 - Overflow GlobalScape - CuteFTP macros '.mcr' Local BSD bmon 1.2.1_2 - Local GlobalScape - CuteFTP macros '.mcr' Local File Write BSD bmon 1.2.1_2 - Local acls Bypass Microsoft Windows - Improper Token Validation Local Microsoft Windows - Improper Token Validation Privilege Escalation Apple iTunes - Playlist Parsing Local Buffer Overflow Setuid perl - 'PerlIO_Debug()' Overflow Setuid perl - 'PerlIO_Debug()' Local Overflow DelphiTurk e-Posta 1.0 - Local GNU a2ps - 'Anything to PostScript' Not SUID Local DelphiTurk e-Posta 1.0 - Credential Recover GNU a2ps - Anything to PostScript Not SUID Local Overflow GetDataBack Data Recovery 2.31 - Local GetDataBack Data Recovery 2.31 - Licence Recover Exim 4.41 - 'dns_build_reverse' Local Exim 4.41 - 'dns_build_reverse' Local Read Emails Willing Webcam 2.8 - Licence Information Disclosure Local Willing Webcam 2.8 - Licence Information Disclosure Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Overflow TIBCO Rendezvous 7.4.11 - Password Extractor Local TIBCO Rendezvous 7.4.11 - Password Extractor Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation XMPlay 3.3.0.4 - '.PLS' Local Buffer Overflow Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Local Apache 1.3.33/1.3.34 (Ubuntu / Debian) - CGI TTY Privilege Escalation Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Privilege Escalation Apache 1.3.34/1.3.33 (Ubuntu / Debian) - CGI TTY Privilege Escalation PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Overflow PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Overflow Microsoft Windows - Animated Cursor '.ani' Overflow (Hardware DEP) Microsoft Windows - Animated Cursor '.ani' Local Overflow (Hardware DEP) Oracle 10g R1 - 'pitrig_drop' PLSQL Injection 'get users hash' Oracle 10g R1 - 'PITRIG_TRUNCATE' PLSQL Injection 'get users hash' Oracle 10g R1 - 'pitrig_drop' Get Users Hash / PL/SQL Injection Oracle 10g R1 - 'PITRIG_TRUNCATE' Get Users Hash / PL/SQL Injection Debian XTERM - 'DECRQSS/comments' Debian XTERM - 'DECRQSS/comments' Code Execution BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Remote Overflow BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Local Overflow HyperVM - File Permissions Local HyperVM - File Permissions Credential Disclosure Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Remote Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Overflow VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Overflow VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Local Overflow Adobe Reader - Escape From '.PDF' Execute Embedded Executable Free MP3 CD Ripper 2.6 - '.wav' Free MP3 CD Ripper 2.6 - '.wav' Local Overflow GSM SIM Utility 5.15 - Direct RET Local GSM SIM Utility 5.15 - Direct RET Overflow Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram' Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram' Local Overflow Oracle Solaris - 'su' Local Viscom VideoEdit Gold ActiveX 8.0 - Remote Code Execution Viscom VideoEdit Gold ActiveX 8.0 - Code Execution Digital Music Pad 8.2.3.4.8 - '.pls' Overflow (SEH) Digital Music Pad 8.2.3.4.8 - '.pls' Local Overflow (SEH) Adobe Flash Player - 'Button' Remote Code Execution (Metasploit) Adobe Flash Player - 'Button' Arbitrary Code Execution (Metasploit) MPlayer Lite r33064 - '.m3u' Overflow (SEH) MPlayer Lite r33064 - '.m3u' Local Overflow (SEH) ACDSee FotoSlate - '.PLP' File 'id' Overflow (Metasploit) ACDSee FotoSlate - '.PLP' File 'id' Local Overflow (Metasploit) Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Overflow Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Local Overflow SunOS 4.1.3 - '/etc/crash' SetGID kmem Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Overflow / Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation Microsoft Windows - 'April Fools 2001' Microsoft Windows - 'April Fools 2001' Set Incorrect Date Solaris 2.5.1 - 'Ping' BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Overflow / Privilege Escalation (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1) Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking 'Save Password' Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking Save Password BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (3) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3) Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Decrypt Pages Solaris 7.0 - 'chkperm' Solaris 7.0 - 'chkperm' Privilege Escalation S.u.S.E. Linux 5.2 - 'gnuplot' S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation S.u.S.E. 5.2 - 'lpc' Privilege Escalation S.u.S.E Linux 5.2 - 'lpc' Privilege Escalation NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Read File SGI IRIX 6.0.1 - 'colorview' SGI IRIX 6.0.1 - 'colorview' Read Files SGI IRIX 6.2 - 'day5notifier' SGI IRIX 6.2 - 'day5notifier' Privilege Escalation SGI IRIX 6.4 - 'datman'/'cdman' SGI IRIX 6.4 - 'datman'/'cdman' Privilege Escalation SGI IRIX 6.4 - 'login' SGI IRIX 6.4 - 'login' Privilege Escalation SGI IRIX 6.4 - 'rmail' SGI IRIX 6.4 - 'rmail' Privilege Escalation SGI IRIX 5.1/5.2 - 'sgihelp' SGI IRIX 5.1/5.2 - 'sgihelp' Privilege Escalation Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (2) RedHat Linux 4.2/5.2/6.0 / S.u.S.E. Linux 6.0/6.1 - Cron Buffer Overflow (1) RedHat Linux 4.2/5.2/6.0 / S.u.S.E. Linux 6.0/6.1 - Cron Buffer Overflow (2) RedHat Linux 4.2/5.2/6.0 / S.u.S.E Linux 6.0/6.1 - Cron Buffer Overflow (1) RedHat Linux 4.2/5.2/6.0 / S.u.S.E Linux 6.0/6.1 - Cron Buffer Overflow (2) Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd' Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd' Privilege Escalation S.u.S.E. Linux 6.2 sscw - HOME Environment Variable Buffer Overflow SuSE Linux 6.2 sscw - HOME Environment Variable Buffer Overflow S.u.S.E. Linux 6.1/6.2 - 'cwdtools' SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation Solaris 7.0 - 'kcms_configure' Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation FreeBSD 3.3 - Seyon setgid Dialer FreeBSD 3.3 - Seyon SetGID Dialer SGI IRIX 6.2 - 'midikeys'/'soundplayer' SGI IRIX 6.2 - 'midikeys'/'soundplayer' Privilege Escalation Microsoft Windows 95/98/NT 4.0 - 'autorun.inf' FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Microsoft Windows 95/98/NT 4.0 - 'autorun.inf' Code Execution FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Privilege Escalation Corel Linux OS 1.0 - 'setxconf' Corel Linux OS 1.0 - 'setxconf' Privilege Escalation Halloween Linux 4.0 / S.u.S.E. Linux 6.0/6.1/6.2/6.3 - 'kreatecd' Halloween Linux 4.0 / SuSE Linux 6.0/6.1/6.2/6.3 - 'kreatecd' Privilege Escalation S.u.S.E. Linux 6.x - Arbitrary File Deletion SuSE Linux 6.x - Arbitrary File Deletion S.u.S.E. Linux 6.3/6.4 Gnomelib - Buffer Overflow SuSE Linux 6.3/6.4 Gnomelib - Buffer Overflow RedHat Linux 6.0/6.1/6.2 - 'pam_console' RedHat Linux 6.0/6.1/6.2 - 'pam_console' Monitor Activity After Logout S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2) S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3) CVSWeb Developer CVSWeb 1.80 - Insecure perl 'open' CVSWeb Developer CVSWeb 1.80 - Insecure Perl 'open' Code Execution Netscape iCal 2.1 Patch2 - iPlanet iCal 'csstart' Netscape iCal 2.1 Patch2 - iPlanet iCal 'csstart' Privilege Escalation Debian 2.2 / S.u.S.E 6.3/6.4/7.0 - man '-l' Format String Debian 2.2 / Su.S.E 6.3/6.4/7.0 - man '-l' Format String Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / SuSE Linux 6.x/7.0/7.1 - 'Man -S' Heap Overflow S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Shell Definition Format String S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Buffer Overflow SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Shell Definition Format String SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Buffer Overflow SCO OpenServer 5.0.x - 'mana' REMOTE_ADDR Authentication Bypass SCO OpenServer 5.0.x - 'mana' 'REMOTE_ADDR' Authentication Bypass Samhain Labs 1.x - HSFTP Remote Format String Inmatrix Ltd. Zoom Player 8.5 - '.jpeg' Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'File Memory Corruption / Arbitrary Code Execution LiquidXML Studio 2010 - ActiveX Remote LiquidXML Studio 2010 - ActiveX Code Execution HexChat 2.9.4 - Local HexChat 2.9.4 - Overflow Winamp 5.63 - 'winamp.ini' Local Winamp 5.63 - 'winamp.ini' Local Overflow Apple 2.0.4 - Safari Local Apple 2.0.4 - Safari Local Cross-Site Scripting Gold MP4 Player - '.swf' Local Gold MP4 Player - '.swf' Local Overflow Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr SetGID Privilege Escalation Linux Kernel - 'offset2lib Stack Clash' Linux Kernel - 'offset2lib' Stack Clash Microsoft IIS - WebDAV 'ntdll.dll' Remote Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow Microsoft Windows 2000/XP - SMB Authentication Remote Microsoft Windows 2000/XP - SMB Authentication Remote Overflow Apache 2.0.45 - 'APR' Remote Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Overflow Microsoft Windows Media Services - 'nsiislog.dll' Remote Microsoft Windows Media Services - 'nsiislog.dll' Remote Overflow Citadel/UX BBS 6.07 - Remote Citadel/UX BBS 6.07 - Remote Overflow NIPrint LPD-LPR Print Server 4.10 - Remote NIPrint LPD-LPR Print Server 4.10 - Remote Overflow IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Overflow Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Overflow RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Overflow INND/NNRP < 1.6.x - Overflow INND/NNRP < 1.6.x - Remote Overflow OpenBSD ftpd 2.6/2.7 - Remote OpenBSD ftpd 2.6/2.7 - Remote Overflow IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote Overflow Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Overflow OpenFTPd 0.30.2 - Remote OpenFTPd 0.30.2 - Remote Overflow WU-IMAP 2000.287(1-2) - Remote WU-IMAP 2000.287(1-2) - Remote Overflow XV 3.x - '.BMP' Parsing Local Buffer Overflow PHP 4.3.7/5.0.0RC3 - memory_limit Remote PHP 4.3.7/5.0.0RC3 - 'memory_limit' Remote Overflow SHOUTcast DNAS/Linux 1.9.4 - Format String Remote SHOUTcast DNAS/Linux 1.9.4 - Format String Remote Overflow Apple iTunes - Playlist Parsing Local Buffer Overflow 3CServer 1.1 (FTP Server) - Remote 3CServer 1.1 (FTP Server) - Remote Overflow SHOUTcast 1.9.4 (Windows) - File Request Format String Remote SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Overflow LimeWire 4.1.2 < 4.5.6 - 'GET' Remote LimeWire 4.1.2 < 4.5.6 - 'GET' Remote File Read Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote Overflow MailEnable Enterprise 1.x - IMAPd Remote MailEnable Enterprise 1.x - IMAPd Remote Overflow Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow HP OpenView OmniBack II - Generic Remote HP OpenView OmniBack II - Generic Remote Command Execution CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote Overflow CA BrightStor ARCserve Backup - Overflow CA BrightStor ARCserve Backup - Remote Overflow HP OpenView Network Node Manager 7.50 - Remote DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote HP OpenView Network Node Manager 7.50 - Remote Command Execution DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote Overflow Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote Command Execution Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Command Execution Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote Command Execution Mercury Mail Transport System 4.01b - PH SERVER Remote Mercury Mail Transport System 4.01b - PH SERVER Remote Overflow Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote File System Access XMPlay 3.3.0.4 - '.PLS' Local/Remote Buffer Overflow 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Remote Overflow Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Overflow Microsoft DNS Server - Dynamic DNS Updates Remote Microsoft DNS Server - Dynamic DNS Update/Change Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote Overflow IBM Lotus Domino Server 6.5 - Unauthenticated Remote IBM Lotus Domino Server 6.5 - Unauthenticated Remote Overflow Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote Overflow IBM Tivoli Provisioning Manager - Unauthenticated Remote IBM Tivoli Provisioning Manager - Unauthenticated Remote Overflow (Egghunter) HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' File Write Apache Tomcat Connector mod_jk - 'exec-shield' Remote Apache Tomcat Connector mod_jk - 'exec-shield' Remote Overflow NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Command Execution Lighttpd 1.4.16 - FastCGI Header Overflow Remote Lighttpd 1.4.16 - FastCGI Header Overflow Remote Command Execution Lighttpd 1.4.17 - FastCGI Header Overflow Remote Lighttpd 1.4.17 - FastCGI Header Overflow Arbitrary Code Execution SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution Move Networks Quantum Streaming Player - Overflow (SEH) Move Networks Quantum Streaming Player - Remote Overflow (SEH) Fonality trixbox - 'langChoice' Local File Inclusion (connect-back) (2) Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote File Download Sun Solaris 10 - snoop(1M) Utility Remote Sun Solaris 10 - snoop(1M) Utility Remote Command Execution NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Command Execution Autodesk DWF Viewer Control / LiveUpdate Module - Remote Autodesk DWF Viewer Control / LiveUpdate Module - Remote Code Execution Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Overflow Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Remote Overflow EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote Overflow Core FTP LE 2.1 build 1612 - Local Buffer Overflow (PoC) CuteFTP 8.3.3 - 'create new site' Local Buffer Overflow (PoC) Samba 2.2.x - 'nttrans' Overflow (Metasploit) Samba 2.2.x - 'nttrans' Remote Overflow (Metasploit) Unreal Tournament 2004 - 'Secure' Overflow (Metasploit) Unreal Tournament 2004 - 'Secure' Remote Overflow (Metasploit) BigAnt Server 2.52 - Overflow (SEH) BigAnt Server 2.52 - Remote Overflow (SEH) NetTransport Download Manager 2.90.510 - Overflow (SEH) NetTransport Download Manager 2.90.510 - Remote Overflow (SEH) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Overflow Xftp client 3.0 - 'PWD' Remote Xftp client 3.0 - 'PWD' Remote Overflow File Sharing Wizard 1.5.0 - Overflow (SEH) File Sharing Wizard 1.5.0 - Remote Overflow (SEH) Sun Java Web Server 7.0 u7 - Remote Sun Java Web Server 7.0 u7 - Remote Overflow Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Overflow Sun Java Web Server 7.0 u7 - Overflow (DEP Bypass) Sun Java Web Server 7.0 u7 - Remote Overflow (DEP Bypass) SopCast 3.2.9 - Remote SopCast 3.2.9 - Remote Command Execution Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Exeuction Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Remote Overflow Microsoft Data Access Components - Overflow (PoC) (MS11-002) Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote Microsoft Data Access Components - Remote Overflow (PoC) (MS11-002) Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Command Execution Samba 2.2.8 (Solaris SPARC) - 'trans2open' Overflow (Metasploit) Veritas Backup Exec Name Service - Overflow (Metasploit) Samba 2.2.8 (Solaris SPARC) - 'trans2open' Remote Overflow (Metasploit) Veritas Backup Exec Name Service - Remote Overflow (Metasploit) Microsoft Private Communications Transport - Overflow (MS04-011) (Metasploit) Microsoft Private Communications Transport - Remote Overflow (MS04-011) (Metasploit) Microsoft RRAS Service - Overflow (MS06-025) (Metasploit) Microsoft DNS RPC Service - 'extractQuotedChar()' Overflow 'SMB' (MS07-029) (Metasploit) Microsoft RRAS Service - Remote Overflow (MS06-025) (Metasploit) Microsoft DNS RPC Service - 'extractQuotedChar()' Remote Overflow 'SMB' (MS07-029) (Metasploit) Microsoft NetDDE Service - Overflow (MS04-031) (Metasploit) Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit) CA BrightStor Agent for Microsoft SQL - Overflow (Metasploit) CA BrightStor Agent for Microsoft SQL - Remote Overflow (Metasploit) CA BrightStor Universal Agent - Overflow (Metasploit) CA BrightStor Universal Agent - Remote Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Remote Overflow (Metasploit) Unreal Tournament 2004 (Windows) - 'secure' Overflow (Metasploit) Unreal Tournament 2004 (Windows) - 'secure' Remote Overflow (Metasploit) freeFTPd 1.0 - 'Username' Overflow (Metasploit) freeFTPd 1.0 - 'Username' Remote Overflow (Metasploit) War-FTPD 1.65 - 'Username' Overflow (Metasploit) War-FTPD 1.65 - 'Username' Remote Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit) 3Com 3CDaemon 2.0 FTP Server - 'Username' Remote Overflow (Metasploit) Microsoft RPC DCOM Interface - Overflow (MS03-026) (Metasploit) Microsoft RPC DCOM Interface - Remote Overflow (MS03-026) (Metasploit) MaxDB WebDBM - 'Database' Overflow (Metasploit) MaxDB WebDBM - 'Database' Remote Overflow (Metasploit) Savant Web Server 3.1 - Overflow (Metasploit) Savant Web Server 3.1 - Remote Overflow (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Overflow (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit) Unreal Tournament 2004 (Linux) - 'secure' Overflow (Metasploit) Unreal Tournament 2004 (Linux) - 'secure' Remote Overflow (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Remote Overflow (Metasploit) Samba 2.2.8 (OSX/PPC) - 'trans2open' Overflow (Metasploit) Samba 2.2.8 (OSX/PPC) - 'trans2open' Remote Overflow (Metasploit) Samba 2.2.8 (BSD x86) - 'trans2open' Overflow (Metasploit) Samba 2.2.8 (BSD x86) - 'trans2open' Remote Overflow (Metasploit) Progea Movicon 11 - 'TCPUploadServer' Remote Progea Movicon 11 - 'TCPUploadServer' Remote File System Easy File Sharing HTTP Server 7.2 - Overflow (SEH) (Metasploit) Easy File Sharing HTTP Server 7.2 - Remote Overflow (SEH) (Metasploit) Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Remote Overflow JBoss AS 2.0 - Remote JBoss AS 2.0 - Remote Command Execution WorldMail IMAPd 3.0 - Overflow (SEH) (Egghunter) WorldMail IMAPd 3.0 - Remote Overflow (SEH) (Egghunter) HP Diagnostics Server - 'magentservice.exe' Overflow (Metasploit) HP Diagnostics Server - 'magentservice.exe' Remote Overflow (Metasploit) Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Remote Overflow Adobe Flash Player - '.mp4 cprt' Overflow (Metasploit) Apache Tomcat - Account Scanner / 'PUT' Request Remote Adobe Flash Player - '.mp4 cprt' Remote Overflow (Metasploit) Apache Tomcat - Account Scanner / 'PUT' Request Command Execution McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Code Execution IRIX 6.4 - 'pfdisplay.cgi' IRIX 6.4 - 'pfdisplay.cgi' Code Execution SGI IRIX 6.3 - cgi-bin 'webdist.cgi' SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Command Execution Microsoft Internet Explorer 5 - ActiveX 'Object for constructing type libraries for scriptlets' Microsoft Internet Explorer 5 - ActiveX Object For Constructing Type Libraries For Scriptlets File Write Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog' Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog' Remote Overflow ALLMediaServer 0.8 - Overflow (SEH) ALLMediaServer 0.8 - Remote Overflow (SEH) S.u.S.E. Linux 6.3/6.4 - Installed Package Disclosure SuSE Linux 6.3/6.4 - Installed Package Disclosure Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Remote File Upload Samhain Labs 1.x - HSFTP Remote Format String GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Overflow GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Remote Overflow IBM Cognos - 'tm1admsd.exe' Overflow (Metasploit) IBM Cognos - 'tm1admsd.exe' Remote Overflow (Metasploit) Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Heap Spray Plesk < 9.5.4 - Remote Plesk < 9.5.4 - Remote Command Execution Microsoft PowerPoint 2003 - 'powerpnt.exe' Microsoft PowerPoint 2003 - 'powerpnt.exe' Remote Overflow HP LoadRunner - 'magentproc.exe' Overflow (Metasploit) HP LoadRunner - 'magentproc.exe' Remote Overflow (Metasploit) ImgSvr 0.6 - 'Template' Local File Inclusion Nginx 1.4.0 (Generic Linux x64) - Remote Nginx 1.4.0 (Generic Linux x64) - Remote Overflow Easy Internet Sharing Proxy Server 2.2 - Overflow (SEH) (Metasploit) Easy Internet Sharing Proxy Server 2.2 - Remote Overflow (SEH) (Metasploit) Oracle 9i/10g Database - Network Foundation Remote Oracle 9i/10g Database - Network Foundation Remote Overflow Yaws 1.55 - 'Terminal Escape Sequence in Logs' Command Injection Yaws 1.55 - 'Logs' Terminal Escape Sequence Command Injection Plesk Server Administrator (PSA) - 'locale' Local File Inclusion VSAT Sailor 900 - Remote VSAT Sailor 900 - Remote Overflow Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH) Easy File Sharing Web Server 7.2 - Remote Overflow (Egghunter) (SEH) TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote Command Execution Microsoft IIS - WebDav 'ScStoragePathFromUrl' Overflow (Metasploit) Microsoft IIS - WebDav 'ScStoragePathFromUrl' Remote Overflow (Metasploit) CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Code Execution phpBB 2.0.6 - 'search_id' SQL Injection MD5 Hash Remote PHP-Nuke 6.9 - 'cid' SQL Injection Remote phpBB 2.0.6 - 'search_id' SQL Injection / MD5 Hash PHP-Nuke 6.9 - 'cid' SQL Injection AWStats 5.0 < 6.3 - Input Validation Hole in 'logfile' AWStats 5.0 < 6.3 - 'logfile' File Inclusion / Command Execution PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote phpBB - highlight Arbitrary File Upload 'Santy.A' PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Information Leak phpBB < 2.0.10 - 'Santy.A Worm' 'highlight' Arbitrary File Upload e107 - 'include()' Remote e107 - 'include()' Remote File Upload phpBB 2.0.10 - Bot Install Altavista 'ssh.D.Worm' phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista PostNuke PostWrap Module - Remote PostNuke PostWrap Module - Remote File Inclusion / Code Execution phpBB 2.0.13 - 'downloads.php' mod Remote phpBB 2.0.13 - 'Calendar Pro' mod Remote phpBB 2.0.13 - 'downloads.php' mod Get Hash phpBB 2.0.13 - 'Calendar Pro' mod Get Hash PhotoPost - Arbitrary Data Remote PhotoPost - Arbitrary Data Hash eXtropia Shopping Cart - 'web_store.cgi' Remote Mambo 4.5.2.1 - Fetch Password Hash Remote eXtropia Shopping Cart - 'web_store.cgi' Remote Command Execution Mambo 4.5.2.1 - Fetch Password Hash Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Overwrite Remote Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Remote Command Execution vuBB 0.2 - 'cookie' Final SQL Injection 'mq=off' vuBB 0.2 Final - 'cookie' SQL Injection JiRos Banner Experience 1.0 - Create Authentication Bypass Remote JiRos Banner Experience 1.0 - Unauthorised Create Admin phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Sugar Suite Open Source 4.2 - 'OptimisticLock' Remote phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Command Execution Sugar Suite Open Source 4.2 - 'OptimisticLock' Command Execution DeluxeBB 1.06 - 'Attachment mod_mime' Remote DeluxeBB 1.06 - 'Attachment mod_mime' Remote Command Execution Drupal 4.7 - 'Attachment mod_mime' Remote Drupal 4.7 - 'Attachment mod_mime' Remote Command Execution Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Remote Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Local File Inclusion Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics Remote Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote Command Execution phpBB 2.0.21 - Poison Null Byte Remote phpBB 2.0.21 - Poison Null Byte Remote File Upload PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()' PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Command Execution Philex 0.2.3 - Remote File Inclusion / File Disclosure Remote Philex 0.2.3 - Remote File Inclusion / File Disclosure MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass Fonality trixbox - 'langChoice' Local File Inclusion (connect-back) (2) LoveCMS 1.6.2 Final - Update Settings Remote LoveCMS 1.6.2 Final - Update Settings addalink 4 Beta - Write Approved Links Remote addalink 4 Beta - Write Approved Links The Rat CMS Alpha 2 - 'download.php' Remote The Rat CMS Alpha 2 - 'download.php' Priviledge Escalation Graugon Forum 1 - 'id' Command Injection 'via SQL Injection' Graugon Forum 1 - 'id' Command Injection / SQL Injection Coppermine Photo Gallery 1.4.22 - Remote Coppermine Photo Gallery 1.4.22 - SQL Injection Barracuda IMFirewall 620 - Barracuda IMFirewall 620 - Multiple Vulnerabilities Barracuda Web Firewall 660 Firmware 7.3.1.007 - Barracuda Web Firewall 660 Firmware 7.3.1.007 - Multiple Vulnerabilities CakePHP 1.3.5/1.2.8 - 'Unserialize()' CakePHP 1.3.5/1.2.8 - 'Unserialize()' File Inclusion JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Command Execution WordPress Plugin Akismet 2.1.3 - WordPress Plugin Akismet 2.1.3 - Cross-Site Scripting ImgSvr 0.6 - 'Template' Local File Inclusion Plesk Server Administrator (PSA) - 'locale' Local File Inclusion Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting	2017-11-23 05:02:28 +00:00
Offensive Security	36a6e2d5f7	DB: 2017-11-22 ... 1 new exploits Microsoft Windows 10 - 'nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry)' Pool Memory Disclosure	2017-11-22 05:02:16 +00:00
Offensive Security	8633b3eb17	DB: 2017-11-21 ... 3 new exploits iOS < 11.1 / tvOS < 11.1 / watchOS < 4.1 - Denial of Service Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass Microsoft Office - OLE Remote Code Execution	2017-11-21 05:02:10 +00:00
Offensive Security	441b3bdbff	DB: 2017-11-20 ... 2 new exploits MyBB 1.8.13 - Remote Code Execution MyBB 1.8.13 - Cross-Site Scripting	2017-11-20 05:02:09 +00:00
Offensive Security	092ca10d4d	DB: 2017-11-18 ... 3 new exploits VX Search 10.2.14 - 'Proxy' Buffer Overflow (SEH) Microsoft Internet Explorer 11 (Windows 7 x86) - 'mshtml.dll' Remote Code Execution (MS17-007) Sync Breeze Enterprise 10.1.16 - 'POST' Buffer Overflow JBS 2.0 / JBSX - Administration panel Bypass / Arbitrary File Upload JBS 2.0 / JBSX - Administration Panel Bypass / Arbitrary File Upload Revize CMS - Query_results.jsp SQL Injection Revize CMS - Revize.XML Information Disclosure Revize CMS - 'Query_results.jsp' SQL Injection Revize CMS - 'Revize.XML' Information Disclosure	2017-11-18 05:02:28 +00:00
Offensive Security	dfa43e82f0	DB: 2017-11-17 ... 137 new exploits Apache 2.x - Memory Leak Exploit Apache 2.x - Memory Leak Cisco IOS - using hping Remote Denial of Service Microsoft Windows - ASN.1 'LSASS.exe' Remote Exploit (MS04-007) Microsoft Windows - ASN.1 'LSASS.exe' Remote Denial of Service (MS04-007) Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call Exploit HP-UX 11.00/10.20 crontab - Overwrite Files Exploit Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call HP-UX 11.00/10.20 crontab - Overwrite Files Solaris 2.7/2.8 Catman - Local Insecure tmp Symlink Exploit SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber Exploit RedHat 6.1/6.2 - TTY Flood Users Exploit Solaris 2.7/2.8 Catman - Local Insecure tmp Symlink SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber RedHat 6.1/6.2 - TTY Flood Users Solaris 2.6 / 7 / 8 - Lock Users Out of mailx Exploit ProFTPd 1.2.0 rc2 - Memory Leakage Exploit Solaris 2.6 / 7 / 8 - Lock Users Out of mailx ProFTPd 1.2.0 rc2 - Memory Leakage Cisco (Multiple Products) - Automated Exploit Tool Cisco (Multiple Products) - Automated Tool TCP Connection Reset - Remote Denial of Service Microsoft Internet Explorer - Overly Trusted Location Cache Exploit Microsoft Internet Explorer - Overly Trusted Location Cache Microsoft Windows - JPEG Processing Buffer Overrun Exploit (MS04-028) Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028) Quake 3 Engine - Infostring Crash and Shutdown Exploit Quake 3 Engine - Infostring Crash and Shutdown Microsoft Windows - 'SMB' Transaction Response Handling Exploit (MS05-011) Microsoft Windows - 'SMB' Transaction Response Handling (MS05-011) MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion Exploit MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion netPanzer 0.8 rev 952 - 'frameNum' Server Terminiation Exploit netPanzer 0.8 rev 952 - 'frameNum' Server Terminiation VMware 5.5.1 - COM Object Arbitrary Partition Table Delete Exploit VMware 5.5.1 - COM Object Arbitrary Partition Table Delete KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception Exploit KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception eIQnetworks Network Security Analyzer - Null Pointer Dereference Exploit eIQnetworks Network Security Analyzer - Null Pointer Dereference Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference Exploit Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference PHP 5.2.6 - 'sleep()' Local Memory Exhaust Exploit PHP 5.2.6 - 'sleep()' Local Memory Exhaust Ruby 1.9 - regex engine Remote Socket Memory Leak Exploit Ruby 1.9 - regex engine Remote Socket Memory Leak Ultra Office - ActiveX Control Arbitrary File Corruption Exploit Ultra Office - ActiveX Control Arbitrary File Corruption Flock Social Web Browser 1.2.5 - 'loop' Remote Denial of Service Microsoft Windows - GDI+ '.ICO' Remote Division By Zero Exploit Microsoft Windows - GDI+ '.ICO' Remote Division By Zero Microsoft Windows Vista - Access Violation from Limited Account Exploit (Blue Screen of Death) Microsoft Windows Vista - Access Violation from Limited Account (Blue Screen of Death) Novell Groupwise 8.0 - Malformed RCPT Command Off-by-One Exploit Novell Groupwise 8.0 - Malformed RCPT Command Off-by-One Mozilla Firefox - unclamped loop Denial of Service Zortam MP3 Player 1.50 - '.m3u' Integer Division by Zero Exploit Zortam MP3 Player 1.50 - '.m3u' Integer Division by Zero Firebird SQL - op_connect_request main listener shutdown Exploit Firebird SQL - op_connect_request main listener shutdown Kaspersky 2010 - Remote Memory Corruption / Denial of Service (PoC) VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Exploit Sagem Routers - Remote Reset Exploit Sagem Routers - Remote Reset TopDownloads MP3 Player 1.0 - '.m3u' Crash Exploit TopDownloads MP3 Player 1.0 - '.m3u' Crash Optimal Archive 1.38 - '.zip' File Exploit (SEH) (PoC) Optimal Archive 1.38 - '.zip' File (SEH) (PoC) Aircrack-NG Tools svn r1675 - Remote Exploit Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow Apple Mac OSX 10.6 - HFS FileSystem Exploit (Denial of Service) Apple Mac OSX 10.6 - HFS FileSystem (Denial of Service) Motorola SB5101 Hax0rware Rajko HTTPd - Remote Exploit (PoC) Motorola SB5101 Hax0rware Rajko HTTPd - Remote Denial of Service (PoC) FreeBSD - 'mountnfs()' Exploit FreeBSD - 'mountnfs()' Denial of Service AoAAudioExtractor 2.0.0.0 - ActiveX (PoC) (SEH) Microsoft Internet Explorer - MSHTML Findtext Processing Exploit Microsoft Internet Explorer - MSHTML Findtext Processing RedHat Linux - Stickiness of /tmp Exploit RedHat Linux - Stickiness of /tmp Microsoft Plug and Play Service - Overflow Exploit (MS05-039) (Metasploit) Microsoft Plug and Play Service - Overflow (MS05-039) (Metasploit) Linux 2.6.37-rc1 - serial_core TIOCGICOUNT Leak Exploit Linux 2.6.37-rc1 - serial_core TIOCGICOUNT Leak ZipWiz 2005 5.0 - '.zip' Buffer Corruption Exploit ZipWiz 2005 5.0 - '.zip' Buffer Corruption Simple HTTPd 1.42 - Denial of Servive Exploit Simple HTTPd 1.42 - Denial of Servive PeerBlock 1.1 - Blue Screen of Death Exploit PeerBlock 1.1 - Blue Screen of Death Spotify 0.8.2.610 - search func Memory Exhaustion Exploit Spotify 0.8.2.610 - search func Memory Exhaustion Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) Microsoft Windows - 'afd.sys' Local Kernel (PoC) (MS11-046) Digital Ultrix 4.0/4.1 - '/usr/bin/chroot' Exploit SunOS 4.1.1 - '/usr/release/bin/makeinstall' Exploit SunOS 4.1.1 - '/usr/release/bin/winstall' Exploit SunOS 4.1.3 - kmem setgid /etc/crash Exploit SunOS 4.1.3 - kmem setgid /etc/crash Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA Exploit Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA Linux Kernel 2.0/2.1/2.2 - autofs Exploit Linux Kernel 2.0/2.1/2.2 - 'autofs' Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Exploit Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Exploit Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET D-Link DIR605L - Denial of Service D-Link DIR-605L < 2.08 - Denial of Service Microsoft Edge Chakra: JIT - 'Lowerer::LowerBoundCheck' Incorrect Integer Overflow Check Microsoft Windows 3.11/95/NT 4.0/NT 3.5.1 - 'Out Of Band' Data Denial of Service (4) Microsoft Internet Explorer 5/6 - Self-Referential Object Denial of Service Kerio MailServer 5.6.3 subscribe Module - Overflow Exploit Kerio MailServer 5.6.3 subscribe Module - Overflow Kerio MailServer 5.6.3 list Module - Overflow Exploit Kerio MailServer 5.6.3 do_map Module - Overflow Exploit Kerio MailServer 5.6.3 list Module - Overflow Kerio MailServer 5.6.3 do_map Module - Overflow Microsoft Edge - 'Object.setPrototypeOf' Memory Corruption Red-M Red-Alert 3.1 - Remote Exploit Red-M Red-Alert 3.1 - Remote Denial of Service Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities Microsoft Internet Explorer 6 - Multiple COM Object Color Property Denial of Service Vulnerabilities Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities Microsoft Internet Explorer 6 - Multiple COM Object Color Property Denial of Service Vulnerabilities Gold MP4 Player 3.3 - Universal Exploit (SEH) (Metasploit) Gold MP4 Player 3.3 - Universal (SEH) (Metasploit) WS10 Data Server - SCADA Exploit Overflow (PoC) WS10 Data Server - SCADA Overflow (PoC) Kaspersky AntiVirus - DEX File Format Memory Corruption Kaspersky AntiVirus - '.DEX' File Format Memory Corruption Avast! - JetDb::IsExploited4x Performs Unbounded Search on Input Avast! - JetDb::Ised4x Performs Unbounded Search on Input pdfium IsFlagSet (v8 memory management) - SIGSEGV Exploit pdfium IsFlagSet (v8 memory management) - SIGSEGV Apple OS X/iOS - 'mach_ports_register' Multiple Memory Safety Exploits Apple OS X/iOS - 'mach_ports_register' Multiple Memory Safety s Microsoft Edge Chakra JIT - Type Confusion with switch Statements Microsoft Edge Chakra: JIT - 'OP_Memset' Type Confusion Mandrake Linux 8.2 - '/usr/mail' Local Exploit ICQ Pro 2003a - 'ca1-icq.asm' Password Bypass Exploit XGalaga 2.0.34 (RedHat 9.0) - Local Game Exploit xtokkaetama 1.0b (RedHat 9.0) - Local Game Exploit man-db 2.4.1 - 'open_cat_stream()' Local uid=man Exploit DameWare Mini Remote Control Server - System Exploit Mandrake Linux 8.2 - '/usr/mail' Local Overflow ICQ Pro 2003a - 'ca1-icq.asm' Password Bypass XGalaga 2.0.34 (RedHat 9.0) - Local Game xtokkaetama 1.0b (RedHat 9.0) - Local Game man-db 2.4.1 - 'open_cat_stream()' Local uid=man DameWare Mini Remote Control Server - System IBM DB2 - Universal Database 7.2 'db2licm' Local Exploit IBM DB2 - Universal Database 7.2 'db2licm' Local OpenBSD - 'ibcs2_exec' Kernel Local Exploit OpenBSD - 'ibcs2_exec' Kernel Local Microsoft Windows - ListBox/ComboBox Control Local Exploit (MS03-045) Microsoft Windows - ListBox/ComboBox Control Local (MS03-045) XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game SuSE Linux 9.0 - YaST Configuration Skribt Local Exploit SuSE Linux 9.0 - YaST Configuration Skribt Local RedHat 6.2 Restore and Dump - Local Exploit (Perl) RedHat 6.2 Restore and Dump - Privilege Escalation (Perl) BSDi 3.0/4.0 - rcvtty[mh] Local Exploit BSDi 3.0/4.0 - rcvtty[mh] Local Solaris locale - Format Strings 'noexec stack' Exploit GLIBC locale - bug mount Exploit dislocate 1.3 - Local i386 Exploit UUCP Exploit - File Creation/Overwriting Symlinks Exploit Solaris locale - Format Strings 'noexec stack' GLIBC locale - bug mount dislocate 1.3 - Local i386 UUCP - File Creation/Overwriting Symlinks GLIBC locale - Format Strings Exploit GLIBC locale - Format Strings RedHat 6.1 man - 'egid 15' Local Exploit RedHat 6.1 man - 'egid 15' Local splitvt < 1.6.5 - Local Exploit splitvt < 1.6.5 - Local IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Exploit IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Exploit Microsoft Windows Utility Manager - Local SYSTEM Exploit (MS04-011) IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Microsoft Windows Utility Manager - Local SYSTEM (MS04-011) Slackware 7.1 - '/usr/bin/mail' Local Exploit Slackware 7.1 - '/usr/bin/mail' Local GLIBC 2.1.3 - LD_PRELOAD Local Exploit GLIBC 2.1.3 - LD_PRELOAD Local Resolv+ (RESOLV_HOST_CONF) - Linux Library Local Exploit Resolv+ (RESOLV_HOST_CONF) - Linux Library Local Solaris 2.5.1 lp / lpsched - Symlink Exploit LibXt - 'XtAppInitialize()' Overflow *xterm Exploit Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer Exploit Solaris 2.5.1 lp / lpsched - Symlink LibXt - 'XtAppInitialize()' Overflow *xterm Solaris 2.5.0/2.5.1 ps / chkey - Data Buffer Microsoft Windows Server 2000 - Universal Language Utility Manager Exploit (MS04-019) Microsoft Windows Task Scheduler (Windows XP/2000) - '.job' Exploit (MS04-022) Microsoft Windows Server 2000 - Utility Manager All-in-One Exploit (MS04-019) Microsoft Windows Server 2000 - Universal Language Utility Manager (MS04-019) Microsoft Windows Task Scheduler (Windows XP/2000) - '.job' (MS04-022) Microsoft Windows Server 2000 - Utility Manager All-in-One (MS04-019) Microsoft Windows XP - Task Scheduler '.job' Universal Exploit (MS04-022) Microsoft Windows XP - Task Scheduler '.job' Universal (MS04-022) ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit AOL Instant Messenger AIM - 'Away' Message Local Exploit OpenBSD - 'ftp' Exploit ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Overflow AOL Instant Messenger AIM - 'Away' Message Local OpenBSD - 'ftp' IPD (Integrity Protection Driver) - Local Exploit IPD (Integrity Protection Driver) - Local htpasswd Apache 1.3.31 - Local Exploit htpasswd Apache 1.3.31 - Local SudoEdit 1.6.8 - Local Change Permission Exploit SudoEdit 1.6.8 - Local Change Permission BSD bmon 1.2.1_2 - Local Exploit BSD bmon 1.2.1_2 - Local Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read Exploit Multiple AntiVirus - '.zip' Detection Bypass Exploit Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read Multiple AntiVirus - '.zip' Detection Bypass Cscope 15.5 - Symlink Exploit Cscope 15.5 - Symlink Microsoft Windows - Improper Token Validation Local Exploit Exim 4.41 - 'dns_build_reverse' Local Exploit (PoC) Peer2Mail 1.4 - Encrypted Password Dumper Exploit fkey 0.0.2 - Local File Accessibility Exploit Microsoft Windows - Improper Token Validation Local Exim 4.41 - 'dns_build_reverse' Local (PoC) Peer2Mail 1.4 - Encrypted Password Dumper fkey 0.0.2 - Local File Accessibility /usr/bin/trn (Not SUID) - Local Exploit Mandrake / Slackware /usr/bin/trn - Privilege Escalation (Not SUID) Linux ncpfs - Local Exploit ncpfs < 2.2.6 (Gentoo / Linux) - Privilege Escalation DelphiTurk FTP 1.0 - Passwords to Local Users Exploit DelphiTurk e-Posta 1.0 - Local Exploit GNU a2ps - 'Anything to PostScript' Not SUID Local Exploit VisualBoyAdvanced 1.7.x - Non SUID Local Shell Exploit DelphiTurk FTP 1.0 - Passwords to Local Users DelphiTurk e-Posta 1.0 - Local GNU a2ps - 'Anything to PostScript' Not SUID Local VisualBoyAdvanced 1.7.x - Non SUID Local Shell GetDataBack Data Recovery 2.31 - Local Exploit Aeon 0.2a - Local Linux Exploit (1) Aeon 0.2a - Local Linux Exploit (2) GetDataBack Data Recovery 2.31 - Local Aeon 0.2a - Local Linux (1) Aeon 0.2a - Local Linux (2) Microsoft Jet Database - 'msjet40.dll' Reverse Shell Exploit (1) Microsoft Jet Database - 'msjet40.dll' Reverse Shell (1) Oracle Database PL/SQL Statement - Multiple SQL Injections Exploits Oracle Database PL/SQL Statement - Multiple SQL Injections s Microsoft Windows - 'HTA' Script Execution Exploit (MS05-016) Microsoft Windows - 'HTA' Script Execution (MS05-016) Microsoft Jet Database - 'msjet40.dll' Reverse Shell Exploit (2) Microsoft Jet Database - 'msjet40.dll' Reverse Shell (2) Exim 4.41 - 'dns_build_reverse' Local Exploit Microsoft Windows - COM Structured Storage Local Exploit (MS05-012) ePSXe 1.6.0 - 'nogui()' Local Exploit Exim 4.41 - 'dns_build_reverse' Local Microsoft Windows - COM Structured Storage Local (MS05-012) ePSXe 1.6.0 - 'nogui()' Privilege Escalation Willing Webcam 2.8 - Licence Information Disclosure Local Exploit Willing Webcam 2.8 - Licence Information Disclosure Local Solaris (SPARC/x86) - Local Socket Hijack Exploit Solaris (SPARC/x86) - Local Socket Hijack MySQL 4.0.17 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (1) MySQL 4.0.17 (Linux) - User-Defined Function (UDF) Dynamic Library (1) Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Exploit Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055) Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation (MS05-055) MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (2) MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library (2) Oracle 10g Release 2 - 'DBMS_EXPORT_EXTENSION' SQL Exploit Intel Wireless Service - 's24evmon.exe' Shared Memory Exploit Oracle 10g Release 2 - 'DBMS_EXPORT_EXTENSION' SQL Intel Wireless Service - 's24evmon.exe' Shared Memory Solaris 8/9 - '/usr/ucb/ps' Local Information Leak Exploit VMware 5.5.1 - 'ActiveX' Local Buffer Overflow Solaris 8/9 - '/usr/ucb/ps' Local Information Leak VMware 5.5.1 - 'ActiveX' Local Buffer Overflow TIBCO Rendezvous 7.4.11 - Password Extractor Local Exploit TIBCO Rendezvous 7.4.11 - Password Extractor Local Apple Mac OSX 10.4.7 - Mach Exception Handling Local Exploit (10.3.x) Apple Mac OSX 10.4.7 - Mach Exception Handling Local (10.3.x) Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Exploit Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local HP Tru64 Alpha OSF1 5.1 - 'ps' Information Leak Exploit HP Tru64 Alpha OSF1 5.1 - 'ps' Information Leak Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Local Exploit Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Local PHP 5.2.1 - 'substr_compare()' Information Leak Exploit PHP 5.2.1 - 'substr_compare()' Information Leak PHP 'COM' Extensions - inconsistent Win32 'safe_mode' Bypass Exploit PHP 'COM' Extensions - inconsistent Win32 'safe_mode' Bypass PHP 5.2.0 (OSX) - EXT/Filter Space Trimming Buffer Underflow Exploit PHP 5.2.1 - 'session_regenerate_id()' Double-Free Exploit PHP 5.2.0/5.2.1 - Rejected Session ID Double-Free Exploit PHP 5.2.0 (OSX) - EXT/Filter Space Trimming Buffer Underflow PHP 5.2.1 - 'session_regenerate_id()' Double-Free PHP 5.2.0/5.2.1 - Rejected Session ID Double-Free PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Exploit PHP 5.2.0 (OSX) - 'header()' Space Trimming Buffer Underflow Exploit PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage Exploit PHP 5.2.1 - 'hash_update_file()' Freed Resource Usage Exploit PHP 5.2.1 - 'Unserialize()' Local Information Leak Exploit PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Exploit PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local PHP 5.2.0 (OSX) - 'header()' Space Trimming Buffer Underflow PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage PHP 5.2.1 - 'hash_update_file()' Freed Resource Usage PHP 5.2.1 - 'Unserialize()' Local Information Leak PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local East Wind Software - 'advdaudio.ocx 1.5.1.1' Local Buffer Overflow PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass Exploit PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit PHP 'Perl' Extension - 'Safe_mode' Bypass Exploit PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass PHP 'Perl' Extension - 'Safe_mode' Bypass Norman Virus Control - 'nvcoaft51.sys' ioctl BF672028 Exploit Norman Virus Control - 'nvcoaft51.sys' ioctl BF672028 Microsoft Visual Basic 6.0 - VBP_Open OLE Local CodeExec Exploit Microsoft Visual Basic 6.0 - VBP_Open OLE Local CodeExec PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Send ICMP Nasty Garbage (SING) - Append File Logrotate Exploit Send ICMP Nasty Garbage (SING) - Append File Logrotate SafeNet 10.4.0.12 - 'IPSecDrv.sys' Local kernel Ring0 SYSTEM Exploit SafeNet 10.4.0.12 - 'IPSecDrv.sys' Local kernel Ring0 SYSTEM DESlock+ < 3.2.6 - Local Kernel Ring0 link list zero SYSTEM Exploit DESlock+ < 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit DESlock+ < 3.2.6 - Local Kernel Ring0 link list zero SYSTEM DESlock+ < 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Solaris 8/9/10 - 'fifofs I_PEEK' Local Kernel Memory Leak Exploit Solaris 8/9/10 - 'fifofs I_PEEK' Local Kernel Memory Leak VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal Exploit Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM Exploit VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM Microsoft Windows Server 2003 - Token Kidnapping Local Exploit (PoC) Microsoft Windows Server 2003 - Token Kidnapping Local (PoC) Opera 9.62 - 'file://' Local Heap Overflow PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit Opera 9.62 - 'file://' Local Heap Overflow PHP 5.2.6 - 'error_log' Safe_mode Bypass RadASM 2.2.1.5 - '.rap' WindowCallProcA Pointer Hijack Exploit RadASM 2.2.1.5 - '.rap' WindowCallProcA Pointer Hijack PHP 'python' Extension - 'safe_mode' Local Bypass Exploit PHP 'python' Extension - 'safe_mode' Local Bypass Adobe Acrobat Reader - JBIG2 Universal Exploit Adobe Acrobat Reader - JBIG2 Universal xscreensaver 5.01 - Arbitrary File Disclosure Symlink Exploit xscreensaver 5.01 - Arbitrary File Disclosure Symlink Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (1) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (2) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer Exploit (SEH) (3) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer (SEH) (1) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer (SEH) (2) Easy Music Player 1.0.0.2 - 'wav' Universal Local Buffer (SEH) (3) pIPL 2.5.0 - '.PLS' / '.PL' Universal Local Buffer Exploit (SEH) pIPL 2.5.0 - '.PLS' / '.PL' Universal Local Buffer (SEH) Xenorate Media Player 2.6.0.0 - '.xpl' Universal Local Buffer Exploit (SEH) Xenorate Media Player 2.6.0.0 - '.xpl' Universal Local Buffer (SEH) KSP 2006 FINAL - '.m3u' Universal Local Buffer Exploit (SEH) KSP 2006 FINAL - '.m3u' Universal Local Buffer (SEH) BSD (Multiple Distributions) - 'setusercontext()' Exploit BSD (Multiple Distributions) - 'setusercontext()' Multiple Vulnerabilities Fat Player 0.6b - '.wav' Universal Local Buffer Exploit Fat Player 0.6b - '.wav' Universal Local Buffer Media Jukebox 8 - '.m3u' Universal Local Buffer Exploit (SEH) Media Jukebox 8 - '.m3u' Universal Local Buffer (SEH) Media Jukebox 8 - '.pls' Universal Local Buffer Exploit (SEH) Media Jukebox 8 - '.pls' Universal Local Buffer (SEH) Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer Exploit (SEH) (1) Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer (SEH) (1) Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal Exploit Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer Exploit (SEH) (2) Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal Hamster Audio Player 0.3a - 'Associations.cfg' Local Buffer (SEH) (2) Enlightenment - Linux Null PTR Dereference Exploit Framework Enlightenment - Linux Null PTR Dereference Framework AIMP2 Audio Converter - Playlist (SEH) AIMP2 Audio Converter - Playlist Overflow (SEH) VMware Fusion 2.0.5 - vmx86 kext Local Exploit (PoC) VMware Fusion 2.0.5 - vmx86 kext Local (PoC) VMware Virtual 8086 - Linux Local Ring0 Exploit VMware Virtual 8086 - Linux Local Ring0 Oracle - SYS.LT.MERGEWORKSPACE Evil Cursor Exploit Oracle - SYS.LT.COMPRESSWORKSPACETREE Evil Cursor Exploit Oracle - ctxsys.drvxtabc.create_tables Evil Cursor Exploit Oracle - ctxsys.drvxtabc.create_tables Exploit Oracle - SYS.LT.REMOVEWORKSPACE Evil Cursor Exploit Oracle - SYS.LT.MERGEWORKSPACE Evil Cursor Oracle - SYS.LT.COMPRESSWORKSPACETREE Evil Cursor Oracle - ctxsys.drvxtabc.create_tables Evil Cursor Oracle - ctxsys.drvxtabc.create_tables Oracle - SYS.LT.REMOVEWORKSPACE Evil Cursor Exploit Easy RM to MP3 2.7.3.700 - Ruby Easy RM to MP3 2.7.3.700 - (Ruby) VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Overflow Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM Exploit Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM WM Downloader 3.0.0.9 (Windows XP SP3) - PLS PLA Exploit WM Downloader 3.0.0.9 (Windows XP SP3) - PLS PLA Free MP3 CD Ripper 2.6 - '.wav' Exploit Free MP3 CD Ripper 2.6 - '.wav' Winamp 5.572 - 'whatsnew.txt' Exploit (SEH) (Metasploit) Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit) FreeBSD - 'nfs_mount()' Exploit FreeBSD 8.0/7.3/7.2 - 'nfs_mount()' Privilege Escalation GSM SIM Utility 5.15 - Direct RET Local Exploit GSM SIM Utility 5.15 - Direct RET Local Apple iOS - '.pdf' Jailbreak Exploit Exploit Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram' Exploit Apple iOS - '.pdf' Jailbreak Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram' Microsoft Excel - FEATHEADER Record Exploit (MS09-067) Microsoft Excel - FEATHEADER Record (MS09-067) Foxit Reader 4.0 - '.pdf' Jailbreak Exploit Foxit Reader 4.0 - '.pdf' Jailbreak Microsoft Vista - 'fveapi.dll' BitLocker Drive Encryption API Hijacking Exploit Microsoft Vista - 'fveapi.dll' BitLocker Drive Encryption API Hijacking AudioTran 1.4.2.4 - SafeSEH + SEHOP Exploit AudioTran 1.4.2.4 - SafeSEH + SEHOP Oracle Solaris - 'su' Local Exploit Oracle Solaris - 'su' Local Trend Micro Titanium Maximum Security 2011 - Local Kernel Exploit Trend Micro Titanium Maximum Security 2011 - Local Kernel G Data TotalCare 2011 - Local Kernel Exploit G Data TotalCare 2011 - Local Kernel DriveCrypt 5.3 - Local Kernel Ring0 SYSTEM Exploit DriveCrypt 5.3 - Local Kernel Ring0 SYSTEM FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak Exploit AoA DVD Creator 2.5 - ActiveX Stack Overflow AoA Mp4 Converter 4.1.0 - ActiveX Stack Overflow DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak AoA DVD Creator 2.5 - ActiveX Stack Overflow AoA Mp4 Converter 4.1.0 - ActiveX Stack Overflow DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM MPlayer (r33064 Lite) - Buffer Overflow + ROP Exploit MPlayer (r33064 Lite) - Buffer Overflow + ROP Adobe Reader X 10.0.0 < 10.0.1 - Atom Type Confusion Exploit Adobe Reader X 10.0.0 < 10.0.1 - Atom Type Confusion DVD X Player 5.5.0 Professional / Standard - '.plf' File Universal Exploit (ASLR + DEP Bypass) DVD X Player 5.5.0 Professional / Standard - '.plf' File Universal (ASLR + DEP Bypass) Linux Kernel 2.6.37-rc1 - 'serial_multiport_struct' Local Information Leak Exploit Linux Kernel 2.6.37-rc1 - 'serial_multiport_struct' Local Information Leak Microsoft Office 2008 SP0 (Mac) - RTF pFragments Exploit Microsoft Office 2008 SP0 (Mac) - RTF pFragments Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Exploit Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Overflow SGI IRIX 5.3/6.2 & SGI license_oeo 1.0 LicenseManager - 'NETLS_LICENSE_FILE' Exploit SGI IRIX 6.4 & SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - 'LICENSEMGR_FILE_ROOT' Exploit Digital Ultrix 4.0/4.1 - '/usr/bin/chroot' Privilege Escalation SunOS 4.1.1 - '/usr/release/bin/makeinstall' Privilege Escalation SunOS 4.1.1 - '/usr/release/bin/winstall' Privilege Escalation SGI IRIX 5.3/6.2 / SGI license_oeo 1.0 LicenseManager - 'NETLS_LICENSE_FILE' Privilege Escalation SGI IRIX 6.4 / SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - 'LICENSEMGR_FILE_ROOT' Privilege Escalation ISC BIND 4.9.7 -T1B - named SIGINT and SIGIOT Symlink Exploit ISC BIND 4.9.7 -T1B - named SIGINT / SIGIOT Symlink Sun Solaris 2.6 - power management Exploit Sun Solaris 7.0 - 'sdtcm_convert' Exploit Sun Solaris 2.6 - power management Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Overflow / Privilege Escalation Microsoft Windows - 'April Fools 2001' Exploit Microsoft Windows - 'April Fools 2001' Solaris 2.5.1 - 'ffbconfig' Exploit Solaris 2.5.1 - 'chkey' Exploit Solaris 2.5.1 - 'Ping' Exploit SGI IRIX 6.4 - 'ioconfig' Exploit Solaris 2.5.1 - 'ffbconfig' Privilege Escalation Solaris 2.5.1 - 'chkey' Privilege Escalation Solaris 2.5.1 - 'Ping' SGI IRIX 6.4 - 'ioconfig' Privilege Escalation BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Exploit (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Overflow / Privilege Escalation (1) Solaris 2.5.1 - 'automount' Exploit BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (3) Solaris 2.5.1 - 'automount' Privilege Escalation BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (3) Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Exploit Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Solaris 7.0 - 'cancel' Exploit Solaris 7.0 - 'chkperm' Exploit Solaris 7.0 - 'cancel' Privilege Escalation Solaris 7.0 - 'chkperm' G. Wilford man 2.3.10 - Symlink Exploit G. Wilford man 2.3.10 - Symlink S.u.S.E. Linux 5.2 - gnuplot Exploit S.u.S.E. Linux 5.2 - 'gnuplot' Stanford University bootpd 2.4.3 / Debian 2.0 - netstd Exploit X11R6 3.3.3 - Symlink Exploit Sun Solaris 7.0 - 'ff.core' Exploit S.u.S.E. 5.2 - 'lpc' Exploit SGI IRIX 6.2 - '/usr/lib/netaddpr' Exploit NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Exploit SGI IRIX 6.2 - 'cdplayer' Exploit Stanford University bootpd 2.4.3 / Debian 2.0 - netstd X11R6 3.3.3 - Symlink Sun Solaris 7.0 - 'ff.core' Privilege Escalation S.u.S.E. 5.2 - 'lpc' Privilege Escalation SGI IRIX 6.2 - '/usr/lib/netaddpr' Privilege Escalation NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' SGI IRIX 6.2 - 'cdplayer' Privilege Escalation SGI IRIX 5.3 - 'Cadmin' Exploit SGI IRIX 6.0.1 - 'colorview' Exploit SGI IRIX 5.3 - 'Cadmin' Privilege Escalation SGI IRIX 6.0.1 - 'colorview' SGI IRIX 6.2 - day5notifier Exploit SGI IRIX 6.3 - 'df' Exploit SGI IRIX 6.4 - datman/cdman Exploit SGI IRIX 6.2 - 'eject' Exploit (1) SGI IRIX 6.2 - 'eject' Exploit (2) RedHat Linux 2.1 - 'abuse.console' Exploit SGI IRIX 6.2 - 'fsdump' Exploit SGI IRIX 6.2 - 'day5notifier' SGI IRIX 6.3 - 'df' Privilege Escalation SGI IRIX 6.4 - 'datman'/'cdman' SGI IRIX 6.2 - 'eject' Privilege Escalation (1) SGI IRIX 6.2 - 'eject' Privilege Escalation (2) RedHat Linux 2.1 - 'abuse.console' Privilege Escalation SGI IRIX 6.2 - 'fsdump' Privilege Escalation IBM AIX 4.3 - 'infod' Exploit IBM AIX 4.3 - 'infod' Privilege Escalation SGI IRIX 6.4 - 'inpview' Exploit RedHat Linux 5.0 - 'msgchk' Exploit SGI IRIX 6.4 - 'inpview' Privilege Escalation RedHat Linux 5.0 - 'msgchk' Privilege Escalation SGI IRIX 6.4 - login Exploit RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' Exploit (1) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' Exploit (2) SGI IRIX 6.4 - 'netprint' Exploit SGI IRIX 6.4 - 'login' RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' (1) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' (2) SGI IRIX 6.4 - 'netprint' Privilege Escalation SGI IRIX 5.3/6.2 - 'ordist' Exploit SGI IRIX 5.3/6.2 - 'ordist' Privilege Escalation SGI IRIX 5.3 - 'pkgadjust' Exploit SGI IRIX 5.3 - 'pkgadjust' Privilege Escalation IBM AIX 3.2.5 - 'IFS' Exploit IBM AIX 3.2.5 - 'IFS' Privilege Escalation SGI IRIX 6.3 - 'pset' Exploit SGI IRIX 6.4 - 'rmail' Exploit SGI IRIX 6.3 - 'pset' Privilege Escalation SGI IRIX 6.4 - 'rmail' SGI IRIX 5.2/5.3 - 'serial_ports' Exploit SGI IRIX 6.4 - 'suid_exec' Exploit SGI IRIX 5.1/5.2- 'sgihelp' Exploit SGI IRIX 6.4 - 'startmidi' Exploit SGI IRIX 6.3 - 'Systour' / 'OutOfBox' Exploit SGI IRIX 6.4 - 'xfsdump' Exploit SGI IRIX 5.2/5.3 - 'serial_ports' Privilege Escalation SGI IRIX 6.4 - 'suid_exec' Privilege Escalation SGI IRIX 5.1/5.2 - 'sgihelp' SGI IRIX 6.4 - 'startmidi' Privilege Escalation SGI IRIX 6.3 - 'Systour' / 'OutOfBox' Privilege Escalation SGI IRIX 6.4 - 'xfsdump' Privilege Escalation Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS Exploit (2) Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2) GNU glibc 2.1/2.1.1 -6 - 'pt_chown' Exploit GNU glibc 2.1/2.1.1 -6 - 'pt_chown' Privilege Escalation Common Desktop Environment 2.1 20 / Solaris 7.0 - dtspcd Exploit Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd' SCO Open Server 5.0.5 - 'userOsa' Symlink Exploit SCO Open Server 5.0.5 - 'userOsa' Symlink BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow Exploit (1) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow Exploit (2) UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS Exploit (1) UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS Exploit (2) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow (1) BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow (2) UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (1) UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (2) S.u.S.E. Linux 6.1/6.2 - cwdtools Exploit S.u.S.E. Linux 6.1/6.2 - 'cwdtools' Solaris 7.0 - 'kcms_configure Exploit Solaris 7.0 - 'kcms_configure' FreeBSD 3.3 - 'gdc' Symlink Exploit FreeBSD 3.3 - 'gdc' Symlink SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'uidadmin' Exploit SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'uidadmin' Privilege Escalation SCO Unixware 7.1 - 'pkg' Exploit SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink Exploit SCO Unixware 7.1 - 'pkg' Privilege Escalation SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'coredump' Symlink Nortel Networks Optivity NETarchitect 2.0 - PATH Exploit SGI IRIX 6.2 - midikeys/soundplayer Exploit Nortel Networks Optivity NETarchitect 2.0 - PATH SGI IRIX 6.2 - 'midikeys'/'soundplayer' Mandrake 6.x / RedHat 6.x / Turbolinux 3.5 b2/4.x/6.0.2 userhelper/PAM - Path Exploit (1) Mandrake 6.x / RedHat 6.x / Turbolinux 3.5 b2/4.x/6.0.2 userhelper/PAM - Path Exploit (2) Mandrake 6.x / RedHat 6.x / Turbolinux 3.5 b2/4.x/6.0.2 userhelper/PAM - Path (1) Mandrake 6.x / RedHat 6.x / Turbolinux 3.5 b2/4.x/6.0.2 userhelper/PAM - Path (2) FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - '/proc' FileSystem Exploit FreeBSD 3.4 / NetBSD 1.4.1 / OpenBSD 2.6 - '/proc' FileSystem Debian 2.1 - apcd Symlink Exploit Debian 2.1 - apcd Symlink SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink Exploit Microsoft Windows 95/98/NT 4.0 - autorun.inf Exploit FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Exploit Sun Workshop 5.0 - Licensing Manager Symlink Exploit SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink Microsoft Windows 95/98/NT 4.0 - 'autorun.inf' FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Sun Workshop 5.0 - Licensing Manager Symlink Corel Linux OS 1.0 - buildxconfig Exploit Corel Linux OS 1.0 - setxconf Exploit Corel Linux OS 1.0 - buildxconfig Corel Linux OS 1.0 - 'setxconf' Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 - mtr Exploit (2) Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 - mtr (2) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (1) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (2) Halloween Linux 4.0 / S.u.S.E. Linux 6.0/6.1/6.2/6.3 - kreatecd Exploit Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - 'imwheel' (1) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - 'imwheel' (2) Halloween Linux 4.0 / S.u.S.E. Linux 6.0/6.1/6.2/6.3 - 'kreatecd' Be BeOS 4.0/4.5/5.0 - IP Packet Length Field Exploit QSSL QNX 4.25 A - 'crypt()' Exploit Be BeOS 4.0/4.5/5.0 - IP Packet Length Field QSSL QNX 4.25 A - 'crypt()' Privilege Escalation RedHat Linux 6.0/6.1/6.2 - pam_console Exploit RedHat Linux 6.0/6.1/6.2 - 'pam_console' Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - '/tmp' Symlink Exploit Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - '/tmp' Symlink OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink Exploit OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink HP-UX 10.20/11.0 - man '/tmp' Symlink Exploit HP-UX 10.20/11.0 - man '/tmp' Symlink Oracle Internet Directory 2.0.6 - oidldap Exploit Oracle Internet Directory 2.0.6 - oidldap HP-UX 10.20/11.0 - crontab '/tmp' File Exploit Exim Buffer 1.6.2/1.6.51 - Overflow Exploit HP-UX 10.20/11.0 - crontab '/tmp' File Exim Buffer 1.6.2/1.6.51 - Overflow PHP 5.3.4 Win Com Module - Com_sink Exploit PHP 5.3.4 Win Com Module - Com_sink Zoner Photo Studio 15 Build 3 - 'Zps.exe' Registry Value Parsing Exploit Zoner Photo Studio 15 Build 3 - 'Zps.exe' Registry Value Parsing BlazeVideo HDTV Player 6.6 Professional - Direct RETN Exploit Aviosoft Digital TV Player Professional 1.x - '.PLF' Direct Retn Exploit BlazeVideo HDTV Player 6.6 Professional - Direct RETN Aviosoft Digital TV Player Professional 1.x - '.PLF' Direct Retn BlazeDVD 6.1 - '.PLF' File Exploit (ASLR + DEP Bypass) (Metasploit) BlazeDVD 6.1 - '.PLF' File (ASLR + DEP Bypass) (Metasploit) Inmatrix Ltd. Zoom Player 8.5 - '.jpeg' Exploit Inmatrix Ltd. Zoom Player 8.5 - '.jpeg' HexChat 2.9.4 - Local Exploit HexChat 2.9.4 - Local Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - 'EPATHOBJ' Local Ring Exploit Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - 'EPATHOBJ' Local Ring Winamp 5.63 - 'winamp.ini' Local Exploit Winamp 5.63 - 'winamp.ini' Local Nginx (Debian-Based Distros + Gentoo) - 'logrotate' Privilege Escalation Nginx (Debian Based Distros + Gentoo) - 'logrotate' Privilege Escalation PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Exploit PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Apple 2.0.4 - Safari Local Exploit Apple 2.0.4 - Safari Local Notepad++ Plugin Notepad 1.5 - Local Exploit Notepad++ Plugin Notepad 1.5 - Local Overflow Castripper 2.50.70 - '.pls' DEP Bypass Exploit Castripper 2.50.70 - '.pls' DEP Bypass Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write Exploit (2) Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write (2) suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass Exploit suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Adobe Reader for Android - 'addJavascriptInterface' Exploit (Metasploit) Adobe Reader for Android < 11.2.0 - 'addJavascriptInterface' Local Overflow (Metasploit) glibc - NUL Byte gconv_translit_find Off-by-One Exploit glibc - NUL Byte gconv_translit_find Off-by-One Microsoft Windows - OLE Package Manager SandWorm Exploit Microsoft Windows - OLE Package Manager SandWorm PonyOS 3.0 - VFS Permissions Exploit PonyOS 3.0 - VFS Permissions PonyOS 3.0 - TTY 'ioctl()' Local Kernel Exploit PonyOS 3.0 - TTY 'ioctl()' Local Kernel Microsoft Windows - ClientCopyImage Win32k Exploit (MS15-051) (Metasploit) Microsoft Windows - ClientCopyImage Win32k (MS15-051) (Metasploit) Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy Exploit Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy Google Android - get_user/put_user Exploit (Metasploit) Google Android - get_user/put_user (Metasploit) IKEView.exe R60 - '.elg' Local Exploit (SEH) IKEView.exe R60 - '.elg' Local (SEH) IKEView R60 - Buffer Overflow Local Exploit (SEH) IKEView R60 - Buffer Overflow Local (SEH) Gold MP4 Player - '.swf' Local Exploit Gold MP4 Player - '.swf' Local Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File Exploit (Universal ASLR + DEP Bypass) Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File (Universal ASLR + DEP Bypass) Apple iOS < 10.3.1 - Kernel Exploit Apple iOS < 10.3.1 - Kernel Linux Kernel - 'offset2lib Stack Clash' Exploit Linux Kernel - 'offset2lib Stack Clash' Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC) Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit Microsoft IIS - WebDAV 'ntdll.dll' Remote Microsoft IIS 5.0 - WebDAV Remote (PoC) Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Microsoft Windows 2000/XP - SMB Authentication Remote Exploit RealServer < 8.0.2 (Windows Platforms) - Remote Exploit Microsoft Windows 2000/XP - SMB Authentication Remote RealServer < 8.0.2 (Windows Platforms) - Remote Overflow CommuniGate Pro Webmail 4.0.6 - Session Hijacking Exploit CommuniGate Pro Webmail 4.0.6 - Session Hijacking Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit Webfroot Shoutbox < 2.32 (Apache) - Local File Inclusion / Remote Code Execution Microsoft Internet Explorer - Object Tag Exploit (MS03-020) Apache 2.0.45 - 'APR' Remote Exploit Microsoft Internet Explorer - Object Tag (MS03-020) Apache 2.0.45 - 'APR' Remote Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Exploit Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Microsoft Windows Media Services - Remote Exploit (MS03-022) eXtremail 1.5.x (Linux) - Remote Format Strings Exploit ColdFusion MX - Remote Development Service Exploit Microsoft Windows Media Services - Remote (MS03-022) eXtremail 1.5.x (Linux) - Remote Format Strings ColdFusion MX - Remote Development Service Microsoft Windows Media Services - 'nsiislog.dll' Remote Exploit Microsoft Windows Media Services - 'nsiislog.dll' Remote Citadel/UX BBS 6.07 - Remote Exploit Citadel/UX BBS 6.07 - Remote Microsoft Windows XP/2000 - 'RPC DCOM' Remote Exploit (MS03-026) Microsoft Windows XP/2000 - 'RPC DCOM' Remote (MS03-026) Microsoft Windows - 'RPC DCOM' Remote Exploit (1) Microsoft Windows - 'RPC DCOM' Remote Exploit (2) Microsoft Windows - 'RPC DCOM' Remote (1) Microsoft Windows - 'RPC DCOM' Remote (2) Microsoft Windows - 'RPC DCOM' Remote Exploit (Universal) Microsoft Windows - 'RPC DCOM' Remote (Universal) Microsoft Internet Explorer - Object Data Remote Exploit (MS03-032) Microsoft Internet Explorer - Object Data Remote (MS03-032) Linux pam_lib_smb < 1.1.6 - '/bin/login' Remote Exploit Linux pam_lib_smb < 1.1.6 - '/bin/login' Remote Overflow MySQL 3.23.x/4.0.x - Remote Exploit MySQL 3.23.x/4.0.x - Remote Buffer Overflow Microsoft Windows - 'RPC DCOM2' Remote Exploit (MS03-039) Microsoft Windows - 'RPC DCOM2' Remote (MS03-039) Microsoft Windows - 'RPC2' Universal Exploit / Denial of Service (RPC3) (MS03-039) Microsoft Windows - 'RPC2' Universal / Denial of Service (RPC3) (MS03-039) NIPrint LPD-LPR Print Server 4.10 - Remote Exploit Microsoft Windows XP/2000 - RPC Remote Non Exec Memory Exploit NIPrint LPD-LPR Print Server 4.10 - Remote Microsoft Windows XP/2000 - RPC Remote Non Exec Memory Microsoft FrontPage Server Extensions - 'fp30reg.dll' Exploit (MS03-051) Microsoft Windows - Workstation Service WKSSVC Remote Exploit (MS03-049) IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Exploit Opera 7.22 - File Creation and Execution Exploit (WebServer) Microsoft Windows XP - Workstation Service Remote Exploit (MS03-049) Microsoft FrontPage Server Extensions - 'fp30reg.dll' (MS03-051) Microsoft Windows - Workstation Service WKSSVC Remote (MS03-049) IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Opera 7.22 - File Creation and Execution (WebServer) Microsoft Windows XP - Workstation Service Remote (MS03-049) Microsoft Windows Messenger Service (French) - Remote Exploit (MS03-043) Eznet 3.5.0 - Remote Stack Overflow Universal Exploit Microsoft Windows Messenger Service (French) - Remote (MS03-043) Eznet 3.5.0 - Remote Stack Overflow Universal RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Eudora 6.0.3 (Windows) - Attachment Spoofing Exploit Eudora 6.0.3 (Windows) - Attachment Spoofing Cisco - Cisco Global Exploiter Tool Cisco - Cisco Global er Tool BFTPd - 'vsprintf()' Format Strings Exploit INND/NNRP < 1.6.x - Overflow Exploit BFTPd - 'vsprintf()' Format Strings INND/NNRP < 1.6.x - Overflow BFTPd 1.0.12 - Remote Exploit BFTPd 1.0.12 - Remote Overflow Check Point VPN-1/FireWall-1 4.1 SP2 - Blocked Port Bypass Exploit OpenBSD ftpd 2.6/2.7 - Remote Exploit Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Exploit WU-FTPD 2.6.0 - Remote Format Strings Exploit Check Point VPN-1/FireWall-1 4.1 SP2 - Blocked Port Bypass OpenBSD ftpd 2.6/2.7 - Remote Linux Kernel 2.2 - TCP/IP Weakness Spoof IP WU-FTPD 2.6.0 - Remote Format Strings Cisco - Password Bruteforcer Exploit Netscape Enterprise Server 4.0/sparc/SunOS 5.7 - Remote Exploit Cisco - Password Bruteforcer Netscape Enterprise Server 4.0/sparc/SunOS 5.7 - Remote Command Execution IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote Exploit TCP Connection Reset - Remote Exploit IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote Microsoft Windows XP/2000 - 'Lsasrv.dll' Remote Universal Exploit (MS04-011) Microsoft Windows XP/2000 - 'Lsasrv.dll' Remote Universal (MS04-011) Borland Interbase 7.x - Remote Exploit Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Exploit Borland Interbase 7.x - Remote Buffer Overflow Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Microsoft Internet Explorer - Remote Application.Shell Exploit Microsoft Internet Explorer - Remote Application.Shell Microsoft Internet Explorer - Remote Wscript.Shell Exploit Linux imapd - Remote Overflow File Retrieve Exploit Microsoft Internet Explorer - Remote Wscript.Shell Linux imapd - Remote Overflow / File Retrieve OpenFTPd 0.30.2 - Remote Exploit OpenFTPd 0.30.2 - Remote Remote CVS 1.11.15 - 'error_prog_name' Remote Exploit WU-IMAP 2000.287(1-2) - Remote Exploit rsync 2.5.1 - Remote Exploit (1) rsync 2.5.1 - Remote Exploit (2) Remote CVS 1.11.15 - 'error_prog_name' Arbitrary Code Execution WU-IMAP 2000.287(1-2) - Remote rsync 2.5.1 - Remote (1) rsync 2.5.1 - Remote (2) D-Link DCS-900 Camera - Remote IP Address Changer Exploit D-Link DCS-900 Camera - Remote IP Address Changer AOL Instant Messenger AIM - 'Away' Message Remote Exploit (2) AOL Instant Messenger AIM - 'Away' Message Remote (2) Citadel/UX 6.23 - Remote USER Directive Exploit Citadel/UX 6.23 - Remote USER Directive Microsoft Windows - JPEG GDI+ Overflow Shellcode Exploit Microsoft Windows - JPEG GDI+ Overflow Shellcode Microsoft Windows - JPEG GDI+ Overflow Administrator Exploit (MS04-028) Microsoft Windows - JPEG GDI+ Overflow Download Shellcode Exploit (MS04-028) Microsoft Windows - JPEG GDI+ Overflow Administrator (MS04-028) Microsoft Windows - JPEG GDI+ Overflow Download Shellcode (MS04-028) Eudora 6.2.0.7 - Attachment Spoofer Exploit Eudora 6.2.0.7 - Attachment Spoofer Microsoft Windows - Compressed Zipped Folders Exploit (MS04-034) Microsoft Windows - Compressed Zipped Folders (MS04-034) PHP 4.3.7/5.0.0RC3 - memory_limit Remote Exploit PHP 4.3.7/5.0.0RC3 - memory_limit Remote SHOUTcast DNAS/Linux 1.9.4 - Format String Remote Exploit SHOUTcast DNAS/Linux 1.9.4 - Format String Remote Apple iTunes - Playlist Buffer Overflow Download Shellcode Exploit Apple iTunes - Playlist Buffer Overflow Download Shellcode Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit Microsoft Internet Explorer - '.ANI' Universal Exploit (MS05-002) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow Microsoft Internet Explorer - '.ANI' Universal (MS05-002) Microsoft Internet Explorer - '.ANI' Downloader Exploit (MS05-002) Microsoft Internet Explorer - '.ANI' Downloader (MS05-002) 3CServer 1.1 (FTP Server) - Remote Exploit MSN Messenger - '.png' Image Buffer Overflow Download Shellcode Exploit 3CServer 1.1 (FTP Server) - Remote MSN Messenger - '.png' Image Buffer Overflow Download Shellcode Exim 4.43 - 'auth_spa_server()' Remote Exploit (PoC) Exim 4.43 - 'auth_spa_server()' Remote (PoC) Thomson TCW690 - POST Password Validation Exploit SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Exploit Thomson TCW690 - POST Password Validation SHOUTcast 1.9.4 (Windows) - File Request Format String Remote LimeWire 4.1.2 < 4.5.6 - 'GET' Remote Exploit LimeWire 4.1.2 < 4.5.6 - 'GET' Remote Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote Exploit Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote MailEnable Enterprise 1.x - IMAPd Remote Exploit MailEnable Enterprise 1.x - IMAPd Remote HP-UX FTPD 1.1.214.4 - 'REST' Remote Brute Force Exploit HP-UX FTPD 1.1.214.4 - 'REST' Remote Brute Force dSMTP Mail Server 3.1b (Linux) - Format String Exploit dSMTP Mail Server 3.1b (Linux) - Format String ViRobot Advanced Server 2.0 - 'addschup' Remote Cookie Exploit ViRobot Advanced Server 2.0 - 'addschup' Remote Cookie Microsoft Windows Message Queuing - Buffer Overflow Universal Exploit (MS05-017) (v.0.3) Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Exploit Nokia Affix < 3.2.0 - btftp Remote Client Exploit Microsoft Windows Message Queuing - Buffer Overflow Universal (MS05-017) (v.0.3) Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Nokia Affix < 3.2.0 - btftp Remote Client Hosting Controller 0.6.1 HotFix 2.1 - Change Credit Limit Exploit Baby Web Server 2.6.2 - Command Validation Exploit Hosting Controller 0.6.1 HotFix 2.1 - Change Credit Limit Baby Web Server 2.6.2 - Command Validation Small HTTP Server 3.05.28 - Arbitrary Data Execution Exploit HP OpenView OmniBack II - Generic Remote Exploit Small HTTP Server 3.05.28 - Arbitrary Data Execution HP OpenView OmniBack II - Generic Remote CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote Exploit CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote Exploit (MS05-038) Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038) Veritas Backup Exec (Windows) - Remote File Access Exploit (Metasploit) Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (MS05-039) Veritas Backup Exec (Windows) - Remote File Access (Metasploit) Microsoft Windows Plug-and-Play Service - Remote Universal (MS05-039) Solaris 10 LPD - Arbitrary File Delete Exploit (Metasploit) Solaris 10 LPD - Arbitrary File Delete (Metasploit) Microsoft IIS 5.0 - '500-100.asp' Server Name Spoof Exploit Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (Spanish) (MS05-039) Microsoft Windows Plug-and-Play Service (French) - Remote Universal Exploit (MS05-039) Microsoft IIS 5.0 - '500-100.asp' Server Name Spoof Microsoft Windows Plug-and-Play Service - Remote Universal (Spanish) (MS05-039) Microsoft Windows Plug-and-Play Service (French) - Remote Universal (MS05-039) HP OpenView Network Node Manager 7.50 - Remote Exploit DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote Exploit HP OpenView Network Node Manager 7.50 - Remote DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote Mozilla Browsers - 0xAD (HOST:) Remote Heap Buffer Overrun Exploit (2) Mozilla Browsers - 0xAD (HOST:) Remote Heap Buffer Overrun (2) HP-UX FTP Server - Unauthenticated Directory Listing Exploit (Metasploit) HP-UX FTP Server - Unauthenticated Directory Listing (Metasploit) Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote Exploit Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Exploit Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote Exploit Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote Mirabilis ICQ 2003a - Buffer Overflow Download Shellcode Exploit Mirabilis ICQ 2003a - Buffer Overflow Download Shellcode Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote Exploit (3) Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote Exploit (4) Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote (3) Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote (4) Microsoft Windows - DTC Remote Exploit (PoC) (MS05-051) (2) Microsoft Windows - DTC Remote (PoC) (MS05-051) (2) Mercury Mail Transport System 4.01b - PH SERVER Remote Exploit Mercury Mail Transport System 4.01b - PH SERVER Remote Farmers WIFE 4.4 sp1 - 'FTP' Remote System Access Exploit Farmers WIFE 4.4 sp1 - 'FTP' Remote System Access Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote Exploit (Metasploit) Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote (Metasploit) Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (1) Microsoft Internet Explorer - 'createTextRang' Remote Exploit (Metasploit) Microsoft Internet Explorer - 'createTextRang' Download Shellcode (1) Microsoft Internet Explorer - 'createTextRang' Remote (Metasploit) Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (2) Microsoft Internet Explorer - 'createTextRang' Download Shellcode (2) MySQL 4.1.18/5.0.20 - Local/Remote Information Leakage Exploit MySQL 4.1.18/5.0.20 - Local/Remote Information Leakage Microsoft Windows - DHCP Client Broadcast Exploit (MS06-036) Microsoft Windows - DHCP Client Broadcast (MS06-036) Microsoft Windows - CanonicalizePathName() Remote Exploit (MS06-040) Microsoft Windows - CanonicalizePathName() Remote (MS06-040) Easy File Sharing FTP Server 2.0 - 'PASS' Remote Exploit (PoC) Easy File Sharing FTP Server 2.0 - 'PASS' Remote (PoC) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (HTML) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (1) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Exploit (2) McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - Source Remote Exploit (Metasploit) Microsoft Internet Explorer - WebViewFolderIcon setSlice() (HTML) Microsoft Internet Explorer - WebViewFolderIcon setSlice() (1) Microsoft Internet Explorer - WebViewFolderIcon setSlice() (2) McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - Source Remote (Metasploit) AEP SmartGate 4.3b - 'GET' Arbitrary File Download Exploit Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote Exploit AEP SmartGate 4.3b - 'GET' Arbitrary File Download Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote MiniHTTPServer Web Forum & File Sharing Server 4.0 - Add User Exploit MiniHTTPServer Web Forum & File Sharing Server 4.0 - Add User Easy File Sharing Web Server 4 - Remote Information Stealer Exploit EFS Easy Address Book Web Server 1.2 - Remote File Stream Exploit Easy File Sharing Web Server 4 - Remote Information Stealer EFS Easy Address Book Web Server 1.2 - Remote File Stream Oracle 9i/10g - 'read/write/execute' Exploitation Suite Oracle 9i/10g - 'read/write/execute' ation Suite Oracle 9i/10g - 'utl_file' FileSystem Access Exploit Oracle 9i/10g - 'utl_file' FileSystem Access Microsoft Windows - ASN.1 Remote Exploit (MS04-007) Microsoft Windows - ASN.1 Remote (MS04-007) Rediff Bol Downloader - ActiveX Control Execute Local File Exploit Rediff Bol Downloader - ActiveX Control Execute Local File Microsoft Internet Explorer - VML Download and Execute Exploit (MS07-004) Microsoft Internet Explorer - VML Download and Execute (MS07-004) PA168 Chipset IP Phones - Weak Session Management Exploit PA168 Chipset IP Phones - Weak Session Management Lotus Domino R6 Webmail - Remote Password Hash Dumper Exploit Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack Exploit Lotus Domino R6 Webmail - Remote Password Hash Dumper Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack Oracle 10g - KUPW$WORKER.MAIN Grant/Revoke dba Permission Exploit Oracle 10g - KUPV$FT.ATTACH_JOB Grant/Revoke dba Permission Exploit Oracle 10g - KUPW$WORKER.MAIN Grant/Revoke dba Permission Oracle 10g - KUPV$FT.ATTACH_JOB Grant/Revoke dba Permission NetProxy 4.03 - Web Filter Evasion / Bypass Logging Exploit 3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode Exploit (Perl) NetProxy 4.03 - Web Filter Evasion / Bypass Logging 3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode (Perl) PHP 5.2.0 - EXT/Filter FDF Post Filter Bypass Exploit PHP 5.2.0 - EXT/Filter FDF Post Filter Bypass Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Exploit Mercur Messaging 2005 < SP4 - IMAP Remote Exploit (Egghunter) Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Mercur Messaging 2005 < SP4 - IMAP Remote (Egghunter) Microsoft DNS Server - Dynamic DNS Updates Remote Exploit Microsoft DNS Server - Dynamic DNS Updates Remote Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage Exploit Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage Microsoft Internet Explorer - Recordset Double-Free Memory Exploit (MS07-009) Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote Exploit Microsoft Internet Explorer - Recordset Double-Free Memory (MS07-009) Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Remote Code Exploit CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Remote Code IBM Lotus Domino Server 6.5 - Unauthenticated Remote Exploit IBM Lotus Domino Server 6.5 - Unauthenticated Remote Microsoft Windows - Animated Cursor '.ani' Remote Exploit (eeye patch Bypass) Microsoft Windows - Animated Cursor '.ani' Remote (eeye patch Bypass) Microsoft Windows - Animated Cursor '.ani' Universal Exploit Generator Microsoft Windows - Animated Cursor '.ani' Universal Generator MiniWebsvr 0.0.7 - Remote Directory Traversal Virtual CD 9.0.0.2 - 'vc9api.DLL' Remote Shell Commands Execution Exploit Virtual CD 9.0.0.2 - 'vc9api.DLL' Remote Shell Commands Execution EDraw Office Viewer Component - Unsafe Method Exploit EDraw Office Viewer Component - Unsafe Method Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote Exploit Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote IBM Tivoli Provisioning Manager - Unauthenticated Remote Exploit IBM Tivoli Provisioning Manager - Unauthenticated Remote Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method Exploit Yahoo! Messenger Webcam 8.1 - 'Ywcvwr.dll' Download / Execute Exploit Yahoo! Messenger Webcam 8.1 - 'Ywcupl.dll' Download / Execute Exploit Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method Yahoo! Messenger Webcam 8.1 - 'Ywcvwr.dll' Download / Execute Yahoo! Messenger Webcam 8.1 - 'Ywcupl.dll' Download / Execute HP Digital Imaging 'hpqxml.dll 2.0.0.133' - Arbitrary Data Write Exploit HP Digital Imaging 'hpqxml.dll 2.0.0.133' - Arbitrary Data Write HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' Exploit HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' Apache Tomcat Connector mod_jk - 'exec-shield' Remote Exploit Apache Tomcat Connector mod_jk - 'exec-shield' Remote SecureBlackbox 'PGPBBox.dll 5.1.0.112' - Arbitrary Data Write Exploit SecureBlackbox 'PGPBBox.dll 5.1.0.112' - Arbitrary Data Write Nessus Vulnerability Scanner 3.0.6 - ActiveX Remote Delete File Exploit Nessus Vulnerability Scanner 3.0.6 - ActiveX Remote Delete File VMware 'IntraProcessLogging.dll' 5.5.3.42958 - Arbitrary Data Write Exploit VMware 'IntraProcessLogging.dll' 5.5.3.42958 - Arbitrary Data Write BIND 9 0.3beta - DNS Cache Poisoning Exploit BIND 9 0.3beta - DNS Cache Poisoning NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote Exploit NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote Telecom Italy Alice Messenger - Remote Registry Key Manipulation Exploit Telecom Italy Alice Messenger - Remote Registry Key Manipulation Lighttpd 1.4.16 - FastCGI Header Overflow Remote Exploit Lighttpd 1.4.16 - FastCGI Header Overflow Remote Apple QuickTime /w IE .qtl Version XAS - Remote Exploit (PoC) Apple QuickTime /w IE .qtl Version XAS - Remote (PoC) Lighttpd 1.4.17 - FastCGI Header Overflow Remote Exploit Lighttpd 1.4.17 - FastCGI Header Overflow Remote Motorola Timbuktu Pro 8.6.5 - File Deletion/Creation Exploit Tor < 0.1.2.16 - ControlPort Remote Rewrite Exploit Motorola Timbuktu Pro 8.6.5 - File Deletion/Creation Tor < 0.1.2.16 - ControlPort Remote Rewrite Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak Exploit PBEmail 7 - ActiveX Edition Insecure Method Exploit Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak PBEmail 7 - ActiveX Edition Insecure Method IBM Lotus Domino 7.0.2FP1 - IMAP4 Server LSUB Command Exploit IBM Lotus Domino 7.0.2FP1 - IMAP4 Server LSUB Command SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Exploit EDraw Flowchart ActiveX Control 2.0 - Insecure Method Exploit SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote EDraw Flowchart ActiveX Control 2.0 - Insecure Method Apple QuickTime 7.2/7.3 (Internet Explorer 7 / Firefox / Opera) - RTSP Response Universal Exploit Apple QuickTime 7.2/7.3 (Internet Explorer 7 / Firefox / Opera) - RTSP Response Universal Apple QuickTime 7.2/7.3 - RSTP Response Universal Exploit Apple QuickTime 7.2/7.3 (OSX/Windows) - RSTP Response Universal Exploit Apple QuickTime 7.2/7.3 - RSTP Response Universal Apple QuickTime 7.2/7.3 (OSX/Windows) - RSTP Response Universal Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue Exploit (MS07-065) Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue (MS07-065) Macrovision FlexNet - 'isusweb.dll' DownloadAndExecute Method Exploit Macrovision FlexNet - 'isusweb.dll' DownloadAndExecute Method Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' install Method Exploit Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' install Method MailBee Objects 5.5 - 'MailBee.dll' Remote Insecure Method Exploit Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method Exploit MailBee Objects 5.5 - 'MailBee.dll' Remote Insecure Method Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method Chilkat FTP ActiveX 2.0 - 'ChilkatCert.dll' Insecure Method Exploit Chilkat FTP ActiveX 2.0 - 'ChilkatCert.dll' Insecure Method Backup Exec System Recovery Manager 7.0.1 - Arbitrary File Upload Rising AntiVirus Online Scanner - Insecure Method Flaw Exploit Rising AntiVirus Online Scanner - Insecure Method Flaw NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal Exploit NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal IBiz E-Banking Integrator 2.0 - ActiveX Edition Insecure Method Exploit IBiz E-Banking Integrator 2.0 - ActiveX Edition Insecure Method C6 Messenger - ActiveX Remote Download and Execute Exploit C6 Messenger - ActiveX Remote Download and Execute Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download Exploit Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning Exploit (Metasploit) BIND 9.x - Remote DNS Cache Poisoning Exploit (Python) Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote Exploit BIND 9.x - Remote DNS Cache Poisoning Exploit BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning (Metasploit) BIND 9.x - Remote DNS Cache Poisoning (Python) Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote BIND 9.x - Remote DNS Cache Poisoning Cisco IOS 12.3(18) (FTP Server) - Remote Exploit (Attached to GDB) Cisco IOS 12.3(18) (FTP Server) - Remote (Attached to GDB) BIND 9.5.0-P2 - 'Randomized Ports' Remote DNS Cache Poisoning Exploit BIND 9.5.0-P2 - 'Randomized Ports' Remote DNS Cache Poisoning Belkin Wireless G Router / ADSL2 Modem - Authentication Bypass Sun Solaris 10 - snoop(1M) Utility Remote Exploit Friendly Technologies - Read/Write Registry/Read Files Exploit Google Chrome 0.2.149.27 - Automatic File Download Exploit Sun Solaris 10 - snoop(1M) Utility Remote Friendly Technologies - Read/Write Registry/Read Files Google Chrome 0.2.149.27 - Automatic File Download Microworld Mailscan 5.6.a - Password Reveal Exploit Microworld Mailscan 5.6.a - Password Reveal NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Exploit NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Chilkat XML - ActiveX Arbitrary File Creation/Execution Exploit Chilkat XML - ActiveX Arbitrary File Creation/Execution Autodesk DWF Viewer Control / LiveUpdate Module - Remote Exploit GdPicture Pro - ActiveX 'gdpicture4s.ocx' File Overwrite / Exec Exploit Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) Exploit (MS08-021) Autodesk DWF Viewer Control / LiveUpdate Module - Remote GdPicture Pro - ActiveX 'gdpicture4s.ocx' File Overwrite / Exec Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) (MS08-021) PowerTCP FTP Module - Multiple Exploit Techniques (SEH HeapSpray) PowerTCP FTP Module - Multiple Techniques (SEH HeapSpray) MW6 Aztec - ActiveX 'Aztec.dll' Remote Insecure Method Exploit MW6 Barcode - ActiveX 'Barcode.dll' Insecure Method Exploit MW6 Datamatrix - ActiveX 'Datamatrix.dll' Insecure Method Exploit MW6 PDF417 - ActiveX 'MW6PDF417.dll' Remote Insecure Method Exploit MW6 Aztec - ActiveX 'Aztec.dll' Remote Insecure Method MW6 Barcode - ActiveX 'Barcode.dll' Insecure Method MW6 Datamatrix - ActiveX 'Datamatrix.dll' Insecure Method MW6 PDF417 - ActiveX 'MW6PDF417.dll' Remote Insecure Method GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API Exploit (Metasploit) GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API (Metasploit) Microsoft Windows - SmbRelay3 NTLM Replay Exploit (MS08-068) Microsoft Windows - SmbRelay3 NTLM Replay (MS08-068) DD-WRT v24-sp1 - Cross-Site Reference Forgery Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow Chilkat FTP - ActiveX (SaveLastError) Insecure Method Exploit Chilkat FTP - ActiveX (SaveLastError) Insecure Method ExcelOCX ActiveX 3.2 - Download File Insecure Method Exploit ExcelOCX ActiveX 3.2 - Download File Insecure Method GuildFTPd FTP Server 0.999.14 - Remote Delete Files Exploit GuildFTPd FTP Server 0.999.14 - Remote Delete Files GeoVision LiveAudio - ActiveX Remote Freed-Memory Access Exploit Morovia Barcode ActiveX 3.6.2 - 'MrvBarCd.dll' Insecure Method Exploit RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Exploit GeoVision LiveAudio - ActiveX Remote Freed-Memory Access Morovia Barcode ActiveX 3.6.2 - 'MrvBarCd.dll' Insecure Method RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Sysax Multi Server 4.3 - Arbitrary Delete Files Exploit Sysax Multi Server 4.3 - Arbitrary Delete Files Expoit IncrediMail 5.86 - Cross-Site Scripting Script Execution Exploit IncrediMail 5.86 - Cross-Site Scripting Script Execution Pirelli Discus DRG A225 wifi router - WPA2PSK Default Algorithm Exploit Pirelli Discus DRG A225 wifi router - WPA2PSK Default Algorithm Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote httpdx 0.8 - FTP Server Delete/Get/Create Directories/Files Exploit httpdx 0.8 - FTP Server Delete/Get/Create Directories/Files Bopup Communications Server 3.2.26.5460 - Remote SYSTEM Exploit Bopup Communications Server 3.2.26.5460 - Remote SYSTEM Green Dam - Remote Change System Time Exploit Green Dam - Remote Change System Time Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Exploit Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection Exploit Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection IBM Installation Manager 1.3.0 - 'iim://' URI handler Exploit EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote Exploit Oracle - Document Capture BlackIce DEVMODE Exploit IBM Installation Manager 1.3.0 - 'iim://' URI handler EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote Oracle - Document Capture BlackIce DEVMODE Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization Exploit (Metasploit) Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit) AoA MP4 Converter 4.1.2 - ActiveX Exploit AoA MP4 Converter 4.1.2 - ActiveX Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit (Metasploit) Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote (Metasploit) Unreal Tournament 2004 - 'Secure' Overflow Exploit (Metasploit) Unreal Tournament 2004 - 'Secure' Overflow (Metasploit) AoA Audio Extractor Basic 2.3.7 - ActiveX Exploit AoA DVD Creator 2.6.2 - ActiveX Exploit AoA Audio Extractor Basic 2.3.7 - ActiveX AoA DVD Creator 2.6.2 - ActiveX Microsoft Internet Explorer 6 - Aurora Exploit Microsoft Internet Explorer 6 - Aurora Exploit EFS Software Easy Chat Server 2.2 - Buffer Overflow EFS Software Easy Chat Server 2.2 - Buffer Overflow AOL 9.5 - ActiveX Heap Spray Exploit AOL 9.5 - ActiveX Heap Spray (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Exploit (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Microsoft Internet Explorer 6/7 - Remote Code Execution (Remote User Add Exploit) Microsoft Internet Explorer 6/7 - Remote Code Execution (Remote User Add) Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray Exploit Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free Exploit (Metasploit) Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free (Metasploit) Magneto Net Resource ActiveX 4.0.0.5 - 'NetFileClose' Universal Exploit Magneto Net Resource ActiveX 4.0.0.5 - 'NetConnectionEnum' Universal Exploit Magneto Net Resource ActiveX 4.0.0.5 - 'NetShareEnum' Universal Exploit Magneto Net Resource ActiveX 4.0.0.5 - 'NetFileClose' Universal Magneto Net Resource ActiveX 4.0.0.5 - 'NetConnectionEnum' Universal Magneto Net Resource ActiveX 4.0.0.5 - 'NetShareEnum' Universal Xftp client 3.0 - 'PWD' Remote Exploit Xftp client 3.0 - 'PWD' Remote HP Digital Imaging - 'hpodio08.dll' Insecure Method Exploit HP Digital Imaging - 'hpodio08.dll' Insecure Method ProSSHD 1.2 - Authenticated Remote Exploit (ASLR + DEP Bypass) ProSSHD 1.2 - Authenticated Remote (ASLR + DEP Bypass) Litespeed Technologies - Web Server Remote Poison Null Byte Exploit Litespeed Technologies - Web Server Remote Poison Null Byte Sun Java Web Server 7.0 u7 - Remote Exploit Sun Java Web Server 7.0 u7 - Remote Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Exploit Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote IBM AIX 5l - 'FTPd' Remote DES Hash Exploit IBM AIX 5l - 'FTPd' Remote DES Hash Barcodewiz Barcode ActiveX Control 3.29 - Remote HeapSpray Exploit (Internet Explorer 6/7) Barcodewiz Barcode ActiveX Control 3.29 - Remote HeapSpray (Internet Explorer 6/7) AoA Audio Extractor - Remote ActiveX SEH JIT Spray Exploit (ASLR + DEP Bypass) SopCast 3.2.9 - Remote Exploit AoA Audio Extractor - Remote ActiveX SEH JIT Spray (ASLR + DEP Bypass) SopCast 3.2.9 - Remote Adobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointer Exploit Adobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointer Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Exploit Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote AoA Audio Extractor 2.x - ActiveX ROP Exploit AoA Audio Extractor 2.x - ActiveX ROP Microsoft ASP.NET - Auto-Decryptor File Download Exploit (MS10-070) Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070) Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Google Android 2.0 < 2.1 - Reverse Shell Exploit Google Android 2.0 < 2.1 - Reverse Shell FreeBSD Litespeed Web Server 4.0.17 with PHP - Remote Exploit Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Crystal Reports Viewer 12.0.0.549 - 'PrintControl.dll' ActiveX Exploit Microsoft Internet Explorer 8 - CSS Parser Exploit Crystal Reports Viewer 12.0.0.549 - 'PrintControl.dll' ActiveX Microsoft Internet Explorer 8 - CSS Parser Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote Exploit Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote Sun Microsystems SunScreen Firewall - Root Exploit Sun Microsystems SunScreen Firewall - Privilege Escalation FTPGetter 3.58.0.21 - 'PASV' Buffer Overflow Exploit FTPGetter 3.58.0.21 - 'PASV' Buffer Overflow Sun Java - Calendar Deserialization Exploit (Metasploit) Sun Java - Calendar Deserialization (Metasploit) Java - 'Statement.invoke()' Trusted Method Chain Exploit (Metasploit) Java - 'Statement.invoke()' Trusted Method Chain (Metasploit) Veritas Backup Exec Name Service - Overflow Exploit (Metasploit) Veritas Backup Exec Name Service - Overflow (Metasploit) Microsoft Private Communications Transport - Overflow Exploit (MS04-011) (Metasploit) Microsoft Private Communications Transport - Overflow (MS04-011) (Metasploit) Microsoft RRAS Service - Overflow Exploit (MS06-025) (Metasploit) Microsoft RRAS Service - Overflow (MS06-025) (Metasploit) Microsoft NetDDE Service - Overflow Exploit (MS04-031) (Metasploit) Microsoft NetDDE Service - Overflow (MS04-031) (Metasploit) CA BrightStor Agent for Microsoft SQL - Overflow Exploit (Metasploit) CA BrightStor Agent for Microsoft SQL - Overflow (Metasploit) CA BrightStor Universal Agent - Overflow Exploit (Metasploit) CA BrightStor Universal Agent - Overflow (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow Exploit (Metasploit) Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow (Metasploit) Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Exploit (Metasploit) Mozilla Firefox - Interleaving 'document.write' / 'appendChild' (Metasploit) Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX Exploit (Metasploit) Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX (Metasploit) Microsoft RPC DCOM Interface - Overflow Exploit (MS03-026) (Metasploit) Microsoft RPC DCOM Interface - Overflow (MS03-026) (Metasploit) Savant Web Server 3.1 - Overflow Exploit (Metasploit) Savant Web Server 3.1 - Overflow (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Overflow Exploit (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Overflow (Metasploit) Snort Back Orifice - Pre-Preprocessor Remote Exploit (Metasploit) Snort Back Orifice - Pre-Preprocessor Remote (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Overflow Exploit (Metasploit) Knox Arkeia Backup Client Type 77 (OSX) - Overflow (Metasploit) Samba 2.2.8 (BSD x86) - 'trans2open' Overflow Exploit (Metasploit) Samba 2.2.8 (BSD x86) - 'trans2open' Overflow (Metasploit) KingView 6.5.3 SCADA - ActiveX Exploit KingView 6.5.3 SCADA - ActiveX Google Android 2.0/2.1/2.1.1 - WebKit Use-After-Free Exploit Google Android 2.0/2.1/2.1.1 - WebKit Use-After-Free Progea Movicon 11 - 'TCPUploadServer' Remote Exploit Progea Movicon 11 - 'TCPUploadServer' Remote Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion Exploit (ASLR + DEP Bypass) Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion (ASLR + DEP Bypass) IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM Exploit IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM Black Ice Cover Page SDK - Insecure Method 'DownloadImageFileURL()' Exploit (Metasploit) Black Ice Cover Page SDK - Insecure Method 'DownloadImageFileURL()' (Metasploit) IBM Web Application Firewall - Bypass Exploit IBM Web Application Firewall - Bypass Symantec Backup Exec 12.5 - Man In The Middle Exploit Symantec Backup Exec 12.5 - Man In The Middle Mozilla Firefox 3.6.16 (Windows 7) - mChannel Object Use-After-Free Exploit Mozilla Firefox 3.6.16 (Windows 7) - mChannel Object Use-After-Free Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Exploit Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' JBoss AS 2.0 - Remote Exploit JBoss AS 2.0 - Remote NJStar Communicator 3.00 - MiniSMTP Server Remote Exploit (Metasploit) NJStar Communicator 3.00 - MiniSMTP Server Remote (Metasploit) Oracle - xdb.xdb_pitrig_pkg.PITRIG_DROPMETADATA procedure Exploit Oracle - xdb.xdb_pitrig_pkg.PITRIG_DROPMETADATA procedure CoDeSys SCADA 2.3 - Remote Exploit CoDeSys SCADA 2.3 - Remote Buffer Overflow CoCSoft Stream Down 6.8.0 - Universal Exploit (Metasploit) Reaver - WiFi Protected Setup (WPS) Exploit CoCSoft Stream Down 6.8.0 - Universal (Metasploit) Reaver - WiFi Protected Setup (WPS) Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Exploit Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Apache Tomcat - Account Scanner / 'PUT' Request Remote Exploit Apache Tomcat - Account Scanner / 'PUT' Request Remote McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Exploit McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Berkeley Sendmail 5.58 - Debug Exploit Berkeley Sendmail 5.58 - Debug SunView (SunOS 4.1.1) - selection_svc Exploit SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit SunView (SunOS 4.1.1) - 'selection_svc' Remote File Read SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS IRIX 6.4 - 'pfdisplay.cgi' Exploit IRIX 6.4 - 'pfdisplay.cgi' Metainfo Sendmail 2.0/2.5 / MetaIP 3.1 - Upload / Execute Read Scripts WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Exploit (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Exploit (2) Metainfo Sendmail 2.0/2.5 / MetaIP 3.1 - Upload / Execute Read Scripts WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Buffer Overflow (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Buffer Overflow (2) HP JetAdmin 1.0.9 Rev. D - symlink Exploit HP JetAdmin 1.0.9 Rev. D - symlink XM Easy Personal FTP Server 5.30 - Remote Format String Write4 Exploit XM Easy Personal FTP Server 5.30 - Remote Format String Write4 Western Digital's WD TV Live SMP/Hub - Root Exploit Western Digital's WD TV Live SMP/Hub - Privilege Escalation Debian 2.1 - httpd Exploit Debian 2.1 - httpd SGI IRIX 6.2 - cgi-bin wrap Exploit SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Exploit SGI IRIX 6.4 - cgi-bin handler Exploit SGI IRIX 6.5.2 - 'nsd'' Exploit SGI IRIX 6.2 - cgi-bin wrap SGI IRIX 6.3 - cgi-bin 'webdist.cgi' SGI IRIX 6.4 - cgi-bin handler SGI IRIX 6.5.2 - 'nsd' Information Gathering IBM AIX 3.2.5 - 'login(1)' Exploit IBM AIX 3.2.5 - 'login(1)' Privilege Escalation Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS Exploit (1) Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (1) Microsoft Windows 98a/98b/98SE / Solaris 2.6 - IRDP Exploit Microsoft Windows 98a/98b/98SE / Solaris 2.6 - IRDP ProFTPd 1.2 pre6 - 'snprintf' Remote Root Exploit ProFTPd 1.2 pre6 - 'snprintf' Remote Root Microsoft Internet Explorer 5.0/4.0.1 - iFrame Exploit Microsoft Internet Explorer 5.0/4.0.1 - iFrame PHP/FI 1.0/FI 2.0/FI 2.0 b10 - mylog/mlog Exploit Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 Exploit (1) Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 Exploit (2) PHP/FI 1.0/FI 2.0/FI 2.0 b10 - mylog/mlog Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 (1) Lucent Ascend MAX 5.0/Pipeline 6.0/TNT 1.0/2.0 Router - MAX UDP Port 9 (2) AN-HTTPd 1.2b - CGI Exploits AN-HTTPd 1.2b - CGI s Allaire ColdFusion Server 4.0/4.0.1 - 'CFCACHE' Exploit Allaire ColdFusion Server 4.0/4.0.1 - 'CFCACHE' Information Disclosure RedHat 6.1 / IRIX 6.5.18 - 'lpd' Exploit RedHat 6.1 / IRIX 6.5.18 - 'lpd' Command Execution A-V Tronics InetServ 3.0 - WebMail GET Exploit A-V Tronics InetServ 3.0 - WebMail GET Cat Soft Serv-U FTP Server 2.5/a/b (Windows 95/98/2000/NT 4.0) - Shortcut Exploit Cat Soft Serv-U FTP Server 2.5/a/b (Windows 95/98/2000/NT 4.0) - Shortcut SGI InfoSearch 1.0 / SGI IRIX 6.5.x - fname Exploit SGI InfoSearch 1.0 / SGI IRIX 6.5.x - fname Cisco IOS 11.x/12.x - HTTP %% Exploit Cisco IOS 11.x/12.x - HTTP %% Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 - FTP Server Exploit Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 - FTP Server NCSA httpd-campas 1.2 - sample script Exploit NCSA httpd-campas 1.2 - sample script Microsoft Internet Explorer 5.5 - 'Index.dat' Exploit (MS00-055) Microsoft Internet Explorer 5.5 - 'Index.dat' (MS00-055) Novell NetWare Web Server 2.x - convert.bas Exploit Novell NetWare Web Server 2.x - convert.bas Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Exploit Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Novell Netware Web Server 3.x - files.pl Exploit Novell Netware Web Server 3.x - files.pl SGI IRIX 3/4/5/6 / OpenLinux 1.0/1.1 - routed traceon Exploit SGI IRIX 3/4/5/6 / OpenLinux 1.0/1.1 - routed traceon Sitecom MD-25x - Multiple Vulnerabilities / Reverse Root Exploit Sitecom MD-25x - Multiple Vulnerabilities Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow Exploit Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Buffer Overflow Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow BigAnt Server 2.52 SP5 - Stack Overflow ROP-Based Exploit (SEH) (ASLR + DEP Bypass) BigAnt Server 2.52 SP5 - Stack Overflow ROP-Based (SEH) (ASLR + DEP Bypass) IBM System Director Agent - Remote System Level Exploit IBM System Director Agent - Remote System Level MySQL - 'Stuxnet Technique' Windows Remote System Exploit MySQL - 'Stuxnet Technique' Windows Remote System Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting ActFax 5.01 - RAW Server Exploit (Metasploit) ActFax 5.01 - RAW Server (Metasploit) Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Exploit Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Adobe ColdFusion APSB13-03 - Remote Exploit (Metasploit) Adobe ColdFusion APSB13-03 - Remote Multiple Vulnerabilities (Metasploit) Plesk < 9.5.4 - Remote Exploit Plesk < 9.5.4 - Remote PCMan FTP Server 2.0.7 - Remote Exploit (Metasploit) PCMan FTP Server 2.0.7 - Remote (Metasploit) (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval Exploit (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval PHP 4.x - 'copy() Safe_Mode' Bypass Exploit PHP 4.x - 'copy() Safe_Mode' Bypass Microsoft PowerPoint 2003 - 'powerpnt.exe' Exploit Microsoft PowerPoint 2003 - 'powerpnt.exe' Microsoft Internet Explorer 6 - Code Execution (1) Microsoft Internet Explorer 6 - Code Execution (2) Microsoft Internet Explorer 6 - Code Execution (1) Microsoft Internet Explorer 6 - Code Execution (2) Nginx 1.4.0 (Generic Linux x64) - Remote Exploit Nginx 1.4.0 (Generic Linux x64) - Remote PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit PHP 5.2.5 - cURL 'safe_mode' Security Bypass Oracle Forms and Reports 11.1 - Remote Exploit Oracle Forms and Reports 11.1 - Arbitrary Code Execution Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Exploit Novell eDirectory 8.x - eMBox Utility 'edirutil' Command OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (1) OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (1) OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (2) (DTLS Support) OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support) Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow Exploit Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow SugarCRM 6.5.23 - REST PHP Object Injection Exploit (Metasploit) SugarCRM 6.5.23 - REST PHP Object Injection (Metasploit) NovaSTOR NovaNET 12.0 - Remote SYSTEM Exploit NovaSTOR NovaNET 12.0 - Remote SYSTEM Kolibri Web Server 2.0 - GET Exploit (SEH) Kolibri Web Server 2.0 - GET (SEH) GNU bash 4.3.11 - Environment Variable dhclient Exploit GNU bash 4.3.11 - Environment Variable dhclient Eclipse 3.6.1 - Help Server help/index.jsp URI Cross-Site Scripting Eclipse 3.6.1 - Help Server help/advanced/content.jsp URI Cross-Site Scripting Eclipse 3.6.1 - Help Server 'help/index.jsp' Cross-Site Scripting Eclipse 3.6.1 - Help Server 'help/advanced/content.jsp' Cross-Site Scripting Microsoft Windows - OLE Remote Code Execution 'Sandworm' Exploit (MS14-060) Microsoft Windows - OLE Remote Code Execution 'Sandworm' (MS14-060) tnftp (FreeBSD 8/9/10) - 'tnftp' Client Eide Exploit tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side VSAT Sailor 900 - Remote Exploit VSAT Sailor 900 - Remote Bsplayer 2.68 - HTTP Response Universal Exploit Bsplayer 2.68 - HTTP Response Universal MS SQL Server 2000/2005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit MS SQL Server 2000/2005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Microsoft Windows Media Center - MCL Exploit (MS15-100) (Metasploit) Microsoft Windows Media Center - MCL (MS15-100) (Metasploit) Adobe Flash - Object.unwatch Use-After-Free Exploit Adobe Flash - Object.unwatch Use-After-Free Google Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass) Google Android 5.0.1 - Metaphor Stagefright (ASLR Bypass) TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote Exploit TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote D-Link DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) D-Link DIR-Series Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) DC/OS Marathon UI - Docker Exploit (Metasploit) DC/OS Marathon UI - Docker (Metasploit) CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Exploit CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote phpBB 2.0.6 - 'search_id' SQL Injection MD5 Hash Remote Exploit PHP-Nuke 6.9 - 'cid' SQL Injection Remote Exploit phpBB 2.0.6 - 'search_id' SQL Injection MD5 Hash Remote PHP-Nuke 6.9 - 'cid' SQL Injection Remote UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Exploit PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Code Execution PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote phpMyChat 0.14.5 - Remote Improper File Permissions Exploit e107 - 'include()' Remote Exploit phpMyChat 0.14.5 - Remote Improper File Permissions e107 - 'include()' Remote Siteman 1.1.10 - Remote Administrative Account Addition Exploit Siteman 1.1.10 - Remote Administrative Account Addition PostNuke PostWrap Module - Remote Exploit PHP-Nuke 7.4 - Admin Exploit PostNuke PostWrap Module - Remote PHP-Nuke 7.4 - Admin AWStats 5.7 < 6.2 - Multiple Remote Exploits (PoC) AWStats 5.7 < 6.2 - Multiple Remote Exploits AWStats 5.7 < 6.2 - Multiple Remote s (PoC) AWStats 5.7 < 6.2 - Multiple Remote s Aztek Forum 4.0 - 'myadmin.php' Database Dumper Exploit Aztek Forum 4.0 - 'myadmin.php' Database Dumper phpBB 2.0.13 - 'downloads.php' mod Remote Exploit phpBB 2.0.13 - 'Calendar Pro' mod Remote Exploit phpBB 2.0.13 - 'downloads.php' mod Remote phpBB 2.0.13 - 'Calendar Pro' mod Remote PhotoPost - Arbitrary Data Remote Exploit PhotoPost - Arbitrary Data Remote ZeroBoard 4.1 - preg_replace Remote nobody Shell Exploit ZeroBoard 4.1 - 'preg_replace' Remote Nobody Shell eXtropia Shopping Cart - 'web_store.cgi' Remote Exploit Mambo 4.5.2.1 - Fetch Password Hash Remote Exploit PHP Arena 1.1.3 - 'pafiledb.php' Remote Change Password Exploit eXtropia Shopping Cart - 'web_store.cgi' Remote Mambo 4.5.2.1 - Fetch Password Hash Remote PHP Arena 1.1.3 - 'pafiledb.php' Remote Change Password PHP-Fusion 6.00.105 - Accessible Database Backups Download Exploit PHP-Fusion 6.00.105 - Accessible Database Backups Download phpBB 2.0.15 - 'highlight' Database Authentication Details Exploit phpBB 2.0.15 - 'highlight' Database Authentication Details Hosting Controller 6.1 HotFix 2.2 - Add Domain without Quota Exploit Hosting Controller 6.1 HotFix 2.2 - Add Domain without Quota Simple PHP Blog 0.4.0 - Multiple Remote Exploits Simple PHP Blog 0.4.0 - Multiple Remote s MuOnline Loopholes Web Server - 'pkok.asp' SQL Injection Guppy 4.5.9 - 'REMOTE_ADDR' Remote Commands Execution Exploit Guppy 4.5.9 - 'REMOTE_ADDR' Remote Commands Execution SimpleBBS 1.1 - Remote Commands Execution Exploit SimpleBBS 1.1 - Remote Commands Execution SimpleBBS 1.1 - Remote Commands Execution Exploit (C) SimpleBBS 1.1 - Remote Commands Execution (C) Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Overwrite Remote Exploit Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Overwrite Remote phpBB 2.0.17 - 'signature_bbcode_uid' Remote Command Exploit phpDocumentor 1.3.0 rc4 - Remote Commands Execution Exploit phpBB 2.0.17 - 'signature_bbcode_uid' Remote Command phpDocumentor 1.3.0 rc4 - Remote Commands Execution Magic News Plus 1.0.3 - Admin Pass Change Exploit Magic News Plus 1.0.3 - Admin Pass Change creLoaded 6.15 - 'HTMLAREA' Automated Perl Exploit creLoaded 6.15 - 'HTMLAREA' Automated Perl CPGNuke Dragonfly 9.0.6.1 - Remote Commands Execution Exploit SPIP 1.8.2g - Remote Commands Execution Exploit CPGNuke Dragonfly 9.0.6.1 - Remote Commands Execution SPIP 1.8.2g - Remote Commands Execution DocMGR 0.54.2 - 'file_exists' Remote Commands Execution Exploit DocMGR 0.54.2 - 'file_exists' Remote Commands Execution EnterpriseGS 1.0 rc4 - Remote Commands Execution Exploit FlySpray 0.9.7 - 'install-0.9.7.php' Remote Commands Execution Exploit EnterpriseGS 1.0 rc4 - Remote Commands Execution FlySpray 0.9.7 - 'install-0.9.7.php' Remote Commands Execution PHPKIT 1.6.1R2 - 'filecheck' Remote Commands Execution Exploit PHPKIT 1.6.1R2 - 'filecheck' Remote Commands Execution Coppermine Photo Gallery 1.4.3 - Remote Commands Execution Exploit Coppermine Photo Gallery 1.4.3 - Remote Commands Execution GeekLog 1.x - 'error.log' (gpc = Off) Remote Commands Execution Exploit GeekLog 1.x - 'error.log' (gpc = Off) Remote Commands Execution VHCS 2.4.7.1 - Add User Authentication Bypass Pentacle In-Out Board 6.03 - 'login.asp' Remote Authentication Bypass Farsinews 2.5 - Directory Traversal Arbitrary 'users.db' Access Exploit Farsinews 2.5 - Directory Traversal Arbitrary 'users.db' Access PHP-Stats 0.1.9.1 - Remote Commands Execution Exploit PHP-Stats 0.1.9.1 - Remote Commands Execution Gallery 2.0.3 - stepOrder[] Remote Commands Execution Exploit Gallery 2.0.3 - stepOrder[] Remote Commands Execution JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Simplog 0.9.2 - 's' Remote Commands Execution Exploit Simplog 0.9.2 - 's' Remote Commands Execution phpWebSite 0.10.2 - 'hub_dir' Remote Commands Execution Exploit phpWebSite 0.10.2 - 'hub_dir' Remote Commands Execution FlexBB 0.5.5 - '/inc/start.php?_COOKIE' SQL Bypass Exploit FlexBB 0.5.5 - '/inc/start.php?_COOKIE' SQL Bypass phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Exploit Sugar Suite Open Source 4.2 - 'OptimisticLock' Remote Exploit phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Sugar Suite Open Source 4.2 - 'OptimisticLock' Remote DeluxeBB 1.06 - 'Attachment mod_mime' Remote Exploit DeluxeBB 1.06 - 'Attachment mod_mime' Remote XOOPS 2.0.13.2 - 'xoopsOption[nocommon]' Remote Exploit XOOPS 2.0.13.2 - 'xoopsOption[nocommon]' Remote Command Execution Drupal 4.7 - 'Attachment mod_mime' Remote Exploit Drupal 4.7 - 'Attachment mod_mime' Remote EggBlog < 3.07 - Remote SQL Injection / Privilege Escalation Speedy ASP Forum - 'profileupdate.asp' User Pass Change Exploit Nukedit 4.9.6 - Unauthorized Admin Add Speedy ASP Forum - 'profileupdate.asp' User Pass Change Nukedit 4.9.6 - Unauthorized Admin Add aspWebLinks 2.0 - SQL Injection / Admin Pass Change Exploit aspWebLinks 2.0 - SQL Injection / Admin Pass Change FunkBoard CF0.71 - 'profile.php' Remote User Pass Change Exploit FunkBoard CF0.71 - 'profile.php' Remote User Pass Change myNewsletter 1.1.2 - 'adminLogin.asp' Authentication Bypass Bitweaver 1.3 - 'tmpImagePath' Attachment mod_mime Exploit Bitweaver 1.3 - 'tmpImagePath' Attachment mod_mime MyBulletinBoard (MyBB) 1.1.3 - 'usercp.php' Create Admin Exploit MyBulletinBoard (MyBB) 1.1.3 - 'usercp.php' Create Admin Phorum 5 - 'pm.php' Arbitrary Local Inclusion Exploit Phorum 5 - 'pm.php' Arbitrary Local Inclusion TinyPHP Forum 3.6 - 'makeAdmin' Remote Admin Maker Exploit TinyPHP Forum 3.6 - 'makeAdmin' Remote Admin Maker WEBInsta MM 1.3e - 'absolute_path' Remote File Inclusion Joomla! Component Poll 1.0.10 - Arbitrary Add Votes Exploit Joomla! Component Poll 1.0.10 - Arbitrary Add Votes Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Remote Exploit Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Remote Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics Remote Exploit Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics Remote PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote Exploit PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote TR Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit TR Forum 2.0 - SQL Injection / Bypass Security Restriction phpBB 2.0.21 - Poison Null Byte Remote Exploit phpBB 2.0.21 - Poison Null Byte Remote Blog Pixel Motion 2.1.1 - PHP Code Execution / Create Admin Exploit Blog Pixel Motion 2.1.1 - PHP Code Execution / Create Admin Flatnuke 2.5.8 - 'userlang' Local Inclusion / Delete All Users Exploit Flatnuke 2.5.8 - 'userlang' Local Inclusion / Delete All Users Active Bulletin Board 1.1b2 - Remote User Pass Change Exploit Active Bulletin Board 1.1b2 - Remote User Pass Change JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface Exploit JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface PHP League 0.81 - 'config.php' Remote File Inclusion MiraksGalerie 2.62 - 'pcltar.lib.php' Remote File Inclusion E Annu 1.0 - Authentication Bypass / SQL Injection Invision Power Board 2.1.7 - 'Debug' Remote Password Change Exploit Invision Power Board 2.1.7 - 'Debug' Remote Password Change iPrimal Forums - '/admin/index.php' Change User Password Exploit iPrimal Forums - '/admin/index.php' Change User Password Online Event Registration 2.0 - 'save_profile.asp' Pass Change Exploit Online Event Registration 2.0 - 'save_profile.asp' Pass Change Bandwebsite 1.5 - 'LOGIN' Remote Add Admin Enthrallweb eClassifieds 1.0 - Remote User Pass Change Exploit Enthrallweb eCoupons 1.0 - 'myprofile.asp' Remote Pass Change Exploit Enthrallweb eNews 1.0 - Remote User Pass Change Exploit Enthrallweb eClassifieds 1.0 - Remote User Pass Change Enthrallweb eCoupons 1.0 - 'myprofile.asp' Remote Pass Change Enthrallweb eNews 1.0 - Remote User Pass Change Fishyshoop 0.930b - Remote Add Administrator Account Exploit Fishyshoop 0.930b - Remote Add Administrator Account Cahier de texte 2.2 - Bypass General Access Protection Exploit Cahier de texte 2.2 - Bypass General Access Protection Cacti 0.8.6i - 'copy_cacti_user.php' SQL Injection Create Admin Exploit Cacti 0.8.6i - 'copy_cacti_user.php' SQL Injection Create Admin IMGallery 2.5 - Create Uploader Script Exploit IMGallery 2.5 - Create Uploader Script TaskTracker 1.5 - 'Customize.asp' Remote Add Administrator Exploit TaskTracker 1.5 - 'Customize.asp' Remote Add Administrator FdWeB Espace Membre 2.01 - 'path' Remote File Inclusion GuppY 4.5.16 - Remote Commands Execution Exploit GuppY 4.5.16 - Remote Commands Execution Extcalendar 2 - 'profile.php' Remote User Pass Change Exploit Extcalendar 2 - 'profile.php' Remote User Pass Change Advanced Poll 2.0.5-dev - Remote Admin Session Generator Exploit Advanced Poll 2.0.5-dev - Remote Admin Session Generator Site-Assistant 0990 - 'paths[version]' Remote File Inclusion AT Contenator 1.0 - 'Root_To_Script' Remote File Inclusion VS-News-System 1.2.1 - 'newsordner' Remote File Inclusion VS-Link-Partner 2.1 - 'script_pfad' Remote File Inclusion VS-News-System 1.2.1 - 'newsordner' Remote File Inclusion VS-Link-Partner 2.1 - 'script_pfad' Remote File Inclusion S-Gastebuch 1.5.3 - 'gb_pfad' Remote File Inclusion AJ Dating 1.0 - 'view_profile.php' SQL Injection AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection AJ Dating 1.0 - 'view_profile.php' SQL Injection AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection JobSitePro 1.0 - 'search.php' SQL Injection JGBBS 3.0beta1 - 'search.asp?author' SQL Injection WSN Guest 1.21 - 'id' SQL Injection Dayfox Blog 4 - 'postpost.php' Remote Code Execution Orion-Blog 2.0 - Remote Authentication Bypass WSN Guest 1.21 - 'id' SQL Injection Dayfox Blog 4 - 'postpost.php' Remote Code Execution Orion-Blog 2.0 - Remote Authentication Bypass Particle Blogger 1.2.0 - 'post.php?postid' SQL Injection PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()' Exploit PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()' Guestbara 1.2 - Change Admin Login and Password Exploit Guestbara 1.2 - Change Admin Login and Password Active NewsLetter 4.3 - 'ViewNewspapers.asp' SQL Injection eWebquiz 8 - 'eWebQuiz.asp' SQL Injection PBlang 4.66z - Remote Create Admin Exploit PBlang 4.66z - Remote Create Admin IceBB 1.0-rc5 - Remote Create Admin Exploit IceBB 1.0-rc5 - Remote Create Admin Joomla! Component D4JeZine 2.8 - Blind SQL Injection Web Content System 2.7.1 - Remote File Inclusion XOOPS Module Lykos Reviews 1.00 - 'index.php' SQL Injection WinMail Server 4.4 build 1124 - 'WebMail' Remote Add Super User Exploit WinMail Server 4.4 build 1124 - 'WebMail' Remote Add Super User XOOPS Module debaser 0.92 - 'genre.php' Blind SQL Injection XOOPS Module RM+Soft Gallery 1.0 - Blind SQL Injection XOOPS Module XFsection 1.07 - 'articleId' Blind SQL Injection XOOPS Module PopnupBlog 2.52 - 'postid' Blind SQL Injection phpMyNewsletter 0.6.10 - 'customize.php' Remote File Inclusion XOOPS Module WF-Snippets 1.02 (c) - Blind SQL Injection Mutant 0.9.2 - 'mutant_functions.php' Remote File Inclusion XOOPS Module WF-Snippets 1.02 (c) - Blind SQL Injection Mutant 0.9.2 - 'mutant_functions.php' Remote File Inclusion CodeBreak 1.1.2 - 'codebreak.php' Remote File Inclusion e107 0.7.8 - 'mailout.php' Authenticated Access Escalation Exploit e107 0.7.8 - 'mailout.php' Authenticated Access Escalation AimStats 3.2 - 'process.php?update' Remote Code Execution wavewoo 0.1.1 - 'loading.php?path_include' Remote File Inclusion The Merchant 2.2.0 - 'index.php?show' Remote File Inclusion phpMyPortal 3.0.0 RC3 - GLOBALS[CHEMINMODULES] Remote File Inclusion Snaps! Gallery 1.4.4 - Remote User Pass Change Exploit Snaps! Gallery 1.4.4 - Remote User Pass Change PHP FirstPost 0.1 - 'block.php?Include' Remote File Inclusion XOOPS Module resmanager 1.21 - Blind SQL Injection Alstrasoft e-Friends 4.21 - Admin Session Retrieve Exploit Alstrasoft Live Support 1.21 - Admin Credential Retrieve Exploit Alstrasoft e-Friends 4.21 - Admin Session Retrieve Alstrasoft Live Support 1.21 - Admin Credential Retrieve WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing Exploit WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing RevokeBB 1.0 RC4 - Blind SQL Injection / Hash Retrieve Exploit XOOPS Module icontent 1.0/4.5 - Remote File Inclusion RevokeBB 1.0 RC4 - Blind SQL Injection / Hash Retrieve XOOPS Module icontent 1.0/4.5 - Remote File Inclusion NewsSync for phpBB 1.5.0rc6 - Remote File Inclusion PHP Real Estate Classifieds - Remote File Inclusion Solar Empire 2.9.1.1 - Blind SQL Injection / Hash Retrieve Exploit Solar Empire 2.9.1.1 - Blind SQL Injection / Hash Retrieve AV Tutorial Script 1.0 - Remote User Pass Change Exploit AV Tutorial Script 1.0 - Remote User Pass Change Vivvo CMS 3.4 - 'index.php' Blind SQL Injection JBlog 1.0 - Create / Delete Admin Authentication Bypass Fuzzylime CMS 3.0 - Local File Inclusion Flip 3.0 - Remote Admin Creation Exploit Flip 3.0 - Remote Admin Creation Drupal 5.2 - PHP Zend Hash Exploitation Vector Drupal 5.2 - PHP Zend Hash ation Vector PHP-AGTC Membership System 1.1a - Remote Add Admin IceBB 1.0-rc6 - Remote Database Authentication Details Exploit IceBB 1.0-rc6 - Remote Database Authentication Details Ucms 1.8 - Backdoor Remote Command Execution Snitz Forums 2000 - 'Active.asp' SQL Injection MonAlbum 0.87 - Arbitrary File Upload / Password Grabber Exploit MonAlbum 0.87 - Arbitrary File Upload / Password Grabber FreeWebShop 2.2.7 - 'cookie' Admin Password Grabber Exploit FreeWebShop 2.2.7 - 'cookie' Admin Password Grabber CuteNews 1.4.5 - Admin Password md5 Hash Fetching Exploit CuteNews 1.4.5 - Admin Password md5 Hash Fetching WebPortal CMS 0.6-beta - Remote Password Change Exploit WebPortal CMS 0.6-beta - Remote Password Change ClipShare 2.6 - Remote User Password Change Exploit ClipShare 2.6 - Remote User Password Change NetRisk 1.9.7 - Remote Password Change Exploit NetRisk 1.9.7 - Remote Password Change DomPHP 0.81 - Remote Add Administrator Exploit DomPHP 0.81 - Remote Add Administrator Evilsentinel 1.0.9 - Multiple Vulnerabilities Disable Exploit Evilsentinel 1.0.9 - Multiple Vulnerabilities Disable DigitalHive 2.0 RC2 - 'user_id' SQL Injection MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote Exploit MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote sCssBoard (Multiple Versions) - 'pwnpack' Remote Exploits sCssBoard (Multiple Versions) - 'pwnpack' Remote s PunBB 1.2.16 - Blind Password Recovery Exploit MultiCart 2.0 - 'productdetails.php' SQL Injection PunBB 1.2.16 - Blind Password Recovery MultiCart 2.0 - 'productdetails.php' SQL Injection QuickTalk Forum 1.6 - Blind SQL Injection Destar 0.2.2-5 - Arbitrary Add New User Exploit Destar 0.2.2-5 - Arbitrary Add New User phpBB Addon Fishing Cat Portal - Remote File Inclusion LightNEasy 1.2 - no database Remote Hash Retrieve Exploit LightNEasy 1.2 - no database Remote Hash Retrieve Joomla! Component JoomlaXplorer 1.6.2 - Remote Exploits Joomla! Component JoomlaXplorer 1.6.2 - Remote s OpenInvoice 0.9 - Arbitrary Change User Password Exploit OpenInvoice 0.9 - Arbitrary Change User Password txtCMS 0.3 - 'index.php' Local File Inclusion Zomplog 3.8.2 - 'newuser.php' Arbitrary Add Admin MeltingIce File System 1.0 - Arbitrary Add User Exploit MeltingIce File System 1.0 - Arbitrary Add User CMSimple 3.1 - Local File Inclusion / Arbitrary File Upload Telephone Directory 2008 - Arbitrary Delete Contact Exploit Telephone Directory 2008 - Arbitrary Delete Contact AuraCMS 2.2.2 - '/pages_data.php' Arbitrary Edit/Add/Delete Exploit AuraCMS 2.2.2 - '/pages_data.php' Arbitrary Edit/Add/Delete Scripteen Free Image Hosting Script 1.2 - 'cookie' Pass Grabber Exploit Scripteen Free Image Hosting Script 1.2 - 'cookie' Pass Grabber WordPress Plugin Download Manager 0.2 - Arbitrary File Upload IceBB 1.0-RC9.2 - Blind SQL Injection / Session Hijacking Exploit IceBB 1.0-RC9.2 - Blind SQL Injection / Session Hijacking moziloCMS 1.10.1 - 'download.php' Arbitrary Download File Exploit moziloCMS 1.10.1 - 'download.php' Arbitrary Download File LoveCMS 1.6.2 Final - Update Settings Remote Exploit LoveCMS 1.6.2 Final - Update Settings Remote Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password Exploit MemHT Portal 3.9.0 - Remote Create Shell Exploit Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password MemHT Portal 3.9.0 - Remote Create Shell WordPress 2.6.1 - SQL Column Truncation Admin Takeover Exploit WordPress 2.6.1 - SQL Column Truncation Admin Takeover phsBlog 0.2 - Bypass SQL Injection Filtering Exploit phsBlog 0.2 - Bypass SQL Injection Filtering Sports Clubs Web Panel 0.0.1 - Remote Game Delete Exploit Sports Clubs Web Panel 0.0.1 - Remote Game Delete Pluck CMS 4.5.3 - 'update.php' Remote File Corruption Exploit Pluck CMS 4.5.3 - 'update.php' Remote File Corruption Kusaba 1.0.4 - Remote Code Execution (2) Globsy 1.0 - Remote File Rewriting Exploit Globsy 1.0 - Remote File Rewriting LokiCMS 0.3.4 - 'index.php' Arbitrary Check File Exploit LokiCMS 0.3.4 - 'index.php' Arbitrary Check File Micro CMS 0.3.5 - Remote Add/Delete/Password Change Exploit Micro CMS 0.3.5 - Remote Add/Delete/Password Change FREEze Greetings 1.0 - Remote Password Retrieve Exploit FREEze Greetings 1.0 - Remote Password Retrieve wPortfolio 0.3 - Admin Password Changing Exploit wPortfolio 0.3 - Admin Password Changing vBulletin 3.7.3 - Visitor Message Cross-Site Request Forgery / Worm Exploit vBulletin 3.7.3 - Visitor Message Cross-Site Request Forgery / Worm Discuz! - Remote Reset User Password Exploit Discuz! - Remote Reset User Password All Club CMS 0.0.2 - Remote Database Configuration Retrieve Exploit All Club CMS 0.0.2 - Remote Database Configuration Retrieve OpenForum 0.66 Beta - Remote Reset Admin Password Exploit OpenForum 0.66 Beta - Remote Reset Admin Password IPNPro3 < 1.44 - Admin Password Changing Exploit DL PayCart 1.34 - Admin Password Changing Exploit Bonza Cart 1.10 - Admin Password Changing Exploit IPNPro3 < 1.44 - Admin Password Changing DL PayCart 1.34 - Admin Password Changing Bonza Cart 1.10 - Admin Password Changing Wysi Wiki Wyg 1.0 - Remote Password Retrieve Exploit Wysi Wiki Wyg 1.0 - Remote Password Retrieve Flatnux - html/JavaScript Injection Cookie Grabber Exploit Flatnux - html/JavaScript Injection Cookie Grabber BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber Exploit BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber Comersus Shopping Cart 6.0 - Remote User Pass Exploit Comersus Shopping Cart 6.0 - Remote User Pass Fhimage 1.2.1 - Remote Index Change Exploit Fhimage 1.2.1 - Remote Index Change Max.Blog 1.0.6 - Arbitrary Delete Post Exploit Max.Blog 1.0.6 - Arbitrary Delete Post OpenFiler 2.3 - (Authentication Bypass) Remote Password Change Exploit OpenFiler 2.3 - (Authentication Bypass) Remote Password Change txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges MemHT Portal 4.0.1 - Delete All Private Messages Exploit MemHT Portal 4.0.1 - Delete All Private Messages Traidnt up 2.0 - 'cookie' Add Extension Bypass Exploit Traidnt up 2.0 - 'cookie' Add Extension Bypass Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass Exploit) Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass ) eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password Exploit eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password TotalCalendar 2.4 - Remote Password Change Exploit TotalCalendar 2.4 - Remote Password Change Absolute Form Processor XE-V 1.5 - Remote Change Password Exploit Absolute Form Processor XE-V 1.5 - Remote Change Password Teraway LinkTracker 1.0 - Remote Password Change Exploit Teraway LinkTracker 1.0 - Remote Password Change VisionLms 1.0 - 'changePW.php' Remote Password Change Exploit VisionLms 1.0 - 'changePW.php' Remote Password Change MiniTwitter 0.2b - Remote User Options Changer Exploit MiniTwitter 0.2b - Remote User Options Changer Simple Customer 1.3 - Arbitrary Change Admin Password Job Script 2.0 - Arbitrary Change Admin Password Simple Customer 1.3 - Arbitrary Change Admin Password Job Script 2.0 - Arbitrary Change Admin Password MaxCMS 2.0 - 'm_username' Arbitrary Create Admin Exploit MaxCMS 2.0 - 'm_username' Arbitrary Create Admin 2DayBiz Template Monster Clone - 'edituser.php' Change Pass Exploit 2DayBiz Template Monster Clone - 'edituser.php' Change Pass PHP Article Publisher - Remote Change Admin Password Coppermine Photo Gallery 1.4.22 - Remote Exploit Coppermine Photo Gallery 1.4.22 - Remote Joomla! Component Casino 0.3.1 - Multiple SQL Injections Exploits Joomla! Component Casino 0.3.1 - Multiple SQL Injections s ZaoCMS - 'user_updated.php' Remote Change Password Exploit ZaoCMS - 'user_updated.php' Remote Change Password Mole Group Sky Hunter/Bus Ticket Scripts - Change Admin Password Ultimate Media Script 2.0 - Remote Change Content Gallarific - 'user.php' Arbirary Change Admin Information Exploit Ultimate Media Script 2.0 - Remote Change Content Gallarific - 'user.php' Arbirary Change Admin Information ShaadiClone 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin ZeeCareers 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin Online Grades & Attendance 3.2.6 - Credentials Changer SQL Exploit Online Grades & Attendance 3.2.6 - Credentials Changer SQL Web Directory PRO - 'Admins.php' Change Admin Password Host Directory PRO 2.1.0 - Remote Change Admin Password Grestul 1.2 - Remote Add Administrator Account Exploit Grestul 1.2 - Remote Add Administrator Account Evernew Free Joke Script 1.2 - Remote Change Password Exploit Evernew Free Joke Script 1.2 - Remote Change Password phpMyAdmin - pmaPWN! Code Injection Remote Code Execution Scanner & Exploit Tool phpMyAdmin - 'pmaPWN!' Code Injection / Remote Code Execution Messages Library 2.0 - Arbitrary Administrator Account Infinity 2.0.5 - Arbitrary Create Admin Exploit Infinity 2.0.5 - Arbitrary Create Admin webLeague 2.2.0 - 'install.php' Remote Change Password Exploit webLeague 2.2.0 - 'install.php' Remote Change Password JBLOG 1.5.1 - SQL Table Backup Exploit JBLOG 1.5.1 - SQL Table Backup Barracuda IMFirewall 620 - Exploit Barracuda IMFirewall 620 - Barracuda Web Firewall 660 Firmware 7.3.1.007 - Exploit Barracuda Web Firewall 660 Firmware 7.3.1.007 - XP Book 3.0 - login Admin Exploit XP Book 3.0 - login Admin Jax Guestbook 3.50 - Admin Login Exploit Jax Guestbook 3.50 - Admin Login ImageVue 2.0 - Remote Admin Login Exploit ImageVue 2.0 - Remote Admin Login SoftCab Sound Converter - 'sndConverter.ocx' ActiveX Insecure Method Exploit SoftCab Sound Converter - 'sndConverter.ocx' ActiveX Insecure Method Jevonweb Guestbook - Remote Admin Access Exploit Simple PHP Guestbook - Remote Admin Access Exploit Jevonweb Guestbook - Remote Admin Access Simple PHP Guestbook - Remote Admin Access PHPShop 0.6 - Bypass Exploit PHPShop 0.6 - Bypass Jax Calendar 1.34 - Remote Admin Access Exploit Jax Calendar 1.34 - Remote Admin Access al3jeb script - Remote Change Password Exploit al3jeb script - Remote Change Password Joomla! 1.5.12 - connect back Exploit Joomla! 1.5.12 - Connect Back Snif 1.5.2 - Any Filetype Download Exploit Snif 1.5.2 - Any Filetype Download bispage - Bypass Exploit bispage - Bypass Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Torrent Hoster - Remount Upload Exploit Torrent Hoster - Remount Upload Easy-Clanpage 2.2 - Multiple SQL Injections / Exploit Easy-Clanpage 2.2 - Multiple SQL Injections / PHP Jokesite 2.0 - exec Command Exploit PHP Jokesite 2.0 - exec Command Zyke CMS 1.1 - Bypass Exploit Zyke CMS 1.1 - Bypass Tochin eCommerce - Multiple Remote Exploits Tochin eCommerce - Multiple Remote s PHP-Nuke 8.2 - Arbitrary File Upload Exploit PHP-Nuke 8.2 - Arbitrary File Upload JCMS 2010 - File Download Exploit JCMS 2010 - File Download CakePHP 1.3.5/1.2.8 - 'Unserialize()' Exploit CakePHP 1.3.5/1.2.8 - 'Unserialize()' JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Exploit JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote CakePHP 1.3.5/1.2.8 - Cache Corruption Exploit (Metasploit) CakePHP 1.3.5/1.2.8 - Cache Corruption (Metasploit) N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code Exploit N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code iCMS 1.1 - Admin SQL Injection / Brute Force Exploit iCMS 1.1 - Admin SQL Injection / Brute Force WordPress Plugin Block-Spam-By-Math-Reloaded - Bypass Exploit WordPress Plugin Block-Spam-By-Math-Reloaded - Bypass COMTREND CT-5624 Router - Root/Support Password Disclosure/Change Exploit COMTREND CT-5624 Router - Root/Support Password Disclosure/Change Vonage VDV23 - Cross-Site Scripting TP-Link TL-WR740N - Cross-Site Scripting LanSweeper 6.0.100.75 - Cross-Site Scripting TRENDnet TEW-812DRU - Cross-Site Request Forgery/Command Injection Root Exploit TRENDnet TEW-812DRU - Cross-Site Request Forgery/Command Injection Root WordPress Plugin Akismet 2.1.3 - Exploit WordPress Plugin Akismet 2.1.3 - SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit SonicWALL Gms 7.x - Filter Bypass / Persistent Google Gmail IOS Mobile Application - Persistent / Persistent Cross-Site Scripting Google Gmail IOS Mobile Application - Persistent Cross-Site Scripting Feetan Inc WireShare 1.9.1 iOS - Persistent Exploit Feetan Inc WireShare 1.9.1 iOS - Persistent Seagate BlackArmor NAS - Root Exploit Seagate BlackArmor NAS - Privilege Escalation Kemana Directory 1.5.6 - 'qvc_init()' Cookie Poisoning CAPTCHA Bypass Exploit Kemana Directory 1.5.6 - 'qvc_init()' Cookie Poisoning CAPTCHA Bypass Private Photo+Video 1.1 Pro iOS - Persistent Exploit Private Photo+Video 1.1 Pro iOS - Persistent Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Bonefire 0.7.1 - Reinstall Admin Account Exploit Bonefire 0.7.1 - Reinstall Admin Account Kingsoft Webshield 1.1.0.62 - Cross-Site Scripting / Remote Command Execution NETGEAR WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access Exploit NETGEAR WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access PHPads 213607 - Authentication Bypass / Password Change Exploit PHPads 213607 - Authentication Bypass / Password Change D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit Wlsecrefresh.wl & Wlsecurity.wl D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Wlsecrefresh.wl & Wlsecurity.wl D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit DnsProxy.cmd D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored DnsProxy.cmd Seagate Central 2014.0410.0026-F - Remote Facebook Access Token Exploit Seagate Central 2014.0410.0026-F - Remote Facebook Access Token Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security Exploit Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security AirDroid iOS / Android / Win 3.1.3 - Persistent Exploit AirDroid iOS / Android / Win 3.1.3 - Persistent up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit up.time 7.5.0 - Upload and Execute Exploit up.time 7.5.0 - Arbitrary File Disclose and Delete up.time 7.5.0 - Upload and Execute MantisBT 1.2.19 - Host Header Exploit MantisBT 1.2.19 - Host Header SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration Exploit SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration JSSE - SKIP-TLS Exploit JSSE - SKIP-TLS D-Link DIR Series Routers - '/model/__show_info.php' Local File Disclosure D-Link DIR-Series Routers - '/model/__show_info.php' Local File Disclosure iScripts AutoHoster - 'main_smtp.php' Traversal Exploit iScripts AutoHoster - 'main_smtp.php' Traversal OpenMRS 2.3 (1.11.4) - XML External Entity Processing Exploit OpenMRS 2.3 (1.11.4) - XML External Entity Processing IBM Lotus Domino R8 - Password Hash Extraction Exploit IBM Lotus Domino R8 - Password Hash Extraction Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Exploits Trend Micro - 'CoreServiceShell.exe' Multiple HTTP s Dell OpenManage Server Administrator 8.3 - XML External Entity Exploit Dell OpenManage Server Administrator 8.3 - XML External Entity D-Link DIR8xx Routers - Leak Credentials D-Link DIR8xx Routers - Root Remote Code Execution D-Link DIR8xx Routers - Local Firmware Upload D-Link DIR-8xx Routers - Leak Credentials D-Link DIR-8xx Routers - Root Remote Code Execution D-Link DIR-8xx Routers - Local Firmware Upload TP-Link WR940N - Authenticated Remote Code Exploit TP-Link WR940N - Authenticated Remote Code Zeta Components Mail 1.8.1 - Remote Code Execution	2017-11-17 05:02:15 +00:00
Offensive Security	4b39f0d26d	DB: 2017-11-16 ... 23 new exploits VideoLAN VLC Media Player 0.8.6a - Unspecified Denial of Service (1) VideoLAN VLC Media Player 0.8.6a - Denial of Service (1) Microsoft Windows Explorer - '.AVI' Unspecified Denial of Service Microsoft Windows Explorer - '.AVI' File Denial of Service Microsoft Windows Explorer - Unspecified '.ANI' File Denial of Service Microsoft Windows Explorer - '.ANI' File Denial of Service Microsoft Windows Explorer - Unspecified '.doc' File Denial of Service Microsoft Windows Explorer - '.doc' File Denial of Service CDBurnerXP 4.2.4.1351 - Local Crash (Denial of Service) Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Multiple Vulnerabilities iPhone / iTouch FtpDisc 1.0 3 - ExploitsInOne Buffer Overflow Denial of Service iPhone / iTouch FtpDisc 1.0 - Buffer Overflow / Denial of Service Aladdin eToken PKI Client 4.5 - Virtual File Handling Unspecified Memory Corruption (PoC) Aladdin eToken PKI Client 4.5 - Virtual File Handling Memory Corruption (PoC) Webby WebServer - SEH Control (PoC) Webby WebServer - Overflow (SEH) (PoC) Quick 'n Easy FTP Server Lite 3.1 - Exploit Quick 'n Easy FTP Server Lite 3.1 - Denial of Service Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC) Subtitle Translation Wizard 3.0.0 - Overflow (SEH) (PoC) FFDshow - SEH Exception Leading to Null Pointer on Read FFDshow - Overflow (SEH) Exception Leading to Null Pointer on Read Microsoft Internet Explorer - MSHTML Findtext Processing Issue Microsoft Internet Explorer - MSHTML Findtext Processing Exploit Oreans WinLicense 2.1.8.0 - XML File Handling Unspecified Memory Corruption Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption Debian suidmanager 0.18 - Exploit AMD K6 Processor - Exploit Apple Personal Web Sharing 1.1 - Remote Denial of Service AMD K6 Processor - Denial of Service Sun Solaris 7.0 - 'procfs' Denial of Service S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - identd Denial of Service S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service Debian 2.1/2.2 / Mandrake 6.0/6.1/7.0 / RedHat 6.x - rpc.lockd Remote Denial of Service Debian 2.1/2.2 / Mandrake 6.0/6.1/7.0 / RedHat 6.x - 'rpc.lockd' Remote Denial of Service D-Link DIR605L - Denial of Service RedHat Linux 6.1 i386 - Tmpwatch Recursive Write Denial of Service (Linux Kernel) ReiserFS 3.5.28 - Code Execution / Denial of Service ReiserFS 3.5.28 (Linux Kernel) - Code Execution / Denial of Service IBM AIX 4.3.3/5.1/5.2 libIM - Buffer Overflow IBM AIX 4.3.3/5.1/5.2 - 'libIM' Buffer Overflow xfstt 1.2/1.4 - Unspecified Memory Disclosure xfstt 1.2/1.4 - Memory Disclosure ViRobot Linux Server 2.0 - Exploit Linux Kernel 2.4.x/2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Linux Kernel 2.4.x/2.6.x - Multiple ISO9660 Filesystem Handling Vulnerabilities IBM AIX 5.x - Invscout Local Buffer Overflow IBM AIX 5.x - 'Invscout' Local Buffer Overflow Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Unspecified Buffer Overflow Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Buffer Overflow Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption (MS06-012) Microsoft Excel 95/97/2000/2002/2003/2004 - Memory Corruption (MS06-012) IBM Tivoli Directory Server 6.0 - Unspecified LDAP Memory Corruption IBM Tivoli Directory Server 6.0 - LDAP Memory Corruption Quake 3 Engine - CL_ParseDownload Remote Buffer Overflow Quake 3 Engine - 'CL_ParseDownload' Remote Buffer Overflow Zabbix 1.1.2 - Multiple Unspecified Remote Code Execution Vulnerabilities Zabbix 1.1.2 - Multiple Remote Code Execution Vulnerabilities VideoLAN VLC Media Player 0.8.6a - Unspecified Denial of Service (2) VideoLAN VLC Media Player 0.8.6a - Denial of Service (2) Sun Solaris 10 - ICMP Unspecified Remote Denial of Service Sun Solaris 10 - ICMP Remote Denial of Service Mozilla Firefox 2.0.0.2 - Unspecified GIF Handling Denial of Service Mozilla Firefox 2.0.0.2 - '.GIF' Handling Denial of Service Progress WebSpeed 3.0/3.1 - Denial of Service GStreamer 0.10.15 - Multiple Unspecified Remote Denial of Service Vulnerabilities GStreamer 0.10.15 - Multiple Remote Denial of Service Vulnerabilities Wireshark 0.99.8 - X.509sat Dissector Unspecified Denial of Service Wireshark 0.99.8 - LDAP Dissector Unspecified Denial of Service Wireshark 0.99.8 - SCCP Dissector Decode As Feature Unspecified Denial of Service Wireshark 0.99.8 - X.509sat Dissector Denial of Service Wireshark 0.99.8 - LDAP Dissector Denial of Service Wireshark 0.99.8 - SCCP Dissector Decode As Feature Denial of Service Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service (1) Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service (2) Nokia Lotus Notes Connector - 'lnresobject.dll' Unspecified Remote Denial of Service Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Remote Denial of Service (1) Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Remote Denial of Service (2) Nokia Lotus Notes Connector - 'lnresobject.dll' Remote Denial of Service Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion (Denial of Service) Wireshark 1.2.1 - TLS Dissector 1.2 Conversation Handling Unspecified Remote Denial of Service Wireshark 1.2.1 - GSM A RR Dissector packet.c Unspecified Remote Denial of Service Wireshark 1.2.1 - OpcUa Dissector Resource Exhaustion (Denial of Service) Wireshark 1.2.1 - TLS Dissector 1.2 Conversation Handling Remote Denial of Service Wireshark 1.2.1 - GSM A RR Dissector packet.c Remote Denial of Service Opera Web Browser < 11.60 - Multiple Denial of Service / Unspecified Vulnerabilities Opera Web Browser < 11.60 - Denial of Service / Multiple Vulnerabilities SmallFTPd - Unspecified Denial of Service SmallFTPd - Denial of Service Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Exploitable Kernel NULL Dereference Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Kernel NULL Dereference Apple Mac OSX - IOSCSIPeripheralDeviceType00 Userclient Type 12 Exploitable Kernel NULL Dereference Apple Mac OSX - IOSCSIPeripheralDeviceType00 Userclient Type 12 Kernel NULL Dereference Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient Exploitable NULL Dereference Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient NULL Dereference Microsoft Windows - 'gdi32.dll' Multiple Issues 'EMF CREATECOLORSPACEW' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple Issues 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple 'EMF CREATECOLORSPACEW' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055) Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX Kernel - Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in IOAudioEngine Apple Mac OSX Kernel - Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX Kernel - Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX Kernel - NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX Kernel - NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX Kernel - Null Pointer Dereference in IOAudioEngine Apple OS X/iOS - mach_ports_register Multiple Memory Safety Issues Apple OS X/iOS - 'mach_ports_register' Multiple Memory Safety Exploits Linux Kernel 3.10.0-327/4.8.0-22 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Linux Kernel 4.8.0-22/3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine Microsoft Windows Kernel - 'win32k.sys' Multiple Issues 'NtGdiGetDIBitsInternal' System Call Microsoft Windows Kernel - 'win32k.sys' Multiple 'NtGdiGetDIBitsInternal' System Call Mandrake Linux 8.2 /usr/mail - Local Exploit Mandrake Linux 8.2 - '/usr/mail' Local Exploit RedHat 6.2 /sbin/restore - Exploit RedHat 6.2 - '/sbin/restore' Privilege Escalation dump 0.4b15 (RedHat 6.2) - Exploit dump 0.4b15 (RedHat 6.2) - Privilege Escalation xsoldier 0.96 (RedHat 6.2) - Exploit Pine (Local Message Grabber) - Exploit xsoldier 0.96 (RedHat 6.2) - Buffer Overflow Pine (Local Message Grabber) - Local Message Read Seyon 2.1 rev. 4b i586-Linux - Exploit Seyon 2.1 rev. 4b i586-Linux (RedHat 4.0/5.1) - Overflow glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - Exploit glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - File Read suid_perl 5.001 - Exploit suid_perl 5.001 - Command Execution Sendmail 8.11.x (Linux/i386) - Exploit Sendmail 8.11.x (Linux/i386) - Privilege Escalation Microsoft Excel - Unspecified Remote Code Execution Microsoft Excel - Remote Code Execution Microsoft Word 2000 - Unspecified Code Execution Microsoft Word 2000 - Code Execution IBM AIX 5.3 sp6 - capture Terminal Sequence Privilege Escalation IBM AIX 5.3 sp6 - pioout Arbitrary Library Loading Privilege Escalation IBM AIX 5.3 SP6 - Capture Terminal Sequence Privilege Escalation IBM AIX 5.3 SP6 - 'pioout' Arbitrary Library Loading Privilege Escalation IBM AIX 5.3 libc - MALLOCDEBUG File Overwrite IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite Easy RM to MP3 Converter 2.7.3.700 - Exploit Easy RM to MP3 Converter 2.7.3.700 - Buffer Overflow Easy RM to MP3 27.3.700 (Windows XP SP3) - Exploit Easy RM to MP3 27.3.700 (Windows XP SP3) - Overflow Adobe Reader and Acrobat - Exploit Adobe Reader / Acrobat - '.PDF' File Overflow Mini-stream Ripper (Windows XP SP2/SP3) - Exploit Mini-stream Ripper (Windows XP SP2/SP3) - Local Overflow DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) Winamp 5.572 - Exploit (SEH) Winamp 5.572 - Overflow (SEH) ZipScan 2.2c - Exploit (SEH) ZipScan 2.2c - Overflow (SEH) Local Glibc shared library (.so) 2.11.1 - Exploit (Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation Local Glibc Shared Library (.so) 2.11.1 - Code Execution ReiserFS (Linux Kernel 2.6.34-rc3 / RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation SyncBack Freeware 3.2.20.0 - Exploit SyncBack Freeware 3.2.20.0 - Overflow (SEH) Mediacoder 0.7.3.4672 - Exploit (SEH) Mediacoder 0.7.3.4672 - Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Exploit (SEH) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) DJ Studio Pro 8.1.3.2.1 - Exploit (SEH) DJ Studio Pro 8.1.3.2.1 - Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Exploit (SEH) (Metasploit) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) (Metasploit) iworkstation 9.3.2.1.4 - Exploit (SEH) iworkstation 9.3.2.1.4 - Overflow (SEH) Nokia MultiMedia Player 1.0 - Exploit (SEH Unicode) Nokia MultiMedia Player 1.0 - Overflow (SEH Unicode) POP Peeper 3.7 - Exploit (SEH) POP Peeper 3.7 - Overflow (SEH) DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass DVD X Player 5.5 Pro - Overflow (SEH + ASLR + DEP Bypass) DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) (Metasploit) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) (Metasploit) BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass BlazeVideo HDTV Player 6.6 Professional - Overflow (SEH + ASLR + DEP Bypass) Slackware Linux 3.4 - 'liloconfig-color' Temporary file Slackware Linux 3.4 - 'makebootdisk' Temporary file Slackware Linux 3.4 - 'liloconfig-color' Temporary File Slackware Linux 3.4 - 'makebootdisk' Temporary File Slackware Linux 3.4 - 'netconfig' Temporary file Slackware Linux 3.4 - 'pkgtool' Temporary file Slackware Linux 3.4 - 'netconfig' Temporary File Slackware Linux 3.4 - 'pkgtool' Temporary File Debian suidmanager 0.18 - Command Execution BSDI BSD/OS 2.1 / FreeBSD 2.1 / IBM AIX 4.2 / SGI IRIX 6.4 / Sun SunOS 4.1.3 - Exploit HP HP-UX 10.20/11.0 / IBM AIX 4.3 / SCO Unixware 7.0 / Sun Solaris 2.6 - Exploit Slackware Linux 3.5 - Missing /etc/group Privilege Escalation BSDI BSD/OS 2.1 / FreeBSD 2.1 / IBM AIX 4.2 / SGI IRIX 6.4 / Sun SunOS 4.1.3 - Buffer Overrun HP HP-UX 10.20/11.0 / IBM AIX 4.3 / SCO Unixware 7.0 / Sun Solaris 2.6 - Change File Permission Slackware Linux 3.5 - '/etc/group' Privilege Escalation Sun Solaris 2.6 power management - Exploit Sun Solaris 2.6 - power management Exploit DataLynx suGuard 1.0 - Exploit Sun Solaris 2.5.1 PAM & unix_scheme - Exploit Solaris 2.5.1 ffbconfig - Exploit Solaris 2.5.1 chkey - Exploit Solaris 2.5.1 Ping - Exploit SGI IRIX 6.4 ioconfig - Exploit DataLynx suGuard 1.0 - Privilege Escalation Sun Solaris 2.5.1 PAM / unix_scheme - 'passwd' Privilege Escalation Solaris 2.5.1 - 'ffbconfig' Exploit Solaris 2.5.1 - 'chkey' Exploit Solaris 2.5.1 - 'Ping' Exploit SGI IRIX 6.4 - 'ioconfig' Exploit BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - xlock Exploit (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - xlock Exploit (2) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Exploit (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - '/usr/bin/X11/xlock' Privilege Escalation (2) Solaris 2.5.1 automount - Exploit Solaris 2.5.1 - 'automount' Exploit BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit Sun Solaris 7.0 dtprintinfo - Buffer Overflow Sun Solaris 7.0 lpset - Buffer Overflow BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Buffer Overflow Sun Solaris 7.0 - '/usr/bin/lpset' Buffer Overflow IBM Remote Control Software 1.0 - Exploit IBM Remote Control Software 1.0 - Code Execution Xcmail 0.99.6 - Exploit Xcmail 0.99.6 - Buffer Overflow Sun Solaris 7.0 ff.core - Exploit S.u.S.E. 5.2 lpc - Exploit Sun Solaris 7.0 - 'ff.core' Exploit S.u.S.E. 5.2 - 'lpc' Exploit SGI IRIX 6.2 cdplayer - Exploit SGI IRIX 6.2 - 'cdplayer' Exploit SGI IRIX 5.3 Cadmin - Exploit SGI IRIX 6.0.1 colorview - Exploit SGI IRIX 5.3 - 'Cadmin' Exploit SGI IRIX 6.0.1 - 'colorview' Exploit SGI IRIX 6.3 df - Exploit SGI IRIX 6.4 - datman/cdman Exploit SGI IRIX 6.3 - 'df' Exploit SGI IRIX 6.4 - datman/cdman Exploit RedHat Linux 2.1 - abuse.console Exploit SGI IRIX 6.2 fsdump - Exploit RedHat Linux 5.1 xosview - Exploit Slackware Linux 3.1 - Buffer Overflow RedHat Linux 2.1 - 'abuse.console' Exploit SGI IRIX 6.2 - 'fsdump' Exploit RedHat Linux 5.1 - xosview Slackware Linux 3.1 - '/usr/X11/bin/SuperProbe' Buffer Overflow IBM AIX 4.3 infod - Exploit IBM AIX 4.3 - 'infod' Exploit IBM AIX 4.2.1 snap - Insecure Temporary File Creation IBM AIX 4.2.1 - 'snap' Insecure Temporary File Creation SGI IRIX 6.4 inpview - Exploit RedHat Linux 5.0 msgchk - Exploit IBM AIX 4.2.1 portmir - Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 ping - Buffer Overflow IBM AIX 4.2 lchangelv - Buffer Overflow SGI IRIX 6.4 - 'inpview' Exploit RedHat Linux 5.0 - 'msgchk' Exploit IBM AIX 4.2.1 - '/usr/bin/portmir' Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 - 'ping' Buffer Overflow IBM AIX 4.2 - '/usr/sbin/lchangelv' Buffer Overflow RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 mailx - Exploit (1) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' Exploit (1) SGI IRIX 6.4 netprint - Exploit SGI IRIX 6.4 - 'netprint' Exploit SGI IRIX 5.3/6.2 ordist - Exploit SGI IRIX 5.3/6.2 - 'ordist' Exploit SGI IRIX 5.3 pkgadjust - Exploit SGI IRIX 5.3 - 'pkgadjust' Exploit Sun Solaris 7.0 procfs - Exploit IBM AIX 3.2.5 - IFS Exploit IBM AIX 4.2.1 lquerypv - Exploit IBM AIX 3.2.5 - 'IFS' Exploit IBM AIX 4.2.1 - 'lquerypv' File Read SGI IRIX 6.3 pset - Exploit SGI IRIX 6.4 rmail - Exploit SGI IRIX 6.3 - 'pset' Exploit SGI IRIX 6.4 - 'rmail' Exploit SGI IRIX 5.2/5.3 serial_ports - Exploit SGI IRIX 6.4 suid_exec - Exploit SGI IRIX 5.1/5.2 sgihelp - Exploit SGI IRIX 6.4 startmidi - Exploit SGI IRIX 5.2/5.3 - 'serial_ports' Exploit SGI IRIX 6.4 - 'suid_exec' Exploit SGI IRIX 5.1/5.2- 'sgihelp' Exploit SGI IRIX 6.4 - 'startmidi' Exploit SGI IRIX 6.4 xfsdump - Exploit SGI IRIX 6.4 - 'xfsdump' Exploit IBM AIX 4.3.1 adb - Exploit IBM AIX 4.3.1 - 'adb' Denial of Service Apple At Ease 5.0 - Exploit Samba < 2.0.5 - Exploit Apple At Ease 5.0 - Information Disclosure Samba < 2.0.5 - Overflow NetBSD 1.4 / OpenBSD 2.5 /Solaris 7.0 profil(2) - Exploit NetBSD 1.4 / OpenBSD 2.5 / Solaris 7.0 - 'profil(2)' Modify The Internal Data Space Mandriva Linux Mandrake 6.0 / Gnome Libs 1.0.8 espeaker - Local Buffer Overflow Mandriva Linux Mandrake 6.0 / Gnome Libs 1.0.8 - 'espeaker' Local Buffer Overflow HP-UX 10.20 newgrp - Exploit HP-UX 10.20 newgrp - Privilege Escalation BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - '/usr/bin/lpr' Buffer Overrun Privilege Escalation (2) BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon FreeBSD 3.3/Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (1) FreeBSD 3.3/Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (2) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (1) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (2) Solaris 7.0 kcms_configure - Exploit Solaris 7.0 - 'kcms_configure Exploit Windowmaker wmmon 1.0 b2 - Exploit Windowmaker wmmon 1.0 b2 - Command Execution Oracle8i Standard Edition 8.1.5 for Linux Installer - Exploit Oracle8i Standard Edition 8.1.5 for Linux Installer - Privilege Escalation Standard & Poors ComStock 4.2.4 - Exploit Standard & Poors ComStock 4.2.4 - Command Execution KDE 1.1.2 KApplication configfile - Exploit (1) KDE 1.1.2 KApplication configfile - Exploit (2) KDE 1.1.2 KApplication configfile - Exploit (3) KDE 1.1.2 KApplication configfile - Privilege Escalation (1) KDE 1.1.2 KApplication configfile - Privilege Escalation (2) KDE 1.1.2 KApplication configfile - Privilege Escalation (3) BSD 'mailx' 8.1.1-10 - Buffer Overflow (2) mailx 8.1.1-10 (BSD/Slackware) - Buffer Overflow (2) Mandrake 7.0/7.1 / RedHat Kon2 0.3.9 - fld Input File Overflow Mandrake 7.0/7.1 / RedHat Kon2 0.3.9 - '/usr/bin/fld' Input File Overflow IRIX 6.5.x - GR_OSView Buffer Overflow SGI IRIX 6.2 libgl.so - Buffer Overflow IRIX 6.5.x - dmplay Buffer Overflow IRIX 6.2/6.3 lpstat - Buffer Overflow IRIX 6.5.x - inpview Race Condition IRIX 6.5.x - '/usr/sbin/gr_osview' Buffer Overflow SGI IRIX 6.2 - 'libgl.so' Buffer Overflow IRIX 6.5.x - '/usr/sbin/dmplay' Buffer Overflow IRIX 6.2/6.3 - '/bin/lpstat' Buffer Overflow IRIX 6.5.x - '/usr/lib/InPerson/inpview' Race Condition IRIX 5.3/6.x - mail Exploit IRIX 5.3/6.x - '/usr/bin/mail' Buffer Overflow Libc locale - Exploit (1) Libc locale - Exploit (2) Libc locale - Privilege Escalation (1) Libc locale - Privilege Escalation (2) GNOME esound 0.2.19 - Unix Domain Socket Race Condition Apple Mac OSX 10 / HP-UX 9/10/11 / Mandriva 6/7 / RedHat 5/6 / SCO 5 / IRIX 6 - Shell redirection Race Condition Apple Mac OSX 10 / HP-UX 9/10/11 / Mandriva 6/7 / RedHat 5/6 / SCO 5 / IRIX 6 - Shell Redirection Race Condition IBM AIX 4.x - setsenv Buffer Overflow IBM AIX 4.3 digest - Buffer Overflow IBM AIX 4.x - enq Buffer Overflow IBM AIX 4.3.x - piobe Buffer Overflow IBM AIX 4.x - '/usr/bin/setsenv' Buffer Overflow IBM AIX 4.3 - '/usr/lib/lpd/digest' Buffer Overflow IBM AIX 4.x - 'enq' Buffer Overflow IBM AIX 4.3.x - '/usr/lib/lpd/piobe' Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 - CDE dtsession Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 CDE - '/usr/dt/bin/dtsession' Buffer Overflow AIX 4.2/4.3 - piomkapqd Buffer Overflow AIX 4.2/4.3 - '/usr/lib/lpd/pio/etc/piomkapqd' Buffer Overflow (Linux Kernel 2.4.17-8) User-Mode Linux - Memory Access Privilege Escalation User-Mode Linux (Linux Kernel 2.4.17-8) - Memory Access Privilege Escalation (Linux Kernel) Grsecurity Kernel Patch 1.9.4 - Memory Protection Grsecurity Kernel Patch 1.9.4 (Linux Kernel) - Memory Protection QNX RTOS 6.1 - phlocale Environment Variable Buffer Overflow QNX RTOS 6.1 - PKG-Installer Buffer Overflow QNX RTOS 6.1 - '/usr/photon/bin/phlocale' Environment Variable Buffer Overflow QNX RTOS 6.1 - 'PKG-Installer' Buffer Overflow NCMedia Sound Editor Pro 7.5.1 - SEH + DEP Bypass NCMedia Sound Editor Pro 7.5.1 - Overflow (SEH + DEP Bypass) AFD 1.2.x - Working Directory Local Buffer Overflow AFD 1.2.x - Working Directory Local Buffer Overflow Privilege Escalation IBM AIX 4.3.x/5.1 - ERRPT Local Buffer Overflow IBM AIX 4.3.x/5.1 - 'ERRPT' Local Buffer Overflow HP-UX 10.x - rs.F3000 Unspecified Unauthorized Access HP-UX 10.x - rs.F3000 Unauthorized Access Leksbot 1.2 - Multiple Unspecified Vulnerabilities Leksbot 1.2 - Multiple Vulnerabilities IBM AIX 4.3.x/5.1 - LSMCODE Environment Variable Local Buffer Overflow IBM AIX 4.3.x/5.1 - 'LSMCODE' Environment Variable Local Buffer Overflow IBM UniVerse 10.0.0.9 - uvadmsh Privilege Escalation IBM UniVerse 10.0.0.9 - 'uvadmsh' Privilege Escalation ViRobot Linux Server 2.0 - Overflow (Linux Kernel 2.6) Samba 2.2.8 (Debian / Mandrake) - Share Privilege Escalation Samba 2.2.8 (Linux Kernel 2.6 / Debian / Mandrake) - Share Privilege Escalation Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (1) Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (2) Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (3) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (1) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (2) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (3) Nvidia Display Driver Service (Nsvr) - Exploit Nvidia Display Driver Service (Nsvr) - Buffer Overflow IBM AIX 5.3 - GetShell and GetCommand File Enumeration IBM AIX 5.3 - GetShell and GetCommand Partial File Disclosure IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Enumeration IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Disclosure Apple 2.0.4 - Safari Unspecified Local Apple 2.0.4 - Safari Local Exploit Systrace - Multiple System Call Wrappers Concurrency Vulnerabilities IBM AIX 6.1.8 libodm - Arbitrary File Write IBM AIX 6.1.8 - 'libodm' Arbitrary File Write Apple iOS 4.0.2 - Networking Packet Filter Rules Privilege Escalation VeryPDF HTML Converter 2.0 - SEH/ToLower() Bypass Buffer Overflow VeryPDF HTML Converter 2.0 - Buffer Overflow (SEH/ToLower() Bypass) Symantec Encryption Desktop 10 - Buffer Overflow Privilege Escalation QEMU (Gentoo) - Local Priv Escalation QEMU (Gentoo) - Privilege Escalation Apache Tomcat 8/7/6 (RedHat-Based Distros) - Privilege Escalation Apache Tomcat 8/7/6 (RedHat Based Distros) - Privilege Escalation RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock) RedStar 3.0 Server - 'BEAM' / 'RSSMON' Command Injection (Shellshock) Microsoft WordPerfect Document Converter - Exploit (MS03-036) Microsoft WordPerfect Document Converter (Windows NT4 Workstation SP5/SP6 French) - File Template Buffer Overflow (MS03-036) CA BrightStor ARCserve Backup - Exploiter Tool CA BrightStor ARCserve Backup - Overflow NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - Exploit NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - File Write CDBurnerXP 4.2.4.1351 - Exploit PeerCast 0.1216 - Exploit (Metasploit) PeerCast 0.1216 - Stack Overflow (Metasploit) BigAnt Server 2.52 - Exploit (SEH) BigAnt Server 2.52 - Overflow (SEH) NetTransport Download Manager 2.90.510 - Exploit NetTransport Download Manager 2.90.510 - Overflow (SEH) File Sharing Wizard 1.5.0 - Exploit (SEH) File Sharing Wizard 1.5.0 - Overflow (SEH) Real Player 12.0.0.879 - Exploit Sun Java Web Server 7.0 u7 - Exploit (DEP Bypass) Real Player 12.0.0.879 - Code Execution Sun Java Web Server 7.0 u7 - Overflow (DEP Bypass) IBM AIX 5l FTPd - Remote DES Hash Exploit IBM AIX 5l - 'FTPd' Remote DES Hash Exploit Microsoft Data Access Components - Exploit (MS11-002) Microsoft Data Access Components - Overflow (PoC) (MS11-002) FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - 'LIST' Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Exploit (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit) Apple Personal Web Sharing 1.1 - Exploit id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Exploit id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Command Execution Metainfo Sendmail 2.0/2.5 & MetaIP 3.1 - Exploit Metainfo Sendmail 2.0/2.5 / MetaIP 3.1 - Upload / Execute Read Scripts IBM AIX 3.2/4.1 & SCO Unixware 7.1.1 & SGI IRIX 5.3 & Sun Solaris 2.5.1 - Exploit IBM AIX 3.2/4.1 / SCO Unixware 7.1.1 / SGI IRIX 5.3 / Sun Solaris 2.5.1 - Privilege Escalation HP HP-UX 10.34 rlpdaemon - Exploit HP HP-UX 10.34 rlpdaemon - Remote Overflow Ray Chan WWW Authorization Gateway 0.1 - Exploit Ray Chan WWW Authorization Gateway 0.1 - Command Execution Solaris 7.0 Coredump - Exploit Solaris 7.0 - 'Coredump' File Write IBM Scalable POWERparallel (SP) 2.0 sdrd - Exploit SGI IRIX 6.2 cgi-bin wrap - Exploit IBM Scalable POWERparallel (SP) 2.0 - 'sdrd' File Read SGI IRIX 6.2 - cgi-bin wrap Exploit SGI IRIX 6.5.2 nsd - Exploit SGI IRIX 6.5.2 - 'nsd'' Exploit IBM AIX 3.2.5 - login(1) Exploit IBM AIX 3.2.5 - 'login(1)' Exploit Compaq Java Applet for Presario SpawnApp - Exploit Compaq Java Applet for Presario SpawnApp - Code Execution Network Security Wizards Dragon-Fire IDS 1.0 - Exploit Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Exploit Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Information Disclosure IBM AIX 4.3.2 ftpd - Remote Buffer Overflow IBM AIX 4.3.2 - 'ftpd' Remote Buffer Overflow glFTPd 1.17.2 - Exploit glFTPd 1.17.2 - Code Execution Netopia R-series routers 4.6.2 - Exploit Netopia R-series Routers 4.6.2 - Modifying SNMP Tables Sun Java Web Server 1.1.3/2.0 Servlets - Exploit Sun Java Web Server 1.1.3/2.0 Servlets - information Disclosure IPFilter 3.x - Fragment Rule Bypass CGIWrap 2.x/3.x - Cross-Site Scripting AIX 4.1/4.2 - pdnsd Buffer Overflow AIX 4.1/4.2 - 'pdnsd' Buffer Overflow RedHat Linux 7.0 Apache - Remote 'Username' Enumeration RedHat Linux 7.0 Apache - Remote Username Enumeration Hylafax 4.1.x - HFaxD Unspecified Format String Hylafax 4.1.x - HFaxD Format String EZMeeting 3.x - 'EZNet.exe' Long HTTP Request Remote Buffer Overflow LHA 1.x - Multiple extract_one Buffer Overflow Vulnerabilities LHA 1.x - 'extract_one' Multiple Buffer Overflow Vulnerabilities Ethereal 0.x - Multiple Unspecified iSNS / SMB / SNMP Protocol Dissector Vulnerabilities Ethereal 0.x - Multiple iSNS / SMB / SNMP Protocol Dissector Vulnerabilities Oracle 9i - Multiple Unspecified Vulnerabilities Oracle 9i - Multiple Vulnerabilities File ELF 4.x - Header Unspecified Buffer Overflow File ELF 4.x - Header Buffer Overflow Microsoft PowerPoint 2003 - 'mso.dll' .PPT Processing Unspecified Code Execution Microsoft PowerPoint 2003 - 'powerpnt.exe' Unspecified Issue Microsoft PowerPoint 2003 - 'mso.dll' '.PPT' Processing Code Execution Microsoft PowerPoint 2003 - 'powerpnt.exe' Exploit CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Unspecified Arbitrary File Manipulation CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Unspecified Replay Attack CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Arbitrary File Manipulation CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Replay Attack Microsoft Internet Explorer 6 - Unspecified Code Execution (1) Microsoft Internet Explorer 6 - Unspecified Code Execution (2) Microsoft Internet Explorer 6 - Code Execution (1) Microsoft Internet Explorer 6 - Code Execution (2) GNU Tar 1.1x - GNUTYPE_NAMES Directory Traversal GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal TFTP Server TFTPDWin 0.4.2 - Unspecified Directory Traversal TFTP Server TFTPDWin 0.4.2 - Directory Traversal Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Unspecified Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Exploit Multiple CA Service Management Products - Unspecified Remote Command Execution Multiple CA Service Management Products - Remote Command Execution NovaStor NovaNET 12 - 'DtbClsLogin()' Remote Stack Buffer Overflow Bash - Environment Variables Code Injection (Shellshock) Bash - Environment Variables Command Injection (Shellshock) OpenVPN 2.2.29 - Remote Exploit (Shellshock) OpenVPN 2.2.29 - Remote Command Injection (Shellshock) Postfix SMTP 4.2.x < 4.2.48 - Remote Exploit (Shellshock) Apache mod_cgi - Remote Exploit (Shellshock) Postfix SMTP 4.2.x < 4.2.48 - Remote Command Injection (Shellshock) Apache mod_cgi - Remote Command Injection (Shellshock) Poison Ivy 2.3.2 - Unspecified Remote Buffer Overflow Poison Ivy 2.3.2 - Remote Buffer Overflow Samba 3.5.11/3.6.3 - Unspecified Remote Code Execution Samba 3.5.11/3.6.3 - Remote Code Execution Advantech Switch - Bash Environment Variable Code Injection (Shellshock) (Metasploit) Advantech Switch - Bash Environment Variable Command Injection (Shellshock) (Metasploit) Cisco UCS Manager 2.1(1b) - Remote Exploit (Shellshock) Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock) IPFire - Bash Environment Variable Injection (Shellshock) (Metasploit) IPFire - Bash Environment Variable Command Injection (Shellshock) (Metasploit) TrendMicro InterScan Web Security Virtual Appliance - Remote Code Execution (Shellshock) TrendMicro InterScan Web Security Virtual Appliance - Remote Command Injection (Shellshock) Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remote Type Confusion Poll It CGI 2.0 - Exploit Poll It CGI 2.0 - Multiple Vulnerabilities DreamPoll 3.1 - Exploit DreamPoll 3.1 - SQL Injection WordPress Plugin WP-Cumulus 1.20 - Exploit WordPress Plugin WP-Cumulus 1.20 - Full Path Disclosure / Cross-Site Scripting Public Media Manager - Exploit Public Media Manager - Remote File Inclusion Joomla! Component com_adagency - Exploit Joomla! Component com_adagency - Local File Inclusion File Upload Manager 1.3 - Exploit File Upload Manager 1.3 - Web Shell File Upload Joomla! Component com_caddy - Exploit Renista CMS - Exploit Renista CMS - SQL Injection BtiTracker 1.3.x < 1.4.x - Exploit BtiTracker 1.3.x < 1.4.x - SQL Injection WordPress Plugin Cimy Counter - Exploit WordPress Plugin Cimy Counter - Full Path Disclosure / Redirector / Cross-Site Scripting / HTTP Response Spitting Belkin F5D7234-4 v5 G Wireless Router - Exploit Belkin F5D7234-4 v5 G Wireless Router - Remote Hash Exposed WhatsApp Status Changer 0.2 - Exploit WhatsApp - Remote Change Status MySimpleNews 1.0 - Remotely Readable Administrator Password MySimpleNews 1.0 - Remote Readable Administrator Password SquirrelMail 1.2.11 - Exploit SquirrelMail 1.2.11 - Multiple Vulnerabilities D-Link DCS-936L Network Camera - Cross-Site Request Forgery Yappa-ng 1.x/2.x - Unspecified Remote File Inclusion Yappa-ng 1.x/2.x - Unspecified Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Aenovo - Multiple Unspecified Cross-Site Scripting Vulnerabilities Aenovo - Multiple Cross-Site Scripting Vulnerabilities Codegrrl - 'Protection.php' Unspecified Code Execution Codegrrl - 'Protection.php' Code Execution Red Mombin 0.7 - 'index.php' Unspecified Cross-Site Scripting Red Mombin 0.7 - 'process_login.php' Unspecified Cross-Site Scripting Red Mombin 0.7 - 'index.php' Cross-Site Scripting Red Mombin 0.7 - 'process_login.php' Cross-Site Scripting A-Blog 1.0 - Unspecified Cross-Site Scripting A-Blog 1.0 - Cross-Site Scripting Liens_Dynamiques 2.1 - Multiple Unspecified Cross-Site Scripting Vulnerabilities Liens_Dynamiques 2.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Akismet 2.1.3 - Unspecified WordPress Plugin Akismet 2.1.3 - Exploit SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Remote Command Execution Vulnerabilities UPC Ireland Cisco EPC 2425 Router / Horizon Box - Exploit UPC Ireland Cisco EPC 2425 Router / Horizon Box - WPA-PSK Handshake Information Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload Korean GHBoard - 'Component/upload.jsp' Arbitrary File Upload MyPHP Forum 3.0 - 'search.php' Multiple Unspecified SQL Injections MyPHP Forum 3.0 - 'search.php' Multiple SQL Injections Zoph 0.7.2.1 - Unspecified SQL Injection Zoph 0.7.2.1 - SQL Injection Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection Joomla! Component FreiChat 1.0/2.x - HTML Injection Bash CGI - Remote Code Execution (Shellshock) (Metasploit) Bash CGI - Remote Command Injection (Shellshock) (Metasploit) PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock) PHP < 5.6.2 - 'disable_functions()' Bypass Command Injection (Shellshock) Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Unspecified Security Vulnerabilities Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Security Vulnerabilities Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Unspecified Security Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security Exploit Netsweeper 4.0.8 - Authentication Bypass Issue Netsweeper 4.0.8 - Authentication Bypass SimpleInvoices invoices Module - Unspecified Customer Field Cross-Site Scripting SimpleInvoices invoices Module - Customer Field Cross-Site Scripting Bugzilla 4.2 - Tabular Reports Unspecified Cross-Site Scripting Bugzilla 4.2 - Tabular Reports Cross-Site Scripting iScripts AutoHoster - 'main_smtp.php' Unspecified Traversal iScripts AutoHoster - 'main_smtp.php' Traversal Exploit Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Issues Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Exploits Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Exploit (Shellshock) Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection (Shellshock) NUUO NVRmini 2 3.0.8 - Remote Code Execution (Shellshock) NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock) Squid Analysis Report Generator 2.3.10 - Remote Code Execution	2017-11-16 10:02:26 +00:00
Offensive Security	cb946ad7aa	DB: 2017-11-15 ... 9 new exploits GNU TAR 1.15.91 / CPIO 2.5.90 - safer_name_suffix Remote Denial of Service GNU TAR 1.15.91 / CPIO 2.5.90 - 'safer_name_suffix' Remote Denial of Service Microsoft Internet Explorer 11 - 'jscript!JsErrorToString' Use-After-Free PHP 7.1.8 - Heap-Based Buffer Overflow PSFTPd Windows FTP Server 10.0.4 Build 729 - Log Injection / Use-After-Free Realtek Audio Control Panel 1.0.1.65 - Exploit Realtek Audio Microphone Calibration 1.1.1.6 - Exploit Realtek HD Audio Control Panel 2.1.3.2 - Exploit Realtek Audio Control Panel 1.0.1.65 - Buffer Overflow Realtek Audio Microphone Calibration 1.1.1.6 - Buffer Overflow Realtek HD Audio Control Panel 2.1.3.2 - Buffer Overflow Odin Secure FTP 4.1 - Stack Buffer Overflow (LIST) (Metasploit) Odin Secure FTP 4.1 - 'LIST' Stack Buffer Overflow (Metasploit) STUNSHELL Web Shell - PHP Remote Code Execution (Metasploit) STUNSHELL Web Shell - Remote Code Execution (Metasploit) STUNSHELL (Web Shell) - PHP Remote Code Execution (Metasploit) STUNSHELL (Web Shell) - Remote Code Execution (Metasploit) Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit) Wireless IP Camera (P2P) WIFICAM - Unauthenticated Remote Code Execution Ulterius Server < 1.9.5.0 - Directory Traversal D-Link DIR-850L - Unauthenticated OS Command Execution (Metasploit) Dup Scout Enterprise 10.0.18 - 'Login' Buffer Overflow Gogs (label pararm) - SQL Injection Gogs - users and repos q SQL Injection Gogs - 'label' SQL Injection Gogs - 'users'/'repos' '?q' SQL Injection Kirby CMS < 2.5.7 - Cross-Site Scripting	2017-11-15 05:01:30 +00:00
Offensive Security	9e4de03a13	DB: 2017-11-14 ... 4 new exploits Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC) Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass IKARUS anti.virus 2.16.7 - 'ntguard_x64' Privilege Escalation IBM Websphere 6.0 - Faultactor Cross-Site Scripting IBM Websphere 6.0 - 'Faultactor' Cross-Site Scripting Coppermine Photo Gallery 1.3.2 - File Retrieval SQL Injection Coppermine Photo Gallery 1.3.2 - File Retrieval / SQL Injection MemHT Portal 4.0.1 - SQL Injection Code Execution MemHT Portal 4.0.1 - SQL Injection / Code Execution AWCM 2.1 final - Remote File Inclusion AWCM 2.1 Final - Remote File Inclusion Invision Power Board 3 - search_app SQL Injection Invision Power Board 3 - 'search_app' SQL Injection PHP-Nuke 7.x - Content Filtering Byapss PHP-Nuke 7.x - Content Filtering Bypass Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload	2017-11-14 05:01:29 +00:00
Offensive Security	43f3d9e94c	DB: 2017-11-11	2017-11-11 05:01:28 +00:00
Offensive Security	bf64c19b52	DB: 2017-11-10	2017-11-10 05:01:29 +00:00
Offensive Security	a699605cfa	DB: 2017-11-09	2017-11-09 05:01:31 +00:00
Offensive Security	d70e1a2cf0	DB: 2017-11-08 ... 3 new exploits Pine 4.x - From: Field Heap Corruption Pine 4.x - 'From:' Heap Corruption IBM DB2 db2start - Command Line Argument Local Overflow IBM DB2 db2stop - Command Line Argument Local Overflow IBM DB2 db2govd - Command Line Argument Local Overflow IBM DB2 - 'db2start' Command Line Argument Local Overflow IBM DB2 - 'db2stop' Command Line Argument Local Overflow IBM DB2 - 'db2govd' Command Line Argument Local Overflow F-Secure Internet GateKeeper for Linux < 2.15.484 (and Gateway < 2.16) - Privilege Escalation F-Secure Internet GateKeeper for Linux < 2.15.484 / Gateway < 2.16 - Privilege Escalation Microsoft Zero Administration Kit (ZAK) 1.0 and Office97 - Backdoor Microsoft Zero Administration Kit (ZAK) 1.0 / Office97 - Backdoor Access IBM DB2 - db2start Format String Arbitrary Code Execution IBM DB2 - db2stop Format String Arbitrary Code Execution IBM DB2 - db2govd Format String Arbitrary Code Execution IBM DB2 - 'db2start' Format String Arbitrary Code Execution IBM DB2 - 'db2stop' Format String Arbitrary Code Execution IBM DB2 - 'db2govd' Format String Arbitrary Code Execution Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP Privilege Escalation YaBB 9.11.2000 - search.pl Arbitrary Command Execution YaBB 9.11.2000 - 'search.pl' Arbitrary Command Execution Fortigate OS 4.x < 5.0.7 - SSH Backdoor Fortigate OS 4.x < 5.0.7 - SSH Backdoor Access Tecnovision DLX Spot - SSH Backdoor Tecnovision DLX Spot - SSH Backdoor Access FLIR Thermal Camera F/FC/PT/D - SSH Backdoor FLIR Thermal Camera F/FC/PT/D - SSH Backdoor Access Phorum 3.0.7 - 'auth.php3' Backdoor Phorum 3.0.7 - 'auth.php3' Backdoor Access Active PHP BookMarks 1.0 - 'APB.php' Remote File Inclusion Underground CMS 1.x - 'Search.Cache.Inc.php' Backdoor Underground CMS 1.x - 'Search.Cache.Inc.php' Backdoor Access pfSense 2.3.1_1 - Command Execution ManageEngine Applications Manager 13 - SQL Injection	2017-11-08 05:01:32 +00:00
Offensive Security	6f7af333ff	DB: 2017-11-07 ... 9 new exploits G Data TotalCare 2011 - NtOpenKey Race Condition G Data TotalCare 2011 - 'NtOpenKey' Race Condition QNX 6.1 - TimeCreate Local Denial of Service QNX 6.1 - 'TimeCreate' Local Denial of Service Ipswitch WS_FTP Professional < 12.6.0.3 - Local Buffer Overflow (SEH) Debut Embedded httpd 1.20 - Denial of Service Avaya OfficeScan (IPO) < 10.1 - ActiveX Buffer Overflow SMPlayer 17.11.0 - '.m3u' Buffer Overflow (PoC) PHP 5.3.0 - pdflib Arbitrary File Write PHP 5.3.0 - 'pdflib' Arbitrary File Write Actiontec C1000A Modem - Backdoor Account Avaya OfficeScan (IPO) < 10.1 - 'SoftConsole' Buffer Overflow (SEH) Joomla! Component com_virtuemart 1.1.7/1.5 - Blind Time-Based SQL Injection (Metasploit) Joomla! Component com_virtuemart 1.1.7/1.5 - Blind SQL Injection (Metasploit) Authenex A-Key/ASAS Web Management Control 3.1.0.2 - Time-Based SQL Injection Authenex A-Key/ASAS Web Management Control 3.1.0.2 - Blind SQL Injection Joomla! 2.5.0 < 2.5.1 - Time Based SQL Injection Joomla! 2.5.0 < 2.5.1 - Blind SQL Injection xt:Commerce 3.04 SP2.1 - Time Based Blind SQL Injection xt:Commerce 3.04 SP2.1 - Blind SQL Injection MyBB 1.6.9 - 'editpost.php?posthash' Time Based SQL Injection MyBB 1.6.9 - 'editpost.php?posthash' Blind SQL Injection Tableau Server - Blind SQL Injection Tableau Server < 8.0.7 / < 8.1.2 - Blind SQL Injection GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection Joomla! 2.5.1 - 'redirect.php' Time Based SQL Injection Joomla! 2.5.1 - 'redirect.php' Blind SQL Injection Milw0rm Clone Script 1.0 - Time Based SQL Injection Milw0rm Clone Script 1.0 - 'related.php?program' Blind SQL Injection Milw0rm Clone Script 1.0 - Authentication Bypass Milw0rm Clone Script 1.0 - '/admin/login.php' Authentication Bypass RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injections RealtyScript 4.0.2 - Multiple Blind SQL Injections WordPress Plugin Userpro < 4.9.17.1 - Authentication Bypass Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting	2017-11-07 05:01:33 +00:00
Offensive Security	1b68675830	DB: 2017-11-05 ... 1 new exploits Sun Solaris 10 - UFS Local Denial of Service Sun Solaris 10 - 'UFS' Local Denial of Service Microsoft Internet Explorer 4/5 / Outlook 98 - window.open Redirect Microsoft Internet Explorer 4/5 / Outlook 98 - 'window.open' Redirect MDPro 1.0.76 - Cookie: PNSVlang Local File Inclusion MDPro 1.0.76 - 'Cookie PNSVlang' Local File Inclusion Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE (PoC) Oracle PeopleSoft Enterprise PeopleTools < 8.55 - Remote Code Execution Via Blind XML External Entity	2017-11-05 05:01:29 +00:00
Offensive Security	ffa5f29b53	DB: 2017-11-04 ... 4 new exploits Avira Premium Security Suite - NtCreateKey Race Condition Avira Premium Security Suite - 'NtCreateKey' Race Condition Microsoft Internet Explorer - Memory Corruption Lotus Domino SMTP Router & Email Server and Client - Denial of Service Byte Fusion BFTelnet 1.1 - Long 'Username' Denial of Service Byte Fusion BFTelnet 1.1 - Long Username Denial of Service Apple Mac OSX (Mavericks) - IOBluetoothHCIUserClient Privilege Escalation Apple Mac OSX (Mavericks) - 'IOBluetoothHCIUserClient' Privilege Escalation Python 2.7 hotshot Module - pack_string Heap Buffer Overflow Python 2.7 array.fromstring Method - Use-After-Free Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow Python 2.7 - 'array.fromstring' Method Use-After-Free GraphicsMagick - Memory Disclosure / Heap Overflow Mozilla Firefox 3.6 - URL Spoofing Vir.IT eXplorer Anti-Virus - Privilege Escalation Vir.IT eXplorer Anti-Virus 8.5.39 - 'VIAGLT64.SYS' Privilege Escalation Check Point VPN-1/FireWall-1 4.1 SP2 - Blocked Port Bypass Exploit Adobe Flash / Reader - Live Malware (PoC) Adobe ColdFusion - Directory Traversal Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit CA BrightStor ARCserve License Service - GCR NETWORK Buffer Overflow (Metasploit) CA BrightStor ARCserve License Service - 'GCR NETWORK' Buffer Overflow (Metasploit) Nullsoft SHOUTcast 1.9.2 - icy-name/icy-url Memory Corruption (1) Nullsoft SHOUTcast 1.9.2 - icy-name/icy-url Memory Corruption (2) Nullsoft SHOUTcast 1.9.2 - 'icy-name/icy-url' Memory Corruption (1) Nullsoft SHOUTcast 1.9.2 - 'icy-name/icy-url' Memory Corruption (2) Move Media Player 1.0 Quantum Streaming - ActiveX Control Multiple Buffer Overflow Vulnerabilities tnftp - 'savefile' Arbitrary Command Execution (Metasploit) PostNuke 0.763 - PNSV lang Remote Code Execution PostNuke 0.763 - 'PNSV lang' Remote Code Execution GuppY 4.6.3 - 'includes.inc selskin' Remote File Inclusion GuppY 4.6.3 - 'index.php?selskin' Remote File Inclusion WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection Ladon Framework for Python 0.9.40 - XML External Entity Expansion	2017-11-04 05:01:30 +00:00
Offensive Security	8194245b20	DB: 2017-11-03 ... 1 new exploits Microsoft Windows 95/98/NT 4.0 - Help File Trojan Microsoft Windows 95/98/NT 4.0 - Help File Backdoor OpenBSD 2.9/3.0 - Default Crontab Root Compromise OpenBSD 2.9/3.0 - Default Crontab Root Command Injection Sam Spade 1.14 - Crawl website Buffer Overflow Sam Spade 1.14 - Crawl Website Buffer Overflow Vir.IT eXplorer Anti-Virus - Privilege Escalation UnrealIRCd 3.2.8.1 - Remote Downloader/Execute Trojan UnrealIRCd 3.2.8.1 - Remote Downloader/Execute ProFTPd 1.3.3c - Compromised Source (Trojan) Remote Code Execution ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution Energizer DUO Trojan Code - Execution (Metasploit) Arugizer Trojan Horse (Energizer DUO) - Code Execution (Metasploit) Poison Ivy 2.3.2 - C&C Server Buffer Overflow (Metasploit) Poison Ivy 2.3.2 (C2 Server) - Buffer Overflow (Metasploit) DCForum 6.0 - Remote Admin Privilege Compromise DCForum 6.0 - Remote Admin Privilege Arbitrary Commands Sendmail 8.12.6 - Trojan Horse Sendmail 8.12.6 - Compromised Source Backdoor MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Length Account Compromise MySQL 3.23.x/4.0.x - 'COM_CHANGE_USER' Password Length Account Zemra Botnet (CnC Web Panel) - Remote Code Execution (Metasploit) Zemra Botnet (C2 Web Panel) - Remote Code Execution (Metasploit) HP Release Control - Authenticated XXE (Metasploit) HP Release Control - Authenticated XML External Entity (Metasploit) phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XXE Injection (Metasploit) phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit) CakePHP 2.x < 2.2.0-RC2 - XXE Injection CakePHP 2.x < 2.2.0-RC2 - XML External Entity Injection Bitbot C2 Panel - 'gate2.php' Multiple Vulnerabilities Bitbot (C2 Web Panel) - 'gate2.php' Multiple Vulnerabilities Cythosia 2.x Botnet - SQL Injection Cythosia 2.x Botnet (C2 Web Panel) - SQL Injection EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read (Metasploit) EMC Cloud Tiering Appliance 10.0 - Unauthenticated XML External Entity Arbitrary File Read (Metasploit) Plesk 10.4.4/11.0.9 - SSO XXE / Cross-Site Scripting Injection Plesk 10.4.4/11.0.9 - SSO XML External Entity / Cross-Site Scripting Injection Enalean Tuleap 7.2 - XXE File Disclosure Enalean Tuleap 7.2 - XML External Entity File Disclosure Apache JackRabbit - WebDAV XXE Exploit Apache JackRabbit - WebDAV XML External Entity Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XXE Exploit Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XML External Entity DCForum - auth_user_file.txt File Multiple Information Disclosure Vulnerabilities DCForum - 'auth_user_file.txt' File Multiple Information Disclosure Vulnerabilities Qlikview 11.20 SR11 - Blind XXE Injection Qlikview 11.20 SR11 - Blind XML External Entity Injection AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure (via XXE Injection) AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection SAP NetWeaver AS JAVA 7.1 < 7.5 - ctcprotocol Servlet XXE SAP NetWeaver AS JAVA 7.1 < 7.5 - 'ctcprotocol Servlet' XML External Entity CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval CyberPower Systems PowerPanel 3.1.2 - Unauthenticated XML External Entity Out-Of-Band Data Retrieval	2017-11-03 05:01:35 +00:00
Offensive Security	c66d2f584e	DB: 2017-11-02 ... 5 new exploits Microsoft Internet Explorer - DHTML Object Handling Vulnerabilities (MS05-020) Microsoft Internet Explorer - DHTML Object Handling (MS05-020) Stoney FTPd - Denial of Service (rxBot mods ftpd) Stoney FTPd - 'rxBot mods ftpd' Denial of Service Microsoft Windows Server 2000 - UPNP (getdevicelist) Memory Leak Denial of Service Microsoft Windows Server 2000 - UPNP 'getdevicelist' Memory Leak Denial of Service Winamp 5.21 - .Midi File Header Handling Buffer Overflow (PoC) Winamp 5.21 - '.Midi' File Header Handling Buffer Overflow (PoC) Apache (mod_rewrite) < 1.3.37/2.0.59/2.2.3 - Remote Overflow (PoC) Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow (PoC) ProFTPd 1.3.0a - 'mod_ctrls support' Local Buffer Overflow (PoC) ProFTPd 1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (PoC) Opera 9.10 - '.jpg' Image DHT Marker Heap Corruption Vulnerabilities Opera 9.10 - '.jpg' Image DHT Marker Heap Corruption ZOO - .ZOO File Decompression Infinite Loop Denial of Service (PoC) Versalsoft HTTP File Uploader - ActiveX 6.36 (AddFile) Remote Denial of Service ZOO - '.ZOO' Decompression Infinite Loop Denial of Service (PoC) Versalsoft HTTP File Uploader - ActiveX 6.36 AddFile Remote Denial of Service RhinoSoft Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service RhinoSoft Serv-U FTP Server 7.3 - Authenticated 'stou con:1' Denial of Service CUPS 1.3.7 - Cross-Site Request Forgery (add rss subscription) Remote Crash CUPS 1.3.7 - Cross-Site Request Forgery (Add RSS Subscription) Remote Crash Microsoft Office - Communicator (SIP) Remote Denial of Service Microsoft Office - Communicator 'SIP' Remote Denial of Service Apple Safari - 'ARGUMENTS' Array Integer Overflow (PoC) (Heap Spray) Apple Safari - 'ARGUMENTS' Array Integer Overflow HeapSpray (PoC) Amaya Web Editor 11.0 - XML / HTML Parser Vulnerabilities Amaya Web Editor 11.0 - XML / HTML Parser VideoLAN VLC Media Player 0.9.8a - Web UI (input) Remote Denial of Service VideoLAN VLC Media Player 0.9.8a - Web UI 'input' Remote Denial of Service Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities Real Helix DNA - 'RTSP' / 'SETUP' Request Handler BugHunter HTTP Server 1.6.2 - 'httpsv.exe' (GET 404) Remote Denial of Service BugHunter HTTP Server 1.6.2 - 'httpsv.exe' GET 404 Remote Denial of Service Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service httpdx 1.4 - HTTP Server (Host Header) Remote Format String Denial of Service httpdx 1.4 - HTTP Server Host Header Remote Format String Denial of Service Multiple Media Player - HTTP DataHandler Overflow (iTunes & QuickTime etc) Multiple Media Players ((iTunes / QuickTime) - HTTP DataHandler Overflow Microsoft Internet Explorer 6/7/8 - Denial of Service (Shockwave Flash Object) Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service Adobe (Multiple Products) - XML External Entity / XML Injection Vulnerabilities Adobe (Multiple Products) - XML External Entity / XML Injection PHP (Multiple Functions) - Local Denial of Service Vulnerabilities PHP (Multiple Functions) - Local Denial of Service RPM Select/Elite 5.0 - '.xml config parsing' Unicode Buffer Overflow (PoC) RPM Select/Elite 5.0 - '.xml Configuration parsing' Unicode Buffer Overflow (PoC) Microsoft Windows - SMB2 Negotiate Protocol (0x72) Response Denial of Service Microsoft Windows - SMB2 Negotiate Protocol '0x72' Response Denial of Service Oreans Themida 2.1.8.0 - TMD File Handling Buffer Overflow Oreans Themida 2.1.8.0 - '.TMD' File Handling Buffer Overflow Play [EX] 2.1 - Playlist File (M3U/PLS/LST) Denial of Service Play [EX] 2.1 - '.M3U'/'.PLS'/'.LST' Playlist File Denial of Service Apple iTunes 10.6.1.7 - '.m3u' Playlist File Walking Heap Buffer Overflow Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service (Possible Buffer Overflow) Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow Vulnerabilities RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow Qualcomm qpopper 2.53/3.0 / RedHat imap 4.5 -4_ UoW imap 4.5 popd - Lock File Denial of Service Qualcomm qpopper 2.53/3.0 / RedHat imap 4.5 -4 / UoW imap 4.5 popd - Lock File Denial of Service Axent NetProwler 3.0 - Malformed IP Packets Denial of Service (1) Axent NetProwler 3.0 - Malformed IP Packets Denial of Service (2) Axent NetProwler 3.0 - IP Packets Denial of Service (1) Axent NetProwler 3.0 - IP Packets Denial of Service (2) WFTPD 2.4.1RC11 - REST Command Malformed File Write Denial of Service WFTPD 2.4.1RC11 - 'REST' Malformed File Write Denial of Service id Software Quake 3 Arena Server 1.29 - Possible Buffer Overflow id Software Quake 3 Arena Server 1.29 - Buffer Overflow BSDI 3.0/3.1 - Possible Local Kernel Denial of Service BSDI 3.0/3.1 - Local Kernel Denial of Service Cisco IOS 11/12 - Malformed SNMP Message Denial of Service Cisco IOS 11/12 - SNMP Message Denial of Service Apache 1.3.x + Tomcat 4.0.x/4.1.x (Mod_JK) - Chunked Encoding Denial of Service Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service BitchX 1.0 - Malformed RPL_NAMREPLY Denial of Service BitchX 1.0 - 'RPL_NAMREPLY' Denial of Service RealPlayer 15.0.6.14(.3g2) - WriteAV Crash (PoC) RealPlayer 15.0.6.14(.3g2) - 'WriteAV' Crash (PoC) Plug And Play Web Server 1.0 002c - FTP Service Command Handler Buffer Overflow Vulnerabilities Plug And Play Web Server 1.0 002c - FTP Service Command Handler Buffer Overflow ProFTPd 1.2.7/1.2.8 - ASCII File Transfer Buffer Overrun ProFTPd 1.2.7/1.2.8 - '.ASCII' File Transfer Buffer Overrun Avaya Argent Office - Malformed DNS Packet Denial of Service Avaya Argent Office - DNS Packet Denial of Service Cisco IOS 12 MSFC2 - Malformed Layer 2 Frame Denial of Service Cisco IOS 12 MSFC2 - Layer 2 Frame Denial of Service ClamAV Daemon 0.65 - Malformed UUEncoded Message Denial of Service Red-M Red-Alert 3.1 - Remote Vulnerabilities ClamAV Daemon 0.65 - UUEncoded Message Denial of Service Red-M Red-Alert 3.1 - Remote Exploit Neon WebDAV Client Library 0.2x - Format String Vulnerabilities Neon WebDAV Client Library 0.2x - Format String Linux Kernel 2.4.x/2.6.x - Local Denial of Service / Memory Disclosure Vulnerabilities Linux Kernel 2.4.x/2.6.x - Local Denial of Service / Memory Disclosure Adobe Acrobat / Acrobat Reader 6.0 - ETD File Parser Format String Adobe Acrobat / Acrobat Reader 6.0 - '.ETD' File Parser Format String Check Point VPN-1 SecureClient - Malformed IP Address Local Memory Access Check Point VPN-1 SecureClient - IP Address Local Memory Access CenterICQ 4.20/4.5 - Malformed Packet Handling Remote Denial of Service CenterICQ 4.20/4.5 - Packet Handling Remote Denial of Service Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption Vulnerabilities (MS06-012) Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption (MS06-012) Mozilla (Multiple Products) - iFrame JavaScript Execution Vulnerabilities Mozilla (Multiple Products) - iFrame JavaScript Execution Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow Vulnerabilities Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow Apple Mac OSX 10.x - LZWDecodeVector (.tiff) Overflow Apple Mac OSX 10.x - LZWDecodeVector '.tiff' Overflow SolarWinds Server and Application Monitor - ActiveX (Pepco32c) Buffer Overflow SolarWinds Server and Application Monitor - ActiveX 'Pepco32c' Buffer Overflow Computer Associates BrightStor ARCserve Backup 11.5 - mediasvr caloggerd Denial of Service Vulnerabilities Computer Associates BrightStor ARCserve Backup 11.5 - mediasvr caloggerd Denial of Service Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Microsoft Windows XP - GDI+ '.ICO' File Remote Denial of Service PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow Vulnerabilities PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow PC SOFT WinDEV 11 - WDP File Parsing Stack Buffer Overflow PC SOFT WinDEV 11 - '.WDP' File Parsing Stack Buffer Overflow Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow Vulnerabilities libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow Multiple Platform IPv6 Address Publication - Denial of Service Vulnerabilities Multiple Platform IPv6 Address Publication - Denial of Service Ruby 1.9 - WEBrick::HTTP::DefaultFileHandler Crafted HTTP Request Denial of Service Ruby 1.9 - 'WEBrick::HTTP::DefaultFileHandler' Crafted HTTP Request Denial of Service Apple Safari For Windows 3.2.1 - Malformed URI Remote Denial of Service Apple Safari For Windows 3.2.1 - URI Remote Denial of Service Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial of Service Apple Safari 4 - 'feeds:' URI Null Pointer Dereference Remote Denial of Service Microsoft Windows Media Player 11 - .AVI File Colorspace Conversion Remote Memory Corruption Microsoft Windows Media Player 11 - '.AVI' File Colorspace Conversion Remote Memory Corruption Apache 2.4.7 (mod_status) - Scoreboard Handling Race Condition Apache 2.4.7 mod_status - Scoreboard Handling Race Condition Battlefield 2/2142 - Malformed Packet Null Pointer Dereference Remote Denial of Service Battlefield 2/2142 - Packet Null Pointer Dereference Remote Denial of Service Foxit Products GIF Conversion - Memory Corruption (LZWMinimumCodeSize) Foxit Products GIF Conversion - Memory Corruption (DataSubBlock) Foxit Products GIF Conversion - 'LZWMinimumCodeSize' Memory Corruption Foxit Products GIF Conversion - 'DataSubBlock' Memory Corruption Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption Vulnerabilities (LZWMinimumCodeSize) Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize' Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated TTF File Embedded in SWF Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.TTF' File Embedded in SWF Adobe Flash - Heap Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free Vulnerabilities PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free Wireshark - file_read (wtap_read_bytes_or_eof/mp2t_find_next_pcr) Stack Based Buffer Overflow Wireshark - memcpy (get_value / dissect_btatt) SIGSEGV Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow Wireshark - memcpy 'get_value / dissect_btatt' SIGSEGV Wireshark - addresses_equal (dissect_rsvp_common) Use-After-Free Wireshark - addresses_equal 'dissect_rsvp_common' Use-After-Free pdfium - opj_jp2_apply_pclr (libopenjpeg) Heap Based Out-of-Bounds Read pdfium - opj_j2k_read_mcc (libopenjpeg) Heap Based Out-of-Bounds Read Wireshark - iseries_check_file_type Stack Based Out-of-Bounds Read pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read Wireshark - nettrace_3gpp_32_423_file_open Stack Based Out-of-Bounds Read Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read pdfium - opj_t2_read_packet_header (libopenjpeg) Heap Use-After-Free pdfium - opj_t2_read_packet_header 'libopenjpeg' Heap Use-After-Free Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption (MdConvertLine) Samsung Galaxy S6 - 'android.media.process' 'MdConvertLine' Face Recognition Memory Corruption Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor (treo_attach) Nullpointer Dereference Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor 'treo_attach' Nullpointer Dereference Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Netwrix Auditor 7.1.322.0 - ActiveX 'sourceFile' Stack Buffer Overflow Apple QuickTime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 1 Apple QuickTime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 2 Apple QuickTime < 7.7.79.80.95 - PSD File Parsing Memory Corruption Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption (1) Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption (2) Apple QuickTime < 7.7.79.80.95 - '.PSD' Parsing Memory Corruption Adobe Flash - Heap Overflow in ATF Processing (Image Reading) Adobe Flash - Heap Overflow in ATF Processing Image Reading Apache 2.4.23 (mod_http2) - Denial of Service Apache 2.4.23 mod_http2 - Denial of Service Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath' Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow' WhatsApp 2.17.52 - Memory Corruption ICQ Pro 2003a - Password Bypass Exploit (ca1-icq.asm) ICQ Pro 2003a - 'ca1-icq.asm' Password Bypass Exploit IBM DB2 - Universal Database 7.2 (db2licm) Local Exploit IBM DB2 - Universal Database 7.2 'db2licm' Local Exploit SuSE Linux 9.0 - YaST config Skribt Local Exploit SuSE Linux 9.0 - YaST Configuration Skribt Local Exploit Solaris locale - Format Strings (noexec stack) Exploit Solaris locale - Format Strings 'noexec stack' Exploit UUCP Exploit - File Creation/Overwriting (Symlinks) Exploit UUCP Exploit - File Creation/Overwriting Symlinks Exploit GnomeHack - Local Buffer Overflow (gid=games) Kwintv - Local Buffer Overflow (gid=video(33)) GnomeHack - Local Buffer Overflow Kwintv - Local Buffer Overflow RedHat 6.1 man - Local Exploit (egid 15) RedHat 6.1 man - 'egid 15' Local Exploit Solaris 2.5.1 lp / lpsched - Symlink Vulnerabilities Solaris 2.5.1 lp / lpsched - Symlink Exploit SGI IRIX - Multiple Buffer Overflows (LsD) SGI IRIX - 'LsD' Multiple Buffer Overflows Solaris 5.5.1 X11R6.3 - xterm (-xrm) Privilege Escalation Solaris 5.5.1 X11R6.3 - xterm '-xrm' Privilege Escalation ProFTPd - 'ftpdctl pr_ctrls_connect' Exploit ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit GlobalScape - CuteFTP macros (.mcr) Local GlobalScape - CuteFTP macros '.mcr' Local socat 1.4.0.2 - Local Format String (not setuid) Socat 1.4.0.2 - Not SETUID Local Format String TipxD 1.1.1 - Local Format String (not setuid) TipxD 1.1.1 - Not SETUID Local Format String GNU a2ps - 'Anything to PostScript' Local Exploit (Not SUID) VisualBoyAdvanced 1.7.x - Local Shell Exploit (non suid) GNU a2ps - 'Anything to PostScript' Not SUID Local Exploit VisualBoyAdvanced 1.7.x - Non SUID Local Shell Exploit eXeem 0.21 - Local Password Disclosure (asm) eXeem 0.21 - Local Password Disclosure (ASM) Microsoft Excel 2000/2003 - Hlink Local Buffer Overflow (French) Microsoft Excel 2003 - Hlink Local Buffer Overflow (Italian) WinRAR 3.60 Beta 6 - SFX Path Local Stack Overflow (French) Microsoft Excel 2000/2003 (French) - Hlink Local Buffer Overflow Microsoft Excel 2003 (Italian) - Hlink Local Buffer Overflow WinRAR 3.60 Beta 6 (French) - SFX Path Local Stack Overflow Microsoft PowerPoint 2003 SP2 - Local Code Execution (French) Microsoft PowerPoint 2003 SP2 (French) - Local Code Execution Xcode OpenBase 9.1.5 (OSX) - Privilege Escalation (Root File Create) Xcode OpenBase 9.1.5 (OSX) - Root File Create Privilege Escalation Apple Mac OSX 10.4.8 - DiskManagement BOM (cron) Privilege Escalation Apple Mac OSX 10.4.8 - DiskManagement BOM 'cron' Privilege Escalation ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (1) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (2) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (1) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (2) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' Local Overflow (exec-shield) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' exec-shield Local Overflow Send ICMP Nasty Garbage (sing) - Append File Logrotate Exploit Send ICMP Nasty Garbage (SING) - Append File Logrotate Exploit Oracle 10g R1 - xdb.xdb_pitrig_pkg PLSQL Injection (change sys Password) Oracle 10g R1 - xdb.xdb_pitrig_pkg PLSQL Injection (Change Sys Password) VUPlayer 2.49 - '.asx' (HREF) Universal Buffer Overflow VUPlayer 2.49 - '.asx' 'HREF' Universal Buffer Overflow VUPlayer 2.49 - '.asx' (Universal) Local Buffer Overflow VUPlayer 2.49 - '.asx' Universal Local Buffer Overflow Zinf Audio Player 2.2.1 - '.pls' Local Buffer Overflow (Universal) Zinf Audio Player 2.2.1 - '.pls' Universal Local Buffer Overflow Foxit Reader 3.0 (Build 1301) - PDF Buffer Overflow (Universal) Rosoft Media Player 4.2.1 - Local Buffer Overflow (multi target) Foxit Reader 3.0 (Build 1301) - PDF Universal Buffer Overflow Rosoft Media Player 4.2.1 - Local Buffer Overflow Adobe Acrobat Reader - JBIG2 Universal Exploit (Bind Shell Port 5500) Adobe Acrobat Reader - JBIG2 Universal Exploit Mini-stream Ripper 3.0.1.1 - '.asx' (HREF) Local Buffer Overflow Mini-stream Ripper 3.0.1.1 - '.asx' 'HREF' Local Buffer Overflow Millenium MP3 Studio 1.0 - '.mpf' Local Stack Overflow (update) Millenium MP3 Studio 1.0 - '.mpf' Local Stack Overflow (2) BSD (Multiple Distributions) - 'setusercontext()' Vulnerabilities BSD (Multiple Distributions) - 'setusercontext()' Exploit Audacity 1.2 - '.gro' Universal Buffer Overflow (egg hunter) Audacity 1.2 - '.gro' Universal Buffer Overflow (Egghunter) NetAccess IP3 - Authenticated (ping option) Command Injection NetAccess IP3 - Authenticated Ping Option Command Injection Adobe Illustrator CS4 14.0.0 - Encapsulated Postscript (.eps) Buffer Overflow Adobe Illustrator CS4 14.0.0 - Encapsulated Postscript '.eps' Buffer Overflow Jasc Paint Shop Pro 8 - Local Buffer Overflow (Universal) Jasc Paint Shop Pro 8 - Local Universal Buffer Overflow HTML Help Workshop 4.74 - hhp Buffer Overflow (Universal) HTML Help Workshop 4.74 - hhp Universal Buffer Overflow Audiotran 1.4.1 - Buffer Overflow (Direct RET) Audiotran 1.4.1 - Direct RET Buffer Overflow Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - User Mode to Ring Escalation (KiTrap0D) (MS10-015) Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - 'KiTrap0D' User Mode to Ring Escalation (MS10-015) feedDemon 3.1.0.9 - opml File Buffer Overflow feedDemon 3.1.0.9 - '.opml' File Buffer Overflow Winamp 5.572 - Local Buffer Overflow (EIP + SEH DEP Bypass) Winamp 5.572 - Local Buffer Overflow (EIP + SEH) (DEP Bypass) GSM SIM Utility 5.15 - sms file Local Buffer Overflow (SEH) GSM SIM Utility 5.15 - '.sms' File Local Buffer Overflow (SEH) GSM SIM Utility 5.15 - Local Exploit (Direct RET) GSM SIM Utility 5.15 - Direct RET Local Exploit Microsoft Windows - Automatic LNK Shortcut File Code Execution Microsoft Windows - Automatic .LNK Shortcut File Code Execution QQPlayer 2.3.696.400p1 - smi File Buffer Overflow QQPlayer 2.3.696.400p1 - '.smi' File Buffer Overflow Microsoft Excel - Malformed FEATHEADER Record Exploit (MS09-067) Microsoft Excel - FEATHEADER Record Exploit (MS09-067) SnackAmp 3.1.3B - SMP Buffer Overflow (SEH DEP Bypass) SnackAmp 3.1.3B - SMP Buffer Overflow (SEH) (DEP Bypass) MP3-Nator - Buffer Overflow (SEH DEP Bypass) MP3-Nator - Buffer Overflow (SEH) (DEP Bypass) VisiWave - VWR File Parsing Trusted Pointer (Metasploit) VisiWave - '.VWR' File Parsing Trusted Pointer (Metasploit) F-Secure (Multiple Products) - ActiveX Overwrite (SEH) (Heap Spray) F-Secure (Multiple Products) - ActiveX HeapSpray Overwrite (SEH) Blade API Monitor - Unicode Bypass (Serial Number) Buffer Overflow Blade API Monitor - Unicode Bypass Serial Number Buffer Overflow SGI IRIX 5.3/6.2 & SGI license_oeo 1.0 LicenseManager - NETLS_LICENSE_FILE Exploit SGI IRIX 6.4 & SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - LICENSEMGR_FILE_ROOT Exploit SGI IRIX 5.3/6.2 & SGI license_oeo 1.0 LicenseManager - 'NETLS_LICENSE_FILE' Exploit SGI IRIX 6.4 & SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - 'LICENSEMGR_FILE_ROOT' Exploit Slackware Linux 3.4 - liloconfig-color Temporary file Slackware Linux 3.4 - makebootdisk Temporary file Slackware Linux 3.4 - 'liloconfig-color' Temporary file Slackware Linux 3.4 - 'makebootdisk' Temporary file Slackware Linux 3.4 - netconfig Temporary file Slackware Linux 3.4 - pkgtool Temporary file Slackware Linux 3.4 - 'netconfig' Temporary file Slackware Linux 3.4 - 'pkgtool' Temporary file IBM AIX eNetwork Firewall 3.2/3.3 - Insecure Temporary File Creation Vulnerabilities IBM AIX eNetwork Firewall 3.2/3.3 - Insecure Temporary File Creation IBM AIX 4.2.1 portmir - Buffer Overflow / Insecure Temporary File Creation Vulnerabilities IBM AIX 4.2.1 portmir - Buffer Overflow / Insecure Temporary File Creation GNU groff 1.11 a / HP-UX 10.0/11.0 / SGI IRIX 6.5.3 - Malicious Manpage Vulnerabilities GNU groff 1.11 a / HP-UX 10.0/11.0 / SGI IRIX 6.5.3 - Malicious Manpage Quinn - 'the Eskimo' and Peter N. Lewis Internet Config 1.0/2.0 Weak Password Encryption Quinn - 'the Eskimo' and Peter N. Lewis Internet Configuration 1.0/2.0 Weak Password Encryption MDAC 2.1.2.4202.3 / Microsoft Windows NT 4.0/SP1-6 JET/ODBC Patch and RDS Fix - Registry Key Vulnerabilities MDAC 2.1.2.4202.3 / Microsoft Windows NT 4.0/SP1-6 JET/ODBC Patch / RDS Fix - Registry Key Standard & Poors ComStock 4.2.4 - Machine Vulnerabilities Standard & Poors ComStock 4.2.4 - Exploit HP-UX 10.20/11.0 - SNMPD File Permission Vulnerabilities HP-UX 10.20/11.0 - '.SNMPD' File Permission CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (Large Shellcode) CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) Samba 2.0.x - Insecure TMP file Symbolic Link Samba 2.0.x - Insecure TMP File Symbolic Link SuSE 7.0 - KFM Insecure TMP File Creation SuSE 7.0 - KFM Insecure '.TMP' File Creation QNX RTOS 4.25 - CRTTrap File Disclosure QNX RTOS 4.25 - 'CRTTrap' File Disclosure Linux Kernel 2.4 - SUID execve() System Call Race Condition Executable File Read (PoC) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read (PoC) BlazeVideo HDTV Player 6.6 Professional - Exploit (Direct RETN) Aviosoft Digital TV Player Professional 1.x - '.PLF' Exploit (Direct Retn) BlazeVideo HDTV Player 6.6 Professional - Direct RETN Exploit Aviosoft Digital TV Player Professional 1.x - '.PLF' Direct Retn Exploit BlazeDVD 6.1 - '.PLF' File Exploit (DEP + ASLR Bypass) (Metasploit) BlazeDVD 6.1 - '.PLF' File Exploit (ASLR + DEP Bypass) (Metasploit) Cscope 13.0/15.x - Insecure Temporary File Creation Vulnerabilities (1) Cscope 13.0/15.x - Insecure Temporary File Creation Vulnerabilities (2) Cscope 13.0/15.x - Insecure Temporary File Creation (1) Cscope 13.0/15.x - Insecure Temporary File Creation (2) Sony Playstation 3 (PS3) 4.31 - Save Game Preview SFO File Handling Local Command Execution Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' File Handling Local Command Execution Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - Local Ring Exploit (EPATHOBJ) Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - 'EPATHOBJ' Local Ring Exploit PHP 5.0.5 - Safedir Restriction Bypass Vulnerabilities PHP 5.0.5 - Safedir Restriction Bypass AudioCoder 0.8.22 - '.m3u' Buffer Overflow (Direct Retn) AudioCoder 0.8.22 - '.m3u' Direct Retn Buffer Overflow AudioCoder 0.8.22 - '.lst' Buffer Overflow (Direct Retn) AudioCoder 0.8.22 - '.lst' Direct Retn Buffer Overflow KingView 6.53 - ActiveX Remote File Creation / Overwrite (KChartXY) KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct RET) BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Linux Kernel 2.4.x/2.5.x/2.6.x - 'Sockaddr_In.Sin_Zero' Kernel Memory Disclosure KingView 6.53 - Insecure ActiveX Control (SuperGrid) KingView 6.53 - 'SuperGrid' Insecure ActiveX Control Steinberg MyMp3PRO 5.0 - Buffer Overflow (SEH) (DEP Bypass with ROP) Steinberg MyMp3PRO 5.0 - Buffer Overflow (SEH) (DEP Bypass + ROP) BlazeDVD Pro Player 7.0 - '.plf' Stack Based Buffer Overflow (Direct RET) BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RETBuffer Overflow Filemaker Pro 13.03 / Advanced 12.04 - Login Bypass / Privilege Escalation Filemaker Pro 13.03 / Advanced 12.04 - Authentication Bypass / Privilege Escalation Microsoft Windows Task Scheduler - DeleteExpiredTaskAfter File Deletion Privilege Escalation Microsoft Windows Task Scheduler - 'DeleteExpiredTaskAfter' File Deletion Privilege Escalation Linux 3.17 - noexec File Security Bypass (Python ctypes and memfd_create) Linux 3.17 - 'Python ctypes and memfd_create' noexec File Security Bypass FireEye - Malware Input Processor (uid=mip) Privilege Escalation FireEye - Malware Input Processor Privilege Escalation Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) Microsoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098) VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Config Host Root Privilege Escalation VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Buffer Overflow (SEH) Microsoft Windows XP/2000 - RPC Remote (Non Exec Memory) Exploit Microsoft Windows XP/2000 - RPC Remote Non Exec Memory Exploit ProFTPd 1.2.10 - Remote Users Enumeration Exploit ProFTPd 1.2.10 - Remote Users Enumeration Multiple Browsers - Tabbed Browsing Vulnerabilities Multiple Browsers - Tabbed Browsing Ability Server 2.34 - FTP STOR Buffer Overflow (Unix Exploit) Ability Server 2.34 (Unix) - FTP 'STOR' Buffer Overflow Webmin 1.5 - Web Brute Force (cgi-version) Webmin 1.5 - Web Brute Force (CGI) Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (French) (MS05-039) Battlefield (BFCC/BFVCC/BF2CC) - Login Bypass/Pass Stealer/Denial of Service Microsoft Windows Plug-and-Play Service (French) - Remote Universal Exploit (MS05-039) Battlefield (BFCC < 1.22_A /BFVCC < 2.14_B / BF2CC) - Authentication Bypass / Password Stealer / Denial of Service Lynx 2.8.6dev.13 - Remote Buffer Overflow (port bind) Lynx 2.8.6dev.13 - Remote Buffer Overflow Mercury Mail Transport System 4.01b - Remote Exploit (PH SERVER) Mercury Mail Transport System 4.01b - PH SERVER Remote Exploit SHOUTcast 1.9.4 - File Request Format String (Leaked) SHOUTcast 1.9.4 - File Request 'Leaked' Format String Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (extra) Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution MySQL 4.x/5.0 (Windows) - User-Defined Function (UDF) Command Execution MySQL 4.x/5.0 (Windows) - User-Defined Function Command Execution GNU Mailutils imap4d 0.6 - Remote Format String (exec-shield) GNU Mailutils imap4d 0.6 - exec-shield Remote Format String Fenice Oms server 1.10 - Remote Buffer Overflow (exec-shield) Fenice Oms server 1.10 - exec-shield Remote Buffer Overflow HP Tru64 - Remote Secure Shell User Enumeration Exploit HP Tru64 - Remote Secure Shell User Enumeration Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow 2 Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow (2) Program Checker - 'sasatl.dll 1.5.0.531' JavaScript Heap Spraying Exploit Program Checker - 'sasatl.dll 1.5.0.531' JavaScript HeapSpray Program Checker - 'sasatl.dll 1.5.0.531' DebugMsgLog Heap Spraying Exploit Program Checker - 'sasatl.dll 1.5.0.531' DebugMsgLog HeapSpray Data Dynamics ActiveBar - ActiveX (actbar3.ocx 3.1) Insecure Methods Data Dynamics ActiveBar - ActiveX 'actbar3.ocx 3.1' Insecure Methods Savant Web Server 3.1 - GET Remote Overflow (Universal) Savant Web Server 3.1 - GET Universal Remote Overflow ProFTPd 1.x - 'mod_tls module' Remote Buffer Overflow ProFTPd 1.x - 'mod_tls' Remote Buffer Overflow Apache Tomcat - WebDAV Remote File Disclosure (SSL) Apache Tomcat - WebDAV SSL Remote File Disclosure Linksys WRT54G Firmware 1.00.9 - Security Bypass Vulnerabilities (1) Linksys WRT54G Firmware 1.00.9 - Security Bypass (1) VideoLAN VLC Media Player 0.8.6d - httpd_FileCallBack Remote Format String VideoLAN VLC Media Player 0.8.6d - 'httpd_FileCallBack' Remote Format String Linksys WRT54G Firmware 1.00.9 - Security Bypass Vulnerabilities (2) Linksys WRT54G Firmware 1.00.9 - Security Bypass (2) BlazeDVD 5.0 - PLF Playlist File Remote Buffer Overflow BlazeDVD 5.0 - '.PLF' Playlist File Remote Buffer Overflow Microsoft Windows Server - Code Execution (MS08-067) (Universal) Microsoft Windows Server - Universal Code Execution (MS08-067) SpeedStream 5200 - Authentication Bypass Config Download SpeedStream 5200 - Authentication Bypass Configuration Download GeoVision LiveX 8200 - ActiveX (LIVEX_~1.OCX) File Corruption (PoC) GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption (PoC) Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow Amaya 11.1 - W3C Editor/Browser 'defer' Stack Overflow XBMC 8.10 - get tag from file name Remote Buffer Overflow XBMC 8.10 - Get Tag From File Name Remote Buffer Overflow FTPDMIN 0.96 - RNFR Remote Buffer Overflow (xp sp3/case study) FTPDMIN 0.96 (Windows XP SP3) - 'RNFR' Remote Buffer Overflow Roxio CinePlayer 3.2 - 'IAManager.dll' Remote Buffer Overflow (heap spray) Roxio CinePlayer 3.2 - 'IAManager.dll' Remote Buffer Overflow HeapSpray cPanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure cPanel - Authenticated 'lastvisit.html Domain' Arbitrary File Disclosure ARD-9808 DVR Card Security Camera - Arbitrary Config Disclosure ARD-9808 DVR Card Security Camera - Arbitrary Configuration Disclosure Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (1) Mozilla Firefox 3.5 - 'Font tags' Remote HeapSpray (1) Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (2) Microsoft Office Web Components Spreadsheet - ActiveX (OWC10/11) Exploit Mozilla Firefox 3.5 - 'Font tags' Remote HeapSpray (2) Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Exploit VideoLAN VLC Media Player 0.8.6f - 'smb://' URI Handling Remote Buffer Overflow (Universal) VideoLAN VLC Media Player 0.8.6f - 'smb://' URI Handling Remote Universal Buffer Overflow IBM Informix Client SDK 3.0 - nfx file integer Overflow IBM Informix Client SDK 3.0 - '.nfx' File Integer Overflow AOL 9.5 - ActiveX Exploit (Heap Spray) AOL 9.5 - ActiveX Heap Spray Exploit Wireshark 1.2.5 - LWRES getaddrbyname Buffer Overflow (calc.exe) Wireshark 1.2.5 - LWRES getaddrbyname Buffer Overflow Magneto Net Resource ActiveX 4.0.0.5 - NetFileClose Exploit (Universal) Magneto Net Resource ActiveX 4.0.0.5 - NetConnectionEnum Exploit (Universal) Magneto Net Resource ActiveX 4.0.0.5 - NetShareEnum Exploit (Universal) Magneto Net Resource ActiveX 4.0.0.5 - 'NetFileClose' Universal Exploit Magneto Net Resource ActiveX 4.0.0.5 - 'NetConnectionEnum' Universal Exploit Magneto Net Resource ActiveX 4.0.0.5 - 'NetShareEnum' Universal Exploit Barcodewiz Barcode ActiveX Control 3.29 - Remote Heap Spray Exploit (Internet Explorer 6/7) Barcodewiz Barcode ActiveX Control 3.29 - Remote HeapSpray Exploit (Internet Explorer 6/7) Advanced File Vault - 'eSellerateControl350.dll' ActiveX Heap Spray Advanced File Vault - 'eSellerateControl350.dll' ActiveX HeapSpray RSP MP3 Player - OCX ActiveX Buffer Overflow (heap spray) Easy FTP 1.7.0.11 - Buffer Overflow Vulnerabilities in NLST & NLST -al & APPE & RETR & SIZE & XCWD Commands RSP MP3 Player - OCX ActiveX Buffer Overflow HeapSpray Easy FTP 1.7.0.11 - 'NLST' / 'NLST -al' / 'APPE' / 'RETR' / 'SIZE' / 'XCWD' Buffer Overflow Oracle JRE - java.net.URLConnection class Same-of-Origin (SOP) Policy Bypass Oracle JRE - java.net.URLConnection class Same-of-Origin 'SOP' Policy Bypass Microsoft Windows - Common Control Library (Comctl32) Heap Overflow (MS10-081) Microsoft Windows - Common Control Library 'Comctl32' Heap Overflow (MS10-081) Majordomo2 - Directory Traversal (SMTP/HTTP) Majordomo2 - 'SMTP/HTTP' Directory Traversal Microsoft Outlook - ATTACH_BY_REF_RESOLVE File Execution (MS10-045) (Metasploit) Microsoft Outlook - ATTACH_BY_REF_ONLY File Execution (MS10-045) (Metasploit) Microsoft Outlook - 'ATTACH_BY_REF_RESOLVE' File Execution (MS10-045) (Metasploit) Microsoft Outlook - 'ATTACH_BY_REF_ONLY' File Execution (MS10-045) (Metasploit) Apache (mod_rewrite) - LDAP protocol Buffer Overflow (Metasploit) Apache mod_rewrite - LDAP protocol Buffer Overflow (Metasploit) Zend Java Bridge - Remote Code Execution (ZDI-11-113) Zend Java Bridge - Remote Code Execution 7-Technologies IGSS 9 - Data Server/Collector Packet Handling Vulnerabilities (Metasploit) 7-Technologies IGSS 9 - Data Server/Collector Packet Handling (Metasploit) TFTP Server 1.4 - ST (RRQ) Buffer Overflow WorldMail IMAPd 3.0 - Overflow (SEH) (Egg Hunter) TFTP Server 1.4 - ST 'RRQ' Buffer Overflow WorldMail IMAPd 3.0 - Overflow (SEH) (Egghunter) MailMax 4.6 - POP3 'USER' Remote Buffer Overflow (No Login Needed) MailMax 4.6 - POP3 'USER' Unauthenticated Remote Buffer Overflow AN-HTTPd 1.2b - CGI Vulnerabilities AN-HTTPd 1.2b - CGI Exploits Microsoft Internet Explorer 4.x/5 / Outlook 2000 0/98 0/Express 4.x - ActiveX CAB File Execution Microsoft Internet Explorer 4.x/5 / Outlook 2000 0/98 0/Express 4.x - ActiveX '.CAB' File Execution RedHat 6.1 / IRIX 6.5.18 - lpd Vulnerabilities RedHat 6.1 / IRIX 6.5.18 - 'lpd' Exploit Microsoft Windows Script Host 5.1/5.5 - GetObject() File Disclosure Microsoft Windows Script Host 5.1/5.5 - 'GetObject()' File Disclosure FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Vulnerabilities FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Apache 1.3 - Possible Directory Index Disclosure Apache 1.3 - Directory Index Disclosure Microsoft Outlook Express 6 - XML File Attachment Script Execution Microsoft Outlook Express 6 - '.XML' File Attachment Script Execution Microsoft Word 95/97/98/2000/2002 - INCLUDEPICTURE Document Sharing File Disclosure Microsoft Word 95/97/98/2000/2002 - 'INCLUDEPICTURE' Document Sharing File Disclosure Apache Tomcat 3/4 - DefaultServlet File Disclosure Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure Apache Tomcat 3.x - Null Byte Directory/File Disclosure Apache Tomcat 3.x - Null Byte Directory / File Disclosure Clearswift MAILsweeper 4.x - Malformed MIME Attachment Filter Bypass Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass Aladdin Knowledge System Ltd - ChooseFilePath Buffer Overflow (Metasploit) Aladdin Knowledge System Ltd - 'ChooseFilePath' Buffer Overflow (Metasploit) Mod_Gzip 1.3.x - Debug Mode Vulnerabilities Mod_Gzip 1.3.x - Debug Mode Ipswitch WS_FTP Server 3.4/4.0 - FTP Command Buffer Overrun Vulnerabilities Ipswitch WS_FTP Server 3.4/4.0 - FTP Command Buffer Overrun Microsoft Internet Explorer 6 - Script Execution Vulnerabilities Microsoft Internet Explorer 6 - Script Execution OpenSSL - ASN.1 Parsing Vulnerabilities OpenSSL - ASN.1 Parsing Microsoft Outlook Express 6.0 - MHTML Forced File Execution (1) Microsoft Outlook Express 6.0 - '.MHTML' Forced File Execution (1) Sun J2EE/RI 1.4 / Sun JDK 1.4.2 - JDBC Database Insecure Default Policy Vulnerabilities Sun J2EE/RI 1.4 / Sun JDK 1.4.2 - JDBC Database Insecure Default Policy Sun Java Virtual Machine 1.x - Font.createFont Method Insecure Temporary File Creation Sun Java Virtual Machine 1.x - 'Font.createFont' Method Insecure Temporary File Creation Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' (WzTitle) Remote Exploit Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Exploit abctab2ps 1.6.3 - Write_Heading Function ABC File Remote Buffer Overflow abctab2ps 1.6.3 - 'Write_Heading' '.ABC' Remote Buffer Overflow abctab2ps 1.6.3 - Trim_Title Function ABC File Remote Buffer Overflow abctab2ps 1.6.3 - 'Trim_Title' '.ABC' File Remote Buffer Overflow PCAL 4.x - Calendar File getline Buffer Overflow PCAL 4.x - Calendar File get_holiday Buffer Overflow PCAL 4.x - Calendar File 'getline' Buffer Overflow PCAL 4.x - Calendar File 'get_holiday' Buffer Overflow Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal Sun JavaMail 1.3.2 - 'MimeBodyPart.getFileName' Directory Traversal Finjan SurfinGate 7.0 - ASCII File Extension File Filter Circumvention Finjan SurfinGate 7.0 - '.ASCII' File Extension File Filter Circumvention Logic Print 2013 - Stack Overflow (vTable Overwrite) Logic Print 2013 - vTable Overwrite Stack Overflow EMC Navisphere Manager 6.x - Directory Traversal / Information Disclosure Vulnerabilities EMC Navisphere Manager 6.x - Directory Traversal / Information Disclosure Mitsubishi MC-WorkX 8.02 - ActiveX Control (IcoLaunch) File Execution Mitsubishi MC-WorkX 8.02 - ActiveX Control 'IcoLaunch' File Execution Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution + Scanner CA (Multiple Products) - Console Server / 'InoCore.dll' Remote Code Execution Vulnerabilities CA (Multiple Products) - Console Server / 'InoCore.dll' Remote Code Execution Ability Mail Server 2013 (3.1.1) - Persistent Cross-Site Scripting (Web UI) Ability Mail Server 2013 3.1.1 - Web UI Persistent Cross-Site Scripting Microsoft - Tagged Image File Format (TIFF) Integer Overflow (Metasploit) Microsoft - Tagged Image File Format '.TIFF' Integer Overflow (Metasploit) Sun Java Runtime Environment 1.6 - Web Start JNLP File Stack Buffer Overflow Sun Java Runtime Environment 1.6 - Web Start '.JNLP' File Stack Buffer Overflow Adobe Flash Player 8.0.24 - SWF File Handling Remote Code Execution Adobe Flash Player 8.0.24 - '.SWF' File Handling Remote Code Execution Multiple Browsers - URI Handlers Command Injection Vulnerabilities Multiple Browsers - URI Handlers Command Injection Daum Game 1.1.0.5 - ActiveX (IconCreate Method) Stack Buffer Overflow Daum Game 1.1.0.5 - ActiveX 'IconCreate Method' Stack Buffer Overflow LeadTools MultiMedia 15 - 'LTMM15.dll' ActiveX Control Arbitrary File Overwrite Vulnerabilities LeadTools MultiMedia 15 - 'LTMM15.dll' ActiveX Control Arbitrary File Overwrite Adobe Flash Player 8/9.0.x - SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Adobe Flash Player 8/9.0.x - '.SWF' File 'DeclareFunction2' ActionScript Tag Remote Code Execution Trillian 3.1.9 - DTD File XML Parser Buffer Overflow Trillian 3.1.9 - '.DTD' File XML Parser Buffer Overflow Belkin F5D8233-4 Wireless N Router (Multiple Scripts) - Authentication Bypass Vulnerabilities Belkin F5D8233-4 Wireless N Router (Multiple Scripts) - Authentication Bypass ProFTPd 1.3 - 'mod_sql Username' SQL Injection ProFTPd 1.3 - 'mod_sql' 'Username' SQL Injection Apple Safari for iPhone/iPod touch - Malformed 'Throw' Exception Remote Code Execution Apple Safari iPhone/iPod touch - Malformed Webpage Remote Code Execution Apple Safari for iPhone/iPod touch - 'Throw' Exception Remote Code Execution Apple Safari iPhone/iPod touch - Webpage Remote Code Execution PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection Vulnerabilities PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection Multiple Check Point Endpoint Security Products - Information Disclosure Vulnerabilities Multiple Check Point Endpoint Security Products - Information Disclosure Bsplayer 2.68 - HTTP Response Exploit (Universal) Bsplayer 2.68 - HTTP Response Universal Exploit Easy File Sharing Web Server 7.2 - Remote Buffer Overflow (SEH) (DEP Bypass with ROP) Easy File Sharing Web Server 7.2 - Remote Buffer Overflow (SEH) (DEP Bypass + ROP) Microsoft Internet Explorer 9/10/11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112) Microsoft Internet Explorer 9/10/11 - 'CDOMStringDataList::InitFromString' Out-of-Bounds Read (MS15-112) Acunetix WVS 10 - Remote Command Execution (System) Acunetix WVS 10 - Remote Command Execution Axis Communications MPQT/PACS 5.20.x - Server-Side Include (SSI) Daemon Remote Format String Axis Communications MPQT/PACS 5.20.x - Server-Side Include Daemon Remote Format String Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039) Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution ZyXEL PK5001Z Modem - Backdoor Account PHP-Nuke - SQL Injection Edit/Save Message(s) PHP-Nuke - SQL Injection Edit/Save Messages phpBB - highlight Arbitrary File Upload (Santy.A) phpBB - highlight Arbitrary File Upload 'Santy.A' phpBB 2.0.10 - Bot Install (Altavista) (ssh.D.Worm) phpBB 2.0.10 - Bot Install Altavista 'ssh.D.Worm' Invision Power Board 2.0.3 - 'login.php' SQL Injection (tutorial) Invision Power Board 2.0.3 - 'login.php' SQL Injection phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (cookie grabber) phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber) vBulletin 3.0.8 - Accessible Database Backup Searcher (update 3) vBulletin 3.0.8 - Accessible Database Backup Searcher (3) ibProArcade 2.x - module (vBulletin/IPB) SQL Injection ibProArcade 2.x - module 'vBulletin/IPB' SQL Injection Website Baker 2.6.0 - Login Bypass / Remote Code Execution Website Baker 2.6.0 - Authentication Bypass / Remote Code Execution WebWiz Products 1.0/3.06 - Login Bypass (SQL Injection) WebWiz Products 1.0/3.06 - Authentication Bypass / SQL Injection Woltlab Burning Board 2.x - Datenbank MOD (fileid) SQL Injection Woltlab Burning Board 2.x - Datenbank MOD 'fileid' SQL Injection phpCommunityCalendar 4.0.3 - Multiple (Cross-Site Scripting / SQL Injection) Vulnerabilities phpCommunityCalendar 4.0.3 - Cross-Site Scripting / SQL Injection BASE 1.2.4 - melissa (Snort Frontend) Remote File Inclusion BASE 1.2.4 - melissa Snort Frontend Remote File Inclusion E Annu 1.0 - Login Bypass (SQL Injection) E Annu 1.0 - Authentication Bypass / SQL Injection ASP Smiley 1.0 - 'default.asp' Login Bypass 'SQL Injection' ASP Smiley 1.0 - 'default.asp' Authentication Bypass / SQL Injection paFileDB 3.5.2/3.5.3 - Remote Login Bypass (SQL Injection) paFileDB 3.5.2/3.5.3 - Remote Authentication Bypass / SQL Injection e107 0.7.8 - 'mailout.php' Access Escalation Exploit (Admin needed) e107 0.7.8 - 'mailout.php' Authenticated Access Escalation Exploit TaskDriver 1.2 - Login Bypass / SQL Injection TaskDriver 1.2 - Authentication Bypass / SQL Injection IBM Rational ClearQuest - Web Login Bypass (SQL Injection) IBM Rational ClearQuest - Web Authentication Bypass / SQL Injection Joomla! Component JoomlaXplorer 1.6.2 - Remote Vulnerabilities Joomla! Component JoomlaXplorer 1.6.2 - Remote Exploits Xomol CMS 1.2 - Login Bypass / Local File Inclusion Xomol CMS 1.2 - Authentication Bypass / Local File Inclusion cPanel 11.x - 'Fantastico' Local File Inclusion (sec Bypass) cPanel 11.x - 'Fantastico' Local File Inclusion mxCamArchive 2.2 - Bypass Config Download mxCamArchive 2.2 - Bypass Configuration Download All Club CMS 0.0.2 - Remote Database Config Retrieve Exploit All Club CMS 0.0.2 - Remote Database Configuration Retrieve Exploit OraMon 2.0.1 - Remote Config File Disclosure OraMon 2.0.1 - Remote Configuration File Disclosure Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP code writing Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP Code Writing phpScribe 0.9 - 'user.cfg' Remote Config Disclosure phpScribe 0.9 - 'user.cfg' Remote Configuration Disclosure BlogHelper - Remote Config File Disclosure PollHelper - Remote Config File Disclosure BlogHelper - Remote Configuration File Disclosure PollHelper - Remote Configuration File Disclosure QuoteBook - Remote Config File Disclosure QuoteBook - Remote Configuration File Disclosure Free Joke Script 1.0 - Authentication Bypass / SQL Injection Free Joke Script 1.0 - Authentication Bypass Grestul 1.x - Authentication Bypass (Cookie SQL Injection) Grestul 1.x - Cookie Authentication Bypass S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete Vulnerabilities S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete smNews 1.0 - Authentication Bypass/Column Truncation Vulnerabilities smNews 1.0 - Authentication Bypass / Column Truncation Free Arcade Script 1.0 - Authentication Bypass (SQL Injection) / Arbitrary File Upload Free Arcade Script 1.0 - Authentication Bypass / Arbitrary File Upload phpAdBoard - 'conf.inc' Remote Config File Disclosure phpAdBoard - 'conf.inc' Remote Configuration File Disclosure W2B Restaurant 1.2 - 'conf.inc' Config File Disclosure phpAdBoardPro - 'config.inc' Config File Disclosure W2B Restaurant 1.2 - 'conf.inc' Configuration File Disclosure phpAdBoardPro - 'config.inc' Configuration File Disclosure Job2C - 'conf.inc' Config File Disclosure Job2C - 'conf.inc' Configuration File Disclosure chCounter 3.1.3 - (Authentication Bypass) SQL Injection chCounter 3.1.3 - Authentication Bypass The Recipe Script 5 - (Authentication Bypass) SQL Injection / Database Backup The Recipe Script 5 - Authentication Bypass / Database Backup Mlffat 2.1 - (Authentication Bypass / Cookie) SQL Injection Mlffat 2.1 - Cookie Authentication Bypass my-colex 1.4.2 - Authentication Bypass / Cross-Site Scripting / SQL Injection my-colex 1.4.2 - Authentication Bypass / SQL Injection / Cross-Site Scripting Flash Image Gallery 1.1 - Arbitrary Config File Disclosure Flash Image Gallery 1.1 - Arbitrary Configuration File Disclosure Traidnt Up 2.0 - (Authentication Bypass / Cookie) SQL Injection Traidnt Up 2.0 - Cookie Authentication Bypass LightNEasy sql/no-db 2.2.x - System Config Disclosure LightNEasy sql/no-db 2.2.x - System Configuration Disclosure MD-Pro 1.083.x - Survey Module (pollID) Blind SQL Injection MD-Pro 1.083.x - Survey Module 'pollID' Blind SQL Injection WHOISCART - (Authentication Bypass) Information Disclosure WHOISCART - Authentication Bypass / Information Disclosure ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Information Disclosure Vulnerabilities ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition / Information Disclosure mobilelib gold 3.0 - Authentication Bypass / SQL Injection Mobilelib Gold 3.0 - Authentication Bypass / SQL Injection Arab Portal 2.2 - (Authentication Bypass) Blind SQL Injection Arab Portal 2.2 - Blind Cookie Authentication Bypass Joomla! Component com_surveymanager 1.5.0 - SQL Injection (stype) Joomla! Component com_surveymanager 1.5.0 - 'stype' SQL Injection Joomla! Component com_virtuemart 1.0 - SQL Injection (Product_ID) Joomla! Component com_virtuemart 1.0 - 'Product_ID' SQL Injection Pre Job Board 1.0 - SQL Authentication Bypass Pre Job Board 1.0 - Authentication Bypass Pre Jobo .NET - SQL Authentication Bypass Pre Jobo .NET - Authentication Bypass SoftCab Sound Converter - ActiveX Insecure Method Exploit (sndConverter.ocx) SoftCab Sound Converter - 'sndConverter.ocx' ActiveX Insecure Method Exploit WSC CMS - (Authentication Bypass) SQL Injection WSC CMS - Authentication Bypass Joomla! Component dcsFlashGames 2.0RC1 - SQL Injection (catid) Joomla! Component dcsFlashGames 2.0RC1 - 'catid' SQL Injection 3Com* iMC (Intelligent Management Center) - Unauthenticated File Retrieval (Traversal) 3Com* iMC (Intelligent Management Center) - Unauthenticated Traversal File Retrieval Yamamah Photo Gallery 1.00 - SQL Injection (calbums) Yamamah Photo Gallery 1.00 - 'calbums' SQL Injection Elite Gaming Ladders 3.5 - SQL Injection (ladder[id]) Elite Gaming Ladders 3.5 - 'ladder[id]' SQL Injection Harris Stratex StarMAX 2100 WIMAX Subscriber Station - Running Config Cross-Site Request Forgery Harris Stratex StarMAX 2100 WIMAX Subscriber Station - Running Configuration Cross-Site Request Forgery AV Arcade 3 - Cookie SQL Injection / Authentication Bypass AV Arcade 3 - Cookie Authentication Bypass MODx REvolution CMS 2.0.4-pl2 - Cross-Site Scripting (POST Injection) MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting appRain Quick Start Edition Core Edition Multiple 0.1.4-Alpha - Cross-Site Scripting Vulnerabilities appRain Quick Start Edition Core Edition Multiple 0.1.4-Alpha - Cross-Site Scripting ExtCalendar2 - (Authentication Bypass / Cookie) SQL Injection ExtCalendar2 - Cookie Authentication Bypass / Backdoor Upload Seotoaster - SQL Injection Admin Login Bypass Seotoaster - SQL Injection BBS E-Market Professional bf_130 (1.3.0) - Multiple File Disclosure Vulnerabilities BBS E-Market Professional bf_130 1.3.0 - Multiple File Disclosure Vulnerabilities phpBB 1.x/2.0.x - '(Knowledge Base Module) 'KB.php' SQL Injection phpBB 1.x/2.0.x - Knowledge Base Module 'KB.php' SQL Injection PhpTax 0.8 - File Manipulation (newvalue) / Remote Code Execution PhpTax 0.8 - File Manipulation 'newvalue' / Remote Code Execution Spid 1.3 - lang_path File Inclusion Spid 1.3 - 'lang_path' File Inclusion NETGEAR WPN824v3 - Unauthorized Config Download NETGEAR WPN824v3 - Unauthorized Configuration Download TWiki 4.0.x - Viewfile Directory Traversal TWiki 4.0.x - 'Viewfile' Directory Traversal ZonPHP 2.25 - Remote Code Execution (Remote Code Execution) ZonPHP 2.25 - Remote Code Execution pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting Web Vulnerabilities pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting LedgerSMB1.0/1.1 / SQL-Ledger 2.6.x - 'Login' Local File Inclusion / Authentication Bypass Vulnerabilities LedgerSMB1.0/1.1 / SQL-Ledger 2.6.x - 'Login' Local File Inclusion / Authentication Bypass geoBlog MOD_1.0 - 'deletecomment.php?id' Arbitrary Comment Deletion geoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion GeoBlog MOD_1.0 - 'deletecomment.php?id' Arbitrary Comment Deletion GeoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion LevelOne WBR3404TX Broadband Router - 'RC' Cross-Site Scripting Vulnerabilities LevelOne WBR3404TX Broadband Router - 'RC' Cross-Site Scripting Ability Mail Server 2013 - Cross-Site Request Forgery (via Persistent Cross-Site Scripting) (Password Reset) Ability Mail Server 2013 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Password Reset) WiFiles HD 1.3 iOS - Locla File Inclusion WiFiles HD 1.3 iOS - Local File Inclusion IBM Maximo 4.1/5.2 - '/debug.jsp' HTML Injection / Information Disclosure Vulnerabilities IBM Maximo 4.1/5.2 - '/debug.jsp' HTML Injection / Information Disclosure H2O-CMS 3.4 - PHP Code Injection / Cookie Authentication Bypass Vulnerabilities H2O-CMS 3.4 - PHP Code Injection / Cookie Authentication Bypass IBM Tivoli Netcool Service Quality Manager - Cross-Site Scripting / HTML Injection Vulnerabilities IBM Tivoli Netcool Service Quality Manager - Cross-Site Scripting / HTML Injection Joomla! Component MS Comment 0.8.0b - Security Bypass / Cross-Site Scripting Vulnerabilities Joomla! Component MS Comment 0.8.0b - Security Bypass / Cross-Site Scripting Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python Exploit) Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python) vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion / SQL Injection / Cross-Site Scripting vBulletin MicroCART 1.1.4 - Arbitrary Files Deletion / SQL Injection / Cross-Site Scripting ZTE F660 - Remote Config Download ZTE F660 - Remote Configuration Download Tango DropBox 3.1.5 + PRO - Activex Heap Spray Tango FTP 1.0 (Build 136) - Activex Heap Spray Tango DropBox 3.1.5 + PRO - Activex HeapSpray Tango FTP 1.0 (Build 136) - Activex HeapSpray Pinterestclones - Security Bypass / HTML Injection Vulnerabilities Pinterestclones - Security Bypass / HTML Injection Privoxy Proxy - Authentication Information Disclosure Vulnerabilities Privoxy Proxy - Authentication Information Disclosure ZTE ZXHN H108N Router - Unauthenticated Config Disclosure ZTE ZXHN H108N Router - Unauthenticated Configuration Disclosure Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection (XXE) Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection Kodi 15 - Arbitrary File Access (Web Interface) Kodi 15 - Web Interface Arbitrary File Access ( OpenMRS 2.3 (1.11.4) - XML External Entity (XXE) Processing Exploit OpenMRS 2.3 (1.11.4) - XML External Entity Processing Exploit OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery Ingenious School Management System 2.3.0 - 'friend_index' SQL injection	2017-11-02 05:01:28 +00:00
Offensive Security	33cc894818	DB: 2017-10-31 ... 43 new exploits Microsoft Internet Explorer 6.0/7.0 - RemoveChild Denial of Service Microsoft Internet Explorer 6.0/7.0 - 'RemoveChild' Denial of Service SGI IRIX 6.3 Systour and OutOfBox - Exploit SGI IRIX 6.3 - 'Systour' / 'OutOfBox' Exploit Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free Novell eDirectory 9.0 - DHost Remote Buffer Overflow Novell eDirectory 9.0 - 'DHost' Remote Buffer Overflow Cisco IOS 12.3(18) (FTP Server) - Remote Exploit (Attached to GDB) Cisco IOS 12.3(18) (FTP Server) - Remote Exploit (Attached to GDB) Opera 9.61 - opera:historysearch Code Execution (PoC) Opera 9.61 - 'opera:historysearch' Code Execution (PoC) Home FTP Server 1.11.1.149 RETR DELE RMD - Directory Traversal Home FTP Server 1.11.1.149 - 'RETR'/'DELE'/'RMD' Directory Traversal Microsoft Windows 95/WfW - smbclient Directory Traversal Microsoft Windows 95/Windows for Workgroups - 'smbclient' Directory Traversal RSA Authentication Agent for Web 5.3 - Open Redirection RSA Authentication Agent for Web 5.3 - Open Redirection Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection HP System Management Homepage - 'RedirectUrl' Open Redirection HP System Management Homepage - 'RedirectUrl' Open Redirection FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection EasyFTP Server 1.7.0.11 - 'APPE' Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'APPE' Remote Buffer Overflow MitraStar DSL-100HN-T1/GPT-2541GNAC - Privilege Escalation MyPHP Forum 3.0 - Edit Topics/Blind SQL Injection MyPHP Forum 3.0 - Edit Topics / Blind SQL Injection ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Information Disclosure Vulnerabilities ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Information Disclosure Vulnerabilities Tkai's Shoutbox - 'Query' Open Redirection Tkai's Shoutbox - 'Query' Open Redirection SAP Web Application Server 6.x/7.0 - Open Redirection SAP Web Application Server 6.x/7.0 - Open Redirection UC Gateway Investment SiteEngine 5.0 - 'api.php' Open Redirection UC Gateway Investment SiteEngine 5.0 - 'api.php' Open Redirection Autonomy Ultraseek - 'cs.html' Open Redirection Autonomy Ultraseek - 'cs.html' Open Redirection Joomla! Component com_user - 'view' Open Redirection Joomla! Component com_user - 'view' Open Redirection MBoard 1.3 - 'url' Open Redirection MBoard 1.3 - 'url' Open Redirection Sitecore CMS 6.4.1 - 'url' Open Redirection Sitecore CMS 6.4.1 - 'url' Open Redirection Orchard 1.3.9 - 'ReturnUrl' Open Redirection Orchard 1.3.9 - 'ReturnUrl' Open Redirection Tiki Wiki CMS Groupware - 'url' Open Redirection Tiki Wiki CMS Groupware - 'url' Open Redirection WebsitePanel - 'ReturnUrl' Open Redirection WebsitePanel - 'ReturnUrl' Open Redirection ocPortal 7.1.5 - 'redirect' Open Redirection ocPortal 7.1.5 - 'redirect' Open Redirection Silverstripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS 2.4.x - 'BackURL' Open Redirection PHP Melody 2.6.1 - SQL Injection PHPMyFAQ 2.9.8 - Cross-Site Scripting (3) phpMyFAQ 2.9.8 - Cross-Site Request Forgery WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection Zomato Clone Script - 'resid' SQL Injection Website Broker Script - 'status_id' SQL Injection Vastal I-Tech Agent Zone - SQL Injection Php Inventory - Arbitrary File Upload Online Exam Test Application - 'sort' SQL Injection Nice PHP FAQ Script - 'nice_theme' SQL Injection Fake Magazine Cover Script - SQL Injection CPA Lead Reward Script - SQL Injection Basic B2B Script - SQL Injection CmsLite 1.4 - 'S' SQL Injection MyMagazine 1.0 - 'id' SQL Injection News 1.0 - SQL Injection Newspaper 1.0 - SQL Injection US Zip Codes Database - 'state' SQL Injection Shareet - 'photo' SQL Injection AROX School ERP PHP Script - 'id' SQL Injection Protected Links - SQL Injection ZeeBuddy 2x - 'groupid' SQL Injection Vastal I-Tech Dating Zone 0.9.9 - 'product_id' SQL Injection tPanel 2009 - Authentication Bypass Sokial Social Network Script 1.0 - SQL Injection SoftDatepro Dating Social Network 1.3 - SQL Injection Same Sex Dating Software Pro 1.0 - SQL Injection PHP CityPortal 2.0 - SQL Injection PG All Share Video 1.0 - SQL Injection MyBuilder Clone 1.0 - 'subcategory' SQL Injection Mailing List Manager Pro 3.0 - SQL Injection Joomla! Component Zh YandexMap 6.1.1.0 - 'placemarklistid' SQL Injection Joomla! Component NS Download Shop 2.2.6 - 'id' SQL Injection Job Board Script - 'nice_theme' SQL Injection iTech Gigs Script 1.21 - SQL Injection iStock Management System 1.0 - Arbitrary File Upload iProject Management System 1.0 - 'ID' SQL Injection Article Directory Script 3.0 - 'id' SQL Injection Adult Script Pro 2.2.4 - SQL Injection D-Park Pro 1.0 - SQL Injection Ingenious 2.3.0 - Arbitrary File Upload Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure	2017-10-31 05:01:39 +00:00
Offensive Security	9352001fe6	DB: 2017-10-29	2017-10-29 05:01:33 +00:00
Offensive Security	b4050a4e4b	DB: 2017-10-28 ... 3 new exploits Boloto Media Player 1.0.0.9 - pls file Denial of Service Boloto Media Player 1.0.0.9 - '.pls' File Denial of Service HP Operations Manager 8.16 - 'srcvw4.dll' LoadFile()/SaveFile() Remote Unicode Stack Overflow (PoC) HP Operations Manager 8.16 - 'srcvw4.dll' 'LoadFile()'/'SaveFile()' Remote Unicode Stack Overflow (PoC) id software quake ii server 3.2 - Multiple Vulnerabilities ID Software Quake II Server 3.2 - Multiple Vulnerabilities Couchdb 1.5.0 - uuids Denial of Service Couchdb 1.5.0 - 'uuids' Denial of Service Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference Tizen Studio 1.3 Smart Development Bridge <2.3.2 - Buffer Overflow (PoC) Oracle 10g - LT.FINDRICSET SQL Injection (IDS evasion) Oracle 10g - 'LT.FINDRICSET' SQL Injection (IDS Evasion) Linux Kernel < 2.6.22 - 'ftruncate()/open()' Privilege Escalation Linux Kernel < 2.6.22 - 'ftruncate()'/'open()' Privilege Escalation MinaliC WebServer 1.0 - Remote Source Disclosure/File Download MinaliC WebServer 1.0 - Remote Source Disclosure / File Download PcVue 10.0 SV.UIGrdCtrl.1 - 'LoadObject()/SaveObject()' Trusted DWORD (Metasploit) PcVue 10.0 SV.UIGrdCtrl.1 - 'LoadObject()'/'SaveObject()' Trusted DWORD (Metasploit) ISC BIND 8.1 - host Remote Buffer Overflow ISC BIND 8.1 - Host Remote Buffer Overflow Mozilla Firefox 3.5.3 and SeaMonkey 1.1.17 - 'libpr0n' GIF Parser Heap Based Buffer Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Based Buffer Overflow DameWare Remote Controller <= 12.0.0.520 - Remote Code Execution RunCMS 1.6 - Blind SQL Injection (IDS evasion) RunCMS 1.6 - Blind SQL Injection (IDS Evasion) glFusion 1.1.2 - COM_applyFilter()/order SQL Injection glFusion 1.1.2 - 'COM_applyFilter()/order' SQL Injection glFusion 1.1.2 - COM_applyFilter()/cookies Blind SQL Injection glFusion 1.1.2 - 'COM_applyFilter()/cookies' Blind SQL Injection Geeklog 1.5.2 - savepreferences()/*blocks[] SQL Injection Geeklog 1.5.2 - 'savepreferences()/*blocks[]' SQL Injection	2017-10-28 05:01:35 +00:00
Offensive Security	e515bac4fe	DB: 2017-10-27 ... 2 new exploits Microsoft Windows XP/2000 - TCP Connection Reset Remote Exploit Microsoft Windows XP/2000 - TCP Connection Reset WinEggDropShell 1.7 - Multiple Unauthenticated Remote Stack Overflows (PoC) WinEggDropShell 1.7 - Unauthenticated Multiple Remote Stack Overflows (PoC) FileCOPA FTP Server 1.01 - 'USER' Remote Unauthenticated Denial of Service FileCOPA FTP Server 1.01 - 'USER' Unauthenticated Remote Denial of Service Mercury/32 Mail SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC) Airsensor M520 - HTTPD Remote Unauthenticated Denial of Service / Buffer Overflow (PoC) Airsensor M520 - HTTPD Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Simple HTTPD 1.41 - '/aux' Remote Denial of Service Simple HTTPd 1.41 - '/aux' Remote Denial of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Denial of Service Oracle Internet Directory 10.1.4 - Remote Unauthenticated Denial of Service Oracle Internet Directory 10.1.4 - Unauthenticated Remote Denial of Service Linksys WAG54G v2 Wireless ADSL Router - httpd Denial of Service Linksys WAG54G v2 Wireless ADSL Router - HTTPd Denial of Service Nofeel FTP Server 3.6 - 'CWD' Command Remote Memory Consumption Nofeel FTP Server 3.6 - 'CWD' Remote Memory Consumption Home FTP Server 1.10.1.139 - 'SITE INDEX' Command Remote Denial of Service Home FTP Server 1.10.1.139 - 'SITE INDEX' Remote Denial of Service XM Easy Personal FTP Server - 'APPE' / 'DELE' Commands Denial of Service XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service httpdx 1.5.2 - Remote Unauthenticated Denial of Service (PoC) httpdx 1.5.2 - Unauthenticated Remote Denial of Service (PoC) httpdx 1.5.3b - Multiple Remote Unauthenticated Denial of Service Vulnerabilities (PoC) httpdx 1.5.3b - Unauthenticated Remote Denial of Service Multiple Vulnerabilities (PoC) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crashs (SEH) (PoC) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Crashs (SEH) (PoC) TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (1) TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (1) (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - 'PORT' Command Remote Denial of Service (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - 'PORT' Remote Denial of Service Motorola SB5101 Hax0rware Rajko HTTPD - Remote Exploit (PoC) Motorola SB5101 Hax0rware Rajko HTTPd - Remote Exploit (PoC) Unreal Tournament 3 2.1 - 'STEAMBLOB' Command Remote Denial of Service Unreal Tournament 3 2.1 - 'STEAMBLOB' Remote Denial of Service TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (2) TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (2) Objectivity/DB - Lack of Authentication Remote Exploit Objectivity/DB - Lack of Authentication IPComp - encapsulation Unauthenticated kernel memory Corruption IPComp - encapsulation Unauthenticated Kernel Memory Corruption Crush FTP 5 - 'APPE' command Remote JVM Blue Screen of Death (PoC) Crush FTP 5 - 'APPE' Remote JVM Blue Screen of Death (PoC) torrent-stats - httpd.c Denial of Service torrent-stats - 'httpd.c' Denial of Service Ipswitch IMail 5.0.8/6.0/6.1 - IMonitor status.cgi Denial of Service Ipswitch IMail 5.0.8/6.0/6.1 - IMonitor 'status.cgi' Denial of Service WhitSoft SlimServe - HTTPD 1.1 Get Denial of Service WhitSoft SlimServe HTTPd 1.1 - Get Denial of Service Linksys BEFSR41 1.4x - Gozila.cgi Denial of Service Linksys BEFSR41 1.4x - 'Gozila.cgi' Denial of Service BRS Webweaver 1.06 httpd - 'User-Agent' Remote Denial of Service BRS Webweaver 1.06 - HTTPd 'User-Agent' Remote Denial of Service Surfboard httpd 1.1.9 - Remote Buffer Overflow Surfboard HTTPd 1.1.9 - Remote Buffer Overflow RobotFTP Server 1.0/2.0 - Remote Unauthenticated Command Denial of Service RobotFTP Server 1.0/2.0 - Unauthenticated Remote Command Denial of Service Titan FTP Server 3.0 - 'LIST' Command Denial of Service Titan FTP Server 3.0 - 'LIST' Denial of Service Monkey HTTPD 1.1.1 - Crash (PoC) Monkey HTTPd 1.1.1 - Crash (PoC) Alt-N MDaemon 2-8 - Remote Unauthenticated IMAP Buffer Overflow Alt-N MDaemon 2-8 - IMAP Unauthenticated Remote Buffer Overflow Titan FTP Server 6.05 build 550 - 'DELE' Command Remote Buffer Overflow Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow Surgemail and WebMail 3.0 - 'Page' Command Remote Format String Surgemail and WebMail 3.0 - 'Page' Remote Format String Call of Duty 4 1.5 - Malformed 'stats' Command Denial of Service Call of Duty 4 1.5 - 'stats' Denial of Service Softalk Mail Server 8.5.1 - 'APPEND' Command Remote Denial of Service Softalk Mail Server 8.5.1 - 'APPEND' Remote Denial of Service FileCOPA FTP Server 5.01 - 'NOOP' Command Denial of Service FileCOPA FTP Server 5.01 - 'NOOP' Denial of Service Hybserv2 - ':help' Command Denial of Service Hybserv2 - ':help' Denial of Service Titan FTP Server 8.40 - 'APPE' Command Remote Denial of Service Titan FTP Server 8.40 - 'APPE' Remote Denial of Service TYPSoft FTP Server 1.1 - 'APPE' Command Remote Buffer Overflow TYPSoft FTP Server 1.1 - 'APPE' Remote Buffer Overflow Sony Bravia KDL-32CX525 - 'hping' Command Remote Denial of Service Sony Bravia KDL-32CX525 - 'hping' Remote Denial of Service SmallFTPd 1.0.3 - 'mkd' Command Denial of Service freeFTPd 1.0.8 - 'mkd' Command Denial of Service SmallFTPd 1.0.3 - 'mkd' Denial of Service freeFTPd 1.0.8 - 'mkd' Denial of Service Wireshark 2.2.0 to 2.2.12 - ROS Dissector Denial of Service Wireshark 2.2.0 < 2.2.12 - ROS Dissector Denial of Service AIX 4.3/5.1 < 5.3 - 'lsmcode' Command Execution Privilege Escalation AIX 4.3/5.1 < 5.3 - 'lsmcode' Execution Privilege Escalation xp-AntiSpy 3.9.7-4 - '.xpas' file Buffer Overflow xp-AntiSpy 3.9.7-4 - '.xpas' File Buffer Overflow GTA SA-MP server.cfg - Buffer Overflow (Metasploit) GTA SA-MP - 'server.cfg' Buffer Overflow (Metasploit) SCO Unixware 7.1 - 'pkg' command Exploit SCO Unixware 7.1 - 'pkg' Exploit Caldera UnixWare 7.1.1 - WebTop SCOAdminReg.cgi Arbitrary Command Execution Caldera UnixWare 7.1.1 - WebTop 'SCOAdminReg.cgi' Arbitrary Command Execution OSSEC 2.7 < 2.8.1 - 'diff' Command Privilege Escalation OSSEC 2.7 < 2.8.1 - 'diff' Privilege Escalation Microsoft Windows 10 - pcap Driver Privilege Escalation Microsoft Windows 10 - 'pcap' Driver Privilege Escalation PHPMailer < 5.2.21 - Local File Disclosure HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow Apache 2.0.45 - APR Remote Exploit Apache 2.0.45 - 'APR' Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Command Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Exploit Pavuk Digest - Authentication Buffer Overflow Remote Exploit Pavuk Digest - Authentication Remote Buffer Overflow 3CServer 1.1 - FTP Server Remote Exploit 3CServer 1.1 (FTP Server) - Remote Exploit LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Remote Exploit LimeWire 4.1.2 < 4.5.6 - 'GET' Remote Exploit MailEnable Enterprise 1.x - Imapd Remote Exploit MailEnable Enterprise 1.x - IMAPd Remote Exploit Sumus 0.2.2 - httpd Remote Buffer Overflow Sumus 0.2.2 - HTTPd Remote Buffer Overflow Symantec Scan Engine 5.0.x - Change Admin Password Remote Exploit Symantec Scan Engine 5.0.x - Change Admin Password Mercur Messaging 2005 (Windows 2000 SP4) - IMAP (Subscribe) Remote Exploit Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Exploit CoreHTTP 0.5.3alpha (httpd) - Remote Buffer Overflow CoreHTTP 0.5.3alpha - HTTPd Remote Buffer Overflow Postcast Server Pro 3.0.61 - / Quiksoft EasyMail 'emsmtp.dll 6.0.1' Buffer Overflow Postcast Server Pro 3.0.61 / Quiksoft EasyMail - 'emsmtp.dll 6.0.1' Buffer Overflow Mercury/32 4.52 IMAPD - SEARCH Command Authenticated Overflow Mercury/32 4.52 IMAPD - 'SEARCH' Authenticated Overflow SonicWALL SSL-VPN - NeLaunchCtrl ActiveX Control Remote Exploit SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Exploit simple httpd 1.38 - Multiple Vulnerabilities Simple HTTPd 1.38 - Multiple Vulnerabilities Cisco IOS 12.3(18) - FTP Server Remote Exploit (Attached to GDB) Cisco IOS 12.3(18) (FTP Server) - Remote Exploit (Attached to GDB) freeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH) freeSSHd 1.2.1 - 'rename' Remote Buffer Overflow (SEH) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow (Metasploit) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - 'apply.cgi' Buffer Overflow (Metasploit) Home FTP Server - 'MKD' Command Directory Traversal Home FTP Server - 'MKD' Directory Traversal Apple iTunes 8.1.x - 'daap' Buffer Overflow Remote Exploit Apple iTunes 8.1.x - 'daap' Remote Buffer Overflow eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflows (1) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (1) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflows (2) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (2) EasyFTP Server 1.7.0.2 - MKD Remote Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - 'MKD' Authenticated Remote Buffer Overflow Xftp client 3.0 - PWD Remote Exploit Xftp client 3.0 - 'PWD' Remote Exploit ProSSHD 1.2 - Remote Authenticated Exploit (ASLR + DEP Bypass) ProSSHD 1.2 - Authenticated Remote Exploit (ASLR + DEP Bypass) EasyFTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'MKD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'CWD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Command Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Buffer Overflow (Metasploit) Alt-N MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) Alt-N MDaemon 6.8.5 - WorldClient 'form2raw.cgi' Stack Buffer Overflow (Metasploit) Linksys WRT54 Access Point - apply.cgi Buffer Overflow (Metasploit) Linksys WRT54 Access Point - 'apply.cgi' Buffer Overflow (Metasploit) Progea Movicon 11 - TCPUploadServer Remote Exploit Progea Movicon 11 - 'TCPUploadServer' Remote Exploit PCMan FTP Server Buffer Overflow - 'PUT' Command (Metasploit) PCMan FTP Server - 'PUT_ Buffer Overflow (Metasploit) Freefloat FTP Server - 'LIST' Command Buffer Overflow Freefloat FTP Server - 'LIST' Buffer Overflow KnFTP 1.0.0 Server - 'USER' command Remote Buffer Overflow KnFTP 1.0.0 Server - 'USER' Remote Buffer Overflow SGI IRIX 6.3 - cgi-bin webdist.cgi Exploit SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Exploit Matt Wright - FormHandler.cgi 2.0 Reply Attachment Matt Wright - 'FormHandler.cgi' 2.0 Reply Attachment Solution Scripts Home Free 1.0 - search.cgi Directory Traversal Solution Scripts Home Free 1.0 - 'search.cgi' Directory Traversal CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution CNC Technology BizDB 1.0 - 'bizdb-search.cgi' Remote Command Execution 3R Soft MailStudio 2000 2.0 - userreg.cgi Arbitrary Command Execution 3R Soft MailStudio 2000 2.0 - 'userreg.cgi' Arbitrary Command Execution Cisco Virtual Central Office 4000 (VCO/4K) 5.1.3 - Remote 'Username' and Password Retrieval Cisco Virtual Central Office 4000 (VCO/4K) 5.1.3 - Remote Username / Password Retrieval Greg Matthews - Classifieds.cgi 1.0 MetaCharacter Greg Matthews - 'Classifieds.cgi' 1.0 MetaCharacter Squid Web Proxy 2.2 - cachemgr.cgi Unauthorized Connection Squid Web Proxy 2.2 - 'cachemgr.cgi' Unauthorized Connection Leif M. Wright - ad.cgi 1.0 Unchecked Input Leif M. Wright - 'ad.cgi' 1.0 Unchecked Input NCSA 1.3/1.4.x/1.5 / Apache httpd 0.8.11/0.8.14 - ScriptAlias Source Retrieval NCSA 1.3/1.4.x/1.5 / Apache HTTPd 0.8.11/0.8.14 - ScriptAlias Source Retrieval SWSoft ASPSeek 1.0 - s.cgi Buffer Overflow SWSoft ASPSeek 1.0 - 's.cgi' Buffer Overflow Drummond Miles A1Stats 1.0 - a1disp2.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - a1disp4.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - 'a1disp2.cgi' Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - 'a1disp3.cgi' Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - 'a1disp4.cgi' Traversal Arbitrary File Read Tarantella Enterprise 3 3.x - TTAWebTop.cgi Arbitrary File Viewing Tarantella Enterprise 3 3.x - 'TTAWebTop.cgi' Arbitrary File Viewing NCSA httpd 1.x - Buffer Overflow (1) NCSA httpd 1.x - Buffer Overflow (2) NCSA HTTPd 1.x - Buffer Overflow (1) NCSA HTTPd 1.x - Buffer Overflow (2) BPM Studio Pro 4.2 - HTTPD Directory Traversal BPM Studio Pro 4.2 - HTTPd Directory Traversal Light HTTPD 0.1 - GET Buffer Overflow (1) Light HTTPD 0.1 - GET Buffer Overflow (2) Light HTTPd 0.1 - GET Buffer Overflow (1) Light HTTPd 0.1 - GET Buffer Overflow (2) Null HTTPD 0.5 - Remote Heap Corruption Null HTTPd 0.5 - Remote Heap Corruption Boozt Standard 0.9.8 - index.cgi Buffer Overrun Boozt Standard 0.9.8 - 'index.cgi' Buffer Overrun Webmin 0.9x / Usermin 0.9x/1.0 - Session ID Spoofing Unauthenticated Access Webmin 0.9x / Usermin 0.9x/1.0 - Unauthenticated Access Session ID Spoofing Axis Communications Video Server 2.x - Command.cgi File Creation Axis Communications Video Server 2.x - 'Command.cgi' File Creation Freefloat FTP Server - 'PUT' Command Buffer Overflow Freefloat FTP Server - 'PUT' Buffer Overflow MNOGoSearch 3.1.20 - search.cgi UL Buffer Overflow (1) MNOGoSearch 3.1.20 - search.cgi UL Buffer Overflow (2) MNOGoSearch 3.1.20 - 'search.cgi?UL' Buffer Overflow (1) MNOGoSearch 3.1.20 - 'search.cgi?UL' Buffer Overflow (2) MySQL - Remote Unauthenticated User Enumeration (SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Authentication Bypass Remote Exploit MySQL - Unauthenticated Remote User Enumeration (SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass Freefloat FTP Server - 'USER' Command Buffer Overflow Freefloat FTP Server - 'USER' Buffer Overflow Mephistoles HTTPD 0.6 - Cross-Site Scripting Mephistoles HTTPd 0.6 - Cross-Site Scripting SurgeLDAP 1.0 - User.cgi Directory Traversal SurgeLDAP 1.0 - 'User.cgi' Directory Traversal Nagios3 - history.cgi Remote Command Execution Nagios3 - 'history.cgi' Remote Command Execution Nagios3 - history.cgi Host Command Execution (Metasploit) Nagios3 - 'history.cgi' Host Command Execution (Metasploit) Firebird 1.0 - Remote Unauthenticated Database Name Buffer Overrun Firebird 1.0 - Unauthenticated Remote Database Name Buffer Overrun acme thttpd 2.0.7 - Directory Traversal Acme thttpd 2.0.7 - Directory Traversal Freefloat FTP Server 1.0 - 'Raw' Commands Buffer Overflow Freefloat FTP Server 1.0 - 'Raw' Buffer Overflow NETGEAR DGN1000B - setup.cgi Remote Command Execution (Metasploit) NETGEAR DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit) Linksys E1500/E2500 - apply.cgi Remote Command Injection (Metasploit) Linksys E1500/E2500 - 'apply.cgi' Remote Command Injection (Metasploit) Linksys WRT54GL - apply.cgi Command Execution (Metasploit) Linksys WRT54GL - 'apply.cgi' Command Execution (Metasploit) NETGEAR DGN2200B - pppoe.cgi Remote Command Execution (Metasploit) NETGEAR DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit) SAP ConfigServlet - Remote Unauthenticated Payload Execution (Metasploit) SAP ConfigServlet - Unauthenticated Remote Payload Execution (Metasploit) GroundWork - monarch_scan.cgi OS Command Injection (Metasploit) GroundWork - 'monarch_scan.cgi' OS Command Injection (Metasploit) Linksys WRT160N v2 - apply.cgi Remote Command Injection (Metasploit) Linksys WRT160N v2 - 'apply.cgi' Remote Command Injection (Metasploit) WhitSoft SlimServe httpd 1.0/1.1 - Directory Traversal WhitSoft SlimServe HTTPd 1.0/1.1 - Directory Traversal Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit Nginx 1.3.9/1.4.0 (x86) - Brute Force PCMan FTP Server 2.07 - 'PASS' Command Buffer Overflow PCMan FTP Server 2.07 - 'PASS' Buffer Overflow Mikrotik RouterOS sshd (ROSSSH) - Remote Unauthenticated Heap Corruption PCMan FTP Server 2.07 - 'STOR' Command Buffer Overflow Mikrotik RouterOS sshd (ROSSSH) - Unauthenticated Remote Heap Corruption PCMan FTP Server 2.07 - 'STOR' Buffer Overflow Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting Cisco Secure ACS 2.3 - 'LoginProxy.cgi' Cross-Site Scripting PCMan FTP Server 2.07 - 'STOR' Command Stack Overflow (Metasploit) PCMan FTP Server 2.07 - 'STOR' Stack Overflow (Metasploit) Supermicro Onboard IPMI - close_window.cgi Buffer Overflow (Metasploit) Supermicro Onboard IPMI - 'close_window.cgi' Buffer Overflow (Metasploit) Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - setup.cgi Cross-Site Scripting Vulnerabilities Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - 'setup.cgi' Cross-Site Scripting TinTin++ / WinTin++ 1.97.9 - '#chat' Command Multiple Vulnerabilities TinTin++ / WinTin++ 1.97.9 - '#chat' Multiple Vulnerabilities PCMan FTP Server 2.07 - 'ABOR' Command Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Command Buffer Overflow PCMan FTP Server 2.07 - 'ABOR' Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Buffer Overflow Ultra Mini HTTPD 1.21 - POST Stack Buffer Overflow Ultra Mini HTTPD 1.21 - 'POST' Stack Buffer Overflow Ultra Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit Ultra Mini HTTPD 1.21 - 'POST' Stack Buffer Overflow ALFTP FTP Client 4.1/5.0 - 'LIST' Command Directory Traversal ALFTP FTP Client 4.1/5.0 - 'LIST' Directory Traversal Glub Tech Secure FTP 2.5.15 - 'LIST' Command Directory Traversal Glub Tech Secure FTP 2.5.15 - 'LIST' Directory Traversal UltraEdit 14.00b - FTP/SFTP 'LIST' Command Directory Traversal WISE-FTP 4.1/5.5.8 - FTP Client 'LIST' Command Directory Traversal Classic FTP 1.02 - 'LIST' Command Directory Traversal UltraEdit 14.00b - FTP/SFTP 'LIST' Directory Traversal WISE-FTP 4.1/5.5.8 - FTP Client 'LIST' Directory Traversal Classic FTP 1.02 - 'LIST' Directory Traversal AceFTP 3.80.3 - 'LIST' Command Directory Traversal AceFTP 3.80.3 - 'LIST' Directory Traversal RhinoSoft Serv-U FTP Server 7.2.0.1 - 'rnto' Command Directory Traversal RhinoSoft Serv-U FTP Server 7.2.0.1 - 'rnto' Directory Traversal Vtiger - Install Unauthenticated Remote Command Execution (Metasploit) Vtiger - 'Install' Unauthenticated Remote Command Execution (Metasploit) httpdx 1.5 - 'MKD' Command Directory Traversal httpdx 1.5 - 'MKD' Directory Traversal D-Link Devices - Authentication.cgi Buffer Overflow (Metasploit) D-Link Devices - 'Authentication.cgi' Buffer Overflow (Metasploit) rbot 0.9.14 - '!react' Command Unauthorized Access rbot 0.9.14 - '!react' Unauthorized Access VMTurbo Operations Manager 4.6 - vmtadmin.cgi Remote Command Execution (Metasploit) VMTurbo Operations Manager 4.6 - 'vmtadmin.cgi' Remote Command Execution (Metasploit) Solar FTP Server 2.1.1 - 'PASV' Command Remote Buffer Overflow Solar FTP Server 2.1.1 - 'PASV' Remote Buffer Overflow Freefloat FTP Server - 'ALLO' Command Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'MKD' Command Buffer Overflow Freefloat FTP Server - 'ALLO' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'MKD' Buffer Overflow Endian Firewall 2.4 - openvpn_users.cgi PATH_INFO Cross-Site Scripting Endian Firewall 2.4 - 'openvpn_users.cgi?PATH_INFO' Cross-Site Scripting PCMan FTP Server 2.0.7 - 'PUT' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'PUT' Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Buffer Overflow Zpanel - Remote Unauthenticated Remote Code Execution (Metasploit) Zpanel - Unauthenticated Remote Code Execution (Metasploit) PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'RENAME' Buffer Overflow (Metasploit) IPFire - proxy.cgi Remote Code Execution (Metasploit) IPFire - 'proxy.cgi' Remote Code Execution (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Command Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'APPE' Command Buffer Overflow Remote Exploit EasyFTP Server 1.7.0.11 - 'APPE' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'DELETE' Command Buffer Overflow Freefloat FTP Server 1.0 - 'ABOR' Command Buffer Overflow Freefloat FTP Server 1.0 - 'RMD' Command Buffer Overflow Freefloat FTP Server 1.0 - 'HOST' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'DELETE' Buffer Overflow Freefloat FTP Server 1.0 - 'ABOR' Buffer Overflow Freefloat FTP Server 1.0 - 'RMD' Buffer Overflow Freefloat FTP Server 1.0 - 'HOST' Buffer Overflow Freefloat FTP Server 1.0 - 'RENAME' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'UMASK' Command Buffer Overflow Freefloat FTP Server 1.0 - 'DIR' Command Buffer Overflow Freefloat FTP Server 1.0 - 'RENAME' Buffer Overflow PCMan FTP Server 2.0.7 - 'UMASK' Buffer Overflow Freefloat FTP Server 1.0 - 'DIR' Buffer Overflow PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow Freefloat FTP Server 1.0 - 'SITE ZONE' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow BolinTech DreamFTP Server 1.02 - 'RETR' Command Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'ACCT' Buffer Overflow Freefloat FTP Server 1.0 - 'SITE ZONE' Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Buffer Overflow BolinTech DreamFTP Server 1.02 - 'RETR' Remote Buffer Overflow NETGEAR DGN2200 - dnslookup.cgi Command Injection (Metasploit) NETGEAR DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit) VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit) VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Unauthenticated Command Execution (Metasploit) CCBILL CGI - 'ccbillx.c' whereami.cgi Remote Exploit CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Exploit phpBB 2.0.6 - search_id SQL Injection MD5 Hash Remote Exploit phpBB 2.0.6 - 'search_id' SQL Injection MD5 Hash Remote Exploit eXtropia Shopping Cart - web_store.cgi Remote Exploit eXtropia Shopping Cart - 'web_store.cgi' Remote Exploit Limbo 1.0.4.2 - _SERVER[REMOTE_ADDR] Overwrite Remote Exploit Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Overwrite Remote Exploit TFT Gallery 0.10 - Password Disclosure Remote Exploit TFT Gallery 0.10 - Password Disclosure XOOPS 2.0.13.2 - xoopsOption[nocommon] Remote Exploit XOOPS 2.0.13.2 - 'xoopsOption[nocommon]' Remote Exploit Drupal 4.7 - attachment mod_mime Remote Exploit Drupal 4.7 - 'Attachment mod_mime' Remote Exploit Cahier de texte 2.0 - Database Backup/Source Disclosure Remote Exploit Cahier de texte 2.0 - Database Backup / Source Disclosure CSPartner 1.0 - Delete All Users / SQL Injection Remote Exploit CSPartner 1.0 - Delete All Users / SQL Injection Podcast Generator 1.2 - Unauthorized Re-Installation Remote Exploit Podcast Generator 1.2 - Unauthorized Re-Installation SPIP < 2.0.9 - Arbitrary Copy All Passwords to .XML File Remote Exploit SPIP < 2.0.9 - Arbitrary Copy All Passwords to '.XML' File Nagios3 - statuswml.cgi Command Injection (Metasploit) Nagios3 - 'statuswml.cgi' Command Injection (Metasploit) QuickTime Streaming Server - parse_xml.cgi Remote Execution (Metasploit) QuickTime Streaming Server - 'parse_xml.cgi' Remote Execution (Metasploit) Nagios3 - statuswml.cgi Ping Command Execution (Metasploit) Nagios3 - 'statuswml.cgi' 'Ping' Command Execution (Metasploit) E-Mail Security Virtual Appliance - learn-msg.cgi Command Injection (Metasploit) E-Mail Security Virtual Appliance - 'learn-msg.cgi' Command Injection (Metasploit) AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution AHG Search Engine 1.0 - 'search.cgi' Arbitrary Command Execution CGIScript.net - csPassword.cgi 1.0 Information Disclosure CGIScript.net - csPassword.cgi 1.0 HTAccess File Modification CGIScript.net - 'csPassword.cgi' 1.0 Information Disclosure CGIScript.net - 'csPassword.cgi' 1.0 HTAccess File Modification MailReader.com 2.3.x - NPH-MR.cgi File Disclosure MailReader.com 2.3.x - 'NPH-MR.cgi' File Disclosure BizDesign ImageFolio 2.x/3.0.1 - nph-build.cgi Cross-Site Scripting BizDesign ImageFolio 2.x/3.0.1 - 'nph-build.cgi' Cross-Site Scripting cPanel 5.0 - Guestbook.cgi Remote Command Execution (1) cPanel 5.0 - Guestbook.cgi Remote Command Execution (2) cPanel 5.0 - Guestbook.cgi Remote Command Execution (3) cPanel 5.0 - Guestbook.cgi Remote Command Execution (4) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (1) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (2) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (3) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (4) HappyMall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi Command Execution HappyMall E-Commerce Software 4.3/4.4 - 'Normal_HTML.cgi' Command Execution HappyMall E-Commerce Software 4.3/4.4 - Member_HTML.cgi Command Execution HappyMall E-Commerce Software 4.3/4.4 - 'Member_HTML.cgi' Command Execution Happymall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi Cross-Site Scripting Happymall E-Commerce Software 4.3/4.4 - 'Normal_HTML.cgi' Cross-Site Scripting Happymall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi File Disclosure Happymall E-Commerce Software 4.3/4.4 - 'Normal_HTML.cgi' File Disclosure Zeus Web Server 4.x - Admin Interface VS_Diag.cgi Cross-Site Scripting Zeus Web Server 4.x - Admin Interface 'VS_Diag.cgi' Cross-Site Scripting ImageFolio 2.2x/3.0/3.1 - Admin.cgi Directory Traversal ImageFolio 2.2x/3.0/3.1 - 'Admin.cgi' Directory Traversal SurgeLDAP 1.0 d - User.cgi Cross-Site Scripting SurgeLDAP 1.0 d - 'User.cgi' Cross-Site Scripting Sun Cobalt RaQ 1.1/2.0/3.0/4.0 - Message.cgi Cross-Site Scripting Sun Cobalt RaQ 1.1/2.0/3.0/4.0 - 'Message.cgi' Cross-Site Scripting CommerceSQL Shopping Cart 2.2 - index.cgi Directory Traversal CommerceSQL Shopping Cart 2.2 - 'index.cgi' Directory Traversal DansGuardian Webmin Module 0.x - edit.cgi Directory Traversal DansGuardian Webmin Module 0.x - 'edit.cgi' Directory Traversal ShopCartCGI 2.3 - gotopage.cgi Traversal Arbitrary File Access ShopCartCGI 2.3 - 'gotopage.cgi' Traversal Arbitrary File Access BoardPower Forum - ICQ.cgi Cross-Site Scripting BoardPower Forum - 'ICQ.cgi' Cross-Site Scripting Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution Gossamer Threads Links 2.x - User.cgi Cross-Site Scripting Gossamer Threads Links 2.x - 'User.cgi' Cross-Site Scripting MegaBook 2.0/2.1 - Admin.cgi EntryID Cross-Site Scripting MegaBook 2.0/2.1 - 'Admin.cgi?EntryID' Cross-Site Scripting PerlDiver 2.31 - Perldiver.cgi Cross-Site Scripting PerlDiver 2.31 - 'Perldiver.cgi' Cross-Site Scripting GlobalNoteScript 4.20 - Read.cgi Remote Command Execution GlobalNoteScript 4.20 - 'Read.cgi' Remote Command Execution Pngren 2.0.1 - Kaiseki.cgi Remote Command Execution Pngren 2.0.1 - 'Kaiseki.cgi' Remote Command Execution Walla TeleSite 3.0 - ts.cgi File Existence Enumeration Walla TeleSite 3.0 - 'ts.cgi' File Existence Enumeration Easy Search System 1.1 - search.cgi Cross-Site Scripting Easy Search System 1.1 - 'search.cgi' Cross-Site Scripting Kryptronic ClickCartPro 5.1/5.2 - CP-APP.cgi Cross-Site Scripting Kryptronic ClickCartPro 5.1/5.2 - 'CP-APP.cgi' Cross-Site Scripting Cholod MySQL Based Message Board - Mb.cgi SQL Injection Cholod MySQL Based Message Board - 'Mb.cgi' SQL Injection BlankOL 1.0 - Bol.cgi Multiple Cross-Site Scripting Vulnerabilities BlankOL 1.0 - 'Bol.cgi' Multiple Cross-Site Scripting Vulnerabilities Web-APP.net WebAPP 0.9.x - /mods/calendar/index.cgi?vsSD' Cross-Site Scripting Web-APP.net WebAPP 0.9.x - '/mods/calendar/index.cgi?vsSD' Cross-Site Scripting Net Clubs Pro 4.0 - imessage.cgi 'Username' Cross-Site Scripting Net Clubs Pro 4.0 - 'imessage.cgi?Username' Cross-Site Scripting Cosmoshop 8.10.78/8.11.106 - Lshop.cgi SQL Injection Cosmoshop 8.10.78/8.11.106 - 'Lshop.cgi' SQL Injection Netwin SurgeFTP 2.3a1 - SurgeFTPMGR.cgi Multiple Input Validation Vulnerabilities Netwin SurgeFTP 2.3a1 - 'SurgeFTPMGR.cgi' Multiple Input Validation Vulnerabilities WebEvent 4.03 - Webevent.cgi Cross-Site Scripting WebEvent 4.03 - 'Webevent.cgi' Cross-Site Scripting Urchin 5.7.x - session.cgi Cross-Site Scripting Urchin 5.7.x - 'session.cgi' Cross-Site Scripting Google Urchin 5.7.3 - Report.cgi Authentication Bypass Google Urchin 5.7.3 - \Report.cgi' Authentication Bypass Web Terra 1.1 - books.cgi Remote Command Execution Web Terra 1.1 - 'books.cgi' Remote Command Execution D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit Lancfg2get.cgi D-Link DSL-2730B Modem - 'Lancfg2get.cgi Persistent Cross-Site Scripting Zenoss 3.2.1 - Remote Authenticated Command Execution Zenoss 3.2.1 - Authenticated Remote Command Execution Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (Metasploit) Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Unauthenticated Remote Command Execution (Metasploit)	2017-10-27 05:01:37 +00:00
Offensive Security	c9ca104d1d	DB: 2017-10-26 ... 11 new exploits Ultr@VNC 1.0.1 - client Log::ReallyPrint Buffer Overflow (PoC) Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Buffer Overflow (PoC) AT-TFTP 1.9 - 'Long Filename' Remote Buffer Overflow (PoC) AT-TFTP 1.9 - 'Filename' Remote Buffer Overflow (PoC) VUPlayer 2.49 - '.asx' (HREF) Local Buffer Overflow (PoC) VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (PoC) ByteCatcher FTP Client 1.0.4 - Long Server Banner Buffer Overflow ByteCatcher FTP Client 1.0.4 - 'Server Banner' Buffer Overflow Avant Browser 8.0.2 - Long HTTP Request Buffer Overflow Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow thttpd 2.2x - defang Remote Buffer Overflow (PoC) thttpd 2.2x - 'defang' Remote Buffer Overflow (PoC) Rigs of Rods 0.33d - Long Vehicle Name Buffer Overflow Rigs of Rods 0.33d - 'Vehicle Name' Buffer Overflow Wireshark infer_pkt_encap - Heap Based Out-of-Bounds Read Wireshark AirPDcapDecryptWPABroadcastKey - Heap Based Out-of-Bounds Read Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1) Wireshark - AirPDcapDecryptWPABroadcastKey Heap Based Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2) Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4- PacketBB Dissector Denial of Service Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - PacketBB Dissector Denial of Service WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (1) glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - Exploits glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - Exploit WinRAR 3.30 - Long Filename Buffer Overflow (1) WinRAR 3.30 - Long Filename Buffer Overflow (2) WinRAR 3.30 - 'Filename' Buffer Overflow (1) WinRAR 3.30 - 'Filename' Buffer Overflow (2) Pico Zip 4.01 - Long Filename Buffer Overflow Pico Zip 4.01 - 'Filename' Buffer Overflow PowerZip 7.06.38950 - Long Filename Handling Buffer Overflow PowerZip 7.06.38950 - 'Filename Handling' Buffer Overflow Oracle 9i/10g - Evil Views Change Passwords Exploit Oracle 9i/10g - Evil Views Change Passwords Oracle 10g/11g - SYS.LT.FINDRICSET SQL Injection (1) Oracle 10g/11g - SYS.LT.FINDRICSET SQL Injection (2) Oracle 10g/11g - 'SYS.LT.FINDRICSET' SQL Injection (1) Oracle 10g/11g - 'SYS.LT.FINDRICSET' SQL Injection (2) VUPlayer 2.49 - '.asx' (HREF) Local Buffer Overflow (2) VUPlayer 2.49 - '.asx' (HREF) Local Buffer Overflow (1) VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (2) VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (1) Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (1) Wireshark 1.4.4 - 'packet-dect.c' Stack Buffer Overflow (Metasploit) (1) SGI IRIX 6.2 - eject Exploit (1) SGI IRIX 6.2 - eject Exploit (2) SGI IRIX 6.2 - 'eject' Exploit (1) SGI IRIX 6.2 - 'eject' Exploit (2) Slackware Linux 3.1/3.2 - color_xterm Buffer Overflow (2) Slackware Linux 3.1/3.2 - 'color_xterm' Buffer Overflow (2) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 mailx - Exploit (2) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' Exploit (2) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - klogd Buffer Overflow (1) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - klogd Buffer Overflow (2) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Buffer Overflow (1) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Buffer Overflow (2) Solaris 2.5.1 kcms - Buffer Overflow (1) Solaris 2.5.1 kcms - Buffer Overflow (2) Solaris 2.5.1 - 'kcms' Buffer Overflow (1) Solaris 2.5.1 - 'kcms' Buffer Overflow (2) SGI IRIX 6.3 Systour and OutOfBox - Exploits SGI IRIX 6.3 Systour and OutOfBox - Exploit RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap tgetent() Buffer Overflow (1) RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Buffer Overflow (1) GNU glibc 2.1/2.1.1 -6 - pt_chown Exploit GNU glibc 2.1/2.1.1 -6 - 'pt_chown' Exploit Solaris 7.0 ufsdump - Local Buffer Overflow (1) Solaris 7.0 ufsdump - Local Buffer Overflow (2) Solaris 7.0 - 'ufsdump' Local Buffer Overflow (1) Solaris 7.0 - 'ufsdump' Local Buffer Overflow (2) SCO Unixware 7.0 - xlock(1) (long 'Username') Buffer Overflow SCO Unixware 7.0 - 'xlock(1)' 'Username' Buffer Overflow RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x man - Buffer Overrun (1) RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x man - Buffer Overrun (2) RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x - 'man' Buffer Overrun (1) RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x - 'man' Buffer Overrun (2) Solaris 2.6/7.0 - lpset -r Buffer Overflow (1) Solaris 2.6/7.0 - lpset -r Buffer Overflow (2) Solaris 2.6/7.0 - lpset -r Buffer Overflow (3) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (1) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (2) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (3) Solaris 2.6/7.0/8 netpr - Buffer Overflow (1) Solaris 2.6/7.0/8 netpr - Buffer Overflow (2) Solaris 2.6/7.0/8 - 'netpr' Buffer Overflow (1) Solaris 2.6/7.0/8 - 'netpr' Buffer Overflow (2) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (1) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (2) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (3) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3) Solaris 2.x/7.0/8 Catman - Race Condition (1) Solaris 2.x/7.0/8 Catman - Race Condition (2) Solaris 2.x/7.0/8 - 'Catman' Race Condition (1) Solaris 2.x/7.0/8 - 'Catman' Race Condition (2) DG/UX 4.20 lpsched - Long Error Message Buffer Overflow DG/UX 4.20 lpsched - 'Error Message' Buffer Overflow Solaris 7/8 kcms_configure - Command-Line Buffer Overflow (1) Solaris 7/8 kcms_configure - Command-Line Buffer Overflow (2) Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (1) Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (2) Solaris 2.5/2.6/7.0/8 - mailx -F Buffer Overflow (1) Solaris 2.5/2.6/7.0/8 - mailx -F Buffer Overflow (2) Solaris 2.5/2.6/7.0/8 - 'mailx -F' Buffer Overflow (1) Solaris 2.5/2.6/7.0/8 - 'mailx -F' Buffer Overflow (2) Sawmill 6.2.x - AdminPassword Insecure Default Permissions Sawmill 6.2.x - Admin Password Insecure Default Permissions XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (1) XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (2) XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (3) XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (4) XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (1) XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (2) XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (3) XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (4) BlazeVideo HDTV Player 6.6 Professional - Exploit (Direct Retn) BlazeVideo HDTV Player 6.6 Professional - Exploit (Direct RETN) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation (2) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - 'Long Filename' Remote Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - 'Filename' Remote Buffer Overflow Microsoft Internet Explorer - XML Parsing Buffer Overflow Microsoft Internet Explorer - XML Parsing Buffer Overflow (1) Microsoft Internet Explorer - XML Parsing Buffer Overflow Microsoft Internet Explorer - XML Parsing Buffer Overflow (2) Orbit Downloader 2.8.4 - Long Hostname Remote Buffer Overflow Orbit Downloader 2.8.4 - 'Hostname' Remote Buffer Overflow Huawei SmartAX MT880 - Multiple Cross-Site Request Forgery Vulnerabilities Huawei SmartAX MT880 - Cross-Site Request Forgery Multiple Vulnerabilities Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit) Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (1) (Metasploit) HP LaserJet Printers - Multiple Persistent Cross-Site Scripting Vulnerabilities HP LaserJet Printers - Persistent Cross-Site Scripting Multiple Vulnerabilities XFTP 3.0 Build 0239 - Long Filename Buffer Overflow XFTP 3.0 Build 0239 - 'Filename' Buffer Overflow Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit) Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (2) (Metasploit) D-Link TFTP 1.0 - Long Filename Buffer Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - Long Mode Buffer Overflow (Metasploit) D-Link TFTP 1.0 - 'Filename' Buffer Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - 'Filename' Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - 'Mode' Buffer Overflow (Metasploit) TFTPD32 < 2.21 - Long Filename Buffer Overflow (Metasploit) TFTPD32 < 2.21 - 'Filename' Buffer Overflow (Metasploit) Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (2) Wireshark 1.4.4 - 'packet-dect.c' Stack Buffer Overflow (Metasploit) (2) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - realpath Exploit (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - realpath Exploit (2) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Exploit (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Exploit (2) Trend Micro Interscan VirusWall 3.2.3/3.3 - Long HELO Buffer Overflow (1) Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (1) Trend Micro Interscan VirusWall 3.2.3/3.3 - Long HELO Buffer Overflow (2) Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (2) Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (1) Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (2) Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (3) Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (4) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (1) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (2) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (3) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (4) Sun Java Web Server 1.1.3/2.0 Servlets - Exploits Sun Java Web Server 1.1.3/2.0 Servlets - Exploit Samba 1.9.19 - Long Password Buffer Overflow Samba 1.9.19 - 'Password' Buffer Overflow OReilly Software WebSite Professional 2.5.4 - Directory Disclosure OReilly Software WebSite Professional 2.5.4 - Path Disclosure PowerScripts PlusMail WebConsole 1.0 - Poor Authentication (1) PowerScripts PlusMail WebConsole 1.0 - Poor Authentication (2) PowerScripts PlusMail WebConsole 1.0 - Poor Authentication (3) PowerScripts PlusMail WebConsole 1.0 - Weak Authentication (1) PowerScripts PlusMail WebConsole 1.0 - Weak Authentication (2) PowerScripts PlusMail WebConsole 1.0 - Weak Authentication (3) AOLServer 3 - Long Authentication String Buffer Overflow (1) AOLServer 3 - Long Authentication String Buffer Overflow (2) AOLServer 3 - 'Authentication String' Buffer Overflow (1) AOLServer 3 - 'Authentication String' Buffer Overflow (2) John Roy Pi3Web 2.0 For Windows - Long Request Buffer Overflow John Roy Pi3Web 2.0 For Windows - Buffer Overflow Phusion WebServer 1.0 - Long URL Buffer Overflow Phusion WebServer 1.0 - 'URL' Buffer Overflow Essentia Web Server 2.1 - Long URL Buffer Overflow Essentia Web Server 2.1 - 'URL' Buffer Overflow Monkey HTTP Server 0.1/0.4/0.5 - Multiple Cross-Site Scripting Vulnerabilities Monkey HTTP Server 0.1/0.4/0.5 - Cross-Site Scripting Multiple Vulnerabilities TFTPD32 2.50 - Long Filename Buffer Overflow TFTPD32 2.50 - 'Filename' Buffer Overflow Opera 6.0/7.0 - Long Filename Download Buffer Overrun Opera 6.0/7.0 - 'Filename Download' Buffer Overrun PGP4Pine 1.75.6/1.76 - Long Message Line Buffer Overflow PGP4Pine 1.75.6/1.76 - 'Message Line' Buffer Overflow Passlog Daemon 0.1 - SL_Parse Remote Buffer Overflow (1) Passlog Daemon 0.1 - SL_Parse Remote Buffer Overflow (2) Passlog Daemon 0.1 - 'SL_Parse' Remote Buffer Overflow (1) Passlog Daemon 0.1 - 'SL_Parse' Remote Buffer Overflow (2) Tellurian TftpdNT 1.8/2.0 - Long Filename Buffer Overrun Tellurian TftpdNT 1.8/2.0 - 'Filename' Buffer Overrun Nokia Electronic Documentation 5.0 - Directory Disclosure Nokia Electronic Documentation 5.0 - Path Disclosure TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities TCLHttpd 3.4.2 - Cross-Site Scripting Multiple Vulnerabilities WebFS 1.x - Long Pathname Buffer Overrun WebFS 1.x - 'Pathname' Buffer Overrun Monit 1.4/2.x/3/4 - Long HTTP Request Buffer Overrun Monit 1.4/2.x/3/4 - 'HTTP Request' Buffer Overrun Novell Netware Enterprise Web Server 5.1/6.0 - Multiple Cross-Site Scripting Vulnerabilities Novell Netware Enterprise Web Server 5.1/6.0 - Cross-Site Scripting Multiple Vulnerabilities Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities Oracle Reports Server 10g 9.0.2 - Cross-Site Scripting Multiple Vulnerabilities NETGEAR MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Buffer Overflow Hilgraeve HyperAccess 8.4 - Multiple Remote Command Execution Vulnerabilities Hilgraeve HyperAccess 8.4 - Remote Command Execution Multiple Vulnerabilities TeamSpeak Server 2.0.23 (Multiple Scripts) - Multiple Cross-Site Scripting Vulnerabilities TeamSpeak Server 2.0.23 (Multiple Scripts) - Cross-Site Scripting Multiple Vulnerabilities RedHat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities RedHat Directory Server 7.1 - Cross-Site Scripting Multiple Vulnerabilities Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Multiple Cross-Site Scripting Vulnerabilities Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Cross-Site Scripting Multiple Vulnerabilities RSA Authentication Agent for Web 5.3 - URI Redirection RSA Authentication Agent for Web 5.3 - Open Redirection Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' URI redirection Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection Novell QuickFinder Server - Multiple Cross-Site Scripting Vulnerabilities Novell QuickFinder Server - Cross-Site Scripting Multiple Vulnerabilities Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Multiple Cross-Site Scripting Vulnerabilities Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Cross-Site Scripting Multiple Vulnerabilities XAMPP 1.6.x - Multiple Cross-Site Scripting Vulnerabilities XAMPP 1.6.x - Cross-Site Scripting Multiple Vulnerabilities Zenoss 2.3.3 - Multiple Cross-Site Request Forgery Vulnerabilities Zenoss 2.3.3 - Cross-Site Request Forgery Multiple Vulnerabilities Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities Huawei HG510 - Cross-Site Request Forgery Multiple Vulnerabilities IBM Lotus Notes 6.5.6 - 'names.nsf' Open redirection IBM Lotus Notes 6.5.6 - 'names.nsf' Open Redirection HP System Management Homepage - 'RedirectUrl' URI Redirection HP System Management Homepage - 'RedirectUrl' Open Redirection Nagios XI - Multiple Cross-Site Request Forgery Vulnerabilities Nagios XI - Cross-Site Request Forgery Multiple Vulnerabilities DServe - Multiple Cross-Site Scripting Vulnerabilities DServe - Cross-Site Scripting Multiple Vulnerabilities Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities Mozilla Firefox/Thunderbird/SeaMonkey - HTML Injection Multiple Vulnerabilities Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities SurgeFTP 23b6 - Multiple Cross-Site Scripting Vulnerabilities Microsoft Visual Studio Report Viewer 2005 Control - Cross-Site Scripting Multiple Vulnerabilities SurgeFTP 23b6 - Cross-Site Scripting Multiple Vulnerabilities Xavi 7968 ADSL Router - Multiple Cross-Site Request Forgery Vulnerabilities Xavi 7968 ADSL Router - Cross-Site Request Forgery Multiple Vulnerabilities Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities Barracuda CudaTel Communication Server 2.0.029.1 - HTML Injection Multiple Vulnerabilities Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities Barracuda Email Security Service - HTML Injection Multiple Vulnerabilities Websense Content Gateway - Multiple Cross-Site Scripting Vulnerabilities Websense Content Gateway - Cross-Site Scripting Multiple Vulnerabilities FirePass 7.0 SSL VPN - 'refreshURL' URI Redirection FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection Fortinet FortiWeb (Multiple Appliances) - Multiple Cross-Site Scripting Vulnerabilities Fortinet FortiWeb (Multiple Appliances) - Cross-Site Scripting Multiple Vulnerabilities Apache OFBiz 10.4.x - Multiple Cross-Site Scripting Vulnerabilities Apache OFBiz 10.4.x - Cross-Site Scripting Multiple Vulnerabilities Dell SonicWALL Scrutinizer - Multiple HTML Injection Vulnerabilities Dell SonicWALL Scrutinizer - HTML Injection Multiple Vulnerabilities Foscam IP (Multiple Cameras) - Multiple Cross-Site Request Forgery Vulnerabilities Foscam IP (Multiple Cameras) - Cross-Site Request Forgery Multiple Vulnerabilities Sony CH / DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities Sony CH / DH Series IP Cameras - Cross-Site Request Forgery Multiple Vulnerabilities Apache Struts 2.2.3 - Multiple Open redirection Vulnerabilities Apache Struts 2.2.3 - Multiple Open Redirections Barracuda CudaTel - Multiple Cross-Site Scripting Vulnerabilities Barracuda CudaTel - Cross-Site Scripting Multiple Vulnerabilities Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Unauthenticated Remote Code Execution (Metasploit) ZeroBoard Worm - Source Code ZeroBoard - Worm Source Code Maxwebportal 1.36 - 'Password.asp' Change Password Exploit (3) (Perl) Maxwebportal 1.36 - 'Password.asp' Change Password Exploit (2) (PHP) Maxwebportal 1.36 - 'Password.asp' Change Password Exploit (1) (HTML) Maxwebportal 1.36 - 'Password.asp' Change Password (3) (Perl) Maxwebportal 1.36 - 'Password.asp' Change Password (2) (PHP) Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML) Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities Jupiter CMS 1.1.5 - Cross-Site Scripting Multiple Vulnerabilities AuraCMS 2.x - '/user.php' Security Code Bypass / Add Administrator AuraCMS 2.x - '/user.php' Security Code Bypass / Arbitrary Add Administrator pPIM 1.0 - upload/change Password pPIM 1.0 - Upload/Change Password Observer 0.3.2.1 - Multiple Remote Command Execution Vulnerabilities Observer 0.3.2.1 - Remote Command Execution Multiple Vulnerabilities VideoScript 4.0.1.50 - Admin Change Password Exploit VideoScript 4.0.1.50 - Change Admin Password txtBB 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges eLitius 1.0 - '/manage-admin.php' Add Admin/Change Password Exploit eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password Exploit ShaadiClone 2.0 - 'addAdminmembercode.php' Add Admin ShaadiClone 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin ZeeCareers 2.0 - 'addAdminmembercode.php' Add Admin ZeeCareers 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin ecshop 2.6.2 - Multiple Remote Command Execution Vulnerabilities ecshop 2.6.2 - Remote Command Execution Multiple Vulnerabilities Zen Cart 1.3.8 - SQL Execution Exploit Zen Cart 1.3.8 - SQL Execution ZenPhoto Gallery 1.2.5 - Admin Password Reset (CRSF) ZenPhoto Gallery 1.2.5 - Admin Password Reset (Cross-Site Request Forgery) Snitz Forums 2000 - Multiple Cross-Site Scripting Vulnerabilities Snitz Forums 2000 - Cross-Site Scripting Multiple Vulnerabilities Hyperic HQ 3.2 < 4.2-beta1 - Multiple Cross-Site Scripting Vulnerabilities Hyperic HQ 3.2 < 4.2-beta1 - Cross-Site Scripting Multiple Vulnerabilities McAfee Network Security Manager < 5.1.11.8.1 - Multiple Cross-Site Scripting Vulnerabilities McAfee Network Security Manager < 5.1.11.8.1 - Cross-Site Scripting Multiple Vulnerabilities IBM Rational RequisitePro 7.10 / ReqWebHelp - Multiple Cross-Site Scripting Vulnerabilities IBM Rational RequisitePro 7.10 / ReqWebHelp - Cross-Site Scripting Multiple Vulnerabilities Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting Vulnerabilities Sun Solaris AnswerBook2 - Cross-Site Scripting Multiple Vulnerabilities Chipmunk Board Script 1.x - Multiple Cross-Site Request Forgery Vulnerabilities Chipmunk Board Script 1.x - Cross-Site Request Forgery Multiple Vulnerabilities Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities Ez Cart 1.0 - Cross-Site Request Forgery Multiple Vulnerabilities Basic PHP Events Lister 2 - Add Admin Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery Vulnerabilities Basic PHP Events Lister 2 - Arbitrary Add Admin Jobscript4Web 3.5 - Cross-Site Request Forgery Multiple Vulnerabilities Traidnt Gallery - Add Admin Traidnt Gallery - Arbitrary Add Admin X7CHAT 1.3.6b - Add Admin X7CHAT 1.3.6b - Arbitrary Add Admin Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities Drupal 6.15 - Persistent Cross-Site Scripting Multiple Vulnerabilities CiviCRM 3.1 < Beta 5 - Multiple Cross-Site Scripting Vulnerabilities CiviCRM 3.1 < Beta 5 - Cross-Site Scripting Multiple Vulnerabilities Croogo 1.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities Croogo 1.2.1 - Cross-Site Request Forgery Multiple Vulnerabilities cPanel - Multiple Cross-Site Request Forgery Vulnerabilities cPanel - Cross-Site Request Forgery Multiple Vulnerabilities ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities ANE CMD CRSF - Add Admin ATutor 1.6.4 - Cross-Site Scripting Multiple Vulnerabilities ANE CMD CRSF - Arbitrary Add Admin Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities Apache OFBiz - Cross-Site Scripting Multiple Vulnerabilities eXtreme Message Board 1.9.11 - Multiple Cross-Site Request Forgery Vulnerabilities eXtreme Message Board 1.9.11 - Cross-Site Request Forgery Multiple Vulnerabilities Campsite CMS 3.4.0 - Multiple Cross-Site Request Forgery Vulnerabilities Campsite CMS 3.4.0 - Cross-Site Request Forgery Multiple Vulnerabilities Phreebooks 2.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities Phreebooks 2.0 - Persistent Cross-Site Scripting Multiple Vulnerabilities Orbis CMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities Orbis CMS 1.0.2 - Cross-Site Request Forgery Multiple Vulnerabilities ZenPhoto CMS 1.3 - Multiple Cross-Site Request Forgery Vulnerabilities ZenPhoto CMS 1.3 - Cross-Site Request Forgery Multiple Vulnerabilities Joomla! Component JomSocial 1.6.288 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component JomSocial 1.6.288 - Cross-Site Scripting Multiple Vulnerabilities Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) (1) Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities Frog CMS 0.9.5 - Cross-Site Request Forgery Multiple Vulnerabilities TomatoCart 1.0.1 - Cross-Site Request Forgery Multiple Vulnerabilities TomatoCMS 2.0.5 - Cross-Site Request Forgery Multiple Vulnerabilities TheHostingTool 1.2.2 - Multiple Cross-Site Request Forgery Vulnerabilities TheHostingTool 1.2.2 - Cross-Site Request Forgery Multiple Vulnerabilities Grafik CMS 1.1.2 - Multiple Cross-Site Request Forgery Vulnerabilities Grafik CMS 1.1.2 - Cross-Site Request Forgery Multiple Vulnerabilities Diferior CMS 8.03 - Multiple Cross-Site Request Forgery Vulnerabilities Diferior CMS 8.03 - Cross-Site Request Forgery Multiple Vulnerabilities MyIT CRM - Multiple Cross-Site Scripting Vulnerabilities MyIT CRM - Cross-Site Scripting Multiple Vulnerabilities Saurus CMS Admin Panel - Multiple Cross-Site Request Forgery Vulnerabilities Saurus CMS Admin Panel - Cross-Site Request Forgery Multiple Vulnerabilities Hycus CMS 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities Hycus CMS 1.0.1 - Cross-Site Request Forgery Multiple Vulnerabilities sNews CMS - Multiple Cross-Site Scripting Vulnerabilities sNews CMS - Cross-Site Scripting Multiple Vulnerabilities BlogBird Platform - Multiple Cross-Site Scripting Vulnerabilities BlogBird Platform - Cross-Site Scripting Multiple Vulnerabilities Front Accounting 2.3RC2 - Multiple Persistent Cross-Site Scripting Vulnerabilities Front Accounting 2.3RC2 - Persistent Cross-Site Scripting Multiple Vulnerabilities Diferior 8.03 - Multiple Cross-Site Scripting Vulnerabilities Diferior 8.03 - Cross-Site Scripting Multiple Vulnerabilities MySmartBB 1.7 - Multiple Cross-Site Scripting Vulnerabilities MySmartBB 1.7 - Cross-Site Scripting Multiple Vulnerabilities Radius Manager 3.8.0 - Multiple Cross-Site Scripting Vulnerabilities Radius Manager 3.8.0 - Cross-Site Scripting Multiple Vulnerabilities PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities PiXie CMS 1.04 - Cross-Site Request Forgery Multiple Vulnerabilities Openfire 3.6.4 - Multiple Cross-Site Request Forgery Vulnerabilities Openfire 3.6.4 - Cross-Site Request Forgery Multiple Vulnerabilities TaskFreak! 0.6.4 - Multiple Cross-Site Scripting Vulnerabilities TaskFreak! 0.6.4 - Cross-Site Scripting Multiple Vulnerabilities SmarterMail 8.0 - Multiple Cross-Site Scripting Vulnerabilities SmarterMail 8.0 - Cross-Site Scripting Multiple Vulnerabilities WikiWig 5.01 - Multiple Cross-Site Scripting Vulnerabilities WikiWig 5.01 - Cross-Site Scripting Multiple Vulnerabilities Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) (2) DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities DoceboLms 4.0.4 - Persistent Cross-Site Scripting Multiple Vulnerabilities docuFORM Mercury WebApp 6.16a/5.20 - Multiple Cross-Site Scripting Vulnerabilities SocialCMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities docuFORM Mercury WebApp 6.16a/5.20 - Cross-Site Scripting Multiple Vulnerabilities SocialCMS 1.0.2 - Cross-Site Request Forgery Multiple Vulnerabilities ManageEngine ServiceDesk Plus 8.0 Build 8013 - Multiple Cross-Site Scripting Vulnerabilities ManageEngine ServiceDesk Plus 8.0 Build 8013 - Cross-Site Scripting Multiple Vulnerabilities ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ManageEngine ServiceDesk Plus 8.0 - Persistent Cross-Site Scripting Multiple Vulnerabilities Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting Vulnerabilities Family CMS 2.7.2 - Persistent Cross-Site Scripting Multiple Vulnerabilities FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities FCMS CMS 2.7.2 - Cross-Site Request Forgery Multiple Vulnerabilities Plume CMS 1.2.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities Plume CMS 1.2.4 - Persistent Cross-Site Scripting Multiple Vulnerabilities Sphinix Mobile Web Server 3.1.2.47 - Multiple Persistent Cross-Site Scripting Vulnerabilities Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities Sphinix Mobile Web Server 3.1.2.47 - Persistent Cross-Site Scripting Multiple Vulnerabilities Apache Struts - Persistent Cross-Site Scripting Multiple Vulnerabilities FlexCMS 3.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities FlexCMS 3.2.1 - Cross-Site Request Forgery Multiple Vulnerabilities Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities Sitecom WLM-2501 - Cross-Site Request Forgery Multiple Vulnerabilities vBshop - Multiple Persistent Cross-Site Scripting Vulnerabilities vBshop - Persistent Cross-Site Scripting Multiple Vulnerabilities XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities XOOPS 2.5.4 - Cross-Site Scripting Multiple Vulnerabilities Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting Vulnerabilities Oracle GlassFish Server 3.1.1 (build 12) - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Zingiri Web Shop 2.4.0 - Cross-Site Scripting Multiple Vulnerabilities WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress 3.3.1 - Cross-Site Request Forgery Multiple Vulnerabilities Baby Gekko CMS 1.1.5c - Multiple Persistent Cross-Site Scripting Vulnerabilities Baby Gekko CMS 1.1.5c - Persistent Cross-Site Scripting Multiple Vulnerabilities Zoho BugTracker - Multiple Persistent Cross-Site Scripting Vulnerabilities Zoho BugTracker - Persistent Cross-Site Scripting Multiple Vulnerabilities T-dah Webmail Client - Multiple Persistent Cross-Site Scripting Vulnerabilities T-dah Webmail Client - Persistent Cross-Site Scripting Multiple Vulnerabilities Hivemail Webmail - Multiple Persistent Cross-Site Scripting Vulnerabilities Hivemail Webmail - Persistent Cross-Site Scripting Multiple Vulnerabilities Wiki Web Help 0.3.9 - Multiple Persistent Cross-Site Scripting Vulnerabilities XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities Wiki Web Help 0.3.9 - Persistent Cross-Site Scripting Multiple Vulnerabilities XWiki 4.2-milestone-2 - Persistent Cross-Site Scripting Multiple Vulnerabilities Geeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities Geeklog 1.3.5 - Cross-Site Scripting Multiple Vulnerabilities Kerio MailServer 5.0/5.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities Kerio MailServer 5.0/5.1 Web Mail - Cross-Site Scripting Multiple Vulnerabilities Mozilla Bonsai - Cross-Site Scripting Multiple Vulnerabilities SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting Multiple Vulnerabilities phpLinkat 0.1 - Multiple Cross-Site Scripting Vulnerabilities phpLinkat 0.1 - Cross-Site Scripting Multiple Vulnerabilities PHP-Nuke 5.x/6.0/6.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke 5.x/6.0/6.5 Beta 1 - Cross-Site Scripting Multiple Vulnerabilities PHP-Nuke 6.0 - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke 6.0 - Cross-Site Scripting Multiple Vulnerabilities Endpoint Protector 4.0.4.2 - Multiple Persistent Cross-Site Scripting Vulnerabilities Endpoint Protector 4.0.4.2 - Persistent Cross-Site Scripting Multiple Vulnerabilities EZ Publish 2.2.7/3.0 - Multiple Cross-Site Scripting Vulnerabilities EZ Publish 2.2.7/3.0 - Cross-Site Scripting Multiple Vulnerabilities WebChat 2.0 - 'users.php?Database 'Username' Disclosure WebChat 2.0 - 'users.php?Database Username Disclosure PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities PostNuke 0.723 - Cross-Site Scripting Multiple Vulnerabilities Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Cross-Site Scripting Multiple Vulnerabilities MegaBook 1.1/2.0/2.1 - Multiple HTML Injection Vulnerabilities MegaBook 1.1/2.0/2.1 - HTML Injection Multiple Vulnerabilities m0n0wall 1.33 - Multiple Cross-Site Request Forgery Vulnerabilities m0n0wall 1.33 - Cross-Site Request Forgery Multiple Vulnerabilities Enterpriser16 Load Balancer 7.1 - Multiple Cross-Site Scripting Vulnerabilities Enterpriser16 Load Balancer 7.1 - Cross-Site Scripting Multiple Vulnerabilities Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.3 - Cross-Site Scripting Multiple Vulnerabilities YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities YABB SE 1.5.1 - Cross-Site Scripting Multiple Vulnerabilities PHP-Nuke MS-Analysis Module - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke MS-Analysis Module - Cross-Site Scripting Multiple Vulnerabilities BlackBoard Learning System 5.x/6.0 - Multiple Cross-Site Scripting Vulnerabilities BlackBoard Learning System 5.x/6.0 - Cross-Site Scripting Multiple Vulnerabilities PHPX 3.x - Multiple Cross-Site Scripting Vulnerabilities PHPX 3.x - Cross-Site Scripting Multiple Vulnerabilities Adam Webb NukeJokes 1.7/2.0 Module - Multiple Cross-Site Scripting Vulnerabilities Adam Webb NukeJokes 1.7/2.0 Module - Cross-Site Scripting Multiple Vulnerabilities Liferay Enterprise Portal 1.x/2.x/5.0.2 - Multiple Cross-Site Scripting Vulnerabilities Liferay Enterprise Portal 1.x/2.x/5.0.2 - Cross-Site Scripting Multiple Vulnerabilities Crafty Syntax Live Help 2.7.3 - Multiple HTML Injection Vulnerabilities Crafty Syntax Live Help 2.7.3 - HTML Injection Multiple Vulnerabilities PHP-Nuke 6.x/7.x Reviews Module - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke 6.x/7.x Reviews Module - Cross-Site Scripting Multiple Vulnerabilities Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x - Cross-Site Scripting Multiple Vulnerabilities PHP Code Snippet Library 0.8 - Multiple Cross-Site Scripting Vulnerabilities Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Scripting Vulnerabilities PHP Code Snippet Library 0.8 - Cross-Site Scripting Multiple Vulnerabilities Nagl XOOPS Dictionary Module 1.0 - Cross-Site Scripting Multiple Vulnerabilities glFusion 1.2.2 - Multiple Cross-Site Scripting Vulnerabilities glFusion 1.2.2 - Cross-Site Scripting Multiple Vulnerabilities MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities MTP Guestbook 1.0 - Cross-Site Scripting Multiple Vulnerabilities MTP Poll 1.0 - Cross-Site Scripting Multiple Vulnerabilities DCP-Portal 3.7/4.x/5.x - Multiple HTML Injection Vulnerabilities DCP-Portal 3.7/4.x/5.x - HTML Injection Multiple Vulnerabilities FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities FuseTalk Forum 4.0 - Cross-Site Scripting Multiple Vulnerabilities Mark Zuckerberg Thefacebook - Multiple Cross-Site Scripting Vulnerabilities Mark Zuckerberg Thefacebook - Cross-Site Scripting Multiple Vulnerabilities ViewGit 0.0.6 - Multiple Cross-Site Scripting Vulnerabilities ViewGit 0.0.6 - Cross-Site Scripting Multiple Vulnerabilities Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities Vanilla Forums Van2Shout Plugin 1.0.51 - Cross-Site Request Forgery Multiple Vulnerabilities WorkBoard 1.2 - Multiple Cross-Site Scripting Vulnerabilities ProjectBB 0.4.5.1 - Multiple Cross-Site Scripting Vulnerabilities WorkBoard 1.2 - Cross-Site Scripting Multiple Vulnerabilities ProjectBB 0.4.5.1 - Cross-Site Scripting Multiple Vulnerabilities Exponent CMS 0.95 - Multiple Cross-Site Scripting Vulnerabilities Exponent CMS 0.95 - Cross-Site Scripting Multiple Vulnerabilities PHP-Nuke 6.x/7.x - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke 6.x/7.x - Cross-Site Scripting Multiple Vulnerabilities ZeroBoard 4.1 - Multiple Cross-Site Scripting Vulnerabilities ZeroBoard 4.1 - Cross-Site Scripting Multiple Vulnerabilities OOApp Guestbook - Multiple HTML Injection Vulnerabilities OOApp Guestbook - HTML Injection Multiple Vulnerabilities CubeCart 2.0.x - Multiple Cross-Site Scripting Vulnerabilities CubeCart 2.0.x - Cross-Site Scripting Multiple Vulnerabilities PHP Arena PAFileDB 3.1 - Multiple Cross-Site Scripting Vulnerabilities PHP Arena PAFileDB 3.1 - Cross-Site Scripting Multiple Vulnerabilities PunBB 1.2.3 - Multiple HTML Injection Vulnerabilities PunBB 1.2.3 - HTML Injection Multiple Vulnerabilities PHPOpenChat 3.0.1 - Multiple HTML Injection Vulnerabilities PHPOpenChat 3.0.1 - HTML Injection Multiple Vulnerabilities Oracle Reports Server 10g - Multiple Cross-Site Scripting Vulnerabilities Oracle Reports Server 10g - Cross-Site Scripting Multiple Vulnerabilities Nuke BookMarks 0.6 - Multiple Cross-Site Scripting Vulnerabilities Nuke BookMarks 0.6 - Cross-Site Scripting Multiple Vulnerabilities Tkai's Shoutbox - 'Query' URI redirection Tkai's Shoutbox - 'Query' Open Redirection CPG Dragonfly 9.0.2.0 - Multiple Cross-Site Scripting Vulnerabilities CPG Dragonfly 9.0.2.0 - Cross-Site Scripting Multiple Vulnerabilities Alstrasoft EPay Pro 2.0 - Multiple Cross-Site Scripting Vulnerabilities Alstrasoft EPay Pro 2.0 - Cross-Site Scripting Multiple Vulnerabilities PHP-Nuke 7.6 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke 7.6 Web_Links Module - Cross-Site Scripting Multiple Vulnerabilities Ultimate PHP Board 1.8/1.9 - Multiple Cross-Site Scripting Vulnerabilities Ultimate PHP Board 1.8/1.9 - Cross-Site Scripting Multiple Vulnerabilities PWSPHP 1.2 - Multiple Cross-Site Scripting Vulnerabilities PWSPHP 1.2 - Cross-Site Scripting Multiple Vulnerabilities Skull-Splitter Guestbook 1.0/2.0/2.2 - Multiple HTML Injection Vulnerabilities Skull-Splitter Guestbook 1.0/2.0/2.2 - HTML Injection Multiple Vulnerabilities Spread The Word - Multiple Cross-Site Scripting Vulnerabilities Spread The Word - Cross-Site Scripting Multiple Vulnerabilities Kasseler CMS 1.3.4 Lite - Multiple Cross-Site Scripting Vulnerabilities Kasseler CMS 1.3.4 Lite - Cross-Site Scripting Multiple Vulnerabilities Cerberus Helpdesk 0.97.3/2.6.1 - Multiple Cross-Site Scripting Vulnerabilities Cerberus Helpdesk 0.97.3/2.6.1 - Cross-Site Scripting Multiple Vulnerabilities Comersus Open Technologies Comersus Cart 6.0.41 - Multiple Cross-Site Scripting Vulnerabilities Comersus Open Technologies Comersus Cart 6.0.41 - Cross-Site Scripting Multiple Vulnerabilities PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities PHPMyFAQ 1.5.1 - Cross-Site Scripting Multiple Vulnerabilities @Mail 4.0/4.13 - Multiple Cross-Site Scripting Vulnerabilities Easypx41 - Multiple Cross-Site Scripting Vulnerabilities @Mail 4.0/4.13 - Cross-Site Scripting Multiple Vulnerabilities Easypx41 - Cross-Site Scripting Multiple Vulnerabilities PHPFreeNews 1.x - Multiple Cross-Site Scripting Vulnerabilities PHPFreeNews 1.x - Cross-Site Scripting Multiple Vulnerabilities SaveWebPortal 3.4 - Multiple Cross-Site Scripting Vulnerabilities SaveWebPortal 3.4 - Cross-Site Scripting Multiple Vulnerabilities MAXdev MD-Pro 1.0.73 - Multiple Cross-Site Scripting Vulnerabilities MAXdev MD-Pro 1.0.73 - Cross-Site Scripting Multiple Vulnerabilities phpCommunityCalendar 4.0 - Multiple Cross-Site Scripting Vulnerabilities phpCommunityCalendar 4.0 - Cross-Site Scripting Multiple Vulnerabilities PHP Advanced Transfer Manager 1.30 - Multiple Cross-Site Scripting Vulnerabilities PHP Advanced Transfer Manager 1.30 - Cross-Site Scripting Multiple Vulnerabilities TellMe 1.2 - Multiple Cross-Site Scripting Vulnerabilities TellMe 1.2 - Cross-Site Scripting Multiple Vulnerabilities Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities Comersus Backoffice Plus - Cross-Site Scripting Multiple Vulnerabilities Flyspray 0.9 - Multiple Cross-Site Scripting Vulnerabilities Flyspray 0.9 - Cross-Site Scripting Multiple Vulnerabilities PBLang 4.65 - Multiple Cross-Site Scripting Vulnerabilities PBLang 4.65 - Cross-Site Scripting Multiple Vulnerabilities SAP Web Application Server 6.x/7.0 - URI redirection SAP Web Application Server 6.x/7.0 - Open Redirection PHPWCMS 1.2.5 -DEV - Multiple Cross-Site Scripting Vulnerabilities PHPWCMS 1.2.5 -DEV - Cross-Site Scripting Multiple Vulnerabilities PBLang Bulletin Board System 4.65 - Multiple HTML Injection Vulnerabilities PBLang Bulletin Board System 4.65 - HTML Injection Multiple Vulnerabilities FreeWebStat 1.0 - Multiple Cross-Site Scripting Vulnerabilities FreeWebStat 1.0 - Cross-Site Scripting Multiple Vulnerabilities NetAuctionHelp 3.0 - Multiple Cross-Site Scripting Vulnerabilities NetAuctionHelp 3.0 - Cross-Site Scripting Multiple Vulnerabilities CourseForum Technologies ProjectForum 4.7 - Multiple Cross-Site Scripting Vulnerabilities CourseForum Technologies ProjectForum 4.7 - Cross-Site Scripting Multiple Vulnerabilities AltantForum 4.0.2 - Multiple Cross-Site Scripting Vulnerabilities AltantForum 4.0.2 - Cross-Site Scripting Multiple Vulnerabilities Soft4e ECW-Cart 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities Soft4e ECW-Cart 2.0.3 - Cross-Site Scripting Multiple Vulnerabilities Dick Copits PDEstore 1.8 - Multiple Cross-Site Scripting Vulnerabilities Dick Copits PDEstore 1.8 - Cross-Site Scripting Multiple Vulnerabilities Advanced Guestbook 2.x - Multiple Cross-Site Scripting Vulnerabilities Advanced Guestbook 2.x - Cross-Site Scripting Multiple Vulnerabilities Caravel CMS 3.0 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities Caravel CMS 3.0 Beta 1 - Cross-Site Scripting Multiple Vulnerabilities Liferay Portal Enterprise 3.6.1 - Multiple Cross-Site Scripting Vulnerabilities Liferay Portal Enterprise 3.6.1 - Cross-Site Scripting Multiple Vulnerabilities Beehive Forum 0.6.2 - Multiple HTML Injection Vulnerabilities Beehive Forum 0.6.2 - HTML Injection Multiple Vulnerabilities ComputerOil Redakto CMS 3.2 - Multiple Cross-Site Scripting Vulnerabilities ComputerOil Redakto CMS 3.2 - Cross-Site Scripting Multiple Vulnerabilities Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities Dell PacketTrap PSA 7.1 - Multiple Cross-Site Scripting Vulnerabilities Dell PacketTrap MSP RMM 6.6.x - Cross-Site Scripting Multiple Vulnerabilities Dell PacketTrap PSA 7.1 - Cross-Site Scripting Multiple Vulnerabilities FatWire UpdateEngine 6.2 - Multiple Cross-Site Scripting Vulnerabilities FatWire UpdateEngine 6.2 - Cross-Site Scripting Multiple Vulnerabilities Kayako SupportSuite 3.0 0.26 - Multiple Cross-Site Scripting Vulnerabilities Kayako SupportSuite 3.0 0.26 - Cross-Site Scripting Multiple Vulnerabilities Faq-O-Matic 2.711 - Multiple Cross-Site Scripting Vulnerabilities Faq-O-Matic 2.711 - Cross-Site Scripting Multiple Vulnerabilities GTP iCommerce - Multiple Cross-Site Scripting Vulnerabilities GTP iCommerce - Cross-Site Scripting Multiple Vulnerabilities CheesyBlog 1.0 - Multiple HTML Injection Vulnerabilities CheesyBlog 1.0 - HTML Injection Multiple Vulnerabilities MyBB 1.0.2 - Multiple Cross-Site Scripting Vulnerabilities MyBB 1.0.2 - Cross-Site Scripting Multiple Vulnerabilities SoftMaker Shop - Multiple Cross-Site Scripting Vulnerabilities CyberShop Ultimate E-Commerce - Multiple Cross-Site Scripting Vulnerabilities cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities SoftMaker Shop - Cross-Site Scripting Multiple Vulnerabilities CyberShop Ultimate E-Commerce - Cross-Site Scripting Multiple Vulnerabilities cPanel 10.8.1 - Cross-Site Scripting Multiple Vulnerabilities Papoo 2.1.x - Multiple Cross-Site Scripting Vulnerabilities Papoo 2.1.x - Cross-Site Scripting Multiple Vulnerabilities Clever Copy 2.0/3.0 - Multiple HTML Injection Vulnerabilities Clever Copy 2.0/3.0 - HTML Injection Multiple Vulnerabilities V-Webmail 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities V-Webmail 1.6.2 - Cross-Site Scripting Multiple Vulnerabilities Dragonfly CMS 9.0.6 1 Your_Account Module - Multiple Cross-Site Scripting Vulnerabilities Dragonfly CMS 9.0.6 1 News Module - Multiple Cross-Site Scripting Vulnerabilities Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Cross-Site Scripting Vulnerabilities Dragonfly CMS 9.0.6.1 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities Dragonfly CMS 9.0.6.1 Surveys Module - Multiple Cross-Site Scripting Vulnerabilities Dragonfly CMS 9.0.6 1 Your_Account Module - Cross-Site Scripting Multiple Vulnerabilities Dragonfly CMS 9.0.6 1 News Module - Cross-Site Scripting Multiple Vulnerabilities Dragonfly CMS 9.0.6.1 Stories_Archive Module - Cross-Site Scripting Multiple Vulnerabilities Dragonfly CMS 9.0.6.1 Web_Links Module - Cross-Site Scripting Multiple Vulnerabilities Dragonfly CMS 9.0.6.1 Surveys Module - Cross-Site Scripting Multiple Vulnerabilities TextFileBB 1.0 - Multiple Cross-Site Scripting Vulnerabilities TextFileBB 1.0 - Cross-Site Scripting Multiple Vulnerabilities txtForum 1.0.3/1.0.4 - Multiple Cross-Site Scripting Vulnerabilities txtForum 1.0.3/1.0.4 - Cross-Site Scripting Multiple Vulnerabilities FusionZONE CouponZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities FusionZONE CouponZONE 4.2 - Cross-Site Scripting Multiple Vulnerabilities ActiveCampaign SupportTrio 2.50.2 - Multiple Cross-Site Scripting Vulnerabilities RealestateZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities ActiveCampaign SupportTrio 2.50.2 - Cross-Site Scripting Multiple Vulnerabilities RealestateZONE 4.2 - Cross-Site Scripting Multiple Vulnerabilities AL-Caricatier 2.5 - Multiple Cross-Site Scripting Vulnerabilities AL-Caricatier 2.5 - Cross-Site Scripting Multiple Vulnerabilities Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities Bitweaver CMS 1.3 - Cross-Site Scripting Multiple Vulnerabilities Tritanium Bulletin Board 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities Tritanium Bulletin Board 1.2.3 - Cross-Site Scripting Multiple Vulnerabilities Interaktiv.shop 4/5 - Multiple Cross-Site Scripting Vulnerabilities Interaktiv.shop 4/5 - Cross-Site Scripting Multiple Vulnerabilities Manila 9.0.1 - Multiple Cross-Site Scripting Vulnerabilities Manila 9.0.1 - Cross-Site Scripting Multiple Vulnerabilities BannerFarm 2.3 - Multiple Cross-Site Scripting Vulnerabilities BannerFarm 2.3 - Cross-Site Scripting Multiple Vulnerabilities Portal Pack 6.0 - Multiple Cross-Site Scripting Vulnerabilities Portal Pack 6.0 - Cross-Site Scripting Multiple Vulnerabilities NextAge Shopping Cart - Multiple HTML Injection Vulnerabilities PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities NextAge Shopping Cart - HTML Injection Multiple Vulnerabilities PHPWebFTP 2.3 - Cross-Site Scripting Multiple Vulnerabilities CuteNews 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities Farsinews 2.5.3 - Multiple Cross-Site Scripting Vulnerabilities CuteNews 1.4.1 - Cross-Site Scripting Multiple Vulnerabilities Farsinews 2.5.3 - Cross-Site Scripting Multiple Vulnerabilities SunShop Shopping Cart 3.5 - Multiple Cross-Site Scripting Vulnerabilities SunShop Shopping Cart 3.5 - Cross-Site Scripting Multiple Vulnerabilities MyNews 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities MyNews 1.6.2 - Cross-Site Scripting Multiple Vulnerabilities AR-Blog 5.2 - Multiple Cross-Site Scripting Vulnerabilities vCard 2.9 - Multiple Cross-Site Scripting Vulnerabilities AR-Blog 5.2 - Cross-Site Scripting Multiple Vulnerabilities vCard 2.9 - Cross-Site Scripting Multiple Vulnerabilities Portix-PHP 2-0.3.2 Portal - Multiple Cross-Site Scripting Vulnerabilities Portix-PHP 2-0.3.2 Portal - Cross-Site Scripting Multiple Vulnerabilities DELTAScripts PHP Pro Publish 2.0 - Multiple Cross-Site Scripting Vulnerabilities DELTAScripts PHP Pro Publish 2.0 - Cross-Site Scripting Multiple Vulnerabilities vBulletin 2.x/3.x - Multiple Cross-Site Scripting Vulnerabilities Datecomm 1.1 - Multiple Cross-Site Scripting Vulnerabilities vBulletin 2.x/3.x - Cross-Site Scripting Multiple Vulnerabilities Datecomm 1.1 - Cross-Site Scripting Multiple Vulnerabilities H-Sphere 2.5.1 - Multiple Cross-Site Scripting Vulnerabilities H-Sphere 2.5.1 - Cross-Site Scripting Multiple Vulnerabilities QTO File Manager 1.0 - Multiple Cross-Site Scripting Vulnerabilities QTO File Manager 1.0 - Cross-Site Scripting Multiple Vulnerabilities PostNuke 0.6x/0.7x - Multiple Cross-Site Scripting Vulnerabilities PostNuke 0.6x/0.7x - Cross-Site Scripting Multiple Vulnerabilities D-Link DSL-2740B - Multiple Cross-Site Request Forgery Vulnerabilities D-Link DSL-2740B - Cross-Site Request Forgery Multiple Vulnerabilities BlackBoard Products 6 - Multiple HTML Injection Vulnerabilities BlackBoard Products 6 - HTML Injection Multiple Vulnerabilities BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities BlaBla 4U - Cross-Site Scripting Multiple Vulnerabilities MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities MyBB 1.1.7 - HTML Injection Multiple Vulnerabilities Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities Open-Xchange Guard 2.4.2 - Cross-Site Scripting Multiple Vulnerabilities IDevSpot BizDirectory 1.9 - Multiple Cross-Site Scripting Vulnerabilities IDevSpot BizDirectory 1.9 - Cross-Site Scripting Multiple Vulnerabilities EXPBlog 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities EXPBlog 0.3.5 - Cross-Site Scripting Multiple Vulnerabilities Yetihost Helm 3.2.10 - Multiple Cross-Site Scripting Vulnerabilities Yetihost Helm 3.2.10 - Cross-Site Scripting Multiple Vulnerabilities Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities Sphpblog 0.8 - Cross-Site Scripting Multiple Vulnerabilities cPanel 11 Beta - Multiple Cross-Site Scripting Vulnerabilities cPanel 11 Beta - Cross-Site Scripting Multiple Vulnerabilities cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities cPanel Web Hosting Manager 3.1 - Cross-Site Scripting Multiple Vulnerabilities Omniture SiteCatalyst - Multiple Cross-Site Scripting Vulnerabilities Omniture SiteCatalyst - Cross-Site Scripting Multiple Vulnerabilities Mobilelib Gold - Multiple Cross-Site Scripting Vulnerabilities Mobilelib Gold - Cross-Site Scripting Multiple Vulnerabilities 212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities Bitweaver 1.3.1 Articles and Blogs - Multiple Cross-Site Scripting Vulnerabilities 212Cafe Board - Cross-Site Scripting Multiple Vulnerabilities Bitweaver 1.3.1 Articles and Blogs - Cross-Site Scripting Multiple Vulnerabilities WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress 2.1.1 - Cross-Site Scripting Multiple Vulnerabilities Woltlab Burning Board 2.3.6 - Multiple HTML Injection Vulnerabilities Woltlab Burning Board 2.3.6 - HTML Injection Multiple Vulnerabilities WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities WMSCMS 2.0 - Cross-Site Scripting Multiple Vulnerabilities TP-Link WR740N/WR740ND - Multiple Cross-Site Request Forgery Vulnerabilities TP-Link WR740N/WR740ND - Cross-Site Request Forgery Multiple Vulnerabilities phpMyAdmin 2.9.1 - Multiple Cross-Site Scripting Vulnerabilities phpMyAdmin 2.9.1 - Cross-Site Scripting Multiple Vulnerabilities Scientific-Atlanta_ Inc. DPR2320R2 - Multiple Cross-Site Request Forgery Vulnerabilities Scientific-Atlanta_ Inc. DPR2320R2 - Cross-Site Request Forgery Multiple Vulnerabilities Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities Digirez 3.4 - Cross-Site Scripting Multiple Vulnerabilities eFront 3.6.14 (build 18012) - Multiple Persistent Cross-Site Scripting Vulnerabilities eFront 3.6.14 (build 18012) - Persistent Cross-Site Scripting Multiple Vulnerabilities Calendarix 0.7.20070307 - Multiple Cross-Site Scripting Vulnerabilities Calendarix 0.7.20070307 - Cross-Site Scripting Multiple Vulnerabilities Oliver - Multiple Cross-Site Scripting Vulnerabilities Oliver - Cross-Site Scripting Multiple Vulnerabilities ASP cvmatik 1.1 - Multiple HTML Injection Vulnerabilities ASP cvmatik 1.1 - HTML Injection Multiple Vulnerabilities Beetel TC1-450 Airtel Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities Beetel TC1-450 Airtel Wireless Router - Cross-Site Request Forgery Multiple Vulnerabilities Vigile CMS 1.8 Wiki Module - Multiple Cross-Site Scripting Vulnerabilities Vigile CMS 1.8 Wiki Module - Cross-Site Scripting Multiple Vulnerabilities Stuffed Guys Stuffed Tracker - Multiple Cross-Site Scripting Vulnerabilities Stuffed Guys Stuffed Tracker - Cross-Site Scripting Multiple Vulnerabilities Technicolor TC7200 - Multiple Cross-Site Request Forgery Vulnerabilities Technicolor TC7200 - Multiple Cross-Site Scripting Vulnerabilities Technicolor TC7200 - Cross-Site Request Forgery Multiple Vulnerabilities Technicolor TC7200 - Cross-Site Scripting Multiple Vulnerabilities pMachine Pro 2.4.1 - Multiple Cross-Site Scripting Vulnerabilities pMachine Pro 2.4.1 - Cross-Site Scripting Multiple Vulnerabilities Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities SocketKB 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities Alcatel Lucent Omnivista 4760 - Cross-Site Scripting Multiple Vulnerabilities SocketKB 1.1.5 - Cross-Site Scripting Multiple Vulnerabilities Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities Seagate BlackArmor NAS sg2000-2000.1331 - Persistent Cross-Site Scripting Multiple Vulnerabilities Flyspray 0.9.9 - Multiple Cross-Site Scripting Vulnerabilities Flyspray 0.9.9 - Cross-Site Scripting Multiple Vulnerabilities AwesomeTemplateEngine 1 - Multiple Cross-Site Scripting Vulnerabilities AwesomeTemplateEngine 1 - Cross-Site Scripting Multiple Vulnerabilities Snitz Forums 2000 3.4.5/3.4.6 - Multiple Cross-Site Scripting Vulnerabilities Snitz Forums 2000 3.4.5/3.4.6 - Cross-Site Scripting Multiple Vulnerabilities Joomla! Component SMF Forum 1.1.4 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component SMF Forum 1.1.4 - Cross-Site Scripting Multiple Vulnerabilities DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Multiple Cross-Site Scripting Vulnerabilities DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Cross-Site Scripting Multiple Vulnerabilities e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities e107 CMS 0.7 - Cross-Site Scripting Multiple Vulnerabilities Jeebles Directory 2.9.60 - Multiple Cross-Site Scripting Vulnerabilities Jeebles Directory 2.9.60 - Cross-Site Scripting Multiple Vulnerabilities IBM Rational ClearQuest 7.0 - Multiple Cross-Site Scripting Vulnerabilities IBM Rational ClearQuest 7.0 - Cross-Site Scripting Multiple Vulnerabilities DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities DivXDB 2002 0.94b - Cross-Site Scripting Multiple Vulnerabilities QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities QT-cute QuickTalk Guestbook 1.6 - Cross-Site Scripting Multiple Vulnerabilities osCommerce 2.1/2.2 - Multiple Cross-Site Scripting Vulnerabilities osCommerce 2.1/2.2 - Cross-Site Scripting Multiple Vulnerabilities Tux CMS 0.1 - Multiple Cross-Site Scripting Vulnerabilities Tux CMS 0.1 - Cross-Site Scripting Multiple Vulnerabilities Horde Turba 3.1.7 - Multiple Cross-Site Scripting Vulnerabilities Horde Turba 3.1.7 - Cross-Site Scripting Multiple Vulnerabilities SchoolCenter 7.5 - Multiple Cross-Site Scripting Vulnerabilities SchoolCenter 7.5 - Cross-Site Scripting Multiple Vulnerabilities Hot Links SQL-PHP - Multiple Cross-Site Scripting Vulnerabilities Hot Links SQL-PHP - Cross-Site Scripting Multiple Vulnerabilities SimpleNotes - Multiple Cross-Site Scripting Vulnerabilities SimpleNotes - Cross-Site Scripting Multiple Vulnerabilities PEGames - Multiple Cross-Site Scripting Vulnerabilities PEGames - Cross-Site Scripting Multiple Vulnerabilities Pluck CMS 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities Pluck CMS 4.5.2 - Cross-Site Scripting Multiple Vulnerabilities Quate CMS 0.3.4 - Multiple Cross-Site Scripting Vulnerabilities Quate CMS 0.3.4 - Cross-Site Scripting Multiple Vulnerabilities Ubee EVW3200 - Multiple Persistent Cross-Site Scripting Vulnerabilities Ubee EVW3200 - Persistent Cross-Site Scripting Multiple Vulnerabilities TimeTrex Time 2.2 and Attendance Module - Multiple Cross-Site Scripting Vulnerabilities Accellion File Transfer - Multiple Cross-Site Scripting Vulnerabilities TimeTrex Time 2.2 and Attendance Module - Cross-Site Scripting Multiple Vulnerabilities Accellion File Transfer - Cross-Site Scripting Multiple Vulnerabilities vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.0.4 - Cross-Site Scripting Multiple Vulnerabilities @Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting Vulnerabilities @Mail 5.42 and @Mail WebMail 5.0.5 - Cross-Site Scripting Multiple Vulnerabilities Silentum LoginSys 1.0 - Multiple Cross-Site Scripting Vulnerabilities Silentum LoginSys 1.0 - Cross-Site Scripting Multiple Vulnerabilities Gallery 2.0 - Multiple Cross-Site Scripting Vulnerabilities Gallery 2.0 - Cross-Site Scripting Multiple Vulnerabilities Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities Paranews 3.4 - Cross-Site Scripting Multiple Vulnerabilities Flatpress 0.804 - Multiple Cross-Site Scripting Vulnerabilities Flatpress 0.804 - Cross-Site Scripting Multiple Vulnerabilities Membership Script - Multiple Cross-Site Scripting Vulnerabilities Membership Script - Cross-Site Scripting Multiple Vulnerabilities Celoxis - Multiple Cross-Site Scripting Vulnerabilities Celoxis - Cross-Site Scripting Multiple Vulnerabilities WikyBlog 1.7.1 - Multiple Cross-Site Scripting Vulnerabilities WikyBlog 1.7.1 - Cross-Site Scripting Multiple Vulnerabilities UC Gateway Investment SiteEngine 5.0 - 'api.php' URI redirection UC Gateway Investment SiteEngine 5.0 - 'api.php' Open Redirection KKE Info Media Kmita Gallery - Multiple Cross-Site Scripting Vulnerabilities KKE Info Media Kmita Gallery - Cross-Site Scripting Multiple Vulnerabilities Venalsur Booking Centre 2.01 - Multiple Cross-Site Scripting Vulnerabilities Venalsur Booking Centre 2.01 - Cross-Site Scripting Multiple Vulnerabilities CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities CMS Made Simple 1.11.10 - Cross-Site Scripting Multiple Vulnerabilities Autonomy Ultraseek - 'cs.html' URI redirection Autonomy Ultraseek - 'cs.html' Open Redirection E-PHP B2B Trading Marketplace Script - Multiple Cross-Site Scripting Vulnerabilities E-PHP B2B Trading Marketplace Script - Cross-Site Scripting Multiple Vulnerabilities Yektaweb Academic Web Tools CMS 1.4.2.8/1.5.7 - Multiple Cross-Site Scripting Vulnerabilities Yektaweb Academic Web Tools CMS 1.4.2.8/1.5.7 - Cross-Site Scripting Multiple Vulnerabilities Verlihub Control Panel 1.7 - Multiple Cross-Site Scripting Vulnerabilities Verlihub Control Panel 1.7 - Cross-Site Scripting Multiple Vulnerabilities Achievo 1.3.4 - Multiple Cross-Site Scripting Vulnerabilities Achievo 1.3.4 - Cross-Site Scripting Multiple Vulnerabilities Webmedia Explorer 5.0.9/5.10 - Multiple Cross-Site Scripting Vulnerabilities Webmedia Explorer 5.0.9/5.10 - Cross-Site Scripting Multiple Vulnerabilities XZeroScripts XZero Community Classifieds 4.97.8 - Multiple Cross-Site Scripting Vulnerabilities XZeroScripts XZero Community Classifieds 4.97.8 - Cross-Site Scripting Multiple Vulnerabilities Joomla! Component com_user - 'view' URI Redirection Joomla! Component com_user - 'view' Open Redirection Miniweb 2.0 Site Builder Module - Multiple Cross-Site Scripting Vulnerabilities Miniweb 2.0 Site Builder Module - Cross-Site Scripting Multiple Vulnerabilities Censura < 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities Censura < 2.1.1 - Cross-Site Scripting Multiple Vulnerabilities McAfee Network Security Manager 5.1.7 - Multiple Cross-Site Scripting Vulnerabilities McAfee Network Security Manager 5.1.7 - Cross-Site Scripting Multiple Vulnerabilities OpenFiler 2.99.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities OpenFiler 2.99.1 - Persistent Cross-Site Scripting Multiple Vulnerabilities AfterLogic WebMail Pro 4.7.10 - Multiple Cross-Site Scripting Vulnerabilities AfterLogic WebMail Pro 4.7.10 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Subscribe to Comments 2.0 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Subscribe to Comments 2.0 - Cross-Site Scripting Multiple Vulnerabilities phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities phpMyFAQ < 2.5.4 - Cross-Site Scripting Multiple Vulnerabilities Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities Binatone DT 850W Wireless Router - Cross-Site Request Forgery Multiple Vulnerabilities Discuz! 2.0 - Multiple Cross-Site Scripting Vulnerabilities Discuz! 2.0 - Cross-Site Scripting Multiple Vulnerabilities @lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities @lex Guestbook 5.0 - Cross-Site Scripting Multiple Vulnerabilities Mayan-EDms web-based document management OS system - Multiple Persistent Cross-Site Scripting Vulnerabilities Mayan-EDms web-based document management OS system - Persistent Cross-Site Scripting Multiple Vulnerabilities Joomla! Component EasyBook 2.0.0rc4 - Multiple HTML Injection Vulnerabilities Joomla! Component EasyBook 2.0.0rc4 - HTML Injection Multiple Vulnerabilities KnowGate hipergate 4.0.12 - Multiple Cross-Site Scripting Vulnerabilities KnowGate hipergate 4.0.12 - Cross-Site Scripting Multiple Vulnerabilities vBulletin 3.5.4 - Multiple Cross-Site Scripting Vulnerabilities vBulletin 3.5.4 - Cross-Site Scripting Multiple Vulnerabilities Portrait Software Portrait Campaign Manager 4.6.1.22 - Multiple Cross-Site Scripting Vulnerabilities Portrait Software Portrait Campaign Manager 4.6.1.22 - Cross-Site Scripting Multiple Vulnerabilities vBulletin 4.0.2 - Multiple Cross-Site Scripting Vulnerabilities vBulletin 4.0.2 - Cross-Site Scripting Multiple Vulnerabilities Sparta Systems TrackWise EQms - Multiple Cross-Site Scripting Vulnerabilities Sparta Systems TrackWise EQms - Cross-Site Scripting Multiple Vulnerabilities PHPWind 6.0 - Multiple Cross-Site Scripting Vulnerabilities PHPWind 6.0 - Cross-Site Scripting Multiple Vulnerabilities SpringSource (Multiple Products) - Multiple HTML Injection Vulnerabilities SpringSource (Multiple Products) - HTML Injection Multiple Vulnerabilities Chipmunk NewsLetter 2.0 - Multiple Cross-Site Scripting Vulnerabilities Chipmunk NewsLetter 2.0 - Cross-Site Scripting Multiple Vulnerabilities Datetopia Match Agency BiZ - Multiple Cross-Site Scripting Vulnerabilities Datetopia Match Agency BiZ - Cross-Site Scripting Multiple Vulnerabilities Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities Bilboplanet 2.0 - Cross-Site Scripting Multiple Vulnerabilities Hitmaaan Gallery 1.3 - Multiple Cross-Site Scripting Vulnerabilities Hitmaaan Gallery 1.3 - Cross-Site Scripting Multiple Vulnerabilities Ez Poll Hoster - Multiple Cross-Site Scripting Vulnerabilities Ez Poll Hoster - Cross-Site Scripting Multiple Vulnerabilities LiveZilla 3.1.8.3 - Multiple Cross-Site Scripting Vulnerabilities LiveZilla 3.1.8.3 - Cross-Site Scripting Multiple Vulnerabilities Worxware DCP-Portal 7.0 - Multiple Cross-Site Scripting Vulnerabilities Worxware DCP-Portal 7.0 - Cross-Site Scripting Multiple Vulnerabilities phpFaber CMS 2.0.5 - Multiple Cross-Site Scripting Vulnerabilities phpFaber CMS 2.0.5 - Cross-Site Scripting Multiple Vulnerabilities SimpNews 2.47.3 - Multiple Cross-Site Scripting Vulnerabilities SimpNews 2.47.3 - Cross-Site Scripting Multiple Vulnerabilities eliteCMS 1.01 - Multiple Cross-Site Scripting Vulnerabilities eliteCMS 1.01 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Firestats 1.6.5 - Cross-Site Scripting Multiple Vulnerabilities Diem 5.1.2 - Multiple Cross-Site Scripting Vulnerabilities Diem 5.1.2 - Cross-Site Scripting Multiple Vulnerabilities Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities Claus Muus Spitfire 1.0.336 - Cross-Site Scripting Multiple Vulnerabilities SyndeoCMS 2.9 - Multiple HTML Injection Vulnerabilities SyndeoCMS 2.9 - HTML Injection Multiple Vulnerabilities Sourcefabric Campsite - Multiple Cross-Site Scripting Vulnerabilities Sourcefabric Campsite - Cross-Site Scripting Multiple Vulnerabilities FuseTalk 3.2/4.0 - Multiple Cross-Site Scripting Vulnerabilities FuseTalk 3.2/4.0 - Cross-Site Scripting Multiple Vulnerabilities PHP Stock Management System 1.02 - Multiple Persistent Cross-Site Scripting Vulnerabilities PHP Stock Management System 1.02 - Persistent Cross-Site Scripting Multiple Vulnerabilities Hulihan Applications Amethyst 0.1.5 - Multiple HTML Injection Vulnerabilities Muraus Open Blog - Multiple HTML Injection Vulnerabilities Hulihan Applications Amethyst 0.1.5 - HTML Injection Multiple Vulnerabilities Muraus Open Blog - HTML Injection Multiple Vulnerabilities WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin WooCommerce Store Exporter 1.7.5 - Cross-Site Scripting Multiple Vulnerabilities Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities Preation Eden Platform 27.7.2010 - HTML Injection Multiple Vulnerabilities Mystic 0.1.4 - Multiple Cross-Site Scripting Vulnerabilities Onyx - Multiple Cross-Site Scripting Vulnerabilities Mystic 0.1.4 - Cross-Site Scripting Multiple Vulnerabilities Onyx - Cross-Site Scripting Multiple Vulnerabilities Online Work Order Suite Lite Edition - Multiple Cross-Site Scripting Vulnerabilities Online Work Order Suite Lite Edition - Cross-Site Scripting Multiple Vulnerabilities Valarsoft WebMatic 3.0.5 - Multiple HTML Injection Vulnerabilities Valarsoft WebMatic 3.0.5 - HTML Injection Multiple Vulnerabilities Amiro.CMS 5.8.4.0 - Multiple HTML Injection Vulnerabilities Amiro.CMS 5.8.4.0 - HTML Injection Multiple Vulnerabilities StatsCode - Multiple Cross-Site Scripting Vulnerabilities StatsCode - Cross-Site Scripting Multiple Vulnerabilities e-Soft24 Jokes Portal Script Seo 1.0 - Multiple Cross-Site Scripting Vulnerabilities e-Soft24 Jokes Portal Script Seo 1.0 - Cross-Site Scripting Multiple Vulnerabilities Open Classifieds - Multiple Cross-Site Scripting Vulnerabilities Open Classifieds - Cross-Site Scripting Multiple Vulnerabilities OpenText LiveLink 9.7.1 - Multiple Cross-Site Scripting Vulnerabilities OpenText LiveLink 9.7.1 - Cross-Site Scripting Multiple Vulnerabilities Micro CMS 1.0 - 'name' HTML Injection Micro CMS 1.0 - 'name' HTML Injection (1) eCardMAX - Multiple Cross-Site Scripting Vulnerabilities eCardMAX - Cross-Site Scripting Multiple Vulnerabilities Ronny CMS 1.1 r935 - Multiple HTML Injection Vulnerabilities Ronny CMS 1.1 r935 - HTML Injection Multiple Vulnerabilities eXV2 CMS - Multiple Cross-Site Scripting Vulnerabilities eXV2 CMS - Cross-Site Scripting Multiple Vulnerabilities Wiccle Web Builder 2.0 - Multiple Cross-Site Scripting Vulnerabilities Micro CMS 1.0 - 'name' HTML Injection Wiccle Web Builder 2.0 - Cross-Site Scripting Multiple Vulnerabilities Micro CMS 1.0 - 'name' HTML Injection (2) Flatnux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities Flatnux 2009-03-27 - Cross-Site Scripting Multiple Vulnerabilities Elastix 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities Elastix 2.0.2 - Cross-Site Scripting Multiple Vulnerabilities Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities Croogo 2.0.0 - Persistent Cross-Site Scripting Multiple Vulnerabilities Change CMS 3.6.8 - Multiple Cross-Site Request Forgery Vulnerabilities Change CMS 3.6.8 - Cross-Site Request Forgery Multiple Vulnerabilities OpenWrt 10.03 - Multiple Cross-Site Scripting Vulnerabilities OpenWrt 10.03 - Cross-Site Scripting Multiple Vulnerabilities Contenido CMS 4.8.12 - Multiple Cross-Site Scripting Vulnerabilities Contenido CMS 4.8.12 - Cross-Site Scripting Multiple Vulnerabilities SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Cross-Site Scripting Multiple Vulnerabilities ManageEngine EventLog Analyzer 6.1 - Multiple Cross-Site Scripting Vulnerabilities ManageEngine EventLog Analyzer 6.1 - Cross-Site Scripting Multiple Vulnerabilities Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component com_mailto - Cross-Site Scripting Multiple Vulnerabilities Mura CMS - Multiple Cross-Site Scripting Vulnerabilities Mura CMS - Cross-Site Scripting Multiple Vulnerabilities BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities BlogCFC 5.9.6.001 - Cross-Site Scripting Multiple Vulnerabilities Radius Manager 3.6 - Multiple Cross-Site Scripting Vulnerabilities Social Share - Multiple Cross-Site Scripting Vulnerabilities Radius Manager 3.6 - Cross-Site Scripting Multiple Vulnerabilities Social Share - Cross-Site Scripting Multiple Vulnerabilities Habari 0.6.5 - Multiple Cross-Site Scripting Vulnerabilities Habari 0.6.5 - Cross-Site Scripting Multiple Vulnerabilities Openfire 3.6.4 - Multiple Cross-Site Scripting Vulnerabilities Openfire 3.6.4 - Cross-Site Scripting Multiple Vulnerabilities phpSound Music Sharing Platform 1.0.5 - Multiple Cross-Site Scripting Vulnerabilities phpSound Music Sharing Platform 1.0.5 - Cross-Site Scripting Multiple Vulnerabilities vBSEO 3.2.2/3.5.2 - Multiple Cross-Site Scripting Vulnerabilities vBSEO 3.2.2/3.5.2 - Cross-Site Scripting Multiple Vulnerabilities ViArt Shop 4.0.5 - Multiple Cross-Site Scripting Vulnerabilities ViArt Shop 4.0.5 - Cross-Site Scripting Multiple Vulnerabilities CiviCRM 3.3.3 - Multiple Cross-Site Scripting Vulnerabilities UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities CiviCRM 3.3.3 - Cross-Site Scripting Multiple Vulnerabilities UMI CMS 2.8.1.2 - Cross-Site Scripting Multiple Vulnerabilities Dolphin 7.0.4 - Multiple Cross-Site Scripting Vulnerabilities Dolphin 7.0.4 - Cross-Site Scripting Multiple Vulnerabilities MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities MG2 0.5.1 - Cross-Site Scripting Multiple Vulnerabilities Gollos 2.8 - Cross-Site Scripting Multiple Vulnerabilities Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities Photopad 1.2 - Cross-Site Scripting Multiple Vulnerabilities Support Incident Tracker (SiT!) 3.62 - Multiple Cross-Site Scripting Vulnerabilities Support Incident Tracker (SiT!) 3.62 - Cross-Site Scripting Multiple Vulnerabilities Pragyan CMS 3.0 Beta - Multiple Cross-Site Scripting Vulnerabilities Pragyan CMS 3.0 Beta - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Sodahead Polls 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Rating-Widget 1.3.1 - Multiple Cross-Site Scripting Vulnerabilities XOOPS 2.x - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Sodahead Polls 2.0.2 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Rating-Widget 1.3.1 - Cross-Site Scripting Multiple Vulnerabilities XOOPS 2.x - Cross-Site Scripting Multiple Vulnerabilities MC Content Manager 10.1.1 - Multiple Cross-Site Scripting Vulnerabilities GrapeCity Data Dynamics Reports 1.6.2084.14 - Multiple Cross-Site Scripting Vulnerabilities MC Content Manager 10.1.1 - Cross-Site Scripting Multiple Vulnerabilities GrapeCity Data Dynamics Reports 1.6.2084.14 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Daily Maui Photo Widget 0.2 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Daily Maui Photo Widget 0.2 - Cross-Site Scripting Multiple Vulnerabilities Kusaba X 0.9 - Multiple Cross-Site Scripting Vulnerabilities Kusaba X 0.9 - Cross-Site Scripting Multiple Vulnerabilities Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities Humhub 0.10.0-rc.1 - Persistent Cross-Site Scripting Multiple Vulnerabilities Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities Alkacon OpenCMS 7.5.x - Cross-Site Scripting Multiple Vulnerabilities Claroline 1.10 - Multiple HTML Injection Vulnerabilities Claroline 1.10 - HTML Injection Multiple Vulnerabilities YaCOMAS 0.3.6 OpenCMS - Multiple Cross-Site Scripting Vulnerabilities YaCOMAS 0.3.6 OpenCMS - Cross-Site Scripting Multiple Vulnerabilities webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities webSPELL 4.2.2a - Cross-Site Scripting Multiple Vulnerabilities YaPiG 0.95 - Multiple Cross-Site Scripting Vulnerabilities YaPiG 0.95 - Cross-Site Scripting Multiple Vulnerabilities PHPDug 2.0 - Multiple Cross-Site Scripting Vulnerabilities PHPDug 2.0 - Cross-Site Scripting Multiple Vulnerabilities Keyfax Customer Response Management 3.2.2.6 - Multiple Cross-Site Scripting Vulnerabilities Keyfax Customer Response Management 3.2.2.6 - Cross-Site Scripting Multiple Vulnerabilities poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities poMMo Aardvark PR16.1 - Cross-Site Scripting Multiple Vulnerabilities Argyle Social - Multiple Cross-Site Scripting Vulnerabilities Argyle Social - Cross-Site Scripting Multiple Vulnerabilities Mitel Audio and Web Conferencing 4.4.3.0 - Multiple Cross-Site Scripting Vulnerabilities Mitel Audio and Web Conferencing 4.4.3.0 - Cross-Site Scripting Multiple Vulnerabilities PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities PHP Calendar Basic 2.3 - Cross-Site Scripting Multiple Vulnerabilities phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities phpScheduleIt 1.2.12 - Cross-Site Scripting Multiple Vulnerabilities Blog:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities Blog:CMS 4.2 - Cross-Site Scripting Multiple Vulnerabilities miniblog 1.0 - Multiple Cross-Site Scripting Vulnerabilities miniblog 1.0 - Cross-Site Scripting Multiple Vulnerabilities Mambo 4.6.x - Multiple Cross-Site Scripting Vulnerabilities Mambo 4.6.x - Cross-Site Scripting Multiple Vulnerabilities Joomla! 1.6.3 - Multiple Cross-Site Scripting Vulnerabilities Flatpress 0.1010.1 - Multiple Cross-Site Scripting Vulnerabilities Joomla! 1.6.3 - Cross-Site Scripting Multiple Vulnerabilities Flatpress 0.1010.1 - Cross-Site Scripting Multiple Vulnerabilities MBoard 1.3 - 'url' URI Redirection PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities MBoard 1.3 - 'url' Open Redirection PHPJunkYard GBook 1.6/1.7 - Cross-Site Scripting Multiple Vulnerabilities TCExam 11.2.x - Multiple Cross-Site Scripting Vulnerabilities TCExam 11.2.x - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin bSuite 4.0.7 - Multiple HTML Injection Vulnerabilities WordPress Plugin bSuite 4.0.7 - HTML Injection Multiple Vulnerabilities Joomla! < 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities Joomla! < 1.6.5 - Cross-Site Scripting Multiple Vulnerabilities Cyberoam UTM - Multiple Cross-Site Scripting Vulnerabilities Cyberoam UTM - Cross-Site Scripting Multiple Vulnerabilities Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities Online Grades 3.2.5 - Cross-Site Scripting Multiple Vulnerabilities Sitecore CMS 6.4.1 - 'url' URI Redirection Sitecore CMS 6.4.1 - 'url' Open Redirection Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities Curverider Elgg 1.7.9 - Cross-Site Scripting Multiple Vulnerabilities HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities HESK 2.2 - Cross-Site Scripting Multiple Vulnerabilities Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities Exponent CMS 2.3.1 - Cross-Site Scripting Multiple Vulnerabilities Softbiz Recipes Portal Script - Multiple Cross-Site Scripting Vulnerabilities Softbiz Recipes Portal Script - Cross-Site Scripting Multiple Vulnerabilities OpenEMR 4.0 - Multiple Cross-Site Scripting Vulnerabilities OpenEMR 4.0 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin eShop 6.2.8 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin eShop 6.2.8 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin WP-Stats-Dashboard 2.6.5.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin WP-Stats-Dashboard 2.6.5.1 - Cross-Site Scripting Multiple Vulnerabilities Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities Open Classifieds 1.7.2 - Cross-Site Scripting Multiple Vulnerabilities IBM Open Admin Tool 2.71 - Multiple Cross-Site Scripting Vulnerabilities IBM Open Admin Tool 2.71 - Cross-Site Scripting Multiple Vulnerabilities GuppY CMS 5.0.9 < 5.00.10 - Multiple Cross-Site Request Forgery Vulnerabilities GuppY CMS 5.0.9 < 5.00.10 - Cross-Site Request Forgery Multiple Vulnerabilities Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities Papoo CMS Light 4.0 - Cross-Site Scripting Multiple Vulnerabilities Microsoft SharePoint 2007/2010 - 'Source' Multiple URI Open redirection Vulnerabilities Microsoft SharePoint 2007/2010 - 'Source' Multiple Open Redirections PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities PunBB 1.3.5 - Cross-Site Scripting Multiple Vulnerabilities Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities Zyncro 3.0.1.20 - HTML Injection Multiple Vulnerabilities Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities Adobe ColdFusion 7 - Cross-Site Scripting Multiple Vulnerabilities Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities Joomla! < 1.7.0 - Cross-Site Scripting Multiple Vulnerabilities Bitweaver 2.8.1 - Cross-Site Scripting Multiple Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (1) Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.5 - Cross-Site Scripting Multiple Vulnerabilities BugFree 2.1.3 - Multiple Cross-Site Scripting Vulnerabilities BugFree 2.1.3 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Pretty Link 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Pretty Link 1.4.56 - Cross-Site Scripting Multiple Vulnerabilities Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities Tine 2.0 - Cross-Site Scripting Multiple Vulnerabilities InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities InverseFlow 2.4 - Cross-Site Scripting Multiple Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2) eFront 3.6.10 Build 11944 - Multiple Cross-Site Scripting Vulnerabilities eFront 3.6.10 Build 11944 - Cross-Site Scripting Multiple Vulnerabilities CmyDocument - Multiple Cross-Site Scripting Vulnerabilities CmyDocument - Cross-Site Scripting Multiple Vulnerabilities AShop - Open-redirection / Cross-Site Scripting Joomla! Component com_alfcontact 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities AShop - Open Redirection / Cross-Site Scripting Joomla! Component com_alfcontact 1.9.3 - Cross-Site Scripting Multiple Vulnerabilities PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Cross-Site Scripting Vulnerabilities PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Cross-Site Scripting Multiple Vulnerabilities Zen Cart CMS 1.3.9h - Multiple Cross-Site Scripting Vulnerabilities Zen Cart CMS 1.3.9h - Cross-Site Scripting Multiple Vulnerabilities eSyndiCat Pro 2.3.5 - Multiple Cross-Site Scripting Vulnerabilities eSyndiCat Pro 2.3.5 - Cross-Site Scripting Multiple Vulnerabilities Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities Pulse Pro 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities Fork CMS 3.1.5 - Cross-Site Scripting Multiple Vulnerabilities Pulse Pro 1.7.2 - Cross-Site Scripting Multiple Vulnerabilities epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities epesi BIM 1.2 rev 8154 - Cross-Site Scripting Multiple Vulnerabilities Orchard 1.3.9 - 'ReturnUrl' URI Redirection Orchard 1.3.9 - 'ReturnUrl' Open Redirection WordPress Plugin Age Verification 0.4 - 'redirect_to' URI Redirection WordPress Plugin Age Verification 0.4 - 'redirect_to' Open Redirection KnowledgeTree 3.x - Multiple Cross-Site Scripting Vulnerabilities KnowledgeTree 3.x - Cross-Site Scripting Multiple Vulnerabilities ATutor 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities Beehive Forum 101 - Multiple Cross-Site Scripting Vulnerabilities phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities ATutor 2.0.3 - Cross-Site Scripting Multiple Vulnerabilities Beehive Forum 101 - Cross-Site Scripting Multiple Vulnerabilities phpVideoPro 0.8.x/0.9.7 - Cross-Site Scripting Multiple Vulnerabilities Acidcat ASP CMS 3.5 - Multiple Cross-Site Scripting Vulnerabilities Acidcat ASP CMS 3.5 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Video Gallery 2.8 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Plugin Video Gallery 2.8 - Cross-Site Request Forgery Multiple Vulnerabilities GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities GForge 5.7.1 - Cross-Site Scripting Multiple Vulnerabilities LxCenter Kloxo 6.1.10 - Multiple HTML Injection Vulnerabilities LxCenter Kloxo 6.1.10 - HTML Injection Multiple Vulnerabilities Tiki Wiki CMS Groupware - 'url' URI Redirection Tiki Wiki CMS Groupware - 'url' Open Redirection F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities F*EX 20100208/20111129-2 - Cross-Site Scripting Multiple Vulnerabilities Webglimpse 2.x - Multiple Cross-Site Scripting Vulnerabilities Webglimpse 2.x - Cross-Site Scripting Multiple Vulnerabilities OSQA's CMS - Multiple HTML Injection Vulnerabilities OSQA's CMS - HTML Injection Multiple Vulnerabilities Matthew1471 BlogX - Multiple Cross-Site Scripting Vulnerabilities Matthew1471 BlogX - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Uploadify Integration 0.9.6 - Cross-Site Scripting Multiple Vulnerabilities Joomla! Plugin Beatz 1.1 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Plugin Beatz 1.1 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Yahoo Answer - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Yahoo Answer - Cross-Site Scripting Multiple Vulnerabilities Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities Croogo CMS 1.3.4 - HTML Injection Multiple Vulnerabilities WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin NewsLetter Manager 1.0 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin NewsLetter Manager 1.0 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Media Library Categories - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin LeagueManager 3.7 - Cross-Site Scripting Multiple Vulnerabilities PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities PHP Address Book 7.0 - Cross-Site Scripting Multiple Vulnerabilities Opsview 4.6.2 - Multiple Cross-Site Scripting Vulnerabilities Opsview 4.6.2 - Cross-Site Scripting Multiple Vulnerabilities SPIP 2.x - Multiple Cross-Site Scripting Vulnerabilities SPIP 2.x - Cross-Site Scripting Multiple Vulnerabilities TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities TEMENOS T24 - Cross-Site Scripting Multiple Vulnerabilities WebsitePanel - 'ReturnUrl' URI Redirection WebsitePanel - 'ReturnUrl' Open Redirection Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities Simple Machines 2.0.2 - HTML Injection Multiple Vulnerabilities ocPortal 7.1.5 - 'redirect' URI Redirection Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities ocPortal 7.1.5 - 'redirect' Open Redirection Scrutinizer 9.0.1.19899 - Cross-Site Scripting Multiple Vulnerabilities Distimo Monitor - Multiple Cross-Site Scripting Vulnerabilities Distimo Monitor - Cross-Site Scripting Multiple Vulnerabilities Total Shop UK eCommerce CodeIgniter - Multiple Cross-Site Scripting Vulnerabilities Total Shop UK eCommerce CodeIgniter - Cross-Site Scripting Multiple Vulnerabilities Monstra - Multiple HTML Injection Vulnerabilities Monstra - HTML Injection Multiple Vulnerabilities Power-eCommerce - Multiple Cross-Site Scripting Vulnerabilities Power-eCommerce - Cross-Site Scripting Multiple Vulnerabilities Web Wiz Forums - Multiple Cross-Site Scripting Vulnerabilities LibGuides - Multiple Cross-Site Scripting Vulnerabilities Web Wiz Forums - Cross-Site Scripting Multiple Vulnerabilities LibGuides - Cross-Site Scripting Multiple Vulnerabilities Phorum 5.2.18 - Multiple Cross-Site Scripting Vulnerabilities PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities Phorum 5.2.18 - Cross-Site Scripting Multiple Vulnerabilities PrestaShop 1.4.7 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Slideshow - Cross-Site Scripting Multiple Vulnerabilities Silverstripe CMS 2.4.x - 'BackURL' URI Redirection Silverstripe CMS 2.4.x - 'BackURL' Open Redirection AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities AxisInternet VoIP Manager - Cross-Site Scripting Multiple Vulnerabilities WordPress Theme Purity - Multiple Cross-Site Scripting Vulnerabilities WordPress Theme Purity - Cross-Site Scripting Multiple Vulnerabilities Switchvox - Multiple HTML Injection Vulnerabilities Switchvox - HTML Injection Multiple Vulnerabilities WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Akismet - Cross-Site Scripting Multiple Vulnerabilities WANem - Multiple Cross-Site Scripting Vulnerabilities WANem - Cross-Site Scripting Multiple Vulnerabilities NetCat CMS - Multiple Cross-Site Scripting Vulnerabilities NetCat CMS - Cross-Site Scripting Multiple Vulnerabilities BloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities BloofoxCMS 0.3.5 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Plugin Contact Form Generator 2.0.1 - Cross-Site Request Forgery Multiple Vulnerabilities Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities Smartphone Pentest Framework - Remote Command Execution Multiple Vulnerabilities Joomla! Component com_incapsula - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component com_incapsula - Cross-Site Scripting Multiple Vulnerabilities Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities Openfire 3.10.2 - Cross-Site Scripting Multiple Vulnerabilities Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities Perforce P4Web - Cross-Site Scripting Multiple Vulnerabilities Sonar - Multiple Cross-Site Scripting Vulnerabilities Sonar - Cross-Site Scripting Multiple Vulnerabilities MIMEsweeper For SMTP - Multiple Cross-Site Scripting Vulnerabilities MIMEsweeper For SMTP - Cross-Site Scripting Multiple Vulnerabilities phpMyRecipes - Multiple HTML Injection Vulnerabilities phpMyRecipes - HTML Injection Multiple Vulnerabilities OrionDB Web Directory - Multiple Cross-Site Scripting Vulnerabilities OrionDB Web Directory - Cross-Site Scripting Multiple Vulnerabilities PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities PHP Server Monitor 3.1.1 - Cross-Site Request Forgery Multiple Vulnerabilities Elastix - Multiple Cross-Site Scripting Vulnerabilities Elastix - Cross-Site Scripting Multiple Vulnerabilities Telaen 2.7.x - Open redirection Telaen 2.7.x - Open Redirection Xaraya - Multiple Cross-Site Scripting Vulnerabilities Xaraya - Cross-Site Scripting Multiple Vulnerabilities Mintboard - Multiple Cross-Site Scripting Vulnerabilities Mintboard - Cross-Site Scripting Multiple Vulnerabilities NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities NXFilter 3.0.3 - Cross-Site Scripting Multiple Vulnerabilities PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities PrestaShop - Cross-Site Request Forgery Multiple Vulnerabilities Magnolia CMS - Multiple Cross-Site Scripting Vulnerabilities Magnolia CMS - Cross-Site Scripting Multiple Vulnerabilities Alienvault Open Source SIEM (OSSIM) - Multiple Cross-Site Scripting Vulnerabilities Alienvault Open Source SIEM (OSSIM) - Cross-Site Scripting Multiple Vulnerabilities appRain CMF - Multiple Cross-Site Request Forgery Vulnerabilities appRain CMF - Cross-Site Request Forgery Multiple Vulnerabilities WordPress Plugin Event Easy Calendar - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Plugin Event Easy Calendar - Cross-Site Request Forgery Multiple Vulnerabilities Silverstripe CMS - Multiple HTML Injection Vulnerabilities Silverstripe CMS - HTML Injection Multiple Vulnerabilities OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities OpenMRS 2.3 (1.11.4) - Cross-Site Scripting Multiple Vulnerabilities OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities OpenX 2.8.x - Cross-Site Request Forgery Multiple Vulnerabilities ZamFoo - Multiple Remote Command Execution Vulnerabilities ZamFoo - Remote Command Execution Multiple Vulnerabilities ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities ATutor 2.2 - Cross-Site Scripting Multiple Vulnerabilities ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities ProjectSend r582 - Cross-Site Scripting Multiple Vulnerabilities NationBuilder - Multiple Persistent Cross-Site Scripting Vulnerabilities NationBuilder - Persistent Cross-Site Scripting Multiple Vulnerabilities w2wiki - Multiple Cross-Site Scripting Vulnerabilities w2wiki - Cross-Site Scripting Multiple Vulnerabilities Radiant CMS 1.1.3 - Multiple Persistent Cross-Site Scripting Vulnerabilities Radiant CMS 1.1.3 - Persistent Cross-Site Scripting Multiple Vulnerabilities Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities Apache Archiva 1.3.9 - Cross-Site Request Forgery Multiple Vulnerabilities Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities Wowza Streaming Engine 4.5.0 - Cross-Site Scripting Multiple Vulnerabilities Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities Nagios Network Analyzer 2.2.1 - Cross-Site Request Forgery Multiple Vulnerabilities InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities InfraPower PPS-02-S Q213V1 - Cross-Site Scripting Multiple Vulnerabilities ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities ViMbAdmin 3.0.15 - Cross-Site Request Forgery Multiple Vulnerabilities PHPMyFAQ 2.9.8 - Cross-Site Scripting PHPMyFAQ 2.9.8 - Cross-Site Scripting (1) Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (1) Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2) phpMyFAQ 2.9.8 - Cross-Site Scripting phpMyFAQ 2.9.8 - Cross-Site Scripting (2) Kaltura < 13.1.0 - Remote Code Execution Kaltura < 13.2.0 - Remote Code Execution Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection FS Shutter Stock Clone - 'keywords' SQL Injection FS Thumbtack Clone - 'ser' SQL Injection FS Trademe Clone - 'id' SQL Injection FS Monster Clone - 'id' SQL Injection FS Care Clone - 'sitterService' SQL Injection FS Crowdfunding Script - 'id' SQL Injection FS Realtor Clone - 'id' SQL Injection KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting	2017-10-26 05:01:38 +00:00
Offensive Security	5bd93d7e45	DB: 2017-10-25 ... 12 new exploits Apple Mac OSX xnu 1228.0 - mach-o Local Kernel Denial of Service (PoC) Apple Mac OSX xnu 1228.0 - 'mach-o' Local Kernel Denial of Service (PoC) Apple Mac OSX xnu 1228.0 - super_blob Local kernel Denial of Service (PoC) Apple Mac OSX xnu 1228.0 - 'super_blob' Local kernel Denial of Service (PoC) Administrador de Contenidos - Admin Login Bypass Administrador de Contenidos - Admin Authentication Bypass Microsoft Windows Kernel - DeferWindowPos Use-After-Free (MS15-073) Microsoft Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073) Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073) Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073) Microsoft Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061) Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061) Microsoft Windows Kernel - SURFOBJ Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061) Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061) Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - FlashWindowEx​ Memory Corruption (MS15-097) Microsoft Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097) Microsoft Windows Kernel - 'FlashWindowEx​' Memory Corruption (MS15-097) Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097) Microsoft Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflows (MS15-097) Microsoft Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097) Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097) Blue Coat ProxySG 5.x - and Security Gateway OS Denial of Service Blue Coat ProxySG 5.x and Security Gateway OS - Denial of Service Microsoft Windows Kernel - win32k!OffsetChildren Null Pointer Dereference Microsoft Windows Kernel - 'win32k!OffsetChildren' Null Pointer Dereference Apple Mac OSX - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution Apple Mac OSX - 'IOBluetoothHCIUserClient' Arbitrary Kernel Code Execution Apple Mac OSX - gst_configure Kernel Buffer Overflow Apple Mac OSX - IntelAccelerator::gstqConfigure Exploitable Kernel NULL Dereference Apple Mac OSX - 'gst_configure' Kernel Buffer Overflow Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Exploitable Kernel NULL Dereference Microsoft Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read Microsoft Windows Kernel - 'NtGdiGetTextExtentExW'' Out-of-Bounds Memory Read Microsoft Windows Kernel - win32k Denial of Service (MS16-135) Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135) Microsoft Windows 10 Kernel - nt!NtTraceControl (EtwpSetProviderTraits) Pool Memory Disclosure Microsoft Windows 10 Kernel - 'nt!NtTraceControl (EtwpSetProviderTraits)' Pool Memory Disclosure Microsoft Windows Kernel - win32k.sys '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) AIX 5.2 - netpmon Local Elevated Privileges Exploit AIX 5.2 - ipl_varyon Local Elevated Privileges Exploit AIX 5.2 - 'netpmon' Local Privilege Escalation AIX 5.2 - 'ipl_varyon' Local Privilege Escalation Willing Webcam 2.8 - Licence Info Disclosure Local Exploit Willing Webcam 2.8 - Licence Information Disclosure Local Exploit Solaris 7.0 cancel - Exploit Solaris 7.0 chkperm - Exploit Solaris 7.0 - 'cancel' Exploit Solaris 7.0 - 'chkperm' Exploit Apple Mac OSX 10.4.x - Shared_Region_Make_Private_Np Kernel Function Local Memory Corruption Apple Mac OSX 10.4.x - 'Shared_Region_Make_Private_Np' Kernel Function Local Memory Corruption Apple macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free Mikogo 5.4.1.160608 - Local Credentials Disclosure THOMSON ST585 - 'user.ini' Arbitrary Download THOMSON ST585 - 'user.ini' Arbitrary Disclosure THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Download THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Disclosure Adobe Flash and Reader - Live Malware (PoC) Adobe Flash / Reader - Live Malware (PoC) Unify eWave ServletExec 3 - JSP Source Disclosure Unify eWave ServletExec 3 - .JSP Source Disclosure 1C: Arcadia Internet Store 1.0 - Show Path 1C: Arcadia Internet Store 1.0 - Path Disclosure Adobe ColdFusion 9 - Administrative Login Bypass (Metasploit) Adobe ColdFusion 9 - Administrative Authentication Bypass (Metasploit) Apache Tomcat 6.0.13 - Cookie Handling Quote Delimiter Session ID Disclosure Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure myNewsletter 1.1.2 - 'adminLogin.asp' Login Bypass myNewsletter 1.1.2 - 'adminLogin.asp' Authentication Bypass 2BGal 3.0 - '/admin/configuration.inc.php' Local Inclusion Exploit 2BGal 3.0 - '/admin/configuration.inc.php' Local File Inclusion Estate Agent Manager 1.3 - 'default.asp' Login Bypass Property Pro 1.0 - 'vir_Login.asp' Remote Login Bypass Estate Agent Manager 1.3 - 'default.asp' Authentication Bypass Property Pro 1.0 - 'vir_Login.asp' Remote Authentication Bypass Hpecs Shopping Cart - Remote Login Bypass Hpecs Shopping Cart - Remote Authentication Bypass HR Assist 1.05 - 'vdateUsr.asp' Remote Login Bypass HR Assist 1.05 - 'vdateUsr.asp' Remote Authentication Bypass PHPX 3.5.16 - Cookie Poisoning / Login Bypass PHPX 3.5.16 - Cookie Poisoning / Authentication Bypass Absolute File Send 1.0 - Remote Cookie Handling Absolute File Send 1.0 - Remote Insecure Cookie Handling Absolute Poll Manager XE 4.1 - Cookie Handling Absolute Poll Manager XE 4.1 - Insecure Cookie Handling TR News 2.1 - 'login.php' Remote Login Bypass TR News 2.1 - 'login.php' Remote Authentication Bypass PhpAddEdit 1.3 - 'cookie' Login Bypass PhpAddEdit 1.3 - 'cookie' Authentication Bypass 2532/Gigs 1.2.2 Stable - Remote Login Bypass 2532/Gigs 1.2.2 Stable - Remote Authentication Bypass Flexcustomer 0.0.6 - Admin Login Bypass / Possible PHP code writing Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP code writing ClearBudget 0.6.1 - Insecure Database Download ClearBudget 0.6.1 - Insecure Database Disclosure ClanTiger < 1.1.1 - Multiple Cookie Handling Vulnerabilities ClanTiger < 1.1.1 - Multiple Insecure Cookie Handling Vulnerabilities 2DayBiz Custom T-shirt Design -(SQL Injection / Cross-Site Scripting 2DayBiz Custom T-shirt Design - SQL Injection / Cross-Site Scripting ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Info Disclosure Vulnerabilities ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Information Disclosure Vulnerabilities Amiro.CMS 5.4.0.0 - Folder Disclosure Amiro.CMS 5.4.0.0 - Path Disclosure Mura CMS 5.1 - Root Folder Disclosure Mura CMS 5.1 - Root Path Disclosure jgbbs-3.0beta1 - Database Download PSnews - Database Download jgbbs-3.0beta1 - Database Disclosure PSnews - Database Disclosure AspBB - Active Server Page Bulletin Board Database Download Futility Forum 1.0 Revamp - Database Download htmlArea 2.03 - Database Download Uguestbook - Database Download BaalASP 2.0 - Database Download Fully Functional ASP Forum 1.0 - Database Download makit news/blog poster 3.1 - Database Download AspBB - Active Server Page Bulletin Board Database Disclosure Futility Forum 1.0 Revamp - Database Disclosure htmlArea 2.03 - Database Disclosure Uguestbook - Database Disclosure BaalASP 2.0 - Database Disclosure Fully Functional ASP Forum 1.0 - Database Disclosure makit news/blog poster 3.1 - Database Disclosure ASP Battle Blog - Database Download ASP Battle Blog - Database Disclosure Proxyroll.com Clone PHP Script - Cookie Handling Proxyroll.com Clone PHP Script - Insecure Cookie Handling YP Portal MS-Pro Surumu 1.0 - Database Download YP Portal MS-Pro Surumu 1.0 - Database Disclosure Lebi soft Ziyaretci Defteri 7.5 - Database Download Net Gitar Shop 1.0 - Database Download Lebi soft Ziyaretci Defteri 7.5 - Database Disclosure Net Gitar Shop 1.0 - Database Disclosure VP-ASP Shopping Cart 7.0 - Database Download VP-ASP Shopping Cart 7.0 - Database Disclosure Asp VevoCart Control System 3.0.4 - Database Download Asp VevoCart Control System 3.0.4 - Database Disclosure MoME CMS 0.8.5 - Remote Login Bypass RoseOnlineCMS 3 B1 - Remote Login Bypass MoME CMS 0.8.5 - Remote Authentication Bypass RoseOnlineCMS 3 B1 - Remote Authentication Bypass al3jeb script - Remote Login Bypass al3jeb script - Remote Authentication Bypass Al Sat Scripti - Database Download Al Sat Scripti - Database Disclosure Mp3 MuZik - DataBase Download Mp3 MuZik - Database Disclosure My School Script - Data Base Download My School Script - Database Disclosure Azimut Technologie - Admin Login Bypass Azimut Technologie - Admin Authentication Bypass Auction_Software Script - Admin Login Bypass Auction_Software Script - Admin Authentication Bypass BSI Hotel Booking System Admin 1.4/2.0 - Login Bypass BSI Hotel Booking System Admin 1.4/2.0 - Authentication Bypass DeluxeBB 1.3 - Private Info Disclosure DeluxeBB 1.3 - Private Information Disclosure Qcodo Development Framework 0.3.3 - Full Info Disclosure Qcodo Development Framework 0.3.3 - Full Information Disclosure CosmoQuest - Login Bypass CosmoQuest - Authentication Bypass PHProjekt 2.x/3.x - Login Bypass PHProjekt 2.x/3.x - Authentication Bypass MapInfo Discovery 1.0/1.1 - Administrative Login Bypass MapInfo Discovery 1.0/1.1 - Administrative Authentication Bypass Keyvan1 ImageGallery - Database Download Keyvan1 ImageGallery - Database Disclosure Simple File Manager 024 - Login Bypass Simple File Manager 024 - Authentication Bypass Adobe ColdFusion 9 - Administrative Login Bypass Adobe ColdFusion 9 - Administrative Authentication Bypass RASPcalendar 1.01 - [ASP] Admin Login RASPcalendar 1.01 (ASP) - Admin Login Zend-Framework - Full Info Disclosure Zend-Framework - Full Information Disclosure Simple E-document 1.31 - Login Bypass Simple E-document 1.31 - Authentication Bypass ZYXEL P-660HN-T1A Router - Login Bypass ZYXEL P-660HN-T1A Router - Authentication Bypass agXchange ESM - 'ucschcancelproc.jsp' Open redirection agXchange ESM - 'ucschcancelproc.jsp' Open Redirection ESRI ArcGIS for Server - 'where' Form Field SQL Injection ESRI ArcGIS for Server - 'where' Form SQL Injection ZTE ZXHN H108N Router - Unauthenticated Config Download ZTE ZXHN H108N Router - Unauthenticated Config Disclosure FS Car Rental Script - 'pickup_location' SQL Injection FS Amazon Clone - 'category_id' SQL Injection FS Book Store Script - 'category' SQL Injection FS Ebay Clone - 'pd_maincat_id' SQL Injection FS Food Delivery Script - 'keywords' SQL Injection FS Expedia Clone - 'hid' SQL Injection FS Freelancer Clone - 'sk' SQL Injection FS Groupon Clone - 'category' SQL Injection FS Indiamart Clone - 'keywords' SQL Injection FS Lynda Clone - 'category' SQL Injection FS OLX Clone - 'catg_id' SQL Injection	2017-10-25 05:01:35 +00:00
Offensive Security	538da000af	DB: 2017-10-24 ... 10 new exploits FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service NetBSD FTPd / Tnftpd - Remote Stack Overflow (PoC) NetBSD - 'FTPd / Tnftpd' Remote Stack Overflow (PoC) FreeBSD 6/8 - ata device Local Denial of Service FreeBSD 6/8 - ata Device Local Denial of Service FreeBSD 7.2 - pecoff executable Local Denial of Service FreeBSD 7.2 - 'pecoff' Local Denial of Service FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service FreeBSD / OpenBSD - 'ftpd' Null Pointer Dereference Denial of Service FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off-By-One (PoC) FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC) FreeBSD Kernel - 'mountnfs()' Exploit FreeBSD - 'mountnfs()' Exploit FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition FreeBSD 8.1/7.3 - 'vm.pmap' Local Race Condition Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service BSD/Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service FreeBSD 3.0/3.1/3.2 vfs_cache - Denial of Service FreeBSD 3.0/3.1/3.2 - 'vfs_cache' Denial of Service FreeBSD Kernel - SCTP Remote NULL Ptr Dereference Denial of Service FreeBSD - SCTP Remote NULL Ptr Dereference Denial of Service OpenBSD 3.3/3.4 sysctl - Local Denial of Service OpenBSD 3.3/3.4 - 'sysctl' Local Denial of Service FreeBSD 9.1 ftpd - Remote Denial of Service FreeBSD 9.1 - 'ftpd' Remote Denial of Service FreeBSD 6.0/6.1 Ftrucante - Local Denial of Service FreeBSD 6.0/6.1 - Ftrucante Local Denial of Service NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow Multiple BSD Distributions - 'strfmon()' Integer Overflow BSD (Multiple Distributions) - 'strfmon()' Integer Overflow Multiple BSD Distributions - 'gdtoa/misc.c' Memory Corruption BSD (Multiple Distributions) - 'gdtoa/misc.c' Memory Corruption Multiple BSD Distributions - 'printf(3)' Memory Corruption BSD (Multiple Distributions) - 'printf(3)' Memory Corruption FreeBSD Kernel - Multiple Vulnerabilities FreeBSD - Multiple Vulnerabilities FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow FreeBSD 10.2 (x64) - 'amd64_set_ldt' Heap Overflow ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service FreeBSD 3.5.1/4.2 - ports package xklock Privilege Escalation FreeBSD 3.5.1/4.2 - Ports Package elvrec Privilege Escalation FreeBSD 3.5.1/4.2 - Ports Package 'xklock' Privilege Escalation FreeBSD 3.5.1/4.2 - Ports Package 'elvrec' Privilege Escalation OpenBSD ftp - Exploit OpenBSD - 'ftp' Exploit FreeBSD /usr/bin/top - Format String FreeBSD - '/usr/bin/top' Format String FreeBSD 4.x / < 5.4 - master.passwd Disclosure FreeBSD 4.x / < 5.4 - 'master.passwd' Disclosure FreeBSD mcweject 0.9 (eject) - Buffer Overflow Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Buffer Overflow Privilege Escalation Oracle 10g - CTX_DOC.MARKUP SQL Injection Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection FreeBSD 6x/7 protosw Kernel - Privilege Escalation FreeBSD 6x/7 - 'protosw' Privilege Escalation FreeBSD 7.0-RELEASE Telnet Daemon - Privilege Escalation FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation FreeBSD 7.0/7.1 - 'ktimer' Kernel Privilege Escalation FreeBSD 7.0/7.1 - 'ktimer' Privilege Escalation FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation FreeBSD 7.0/7.1 - 'vfs.usermount' Privilege Escalation Multiple BSD Distributions - 'setusercontext()' Vulnerabilities BSD (Multiple Distributions) - 'setusercontext()' Vulnerabilities FreeBSD Kernel - 'nfs_mount()' Exploit FreeBSD - 'nfs_mount()' Exploit FreeBSD 5.4-RELEASE ftpd 6.00LS - sendfile kernel mem-leak Exploit FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak Exploit Sun Solaris 7.0 sdtcm_convert - Exploit Sun Solaris 7.0 - 'sdtcm_convert' Exploit BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (3) BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - rlogin Exploit BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (3) BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit NetBSD 1.3.2 / SGI IRIX 6.5.1 at(1) - Exploit NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Exploit Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (2) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (1) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (2) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (1) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2) BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit FreeBSD 3.3 gdc - Buffer Overflow FreeBSD 3.3 gdc - Symlink Exploit FreeBSD 3.3 - Seyon setgid dialer FreeBSD 3.3 xmindpath - Buffer Overflow FreeBSD 3.3 angband - Buffer Overflow FreeBSD 3.3 - 'gdc' Buffer Overflow FreeBSD 3.3 - 'gdc' Symlink Exploit FreeBSD 3.3 - Seyon setgid Dialer FreeBSD 3.3 - 'xmindpath' Buffer Overflow FreeBSD 3.3 - 'angband' Buffer Overflow FreeBSD 3.0/3.1/3.2/3.3/3.4 Asmon/Ascpu - Exploit FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Exploit BSD mailx 8.1.1-10 - Buffer Overflow (1) BSD mailx 8.1.1-10 - Buffer Overflow (2) BSD 'mailx' 8.1.1-10 - Buffer Overflow (1) BSD 'mailx' 8.1.1-10 - Buffer Overflow (2) OpenBSD 2.x - fstat Format String OpenBSD 2.x - 'fstat' Format String BSD lpr 0.54 -4 - Arbitrary Command Execution BSD 'lpr' 0.54 -4 - Arbitrary Command Execution FreeBSD 3.5/4.x /usr/bin/top - Format String FreeBSD 3.5/4.x - '/usr/bin/top' Format String Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2) BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1) BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2) BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1) BSD Kernel - SHMAT System Call Privilege Escalation BSD - SHMAT System Call Privilege Escalation Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation Linux Kernel < 3.8.x - open-time Capability 'file_ns_capable()' Privilege Escalation FreeBSD 9.0 < 9.1 mmap/ptrace - Privilege Escalation FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Privilege Escalation NetBSD mail.local(8) - Privilege Escalation (Metasploit) NetBSD - 'mail.local(8)' Privilege Escalation (Metasploit) OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing OpenBSD 3.9/4.0 - 'ld.so' Local Environment Variable Clearing FreeBSD 7.1 libc - Berkley DB Interface Uninitialized Memory Local Information Disclosure FreeBSD 7.1 - libc Berkley DB Interface Uninitialized Memory Local Information Disclosure Apple Mac OSX 10.10 - DYLD_PRINT_TO_FILE Privilege Escalation Apple Mac OSX 10.10 - 'DYLD_PRINT_TO_FILE' Privilege Escalation Apple Mac OSX 10.10.5 - XNU Privilege Escalation Apple Mac OSX 10.10.5 - 'XNU' Privilege Escalation Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit) Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation (Metasploit) NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006) NetBSD - 'mail.local(8)' Privilege Escalation Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege Escalation Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Privilege Escalation Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Privilege Escalation Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation BSD TelnetD - Remote Command Execution (1) BSD - 'TelnetD' Remote Command Execution (1) ftpd / ProFTPd (FreeBSD) - Remote Command Execution FreeBSD - 'ftpd / ProFTPd' Remote Command Execution FreeBSD Telnet Service - Encryption Key ID Buffer Overflow (Metasploit) FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit) BSD 4.2 fingerd - Buffer Overflow BSD 4.2 - 'fingerd' Buffer Overflow BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (1) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (2) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (1) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (2) BSD TelnetD - Remote Command Execution (2) BSD - 'TelnetD' Remote Command Execution (2) FreeBSD 3.x/4.x - ipfw Filtering Evasion FreeBSD 3.x/4.x - 'ipfw' Filtering Evasion FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Buffer Overflow FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Vulnerabilities Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - TelnetD Buffer Overflow Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Buffer Overflow NetBSD 1.x TalkD - User Validation NetBSD 1.x - 'TalkD' User Validation tnftp - clientside BSD Exploit tnftp (FreeBSD 8/9/10) - 'tnftp' Client Eide Exploit Ayukov NFTP FTP Client < 2.0 - Buffer Overflow Unitrends UEB 9 - http api/storage Remote Root (Metasploit) Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit) Polycom - Command Shell Authorization Bypass (Metasploit) Joomla! Component Photo Blog alpha 3 - alpha 3a SQL Injection Joomla! Component Photo Blog alpha 3 < alpha 3a - SQL Injection cPanel 10.9 - dosetmytheme 'theme' Cross-Site Scripting cPanel 10.9 - 'dosetmytheme?theme' Cross-Site Scripting Korean GHBoard - Component/upload.jsp Unspecified Arbitrary File Upload Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload TP-Link TL-MR3220 - Cross-Site Scripting Logitech Media Server - Cross-Site Scripting CometChat < 6.2.0 BETA 1 - Local File Inclusion Kaltura < 13.1.0 - Remote Code Execution	2017-10-24 05:02:00 +00:00
Offensive Security	4db3e03d4f	DB: 2017-10-23	2017-10-23 05:01:29 +00:00
Offensive Security	1fb0adc9ce	DB: 2017-10-22	2017-10-22 05:01:29 +00:00
Offensive Security	7de3f31675	DB: 2017-10-21 ... 9 new exploits Too many to list!	2017-10-21 05:01:31 +00:00
Offensive Security	61c8ca796b	DB: 2017-10-20 ... 1 new exploits Too many to list!	2017-10-20 05:01:31 +00:00
Offensive Security	5d67bcf186	DB: 2017-10-19 ... 5 new exploits Too many to list!	2017-10-19 05:01:29 +00:00
Offensive Security	519f2f59ba	DB: 2017-10-18 ... 19 new exploits Mozilla (Firefox 1.0.7) (Mozilla 1.7.12) - Denial of Service Mozilla Firefox 1.0.7 (Mozilla 1.7.12) - Denial of Service Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution Microsoft Excel - OLE Arbitrary Code Execution Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns Microsoft Edge Chakra - Accesses to Uninitialized Pointers in 'StackScriptFunction::BoxState::Box' Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure Linux Kernel - 'AF_PACKET' Use-After-Free shadowsocks-libev 3.1.0 - Command Execution Shadowsocks - Log File Command Execution ModSecurity - POST Parameters Security Bypass ModSecurity - 'POST' Security Bypass Apple iOS 10.2 (14C92) - Remote Code Execution Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit) Windows x64 - API Hooking Shellcode (117 bytes) ALiCE-CMS 0.1 - (CONFIG[local_root]) Remote File Inclusion ALiCE-CMS 0.1 - 'CONFIG[local_root]' Remote File Inclusion PHPRecipeBook 2.35 - (g_rb_basedir) Remote File Inclusion PHPRecipeBook 2.35 - 'g_rb_basedir' Remote File Inclusion Brim 1.2.1 - (renderer) Multiple Remote File Inclusion Brim 1.2.1 - 'renderer' Multiple Remote File Inclusion GNUBoard 4.33.02 - 'tp.php' PATH_INFO SQL Injection GNUBoard 4.33.02 - 'tp.php PATH_INFO' SQL Injection 3CX Phone System 15.5.3554.1 - Directory Traversal OpenText Documentum Content Server - Privilege Escalation OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation OpenText Documentum Content Server - dmr_content Privilege Escalation OpenText Documentum Content Server - Arbitrary File Download Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution	2017-10-18 05:01:30 +00:00
Offensive Security	461226bd00	DB: 2017-10-17 ... 3 new exploits Microsoft Office - HtmlDlgHelper Class Memory Corruption (MS10-071) Microsoft Office - 'HtmlDlgHelper' Class Memory Corruption (MS10-071) Xcode OpenBase 9.1.5 (OSX) - (Root File Create) Privilege Escalation Xcode OpenBase 9.1.5 (OSX) - Privilege Escalation (Root File Create) Linux modutils 2.3.9 - modprobe Arbitrary Command Execution Linux modutils 2.3.9 - 'modprobe' Arbitrary Command Execution Jan Hubicka Koules 1.4 - Svgalib Buffer Overflow Jan Hubicka Koules 1.4 - 'Svgalib' Buffer Overflow Internet Security Systems 3.6 - ZWDeleteFile Function Arbitrary File Deletion Internet Security Systems 3.6 - 'ZWDeleteFile()' Arbitrary File Deletion Muhammad A. Muquit wwwcount 2.3 - Count.cgi Buffer Overflow Muhammad A. Muquit wwwcount 2.3 - 'Count.cgi' Buffer Overflow Asterisk 'asterisk-addons' 1.2.7/1.4.3 CDR_ADDON_MYSQL Module - SQL Injection Asterisk 'asterisk-addons' 1.2.7/1.4.3 - CDR_ADDON_MYSQL Module SQL Injection Comdev One Admin 4.1 - Adminfoot.php Remote Code Execution Simplog 0.9.3.1 - comments.php SQL Injection Comdev One Admin 4.1 - 'Adminfoot.php' Remote Code Execution Simplog 0.9.3.1 - 'comments.php' SQL Injection Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery Webmin 1.850 - Multiple Vulnerabilities	2017-10-17 05:01:30 +00:00
Offensive Security	51c5257c7f	DB: 2017-10-14 ... 11 new exploits FreeBSD 6.1-RELEASE-p10 - (ftruncate) Local Denial of Service FreeBSD 6.1-RELEASE-p10 - (scheduler) Local Denial of Service FreeBSD 6.1-RELEASE-p10 - 'ftruncate' Local Denial of Service FreeBSD 6.1-RELEASE-p10 - 'scheduler' Local Denial of Service Mozilla Firefox 3.5.10/3.6.6 - WMP Memory Corruption Using Popups Mozilla Firefox 3.5.10/3.6.6 - 'WMP' Memory Corruption Using Popups mIRC 6.1 - DCC SEND Buffer Overflow (1) mIRC 6.1 - DCC SEND Buffer Overflow (2) mIRC 6.1 - 'DCC SEND' Buffer Overflow (1) mIRC 6.1 - 'DCC SEND' Buffer Overflow (2) Adobe Reader 9.1.3 and Acrobat - COM Objects Memory Corruption Remote Code Execution Adobe Reader 9.1.3 / Acrobat - COM Objects Memory Corruption Remote Code Execution Oracle Solaris - 'su' Local Solaris Oracle Solaris - 'su' Local Exploit Mozilla Firefox - Array.reduceRight() Integer Overflow (Metasploit) (2) Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (Metasploit) (2) Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) phpBB RPG Events 1.0 - functions_rpg_events Remote File Inclusion phpBB RPG Events 1.0 - 'functions_rpg_events' Remote File Inclusion cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP) cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP) WWWISIS 7.1 - (IsisScript) Local File Disclosure / Cross-Site Scripting WWWISIS 7.1 - 'IsisScript' Local File Disclosure / Cross-Site Scripting SCT Campus Pipeline 1.0/2.x/3.x - Render.UserLayoutRootNode.uP Cross-Site Scripting SCT Campus Pipeline 1.0/2.x/3.x - 'Render.UserLayoutRootNode.uP' Cross-Site Scripting YaPiG 0.95b - view.php img_size Parameter Cross-Site Scripting Accelerated Mortgage Manager - Password Field SQL Injection YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting Accelerated Mortgage Manager - 'Password' SQL Injection YaPiG 0.9x - Thanks_comment.php Cross-Site Scripting YaPiG 0.9x - 'Thanks_comment.php' Cross-Site Scripting Bloq 0.5.4 - 'index.php' page[path] Parameter Remote File Inclusion Bloq 0.5.4 - admin.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - rss.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - rss2.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - rdf.php page[path] Parameter Remote File Inclusion Bloq 0.5.4 - files/mainfile.php page[path] Parameter Remote File Inclusion Xoops 2.2.3 - search.php Cross-Site Scripting Bloq 0.5.4 - 'index.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'admin.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'rss.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'rss2.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'rdf.php?page[path]' Remote File Inclusion Bloq 0.5.4 - 'files/mainfile.php?page[path]' Remote File Inclusion Xoops 2.2.3 - 'search.php' Cross-Site Scripting Typo3 JobControl 2.14.0 - Cross-Site Scripting / SQL Injection Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting / SQL Injection TYPO3 ke DomPDF Extension - Remote Code Execution TYPO3 Extension ke DomPDF - Remote Code Execution TYPO3 Akronymmanager Extension 0.5.0 - SQL Injection TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection TYPO3 News Module - SQL Injection TYPO3 Extension News - SQL Injection OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting E-Sic Software livre CMS - 'q' Parameter SQL Injection E-Sic Software livre CMS - Autentication Bypass E-Sic Software livre CMS - 'cpfcnpj' Parameter SQL Injection E-Sic Software livre CMS - 'f' Parameter SQL Injection E-Sic Software livre CMS - Cross Site Scripting TYPO3 Extension Restler 1.7.0 - Local File Disclosure Dreambox Plugin BouquetEditor - Cross-Site Scripting phpMyFAQ 2.9.8 - Cross-Site Scripting	2017-10-14 05:01:31 +00:00
Offensive Security	a32f88c4ef	DB: 2017-10-13	2017-10-13 05:01:30 +00:00
Offensive Security	3cfdd1cc27	DB: 2017-10-12 ... 5 new exploits MultiTheftAuto 0.5 patch 1 - Server Crash and MOTD Deletion Exploit MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion Exploit Amaya Web Editor 11.0 - XML and HTML parser Vulnerabilities Amaya Web Editor 11.0 - XML / HTML Parser Vulnerabilities Apple Safari & QuickTime - Denial of Service Apple Safari / QuickTime - Denial of Service Real Helix DNA - RTSP and SETUP Request Handler Vulnerabilities Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities Novell Netware - CIFS And AFP Remote Memory Consumption Denial of Service Novell Netware - CIFS and AFP Remote Memory Consumption Denial of Service Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities Multiple Adobe Products - XML External Entity / XML Injection Vulnerabilities Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption Mozilla Firefox - Interleaving document.write and appendChild Denial of Service Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Denial of Service Avirt Mail 4.0/4.2 - 'Mail From:' and 'Rcpt to:' Denial of Service Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service BRS Webweaver 1.0 4 - POST and HEAD Denial of Service BRS Webweaver 1.0 4 - POST / HEAD Denial of Service Microsoft IIS 5.0 - WebDAV PROPFIND and SEARCH Method Denial of Service Microsoft IIS 5.0 - WebDAV PROPFIND / SEARCH Method Denial of Service Microsoft Internet Explorer 5.0.1 - Malformed IMG and XML Parsing Denial of Service Microsoft Internet Explorer 5.0.1 - Malformed .IMG / .XML Parsing Denial of Service Extended Module Player (xmp) 2.5.1 - 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities Extended Module Player (xmp) 2.5.1 - 'oxm.c' / 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035) Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035) Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption Nitro Pro 10.5.7.32 & Nitro Reader 5.5.3.1 - Heap Memory Corruption Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017) Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc / nt!ExpFindAndRemoveTagBigPages (MS17-017) Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow BSD & Linux umount - Privilege Escalation BSD / Linux - 'umount' Privilege Escalation BSD & Linux lpr - Privilege Escalation BSD / Linux - 'lpr' Privilege Escalation DelphiTurk CodeBank 3.1 - Local 'Username' and Password Disclosure DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure SystemTap 1.0/1.1 - '__get_argv()' and '__get_compat_argv()' Local Memory Corruption SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation Filemaker Pro 13.03 / Advanced 12.04 - Login Bypass / Privilege Escalation ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass) ASX to MP3 converter < 3.1.3.7 - '.asx' Stack Overflow (DEP Bypass) ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow Microsoft Windows - WINS Vulnerability and OS/SP Scanner Microsoft Windows - WINS Vulnerability + OS/SP Scanner Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving document.write and appendChild Exploit (From the Wild) Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit Mozilla Firefox - Interleaving document.write and appendChild Exploit (Metasploit) Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Exploit (Metasploit) Quest InTrust 10.4.x - ReportTree and SimpleTree Classes Quest InTrust 10.4.x - ReportTree / SimpleTree Classes SunOS 4.1.3 - LD_LIBRARY_PATH and LD_OPTIONS SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd RedHat Linux 5.1 / Caldera OpenLinux Standard 1.2 - Mountd Microsoft IIS 3.0/4.0 - Using ASP And FSO To Read Server Files Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files tcpdump 3.4 - Protocol Four and Zero Header Length tcpdump 3.4 - Protocol Four / Zero Header Length Symantec pcAnywhere 12.5.0 - Login and Password Field Buffer Overflow Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Buffer Overflow Microsoft Internet Explorer 5.0/4.0.1 - IFRAME Exploit Microsoft Internet Explorer 5.0/4.0.1 - iFrame Exploit Internet Security Systems ICECap Manager 2.0.23 - Default 'Username' and Password Internet Security Systems ICECap Manager 2.0.23 - Default Username and Password Technote 2000/2001 - 'Filename' Parameter Command Execution And File Disclosure Technote 2000/2001 - 'Filename' Parameter Command Execution and File Disclosure WFTPD 3.0 - 'RETR' and 'CWD' Buffer Overflow WFTPD 3.0 - 'RETR' / 'CWD' Buffer Overflow EFTP Server 2.0.7.337 - Directory and File Existence EFTP Server 2.0.7.337 - Directory Existence / File Existence Bajie HTTP Server 0.95 - Example Scripts And Servlets Cross-Site Scripting Bajie HTTP Server 0.95 - Example Scripts and Servlets Cross-Site Scripting InternetNow ProxyNow 2.6/2.75 - Multiple Stack and Heap Overflow Vulnerabilities InternetNow ProxyNow 2.6/2.75 - Multiple Stack / Heap Overflow Vulnerabilities Microsoft Windows XP - Help And Support Center Interface Spoofing Microsoft Windows XP - Help and Support Center Interface Spoofing BigAnt Server 2.97 - SCH And DUPF Buffer Overflow (Metasploit) BigAnt Server 2.97 - SCH / DUPF Buffer Overflow (Metasploit) Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence and Disclosure Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence / File Disclosure Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting 3D-FTP 8.01 - 'LIST' and 'MLSD' Directory Traversal 3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal Apache Tomcat 7.0.4 - 'sort' and 'orderBy' Parameters Cross-Site Scripting Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read Github Enterprise - Default Session Secret And Deserialization (Metasploit) Github Enterprise - Default Session Secret and Deserialization (Metasploit) VX Search Enterprise 10.1.12 - Buffer Overflow QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities Quote&Ordering System 1.0 - 'ordernum' Multiple Vulnerabilities Joomla! Component Flash uploader 2.5.1 - Remote File Inclusion Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion FlexPHPNews 0.0.6 & PRO - Authentication Bypass FlexPHPNews 0.0.6 / PRO - Authentication Bypass click&rank - SQL Injection / Cross-Site Scripting Click&Rank - SQL Injection / Cross-Site Scripting WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures WordPress Core / MU / Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass Pre Hotels&Resorts Management System - Authentication Bypass PHP-Nuke CMS - (Survey and Poll) SQL Injection PHP-Nuke CMS (Survey and Poll) - SQL Injection 60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password) 60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password) XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup Allomani Songs & Clips Script 2.7.0 - Cross-Site Request Forgery (Add Admin) Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin) Sun i-Runbook 2.5.2 - Directory And File Content Disclosure Sun i-Runbook 2.5.2 - Directory and File Content Disclosure DUclassmate 1.x - account.asp MM-recordId Parameter Arbitrary Password Modification DUclassmate 1.x - 'account.asp MM-recordId' Arbitrary Password Modification DUforum 3.x - messages.asp FOR_ID Parameter SQL Injection DUforum 3.x - messageDetail.asp MSG_ID Parameter SQL Injection DUforum 3.x - 'messages.asp FOR_ID' SQL Injection DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation And Input Validation SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation JAF CMS 4.0.0 RC2 - 'website' and 'main_dir' Parameters Multiple Remote File Inclusion JAF CMS 4.0.0 RC2 - 'website' / 'main_dir' Multiple Remote File Inclusion WordPress Plugin WP BackupPlus - Database And Files Backup Download WordPress Plugin WP BackupPlus - Database and Files Backup Download WebsiteKit Gbplus - Name and Body Fields HTML Injection Vulnerabilities WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection Gogs - (users and repos q pararm) SQL Injection Gogs - users and repos q SQL Injection WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection WebFileExplorer 3.6 - 'user' / 'pass' SQL Injection Joomla! Component 'com_tree' - 'key' Parameter SQL Injection Joomla! Component com_tree - 'key' Parameter SQL Injection Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities WeBid - Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities Squiz CMS - Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities TOTOLINK Routers - Backdoor and Remote Code Execution (PoC) TOTOLINK Routers - Backdoor / Remote Code Execution (PoC) up.time 7.5.0 - Arbitrary File Disclose And Delete Exploit up.time 7.5.0 - Upload And Execute File Exploit up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit up.time 7.5.0 - Upload and Execute Exploit Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)	2017-10-12 05:01:34 +00:00
Offensive Security	b77b178de0	DB: 2017-10-11 ... 4 new exploits Hasbani-WindWeb/2.0 - HTTP GET Remote Denial of Service Hasbani-WindWeb/2.0 - GET Remote Denial of Service KingSoft - 'UpdateOcx2.dll' 'SetUninstallName()' Heap Overflow (PoC) KingSoft - 'UpdateOcx2.dll SetUninstallName()' Heap Overflow (PoC) Konqueror 3.5.9 - (color/bgcolor) Multiple Remote Crash Vulnerabilities Konqueror 3.5.9 - 'color'/'bgcolor' Multiple Remote Crash Vulnerabilities WinFTP Server 2.3.0 - (PASV mode) Remote Denial of Service Konqueror 3.5.9 - (load) Remote Crash WinFTP Server 2.3.0 - 'PASV Mode' Remote Denial of Service Konqueror 3.5.9 - 'load' Remote Crash Nokia Mini Map Browser - (array sort) Silent Crash Nokia Mini Map Browser - 'Array Sort' Silent Crash vBulletin Cyb - Advanced Forum Statistics - 'misc.php' Denial of Service vBulletin Cyb - Advanced Forum Statistics 'misc.php' Denial of Service VideoLAN VLC Media Player < 1.1.4 - '.xspf' 'smb://' URI Handling Remote Stack Overflow (PoC) VideoLAN VLC Media Player < 1.1.4 - '.xspf smb://' URI Handling Remote Stack Overflow (PoC) HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe' 'execvp_nc' Remote Code Execution HP OpenView Network Node Manager (OV NNM) - 'webappmon.exe execvp_nc' Remote Code Execution RarCrack 0.2 - 'Filename' 'init()' '.bss' (PoC) RarCrack 0.2 - 'Filename init() .bss' (PoC) VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Function Memory Corruption VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Memory Corruption PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service PHP 'Exif' Extension - 'exif_read_data()' Remote Denial of Service GNU glibc < 2.12.2 - 'fnmatch()' Function Stack Corruption GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption PyPAM - Python bindings for PAM - Double-Free Corruption PyPAM Python bindings for PAM - Double-Free Corruption Tiny Server 1.1.9 - HTTP HEAD Denial of Service Tiny Server 1.1.9 - HEAD Denial of Service Symantec End Point Protection 11.x - & Symantec Network Access Control 11.x - LCE (PoC) Symantec End Point Protection 11.x / Symantec Network Access Control 11.x - Local Code Execution (PoC) MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service MAILsweeper SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC) FL Studio 10 Producer Edition - Buffer Overflow (SEH) (PoC) Intellicom 1.3 - 'NetBiterConfig.exe' 'Hostname' Data Remote Stack Buffer Overflow Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow MyServer 0.4.3 - HTTP GET Argument Buffer Overflow MyServer 0.5 - HTTP GET Argument Buffer Overflow MyServer 0.4.3 - GET Argument Buffer Overflow MyServer 0.5 - GET Argument Buffer Overflow Cisco Aironet AP1x00 - Malformed HTTP GET Denial of Service Cisco Aironet AP1x00 - GET Denial of Service McAfee ePolicy Orchestrator 1.x/2.x/3.0 - Agent HTTP POST Buffer Mismanagement McAfee ePolicy Orchestrator 1.x/2.x/3.0 Agent - POST Buffer Mismanagement Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (1) Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (2) Orenosv HTTP/FTP Server 0.5.9 - HTTP GET Denial of Service (3) Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (1) Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (2) Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (3) Gattaca Server 2003 - 'web.tmpl' 'Language' Parameter CPU Consumption (Denial of Service) Gattaca Server 2003 - 'web.tmpl Language' Parameter CPU Consumption (Denial of Service) Microsoft Windows XP - 'explorer.exe' '.tiff' Image Denial of Service Microsoft Windows XP - 'explorer.exe .tiff' Image Denial of Service PHPMailer 1.7 - 'Data()' Function Remote Denial of Service PHPMailer 1.7 - 'Data()' Remote Denial of Service Apple Mac OSX 10.x - '.zip' Parsing 'BOMStackPop()' Function Overflow Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow MailEnable 2.x - SMTP NTLM Authentication - Multiple Vulnerabilities MailEnable 2.x - SMTP NTLM Authentication Multiple Vulnerabilities Microsoft Windows Explorer - 'explorer.exe' '.WMV' File Handling Denial of Service Microsoft Windows Explorer - 'explorer.exe .WMV' File Handling Denial of Service MW6 Technologies Aztec - ActiveX 'Data Pparameter Buffer Overflow MW6 Technologies Aztec - ActiveX 'Data' Parameter Buffer Overflow Multiple BSD Distributions - 'strfmon()' Function Integer Overflow Multiple BSD Distributions - 'strfmon()' Integer Overflow HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'StartApp' ActiveX Control Insecure Method HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'RegistryString' Buffer Overflow HP Instant Support 1.0.22 - 'HPISDataManager.dll StartApp' ActiveX Control Insecure Method HP Instant Support 1.0.22 - 'HPISDataManager.dll RegistryString' Buffer Overflow Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Function Remote Denial of Service Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Remote Denial of Service KDE Konqueror 3.5.9 - JavaScript 'load' Function Denial of Service KDE Konqueror 3.5.9 - JavaScript 'load' Denial of Service GNU glibc 2.x - 'strfmon()' Function Integer Overflow GNU glibc 2.x - 'strfmon()' Integer Overflow Sun Java System Web Server 6.1/7.0 - HTTP 'TRACE' Heap Buffer Overflow Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot PHP 5.3.1 - 'session_save_path() Safe_mode()' Restriction Bypass Exploiot Microsoft Windows XP/Vista - '.ani' 'tagBITMAPINFOHEADER' Denial of Service Microsoft Windows XP/Vista - '.ani tagBITMAPINFOHEADER' Denial of Service PHP 5.3.2 - 'zend_strtod()' Function Floating-Point Value Denial of Service PHP 5.3.2 - 'zend_strtod()' Floating-Point Value Denial of Service PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service PHP < 5.3.6 'Zip' Extension - 'zip_fread()' Function Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Function Remote Denial of Service PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Denial of Service PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Denial of Service PHP < 5.3.6 'Zip' Extension - 'zip_fread()' Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Ciphertext Data Memory Leak Denial of Service Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection - Crash (PoC) Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName - Crash (PoC) Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW - Crash (PoC) Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey - Crash (PoC) Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection Crash (PoC) Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash (PoC) Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash (PoC) Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey Crash (PoC) CoDeSys 3.4 - HTTP POST Null Pointer Content-Length Parsing Remote Denial of Service CoDeSys 3.4 - POST Null Pointer Content-Length Parsing Remote Denial of Service Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed FDSelect Offset in the CFF Table Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed Name INDEX in the CFF Table Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed FDSelect Offset in the CFF Table Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to - Malformed CFF Table Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to Malformed CFF Table Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 - / ATMFD+0x3407b) Invalid Memory Access Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 / ATMFD+0x3407b) Invalid Memory Access BT Home Hub - 'uuid' field Buffer Overflow BT Home Hub - 'uuid' Buffer Overflow Squid - 'httpMakeVaryMark()' Function Remote Denial of Service Squid - 'httpMakeVaryMark()' Remote Denial of Service Python 3.3 < 3.5 - 'product_setstate()' Function Out-of-Bounds Read Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) - Pool Buffer Overflow (MS15-117) Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) Pool Buffer Overflow (MS15-117) Broadcom Wi-Fi SoC - Heap Overflow in _wlc_tdls_cal_mic_chk_ Due to Large RSN IE in TDLS Setup Confirm Frame Broadcom Wi-Fi SoC - Heap Overflow 'wlc_tdls_cal_mic_chk' Due to Large RSN IE in TDLS Setup Confirm Frame Microsoft Windows Kernel - win32k.sys .TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel - win32k.sys '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit) ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit ProFTPd - 'ftpdctl pr_ctrls_connect' Exploit CDRecord's ReadCD - '$RSH' 'exec()' SUID Shell Creation CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation SGI IRIX 6.5.28 - (runpriv) Design Error SGI IRIX 6.5.28 - 'runpriv' Design Error PHP < 4.4.5/5.2.1 - 'shmop' Functions Local Code Execution PHP < 4.4.5/5.2.1 - 'shmop' Local Code Execution PHP < 4.4.5/5.2.1 - '_SESSION' 'unset()' Local Exploit PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Exploit FreeBSD 6.4 - pipeclose()/knlist_cleardel() Race Condition FreeBSD 7.2 VFS/devfs - Race Condition FreeBSD 6.4 - 'pipeclose()'/'knlist_cleardel()' Race Condition FreeBSD 7.2 - VFS/devfs Race Condition Microsoft Windows 7 - 'wab32res.dll' 'wab.exe' DLL Hijacking Microsoft Windows 7 - 'wab32res.dll wab.exe' DLL Hijacking Oracle 10/11g - 'exp.exe' 'file' Parameter Local Buffer Overflow (PoC) Oracle 10/11g - 'exp.exe file' Parameter Local Buffer Overflow (PoC) Microsoft Visio - 'VISIODWG.dll' '.DXF' File Handling (MS10-028) (Metasploit) Microsoft Visio - 'VISIODWG.dll .DXF' File Handling (MS10-028) (Metasploit) ACDSee FotoSlate - '.PLP' File id Parameter Overflow (Metasploit) ACDSee FotoSlate - '.PLP' File 'id' Parameter Overflow (Metasploit) Netscape iCal 2.1 Patch2 iPlanet iCal - 'iplncal.sh' Permissions Netscape iCal 2.1 Patch2 - iPlanet iCal 'iplncal.sh' Permissions PLIB 1.8.5 - ssg/ssgParser.cxx Buffer Overflow PLIB 1.8.5 - 'ssg/ssgParser.cxx' Buffer Overflow Linux PAM 0.77 - Pam_Wheel Module 'getlogin()' 'Username' Spoofing Privilege Escalation Linux PAM 0.77 - Pam_Wheel Module 'getlogin() Username' Spoofing Privilege Escalation Microsoft ListBox/ComboBox Control - 'User32.dll' Function Buffer Overrun Microsoft ListBox/ComboBox Control - 'User32.dll' Buffer Overrun PHP 4.x/5.0/5.1 - 'mb_send_mail()' Function Parameter Restriction Bypass PHP 4.x/5.0/5.1 - 'mb_send_mail()' Parameter Restriction Bypass Microsoft Windows - 'ndproxy.sys' - Privilege Escalation (Metasploit) Microsoft Windows - 'ndproxy.sys' Privilege Escalation (Metasploit) Microsoft Windows - SeImpersonatePrivilege - Privilege Escalation Microsoft Windows - 'SeImpersonatePrivilege' Privilege Escalation Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1) Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1) Linux Kernel 2.6.x - 'rds_recvmsg()' Function Local Information Disclosure Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure MASM321 11 Quick Editor - '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass) MASM321 11 Quick Editor '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass) CompuSource Systems - Real Time Home Banking - Privilege Escalation CompuSource Systems Real Time Home Banking - Privilege Escalation Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (SUID Method) Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method) Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2) Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2) OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation Linux Kernel - 'offset2lib' 'Stack Clash' Exploit Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation OpenBSD - 'at Stack Clash' Local Privilege Escalation Linux Kernel - 'offset2lib Stack Clash' Exploit Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation Microsoft Windows - LNK Shortcut File Code Execution (Metasploit) Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit) Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass) Xine-Lib 1.1 - (media player library) Remote Format String CA iTechnology iGateway - (debug mode) Remote Buffer Overflow Xine-Lib 1.1 - 'Media Player Library' Remote Format String CA iTechnology iGateway - 'Debug Mode' Remote Buffer Overflow Microsoft Windows - NetpManageIPCConnect - Stack Overflow (MS06-070) (Python) Microsoft Windows - 'NetpManageIPCConnect' Stack Overflow (MS06-070) (Python) Microsoft Windows - DNS RPC - Remote Buffer Overflow (2) Microsoft Windows - DNS RPC Remote Buffer Overflow (2) 3proxy 0.5.3g (Linux) - 'proxy.c' 'logurl()' Remote Buffer Overflow 3proxy 0.5.3g (Windows x86) - 'proxy.c' 'logurl()' Remote Buffer Overflow 3proxy 0.5.3g - (exec-shield) 'proxy.c' 'logurl()' Remote Overflow 3proxy 0.5.3g (Linux) - 'proxy.c logurl()' Remote Buffer Overflow 3proxy 0.5.3g (Windows x86) - 'proxy.c logurl()' Remote Buffer Overflow 3proxy 0.5.3g - (exec-shield) 'proxy.c logurl()' Remote Overflow NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()/ Insecure Method NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()'/ Insecure Method CHILKAT ASP String - 'CkString.dll 1.1' 'SaveToFile()' Insecure Method CHILKAT ASP String - 'CkString.dll 1.1 SaveToFile()' Insecure Method GlobalLink 2.7.0.8 - 'glItemCom.dll' 'SetInfo()' Heap Overflow GlobalLink 2.7.0.8 - 'glItemCom.dll SetInfo()' Heap Overflow GlobalLink 2.7.0.8 - 'glitemflat.dll' 'SetClientInfo()' Heap Overflow Ultra Crypto Component - 'CryptoX.dll 2.0' 'SaveToFile()' Insecure Method GlobalLink 2.7.0.8 - 'glitemflat.dll SetClientInfo()' Heap Overflow Ultra Crypto Component - 'CryptoX.dll 2.0 SaveToFile()' Insecure Method Microsoft Visual FoxPro 6.0 - FPOLE.OCX Arbitrary Command Execution Microsoft Visual FoxPro 6.0 - 'FPOLE.OCX' Arbitrary Command Execution WebKit - 'Document()' Function Remote Information Disclosure WebKit - 'Document()' Remote Information Disclosure Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe MsgBox()' Remote Code Execution Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' 'OpenFile()' Remote Overflow Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll OpenFile()' Remote Overflow Bigant Messenger 2.52 - 'AntCore.dll' 'RegisterCom()' Remote Heap Overflow Bigant Messenger 2.52 - 'AntCore.dll RegisterCom()' Remote Heap Overflow Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass Oracle JRE - java.net.URLConnection class Same-of-Origin (SOP) Policy Bypass httpdx - 'tolog()' Function Format String (Metasploit) (1) httpdx - 'tolog()' Format String (Metasploit) (1) httpdx - 'tolog()' Function Format String (Metasploit) (2) httpdx - 'tolog()' Format String (Metasploit) (2) httpdx - 'h_handlepeer()' Function Buffer Overflow (Metasploit) httpdx - 'h_handlepeer()' Buffer Overflow (Metasploit) hplip - hpssd.py From Address Arbitrary Command Execution (Metasploit) hplip - 'hpssd.py' From Address Arbitrary Command Execution (Metasploit) Apple Mac OSX EvoCam Web Server - HTTP GET Buffer Overflow (Metasploit) Apple Mac OSX EvoCam Web Server - GET Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'OvJavaLocale' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe' 'execvp' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe OvJavaLocale' Buffer Overflow (Metasploit) HP Network Node Manager (NMM) - CGI 'webappmon.exe execvp' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe' 'schdParams' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'nnmRptConfig.exe schdParams' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'ICount' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'main' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe ICount' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe main' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' 'ovutil' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' 'Hostname' CGI Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe ovutil' Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe Hostname' CGI Buffer Overflow (Metasploit) ZyWALL USG - Appliance - Multiple Vulnerabilities ZyWALL USG Appliance - Multiple Vulnerabilities ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (Metasploit) (2) ScriptFTP 3.3 - LIST Remote Buffer Overflow (Metasploit) (2) Opera Browser 10/11/12 - (SVG layout) Memory Corruption (Metasploit) Opera Browser 10/11/12 - 'SVG Layout' Memory Corruption (Metasploit) Adobe Flash Player - '.mp4' 'cprt' Overflow (Metasploit) Adobe Flash Player - '.mp4 cprt' Overflow (Metasploit) UoW Pine 4.0.4/4.10/4.21 - 'From:' Field Buffer Overflow UoW Pine 4.0.4/4.10/4.21 - 'From:' Buffer Overflow Technote 2000/2001 - 'board' Function File Disclosure Technote 2000/2001 - 'board' File Disclosure IPSwitch IMail 6.x/7.0/7.1 - Web Messaging HTTP Get Buffer Overflow IPSwitch IMail 6.x/7.0/7.1 - Web Messaging GET Buffer Overflow Novell NetWare 5.1/6.0 - HTTP Post Arbitrary Perl Code Execution Novell NetWare 5.1/6.0 - POST Arbitrary Perl Code Execution Webmin 0.x - 'RPC' Function Privilege Escalation Webmin 0.x - 'RPC' Privilege Escalation Avaya IP Office Customer Call Reporter - ImageUpload.ashx Remote Command Execution (Metasploit) Avaya IP Office Customer Call Reporter - 'ImageUpload.ashx' Remote Command Execution (Metasploit) ghttpd 1.4.x - 'Log()' Function Buffer Overflow ghttpd 1.4.x - 'Log()' Buffer Overflow M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Cross-Site Scripting M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Cross-Site Scripting Dune 0.6.7 - HTTP Get Remote Buffer Overrun Dune 0.6.7 - GET Remote Buffer Overrun InduSoft Web Studio - 'ISSymbol.ocx' 'InternationalSeparator()' Heap Overflow (Metasploit) InduSoft Web Studio - 'ISSymbol.ocx InternationalSeparator()' Heap Overflow (Metasploit) GNU Anubis 3.6.x/3.9.x - 'auth.c' 'auth_ident()' Function Overflow GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Overflow Rlpr 2.0 - 'msg()' Function Multiple Vulnerabilities Rlpr 2.0 - 'msg()' Multiple Vulnerabilities Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept' 'p_t02' Parameter Cross-Site Scripting Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept p_t02' Parameter Cross-Site Scripting SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp' 'fullName' Parameter Arbitrary File Disclosure SAP Business Connector 4.6/4.7 - 'deleteSingle' 'fullName' Parameter Arbitrary File Deletion SAP Business Connector 4.6/4.7 - 'adapter-index.dsp' 'url' Parameter Arbitrary Site Redirect SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp fullName' Parameter Arbitrary File Disclosure SAP Business Connector 4.6/4.7 - 'deleteSingle fullName' Parameter Arbitrary File Deletion SAP Business Connector 4.6/4.7 - 'adapter-index.dsp url' Parameter Arbitrary Site Redirect PHP 4.x - 'tempnam()' Function open_basedir Restriction Bypass PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit PHP 4.x - 'tempnam() open_basedir' Restriction Bypass PHP 4.x - 'copy() Safe_Mode' Bypass Exploit Python 2.5 - 'PyLocale_strxfrm' Function Remote Information Leak Python 2.5 - 'PyLocale_strxfrm' Remote Information Leak aBitWhizzy - 'whizzypic.php' 'd' ParameterTraversal Arbitrary Directory Listing aBitWhizzy - 'whizzypic.php d' ParameterTraversal Arbitrary Directory Listing PHP 5.1.6 - 'Chunk_Split()' Function Integer Overflow PHP 5.1.6 - 'Chunk_Split()' Integer Overflow PHP 5.1.6 - 'Imap_Mail_Compose()' Function Buffer Overflow PHP 5.1.6 - 'Imap_Mail_Compose()' Buffer Overflow Cisco IOS 12.3 - LPD Remote Buffer Overflow Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow Ghostscript 8.0.1/8.15 - 'zseticcspace()' Function Buffer Overflow Ghostscript 8.0.1/8.15 - 'zseticcspace()' Buffer Overflow HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'ExtractCab' ActiveX Control Buffer Overflow HP Instant Support 1.0.22 - 'HPISDataManager.dll ExtractCab' ActiveX Control Buffer Overflow F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php' 'css_exceptions' Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php' 'sql_matchscope' Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php css_exceptions' Parameter Cross-Site Scripting F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php sql_matchscope' Parameter Cross-Site Scripting Audio File Library 0.2.6 - libaudiofile 'msadpcm.c' '.WAV' File Processing Buffer Overflow Audio File Library 0.2.6 - libaudiofile 'msadpcm.c .WAV' File Processing Buffer Overflow ProFTPd 1.3 - 'mod_sql' 'Username' SQL Injection ProFTPd 1.3 - 'mod_sql Username' SQL Injection Microsoft Windows Vista - 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution Microsoft Windows Vista - 'lpksetup.exe oci.dll' DLL Loading Arbitrary Code Execution PHP 5.3.x - 'mb_strcut()' Function Information Disclosure PHP 5.3.x - 'mb_strcut()' Information Disclosure Perl 5.x - 'lc()' and 'uc()' functions TAINT Mode Protection Security Bypass Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf' 'jdeowpBackButtonProtect' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService' 'e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService' 'e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService' 'RENDER_MAFLET' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService' 'jdemafjasLinkTarget' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf jdeowpBackButtonProtect' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService e1.namespace' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService RENDER_MAFLET' Parameter Cross-Site Scripting Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget' Parameter Cross-Site Scripting NetBSD 5.1 - Multiple 'libc/net' functions Stack Buffer Overflow NetBSD 5.1 - 'libc/net' Multiple Stack Buffer Overflow Skype 5.3 - 'Mobile Phone' Field HTML Injection Skype 5.3 - 'Mobile Phone' HTML Injection IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Function Remote Stack Buffer Overflow IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Remote Stack Buffer Overflow GoAhead Web Server 2.18 - 'addgroup.asp' 'group' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addlimit.asp' 'url' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addgroup.asp group' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addlimit.asp url' Parameter Cross-Site Scripting Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Function Information Disclosure Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Information Disclosure Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi' 'ping_ipaddr' Parameter Remote Code Execution VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Function Stack Buffer Overflow Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi ping_ipaddr' Parameter Remote Code Execution VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Stack Buffer Overflow NETGEAR D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution NETGEAR D6300B - '/diag.cgi IPAddr4' Parameter Remote Command Execution lxml - 'clean_html' Function Security Bypass lxml - 'clean_html' Security Bypass Alfresco - '/proxy' 'endpoint' Parameter Server-Side Request Forgery Alfresco - '/cmisbrowser' 'url' Parameter Server-Side Request Forgery Alfresco - '/proxy endpoint' Parameter Server-Side Request Forgery Alfresco - '/cmisbrowser url' Parameter Server-Side Request Forgery Laravel - 'Hash::make()' Function Password Truncation Security Laravel - 'Hash::make()' Password Truncation Security OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit) OrientDB 2.2.2 < 2.2.22 - Remote Code Execution (Metasploit) Windows - (DCOM RPC2) Universal Shellcode Windows - DCOM RPC2 Universal Shellcode Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/CRISv32 Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Cyphor 0.19 - (board takeover) SQL Injection Cyphor 0.19 - Board Takeover SQL Injection PHPay 2.02 - 'nu_mail.inc.php' 'mail()' Remote Injection PHPay 2.02 - 'nu_mail.inc.php mail()' Remote Injection PHPMyNews 1.4 - (cfg_include_dir) Remote File Inclusion PHPMyNews 1.4 - 'cfg_include_dir' Remote File Inclusion Flatnuke 2.5.8 - (userlang) Local Inclusion / Delete All Users Exploit Flatnuke 2.5.8 - 'userlang' Local Inclusion / Delete All Users Exploit Yrch 1.0 - 'plug.inc.php' 'path' Parameter Remote File Inclusion Yrch 1.0 - 'plug.inc.phppath' Parameter Remote File Inclusion Cacti 0.8.6i - 'cmd.php' 'popen()' Remote Injection Cacti 0.8.6i - 'cmd.php popen()' Remote Injection Vizayn Haber - 'haberdetay.asp' 'id' Parameter SQL Injection Vizayn Haber - 'haberdetay.asp id' Parameter SQL Injection iG Calendar 1.0 - 'user.php' 'id' Parameter SQL Injection iG Calendar 1.0 - 'user.php id' Parameter SQL Injection MGB 0.5.4.5 - 'email.php' 'id' Parameter SQL Injection MGB 0.5.4.5 - 'email.php id' Parameter SQL Injection Original 0.11 - 'config.inc.php' 'x[1]' Remote File Inclusion Original 0.11 - 'config.inc.php x[1]' Remote File Inclusion Picturesolution 2.1 - 'config.php' 'path' Remote File Inclusion Picturesolution 2.1 - 'config.php path' Remote File Inclusion PHP Homepage M 1.0 - galerie.php SQL Injection PHP Homepage M 1.0 - 'galerie.php' SQL Injection cpDynaLinks 1.02 - category.php SQL Injection cpDynaLinks 1.02 - 'category.php' SQL Injection DFF PHP Framework API (Data Feed File) - Remote File Inclusion DFF PHP Framework API - 'Data Feed File' Remote File Inclusion WebBiscuits Modules Controller 1.1 - Remote File Inclusion / RFD WebBiscuits Modules Controller 1.1 - Remote File Inclusion / Remote File Disclosure dMx READY (25 - Products) - Remote Database Disclosure dMx READ - Remote Database Disclosure Access2asp - imageLibrary - Arbitrary File Upload Access2asp - 'imageLibrar' Arbitrary File Upload Auktionshaus 3.0.0.1 - 'news.php' 'id' SQL Injection Auktionshaus 3.0.0.1 - 'news.php id' SQL Injection Bild Flirt System 2.0 - 'index.php' 'id' SQL Injection Bild Flirt System 2.0 - 'index.php id' SQL Injection Fast Free Media 1.3 - Adult Site - Arbitrary File Upload Fast Free Media 1.3 Adult Site - Arbitrary File Upload goffgrafix - Design's - SQL Injection goffgrafix Design's - SQL Injection Bilder Upload Script - Datei Upload 1.09 - Arbitrary File Upload Bilder Upload Script Datei Upload 1.09 - Arbitrary File Upload Allomani - E-Store 1.0 - Cross-Site Request Forgery (Add Admin) Allomani - Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin) Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) Allomani Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin) E-Xoopport - Samsara 3.1 (Sections Module) - Blind SQL Injection E-Xoopport Samsara 3.1 (Sections Module) - Blind SQL Injection E-Xoopport - Samsara 3.1 (eCal Module) - Blind SQL Injection E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection WordPress 3.0.1 - 'do_trackbacks()' function SQL Injection WordPress 3.0.1 - 'do_trackbacks()' SQL Injection Oracle WebLogic - Session Fixation Via HTTP POST Oracle WebLogic - POST Session Fixation spidaNews 1.0 - 'news.php' 'id' SQL Injection spidaNews 1.0 - 'news.php id' SQL Injection Catalog Builder - eCommerce Software - Blind SQL Injection Catalog Builder eCommerce Software - Blind SQL Injection FileBox - File Hosting & Sharing Script 1.5 - SQL Injection FileBox File Hosting & Sharing Script 1.5 - SQL Injection Snortreport - nmap.php and nbtscan.php Remote Command Execution (Metasploit) Snortreport - 'nmap.php' / 'nbtscan.php' Remote Command Execution (Metasploit) jbShop - e107 7 CMS Plugin - SQL Injection jbShop e107 7 CMS Plugin - SQL Injection Tine 2.0 - Maischa - Multiple Cross-Site Scripting Vulnerabilities Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities 4Images - Image Gallery Management System - Cross-Site Request Forgery 4Images Image Gallery Management System - Cross-Site Request Forgery PHP Ticket System Beta 1 - 'index.php' 'p' Parameter SQL Injection PHP Ticket System Beta 1 - 'index.php p' Parameter SQL Injection X-Cart Gold 4.5 - 'products_map.php' 'symb' Parameter Cross-Site Scripting X-Cart Gold 4.5 - 'products_map.php symb' Parameter Cross-Site Scripting Symantec Web Gateway 5.0.2 - 'blocked.php' 'id' Parameter Blind SQL Injection Symantec Web Gateway 5.0.2 - 'blocked.php id' Parameter Blind SQL Injection Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php' 'groupid' Parameter Blind SQL Injection Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid' Parameter Blind SQL Injection YourArcadeScript 2.4 - 'index.php' 'id' Parameter SQL Injection YourArcadeScript 2.4 - 'index.php id' Parameter SQL Injection AV Arcade Free Edition - 'add_rating.php' 'id' Parameter Blind SQL Injection AV Arcade Free Edition - 'add_rating.php id' Parameter Blind SQL Injection PhpTax - pfilez Parameter Exec Remote Code Injection (Metasploit) PhpTax - 'pfilez' Parameter Exec Remote Code Injection (Metasploit) phpMyAdmin 3.5.2.2 - server_sync.php Backdoor (Metasploit) phpMyAdmin 3.5.2.2 - 'server_sync.php' Backdoor (Metasploit) Blog Mod 0.1.9 - 'index.php' 'month' Parameter SQL Injection Blog Mod 0.1.9 - 'index.php month' Parameter SQL Injection SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting SurfControl SuperScout Email Filter 3.5 - 'MsgError.asp' Cross-Site Scripting PHPReactor 1.2.7 pl1 - browse.php Cross-Site Scripting PHPReactor 1.2.7 pl1 - 'browse.php' Cross-Site Scripting PHPRank 1.8 - add.php Cross-Site Scripting PHPRank 1.8 - 'add.php' Cross-Site Scripting MyBB Profile Albums Plugin 0.9 - 'albums.php' 'album' Parameter SQL Injection MyBB Profile Albums Plugin 0.9 - 'albums.php album' Parameter SQL Injection M-TECH P-Synch 6.2.5 - 'nph-psf.exe' 'css' Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - 'nph-psa.exe' 'css' Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Remote File Inclusion M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Remote File Inclusion friendsinwar FAQ Manager - 'view_faq.php' 'question' Parameter SQL Injection friendsinwar FAQ Manager - 'view_faq.php question' Parameter SQL Injection SmartCMS - 'index.php' 'idx' Parameter SQL Injection SmartCMS - 'index.php idx' Parameter SQL Injection SmartCMS - 'index.php' 'menuitem' Parameter SQL Injection / Cross-Site Scripting SmartCMS - 'index.php menuitem' Parameter SQL Injection / Cross-Site Scripting PHP-Nuke 6.6 - admin.php SQL Injection PHP-Nuke 6.6 - 'admin.php' SQL Injection MyBB AwayList Plugin - 'index.php' 'id' Parameter SQL Injection MyBB AwayList Plugin - 'index.php id' Parameter SQL Injection WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php' 'basepath' Parameter Remote File Inclusion WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php basepath' Parameter Remote File Inclusion PHP-Nuke Error Manager Module 2.1 - 'error.php' 'language' Parameter Full Path Disclosure PHP-Nuke Error Manager Module 2.1 - 'error.php language' Parameter Full Path Disclosure phpHeaven phpMyChat 0.14.5 - 'edituser.php3' 'do_not_login' Parameter Authentication Bypass phpHeaven phpMyChat 0.14.5 - 'edituser.php3 do_not_login' Parameter Authentication Bypass NConf 1.3 - 'detail.php' 'detail_admin_items.php' 'id' Parameter SQL Injection NConf 1.3 - 'detail.php detail_admin_items.php id' Parameter SQL Injection AdaptCMS 2.0.4 - 'config.php' 'question' Parameter SQL Injection AdaptCMS 2.0.4 - 'config.php question' Parameter SQL Injection Scripts Genie Domain Trader - 'catalog.php' 'id' Parameter SQL Injection Scripts Genie Domain Trader - 'catalog.php id' Parameter SQL Injection Scripts Genie Games Site Script - 'index.php' 'id' Parameter SQL Injection Scripts Genie Games Site Script - 'index.php id' Parameter SQL Injection Scripts Genie Top Sites - 'out.php' 'id' Parameter SQL Injection Scripts Genie Top Sites - 'out.php id' Parameter SQL Injection Scripts Genie Hot Scripts Clone - 'showcategory.php' 'cid' Parameter SQL Injection Scripts Genie Hot Scripts Clone - 'showcategory.php cid' Parameter SQL Injection PHPMyRecipes 1.2.2 - 'viewrecipe.php' 'r_id' Parameter SQL Injection PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id' Parameter SQL Injection MTP Image Gallery 1.0 - 'edit_photos.php' 'title' Parameter Cross-Site Scripting MTP Image Gallery 1.0 - 'edit_photos.php title' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'announcement.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'news.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'contents.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'announcement.php cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'news.php cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'contents.php cid' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php Cat' Parameter Cross-Site Scripting PHPGedView 2.5/2.6 - 'login.php' 'Username' Parameter Cross-Site Scripting PHPGedView 2.5/2.6 - 'login.php Username' Parameter Cross-Site Scripting Rebus:list - 'list.php' 'list_id' Parameter SQL Injection Rebus:list - 'list.php list_id' Parameter SQL Injection SynConnect Pms - 'index.php' 'loginid' Parameter SQL Injection SynConnect Pms - 'index.php loginid' Parameter SQL Injection AWS Xms 2.5 - 'importer.php' 'what' Parameter Directory Traversal Pollen CMS 0.6 - 'index.php' 'p' Paramete' Local File Disclosure AWS Xms 2.5 - 'importer.php what' Parameter Directory Traversal Pollen CMS 0.6 - 'index.php p' Paramete' Local File Disclosure WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php' 'hash Parameter SQL Injection WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash' Parameter SQL Injection CubeCart 2.0.x - 'tellafriend.php' 'product' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_cart.php' 'add' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_product.php' 'product' Parameter Full Path Disclosure CubeCart 2.0.x - 'tellafriend.php product' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_cart.php add' Parameter Full Path Disclosure CubeCart 2.0.x - 'view_product.php product' Parameter Full Path Disclosure WHMCS 4.x - 'invoicefunctions.php' 'id' Parameter SQL Injection WHMCS 4.x - 'invoicefunctions.php id' Parameter SQL Injection AVE.CMS 2.09 - 'index.php' 'module' Parameter Blind SQL Injection AVE.CMS 2.09 - 'index.php module' Parameter Blind SQL Injection RadioCMS 2.2 - 'menager.php' 'playlist_id' Parameter SQL Injection RadioCMS 2.2 - 'menager.php playlist_id' Parameter SQL Injection SPIP - CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation FlatNuke 2.5.x - 'index.php' 'where' Parameter Full Path Disclosure FlatNuke 2.5.x - 'index.php where' Parameter Full Path Disclosure UBBCentral UBB.Threads 5.5.1/6.x - 'download.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php' 'message' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php' 'main' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php' 'posted' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php message' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php main' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php posted' Parameter SQL Injection osTicket 1.2/1.3 - 'view.php' 'inc' Parameter Arbitrary Local File Inclusion osTicket 1.2/1.3 - 'view.php inc' Parameter Arbitrary Local File Inclusion Ruubikcms 1.1.1 - 'tinybrowser.php' 'folder' Parameter Directory Traversal DS3 - Authentication Server - Multiple Vulnerabilities Ruubikcms 1.1.1 - 'tinybrowser.php folder' Parameter Directory Traversal DS3 Authentication Server - Multiple Vulnerabilities Kayako LiveResponse 2.0 - 'index.php' 'Username' Parameter Cross-Site Scripting Kayako LiveResponse 2.0 - 'index.php Username' Parameter Cross-Site Scripting Utopia News Pro 1.1.3 - 'header.php' 'sitetitle' Parameter Cross-Site Scripting Utopia News Pro 1.1.3 - 'header.php sitetitle' Parameter Cross-Site Scripting Simple PHP Agenda 2.2.8 - 'edit_event.php' 'eventid' Parameter SQL Injection Simple PHP Agenda 2.2.8 - 'edit_event.php eventid' Parameter SQL Injection Aenovo - '/Password/default.asp' Password Field SQL Injection Aenovo - '/incs/searchdisplay.asp' strSQL Parameter SQL Injection Aenovo - '/Password/default.asp Password' SQL Injection Aenovo - '/incs/searchdisplay.asp strSQL' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php' 'usertitleid' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php' 'ids' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php usertitleid' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php ids' Parameter SQL Injection vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php' 'group' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php group' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' 'email' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php' 'goto' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php' 'orderby' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php email' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php goto' Parameter Cross-Site Scripting vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php orderby' Parameter Cross-Site Scripting Cyphor 0.19 - lostpwd.php nick Field SQL Injection Cyphor 0.19 - 'newmsg.php' fid Parameter SQL Injection Cyphor 0.19 - footer.php t_login Parameter Cross-Site Scripting Cyphor 0.19 - 'lostpwd.php nick' SQL Injection Cyphor 0.19 - 'newmsg.php fid' Parameter SQL Injection Cyphor 0.19 - 'footer.php t_login' Parameter Cross-Site Scripting MySource 2.14 - 'Socket.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Request.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Socket.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Request.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mail.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Date.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Span.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mimeDecode.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mime.php' 'PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mail.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Date.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'Span.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mimeDecode.php PEAR_PATH' Remote File Inclusion MySource 2.14 - 'mime.php PEAR_PATH' Remote File Inclusion Top Games Script 1.2 - 'play.php' 'gid' Parameter SQL Injection Top Games Script 1.2 - 'play.php gid' Parameter SQL Injection Elemata CMS RC3.0 - 'global.php' 'id' Parameter SQL Injection Elemata CMS RC3.0 - 'global.php id' Parameter SQL Injection PHP-Charts 1.0 - 'index.php' 'type' Parameter Remote Code Execution PHP-Charts 1.0 - 'index.php type' Parameter Remote Code Execution PHPList Mailing List Manager 2.x - '/admin/admin.php' 'id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/editattributes.php' 'id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/admin.php id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/editattributes.php id' Parameter SQL Injection PHPList Mailing List Manager 2.x - '/admin/configure.php' 'id' Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/users.php' 'find' Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/configure.php id' Parameter Cross-Site Scripting PHPList Mailing List Manager 2.x - '/admin/users.php find' Parameter Cross-Site Scripting Walla TeleSite 3.0 - 'ts.exe' 'tsurl' Parameter Arbitrary Article Access Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter Cross-Site Scripting Walla TeleSite 3.0 - 'ts.exe' 'sug' Parameter SQL Injection Walla TeleSite 3.0 - 'ts.exe tsurl' Parameter Arbitrary Article Access Walla TeleSite 3.0 - 'ts.exe sug' Parameter Cross-Site Scripting Walla TeleSite 3.0 - 'ts.exe sug' Parameter SQL Injection GLPI 0.83.9 - 'Unserialize()' Function Remote Code Execution GLPI 0.83.9 - 'Unserialize()' Remote Code Execution Binary Board System 0.2.5 - 'toc.pl' 'board' Parameter Cross-Site Scripting Binary Board System 0.2.5 - 'toc.pl board' Parameter Cross-Site Scripting Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php' '_load_article_details' Function SQL Injection Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php _load_article_details' SQL Injection IceWarp Universal WebMail - '/dir/include.html' 'lang' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/settings.html' 'Language' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/index.html' 'lang_settings' Parameter Remote File Inclusion IceWarp Universal WebMail - '/dir/include.html lang' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/settings.html Language' Parameter Local File Inclusion IceWarp Universal WebMail - '/mail/index.html lang_settings' Parameter Remote File Inclusion OnePlug CMS - '/press/details.asp' 'Press_Release_ID' Parameter SQL Injection OnePlug CMS - '/services/details.asp' 'Service_ID' Parameter SQL Injection OnePlug CMS - '/products/details.asp' 'Product_ID' Parameter SQL Injection OnePlug CMS - '/press/details.asp Press_Release_ID' Parameter SQL Injection OnePlug CMS - '/services/details.asp Service_ID' Parameter SQL Injection OnePlug CMS - '/products/details.asp Product_ID' Parameter SQL Injection aoblogger 2.3 - 'login.php' 'Username' Field SQL Injection aoblogger 2.3 - 'login.php Username' SQL Injection HiveMail 1.2.2/1.3 - 'addressbook.update.php' 'contactgroupid' Parameter Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - 'folders.update.php' 'folderid' Parameter Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - 'addressbook.update.php contactgroupid' Parameter Arbitrary PHP Command Execution HiveMail 1.2.2/1.3 - 'folders.update.php folderid' Parameter Arbitrary PHP Command Execution ImageVue 0.16.1 - 'readfolder.php' 'path' Parameter Arbitrary Directory Listing ImageVue 0.16.1 - 'readfolder.php path' Parameter Arbitrary Directory Listing Virtual Hosting Control System 2.2/2.4 - 'login.php' 'check_login()' Function Authentication Bypass Virtual Hosting Control System 2.2/2.4 - 'login.php check_login()' Authentication Bypass dotProject 2.0 - '/modules/projects/gantt.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/includes/db_connect.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/includes/session.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/gantt2.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/vw_files.php' 'dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/admin/vw_usr_roles.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/calendar.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/date_format.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/tasks/gantt.php' 'baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/gantt.php dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/includes/db_connect.php baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/includes/session.php baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/gantt2.php dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/projects/vw_files.php dPconfig[root_dir]' Parameter Remote File Inclusion dotProject 2.0 - '/modules/admin/vw_usr_roles.php baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/calendar.php baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/public/date_format.php baseDir' Parameter Remote File Inclusion dotProject 2.0 - '/modules/tasks/gantt.php baseDir' Parameter Remote File Inclusion Ginkgo CMS - 'index.php' 'rang' Parameter SQL Injection Ginkgo CMS - 'index.php rang' Parameter SQL Injection Telmanik CMS Press 1.01b - 'pages.php' 'page_name' Parameter SQL Injection Telmanik CMS Press 1.01b - 'pages.php page_name' Parameter SQL Injection sBlog 0.7.2 - 'search.php' 'keyword' Parameter POST Method Cross-Site Scripting sBlog 0.7.2 - 'search.php keyword' Parameter POST Method Cross-Site Scripting MLMAuction Script - 'gallery.php' 'id' Parameter SQL Injection MLMAuction Script - 'gallery.php id' Parameter SQL Injection PHPMyForum 4.0 - 'index.php' 'type' Parameter CRLF Injection PHPMyForum 4.0 - 'index.php type' Parameter CRLF Injection 321soft PHP-Gallery 0.9 - 'index.php' 'path' Parameter Arbitrary Directory Listing 321soft PHP-Gallery 0.9 - 'index.php path' Parameter Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - 'index.php' 'pfad' Parameter Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - 'galerie.php' 'pfad' Parameter Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - 'index.php pfad' Parameter Arbitrary Directory Listing timobraun Dynamic Galerie 1.0 - 'galerie.php pfad' Parameter Arbitrary Directory Listing Gphotos 1.4/1.5 - 'index.php' 'rep' Parameter Traversal Arbitrary Directory Listing Gphotos 1.4/1.5 - 'index.php rep' Parameter Traversal Arbitrary Directory Listing Woltlab Burning Board FLVideo Addon - 'video.php' 'value' Parameter SQL Injection Woltlab Burning Board FLVideo Addon - 'video.php value' Parameter SQL Injection ATutor 1.5.x - 'admin/fix_content.php' 'submit' Parameter Cross-Site Scripting ATutor 1.5.x - 'admin/fix_content.php submit' Parameter Cross-Site Scripting glFusion 1.3.0 - 'search.php' 'cat_id' Parameter SQL Injection glFusion 1.3.0 - 'search.php cat_id' Parameter SQL Injection Geodesic Solutions Multiple Products - 'index.php' 'b' Parameter SQL Injection Geodesic Solutions Multiple Products - 'index.php b' Parameter SQL Injection RadScripts - 'a_editpage.php' 'Filename' Parameter Arbitrary File Overwrite RadScripts - 'a_editpage.php Filename' Parameter Arbitrary File Overwrite WoW Roster 1.5 - 'hsList.php' 'subdir' Parameter Remote File Inclusion WoW Roster 1.5 - 'hsList.php subdir' Parameter Remote File Inclusion Zen Cart Web Shopping Cart 1.x - 'autoload_func.php' 'autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion Zen Cart Web Shopping Cart 1.x - 'autoload_func.php autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection vTiger CRM 5.4.0 - 'index.php onlyforuser' Parameter SQL Injection osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/orders_status.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_attributes.php page' Parameter Cross-Site Scripting DCP-Portal 6.0 - 'login.php' 'Username' Parameter SQL Injection DCP-Portal 6.0 - 'login.php Username' Parameter SQL Injection CubeCart 3.0.x - '/admin/print_order.php' 'order_id' Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/print_order.php order_id' Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/image.php' 'image' Parameter Cross-Site Scripting CubeCart 3.0.x - '/admin/image.php image' Parameter Cross-Site Scripting CubeCart 3.0.x - '/footer.inc.php' 'la_pow_by' Parameter Cross-Site Scripting CubeCart 3.0.x - '/footer.inc.php la_pow_by' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_manager.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_statistics.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/countries.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/currencies.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/languages.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/manufacturers.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_expected.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/reviews.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/specials.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_purchased.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_viewed.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_classes.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_rates.php page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/zones.php page' Parameter Cross-Site Scripting ISearch 2.16 - ISEARCH_PATH Parameter Remote File Inclusion ISearch 2.16 - 'ISEARCH_PATH' Parameter Remote File Inclusion Evandor Easy notesManager 0.0.1 - 'login.php' 'Username' Parameter SQL Injection Evandor Easy notesManager 0.0.1 - 'login.php Username' Parameter SQL Injection Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php' 'sondage' Parameter SQL Injection Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage' Parameter SQL Injection BirdBlog 1.4 - '/admin/admincore.php' 'msg' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/comments.php' 'month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/entries.php' 'month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/logs.php' 'page' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/admincore.php msg' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/comments.php month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/entries.php month' Parameter Cross-Site Scripting BirdBlog 1.4 - '/admin/logs.php page' Parameter Cross-Site Scripting Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting Cilem Haber Free Edition - 'hata.asp hata' Parameter Cross-Site Scripting ImpressPages CMS 3.6 - 'manage()' Function Remote Code Execution ImpressPages CMS 3.6 - 'manage()' Remote Code Execution EditTag 1.2 - 'edittag.cgi' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag.pl' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.cgi' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.pl' 'file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag.cgi file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag.pl file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.cgi file' Parameter Arbitrary File Disclosure EditTag 1.2 - 'edittag_mp.pl file' Parameter Arbitrary File Disclosure Project'Or RIA 3.4.0 - 'objectDetail.php' 'objectId' Parameter SQL Injection Project'Or RIA 3.4.0 - 'objectDetail.php objectId' Parameter SQL Injection WordPress 2.1.1 - 'wp-includes/theme.php' 'iz' Parameter Arbitrary Command Execution Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php' 's' Parameter SQL Injection WordPress 2.1.1 - 'wp-includes/theme.php iz' Parameter Arbitrary Command Execution Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php s' Parameter SQL Injection aBitWhizzy - 'whizzylink.php' 'd' Parameter Traversal Arbitrary Directory Listing aBitWhizzy - 'whizzylink.php d' Parameter Traversal Arbitrary Directory Listing PHPLive! 3.2.2 - 'super/info.php' 'BASE_URL' Parameter Parameter Cross-Site Scripting PHPLive! 3.2.2 - 'super/info.php BASE_URL' Parameter Parameter Cross-Site Scripting DotClear 1.2.x - '/ecrire/trackback.php' 'post_id' Parameter Cross-Site Scripting DotClear 1.2.x - '/tools/thememng/index.php' 'tool_url' Parameter Cross-Site Scripting DotClear 1.2.x - '/ecrire/trackback.php post_id' Parameter Cross-Site Scripting DotClear 1.2.x - '/tools/thememng/index.php tool_url' Parameter Cross-Site Scripting ToendaCMS 1.5.3 - HTTP Get And Post Forms HTML Injection ToendaCMS 1.5.3 - GET / POST Forms HTML Injection Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php' 'icodir' Parameter Traversal Arbitrary Directory Listing Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php icodir' Parameter Traversal Arbitrary Directory Listing Phorum 5.1.20 - 'admin.php' 'module[]' Parameter Full Path Disclosure Phorum 5.1.20 - 'admin.php module[]' Parameter Full Path Disclosure DynaTracker 1.5.1 - 'includes_handler.php' 'base_path' Remote File Inclusion DynaTracker 1.5.1 - 'action.php' 'base_path' Remote File Inclusion DynaTracker 1.5.1 - 'includes_handler.php base_path' Remote File Inclusion DynaTracker 1.5.1 - 'action.php base_path' Remote File Inclusion Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion Chamilo Lms 1.9.6 - 'profile.php' 'password0 Parameter SQL Injection Dokeos 2.2 RC2 - 'index.php' 'language' Parameter SQL Injection Campsite 2.6.1 - 'LocalizerConfig.php g_documentRoot' Parameter Remote File Inclusion Campsite 2.6.1 - 'LocalizerLanguage.php g_documentRoot' Parameter Remote File Inclusion Chamilo Lms 1.9.6 - 'profile.php password0 Parameter SQL Injection Dokeos 2.2 RC2 - 'index.php language' Parameter SQL Injection NetFlow Analyzer 5 - '/jspui/applicationList.jsp' 'alpha' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/appConfig.jsp' 'task' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/applicationList.jsp alpha' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/appConfig.jsp task' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/selectDevice.jsp' 'rtype' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/customReport.jsp' 'rtype' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/selectDevice.jsp rtype' Parameter Cross-Site Scripting NetFlow Analyzer 5 - '/jspui/customReport.jsp rtype' Parameter Cross-Site Scripting geoBlog MOD_1.0 - 'deletecomment.php' 'id' Parameter Arbitrary Comment Deletion geoBlog MOD_1.0 - 'deleteblog.php' 'id' Parameter Arbitrary Blog Deletion geoBlog MOD_1.0 - 'deletecomment.php id' Parameter Arbitrary Comment Deletion geoBlog MOD_1.0 - 'deleteblog.php id' Parameter Arbitrary Blog Deletion Web News 1.1 - 'feed.php' 'config[root_ordner]' Parameter Remote File Inclusion Web News 1.1 - 'news.php' 'config[root_ordner]' Parameter Remote File Inclusion Web News 1.1 - 'feed.php config[root_ordner]' Parameter Remote File Inclusion Web News 1.1 - 'news.php config[root_ordner]' Parameter Remote File Inclusion WebBatch - 'webbatch.exe' 'dumpinputdata' Parameter Remote Information Disclosure WebBatch - 'webbatch.exe dumpinputdata' Parameter Remote Information Disclosure AfterLogic MailBee WebMail Pro 3.x - 'default.asp' 'mode2' Parameter Cross-Site Scripting AfterLogic MailBee WebMail Pro 3.x - 'default.asp mode2' Parameter Cross-Site Scripting phpMyAdmin 2.11.1 - setup.php Cross-Site Scripting phpMyAdmin 2.11.1 - 'setup.php' Cross-Site Scripting Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php level' Parameter Remote File Inclusion Absolute News Manager .NET 5.1 - 'pages/default.aspx' 'template' Parameter Remote File Access Absolute News Manager .NET 5.1 - 'pages/default.aspx template' Parameter Remote File Access MyBlog 1.x - 'Games.php' 'ID' Remote File Inclusion MyBlog 1.x - 'Games.php ID' Remote File Inclusion Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp' 'resultsForm' Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp' 'helpUrl' Parameter Remote Frame Injection Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp' 'activeControl' Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp resultsForm' Parameter Cross-Site Scripting Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp helpUrl' Parameter Remote Frame Injection Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp activeControl' Parameter Cross-Site Scripting WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc' 'camnum' Parameter Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic' 'id' Parameter Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc camnum' Parameter Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic id' Parameter Arbitrary Memory Disclosure CiMe - Citas Médicas - Multiple Vulnerabilities CiMe Citas Médicas - Multiple Vulnerabilities Elastic Path 4.1 - 'manager/FileManager.jsp' 'dir' Parameter Traversal Arbitrary Directory Listing Elastic Path 4.1 - 'manager/FileManager.jsp dir' Parameter Traversal Arbitrary Directory Listing osCommerce 2.3.3.4 - 'geo_zones.php' 'zID' Parameter SQL Injection osCommerce 2.3.3.4 - 'geo_zones.php zID' Parameter SQL Injection Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection Concrete5 CMS 5.6.2.1 - 'index.php cID' Parameter SQL Injection WordPress Plugin AdRotate 3.9.4 - 'clicktracker.php' 'track' Parameter SQL Injection WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph track' Parameter SQL Injection PHPEasyData 1.5.4 - admin/login.php 'Username' Field SQL Injection PHPEasyData 1.5.4 - 'admin/login.php Username' SQL Injection PHP Ticket System Beta 1 - 'get_all_created_by_user.php' 'id' Parameter SQL Injection PHP Ticket System Beta 1 - 'get_all_created_by_user.php id' Parameter SQL Injection webERP 4.11.3 - 'SalesInquiry.php' 'SortBy' Parameter SQL Injection webERP 4.11.3 - 'SalesInquiry.php SortBy' Parameter SQL Injection Claroline 1.8.9 - 'claroline/redirector.php' 'url' Parameter Arbitrary Site Redirect Claroline 1.8.9 - 'claroline/redirector.php url' Parameter Arbitrary Site Redirect XOOPS 2.0.18 - 'modules/system/admin.php' 'fct' Parameter Traversal Local File Inclusion XOOPS 2.0.18 - 'modules/system/admin.php fct' Parameter Traversal Local File Inclusion ownCloud 4.0.x/4.5.x - 'upload.php' 'Filename' Parameter Remote Code Execution ownCloud 4.0.x/4.5.x - 'upload.php Filename' Parameter Remote Code Execution InterWorx Control Panel 5.0.13 build 574 - 'xhr.php' 'i' Parameter SQL Injection InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i' Parameter SQL Injection MKPortal 1.2.1 - '/modules/rss/handler_image.php' 'i' Parameter Cross-Site Scripting MKPortal 1.2.1 - '/modules/rss/handler_image.php i' Parameter Cross-Site Scripting glFusion 1.1 - Anonymous Comment 'Username' Field HTML Injection glFusion 1.1 - Anonymous Comment 'Username' HTML Injection IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Function Cross-Site Scripting IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Cross-Site Scripting kitForm CRM Extension 0.43 - 'sorter.ph' 'sorter_value' Parameter SQL Injection kitForm CRM Extension 0.43 - 'sorter.ph sorter_value' Parameter SQL Injection dompdf 0.6.0 - 'dompdf.php' 'read' Parameter Arbitrary File Read dompdf 0.6.0 - 'dompdf.php read' Parameter Arbitrary File Read WordPress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting WordPress Plugin TYPO3 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting DiamondList - '/user/main/update_settings' 'setting[site_title]' Parameter Cross-Site Scripting DiamondList - '/user/main/update_category' 'category[description]' Parameter Cross-Site Scripting DiamondList - '/user/main/update_settings setting[site_title]' Parameter Cross-Site Scripting DiamondList - '/user/main/update_category category[description]' Parameter Cross-Site Scripting vBulletin 4.0.x < 4.1.2 - 'search.php' 'cat' Parameter SQL Injection vBulletin 4.0.x < 4.1.2 - 'search.php cat' Parameter SQL Injection MybbCentral TagCloud 2.0 - 'Topic' Field HTML Injection MybbCentral TagCloud 2.0 - 'Topic' HTML Injection Cacti 0.8.7 (RedHat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting Cacti 0.8.7 (RedHat High Performance Computing [HPC]) - 'utilities.php' Filter Parameter Cross-Site Scripting Mulitple WordPress Themes - 'admin-ajax.php' 'img' Parameter Arbitrary File Download Mulitple WordPress Themes - 'admin-ajax.php img' Parameter Arbitrary File Download Free Arcade Script 1.0 - 'search' Field Cross-Site Scripting Free Arcade Script 1.0 - 'search' Cross-Site Scripting Micro CMS 1.0 - 'name' Field HTML Injection Micro CMS 1.0 - 'name' HTML Injection MODx manager - '/controllers/default/resource/tvs.php' 'class_key' Parameter Traversal Local File Inclusion MODx manager - '/controllers/default/resource/tvs.php class_key' Parameter Traversal Local File Inclusion Bacula-Web 5.2.10 - 'joblogs.php' 'jobid Parameter SQL Injection Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter SQL Injection PHP Scripts Now Riddles - '/riddles/results.php' 'searchQuery' Parameter Cross-Site Scripting PHP Scripts Now Riddles - '/riddles/list.php' 'catid' Parameter SQL Injection PHP Scripts Now Riddles - '/riddles/results.php searchQuery' Parameter Cross-Site Scripting PHP Scripts Now Riddles - '/riddles/list.php catid' Parameter SQL Injection W-Agora 4.2.1 - 'search.php3' 'bn' Parameter Traversal Local File Inclusion W-Agora 4.2.1 - 'search.php3 bn' Parameter Traversal Local File Inclusion Piwigo 2.6.0 - 'picture.php' 'rate' Parameter SQL Injection Piwigo 2.6.0 - 'picture.php rate' Parameter SQL Injection PHPMyRecipes 1.2.2 - 'dosearch.php' 'words_exact Parameter SQL Injection PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter SQL Injection PHPMyRecipes 1.2.2 - 'browse.php' 'category' Parameter SQL Injection PHPMyRecipes 1.2.2 - 'browse.php category' Parameter SQL Injection Dolibarr ERP/CRM - '/user/info.php' 'id' Parameter SQL Injection Dolibarr ERP/CRM - '/admin/boxes.php' 'rowid' Parameter SQL Injection Dolibarr ERP/CRM - '/user/info.php id' Parameter SQL Injection Dolibarr ERP/CRM - '/admin/boxes.php rowid' Parameter SQL Injection PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php' 'Expedition' Parameter Cross-Site Scripting PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php Expedition' Parameter Cross-Site Scripting Manx 1.0.1 - '/admin/admin_blocks.php' 'Filename' Parameter Traversal Arbitrary File Access Manx 1.0.1 - '/admin/admin_pages.php' 'Filename' Parameter Traversal Arbitrary File Access Manx 1.0.1 - '/admin/admin_blocks.php Filename' Parameter Traversal Arbitrary File Access Manx 1.0.1 - '/admin/admin_pages.php Filename' Parameter Traversal Arbitrary File Access UBBCentral UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting UBBCentral UBB.Threads 7.5.6 - 'Username' Cross-Site Scripting OSClass 2.3.3 - 'index.php' 'getParam()' Function Multiple Parameter Cross-Site Scripting OSClass 2.3.3 - 'index.php getParam()' Multiple Parameter Cross-Site Scripting 11in1 CMS 1.2.1 - 'index.php' 'class' Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - 'admin/index.php' 'class' Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - 'index.php class' Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - 'admin/index.php class' Parameter Traversal Local File Inclusion Dotclear 2.4.1.2 - '/admin/auth.php' 'login_data' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/blogs.php' 'nb' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/auth.php login_data' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/blogs.php nb' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/plugin.php' 'page' Parameter Cross-Site Scripting Dotclear 2.4.1.2 - '/admin/plugin.php page' Parameter Cross-Site Scripting Fork CMS 3.x - 'backend/modules/error/actions/index.php' 'parse()' Function Multiple Parameter Error Display Cross-Site Scripting Fork CMS 3.x - 'backend/modules/error/actions/index.php parse()' Multiple Parameter Error Display Cross-Site Scripting 11in1 CMS 1.2.1 - 'admin/comments' 'topicID' Parameter SQL Injection 11in1 CMS 1.2.1 - 'admin/tps' 'id' Parameter SQL Injection 11in1 CMS 1.2.1 - 'admin/comments topicID' Parameter SQL Injection 11in1 CMS 1.2.1 - 'admin/tps id' Parameter SQL Injection SAP Business Objects InfoView System - '/help/helpredir.aspx' 'guide' Parameter Cross-Site Scripting SAP Business Objects InfoView System - '/webi/webi_modify.aspx' 'id' Parameter Cross-Site Scripting SAP Business Objects InfoView System - '/help/helpredir.aspx guide' Parameter Cross-Site Scripting SAP Business Objects InfoView System - '/webi/webi_modify.aspx id' Parameter Cross-Site Scripting Wikidforum 2.10 - Advanced Search - Multiple Field SQL Injection Wikidforum 2.10 - Advanced Search Multiple Field SQL Injection Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php' 'String::stripUnsafeHtml()' Method Cross-Site Scripting Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php String::stripUnsafeHtml()' Method Cross-Site Scripting TeamPass 2.1.5 - 'login' Field HTML Injection TeamPass 2.1.5 - 'login' HTML Injection XOOPS 2.5.4 - '/modules/pm/pmlite.php' 'to_userid' Parameter Cross-Site Scripting XOOPS 2.5.4 - '/modules/pm/pmlite.php to_userid' Parameter Cross-Site Scripting Kajona - 'getAllPassedParams()' Function Multiple Cross-Site Scripting Vulnerabilities Kajona - 'getAllPassedParams()' Multiple Cross-Site Scripting Vulnerabilities PolarisCMS - 'WebForm_OnSubmit()' Function Cross-Site Scripting PolarisCMS - 'WebForm_OnSubmit()' Cross-Site Scripting TCExam 11.2.x - '/admin/code/tce_edit_question.php' 'subject_module_id' Parameter SQL Injection TCExam 11.2.x - '/admin/code/tce_edit_question.php subject_module_id' Parameter SQL Injection jCore - '/admin/index.php' 'path' Parameter Cross-Site Scripting jCore - '/admin/index.php path' Parameter Cross-Site Scripting Cyberoam Firewall CR500iNG-XP - 10.6.2 MR-1 - Blind SQL Injection Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf' 'abouttext' Parameter Cross-Site Scripting WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext' Parameter Cross-Site Scripting cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html' 'acct' Parameter Cross-Site Scripting cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html acct' Parameter Cross-Site Scripting WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php' 'reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php' 'reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php' 'reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php reqID' Parameter SQL Injection WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php reqID' Parameter SQL Injection Kallithea 0.2.9 - (came_from) HTTP Response Splitting PHP Address Book - '/addressbook/register/delete_user.php' 'id' Parameter SQL Injection PHP Address Book - '/addressbook/register/edit_user.php' 'id' Parameter SQL Injection Kallithea 0.2.9 - 'came_from' HTTP Response Splitting PHP Address Book - '/addressbook/register/delete_user.php id' Parameter SQL Injection PHP Address Book - '/addressbook/register/edit_user.php id' Parameter SQL Injection PHP Address Book - '/addressbook/register/linktick.php' 'site' Parameter SQL Injection PHP Address Book - '/addressbook/register/linktick.php site' Parameter SQL Injection PHP Address Book - '/addressbook/register/router.php' 'BasicLogin' Cookie Parameter SQL Injection PHP Address Book - '/addressbook/register/traffic.php' 'var' Parameter SQL Injection PHP Address Book - '/addressbook/register/user_add_save.php' 'email' Parameter SQL Injection PHP Address Book - '/addressbook/register/checklogin.php' 'Username' Parameter SQL Injection PHP Address Book - '/addressbook/register/admin_index.php' 'q' Parameter SQL Injection PHP Address Book - '/addressbook/register/router.php BasicLogin' Cookie Parameter SQL Injection PHP Address Book - '/addressbook/register/traffic.php var' Parameter SQL Injection PHP Address Book - '/addressbook/register/user_add_save.php email' Parameter SQL Injection PHP Address Book - '/addressbook/register/checklogin.php Username' Parameter SQL Injection PHP Address Book - '/addressbook/register/admin_index.php q' Parameter SQL Injection Hero Framework - '/users/login' 'Username' Parameter Cross-Site Scripting Hero Framework - '/users/forgot_password' 'error' Parameter Cross-Site Scripting Hero Framework - '/users/login Username' Parameter Cross-Site Scripting Hero Framework - '/users/forgot_password error' Parameter Cross-Site Scripting Jahia xCM - '/engines/manager.jsp' 'site' Parameter Cross-Site Scripting Jahia xCM - '/engines/manager.jsp site' Parameter Cross-Site Scripting NeoBill - '/modules/nullregistrar/PHPwhois/example.php' 'query' Parameter Remote Code Execution NeoBill - '/modules/nullregistrar/PHPwhois/example.php query' Parameter Remote Code Execution C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp' 'pa' Parameter SQL Injection C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp pa' Parameter SQL Injection Command School Student Management System - '/sw/admin_grades.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_terms.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_years.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_sgrades.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_media_codes_1.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_infraction_codes.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_generations.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_relations.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_titles.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/health_allergies.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_names.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_subjects.php' 'id' Parameter SQL Injection Command School Student Management System - '/sw/admin_grades.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_terms.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_years.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_sgrades.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_media_codes_1.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_infraction_codes.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_generations.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_relations.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_titles.php id' Parameter SQL Injection Command School Student Management System - '/sw/health_allergies.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_school_names.php id' Parameter SQL Injection Command School Student Management System - '/sw/admin_subjects.php id' Parameter SQL Injection Dredge School Administration System - '/DSM/loader.php' 'Id' Parameter SQL Injection Dredge School Administration System - '/DSM/loader.php Id' Parameter SQL Injection UAEPD Shopping Script - '/news.php' 'id' Parameter SQL Injection UAEPD Shopping Script - '/news.php id' Parameter SQL Injection BloofoxCMS - '/bloofox/index.php' 'Username' Parameter SQL Injection BloofoxCMS - '/bloofox/admin/index.php' 'Username' Parameter SQL Injection BloofoxCMS - '/bloofox/index.php Username' Parameter SQL Injection BloofoxCMS - '/bloofox/admin/index.php Username' Parameter SQL Injection Xangati - '/servlet/Installer' 'file' Parameter Directory Traversal Xangati - '/servlet/Installer file' Parameter Directory Traversal Caldera - '/costview2/jobs.php' 'tr' Parameter SQL Injection Caldera - '/costview2/printers.php' 'tr' Parameter SQL Injection Caldera - '/costview2/jobs.php tr' Parameter SQL Injection Caldera - '/costview2/printers.php tr' Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_signup.php' 'a_country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_show_banner.php' 'affiliate_banner_id' Parameter SQL Injection OL-Commerce - '/OL-Commerce/create_account.php' 'country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/admin/create_account.php' 'entry_country_id' Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_signup.php a_country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/affiliate_show_banner.php affiliate_banner_id' Parameter SQL Injection OL-Commerce - '/OL-Commerce/create_account.php country' Parameter SQL Injection OL-Commerce - '/OL-Commerce/admin/create_account.php entry_country_id' Parameter SQL Injection Disc ORGanizer - DORG - Multiple Vulnerabilities Disc ORGanizer (DORG) - Multiple Vulnerabilities Apache < 2.2.34 / < 2.4.27 - HTTP OPTIONS Memory Leak Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak ClipShare 7.0 - SQL Injection Complain Management System - Hard-Coded Credentials / Blind SQL injection	2017-10-11 05:01:35 +00:00
Offensive Security	b49ee665d7	DB: 2017-10-10 ... 3 new exploits Rancher Server - Docker Daemon Code Execution (Metasploit) OrientDB 2.2.2 - 2.2.22 - Remote Code Execution (Metasploit) Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution	2017-10-10 05:01:34 +00:00
Offensive Security	99ad37a918	DB: 2017-10-09 ... 2 new exploits PyroBatchFTP 3.17 - Buffer Overflow (SEH) Metasploit < 4.14.1-20170828 - Cross-Site Request Forgery	2017-10-09 05:01:35 +00:00
Offensive Security	4e334a292d	DB: 2017-10-08 ... 2 new exploits Microsoft Windows XP/2003 - Samba Share Resource Exhaustion Exploit Microsoft Windows XP/2003 - Samba Share Resource Exhaustion (Denial of Service) Multiple vendors - ZOO file Decompression Infinite Loop Denial of Service (PoC) ZOO - .ZOO File Decompression Infinite Loop Denial of Service (PoC) WzdFTPD 0.8.0 - (USER) Remote Denial of Service WzdFTPD 0.8.0 - 'USER' Remote Denial of Service Multiple Vendors - 'libc:fts_*()' Local Denial of Service Libc - 'libc:fts_*()' Local Denial of Service Asterisk IAX2 - Resource Exhaustion via Attacked IAX Fuzzer Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service) Multiple Web Browsers - Denial of Service Multiple Browsers - Denial of Service Multiple browsers - 'history.go()' Denial of Service Multiple browsers - 'window.print()' Denial of Service Multiple Browsers - 'history.go()' Denial of Service Multiple Browsers - 'window.print()' Denial of Service Multiple Vendors libc/glob(3) - Resource Exhaustion / Remote ftpd-anon libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service) Check Point Software Firewall-1 4.0/1.4.1 - Resource Exhaustion (Denial of Service) Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion (Denial of Service) EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (1) EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (2) EType EServ 2.98/2.99/3.0 - Resource Exhaustion (Denial of Service) (1) EType EServ 2.98/2.99/3.0 - Resource Exhaustion (Denial of Service) (2) Desktop Orbiter 2.0 1 - Resource Exhaustion Denial of Service Desktop Orbiter 2.0 1 - Resource Exhaustion (Denial of Service) ACLogic CesarFTP 0.99 - Remote Resource Exhaustion (Denial of Service) Oracle 9.0 iSQL*Plus TLS Listener - Remote Denial of Service Oracle 9.0 iSQL*Plus - TLS Listener Remote Denial of Service Multiple Linksys Routers - LanD Packet Denial of Service Linksys Routers - LanD Packet Denial of Service Multiple Mozilla Products - IFRAME JavaScript Execution Vulnerabilities Multiple Mozilla Products - iFrame JavaScript Execution Vulnerabilities Multiple D-Link Routers - UPNP Buffer Overflow D-Link Routers - UPNP Buffer Overflow Multiple Vendors - Zoo Compression Algorithm Remote Denial of Service Zoo 2.10 - .ZOO Compression Algorithm Remote Denial of Service Multiple BSD Platforms - 'strfmon()' Function Integer Overflow Multiple BSD Distributions - 'strfmon()' Function Integer Overflow Multiple Vendors Unspecified SVG File Processing - Denial of Service Firefox / Evince / EoG / GIMP - '.SVG' File Processing Denial of Service Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion Denial of Service Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion (Denial of Service) VMware Player and Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service VMware Player / VMware Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial of Service Libc - 'regcomp()' Stack Exhaustion Denial of Service Multiple Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service Multiple BSD Operating Systems - 'setusercontext()' Vulnerabilities Multiple BSD Distributions - 'setusercontext()' Vulnerabilities Multiple Cisco Products - Cisco Global Exploiter Tool Cisco - Cisco Global Exploiter Tool Multiple (Almost all) Browsers - Tabbed Browsing Vulnerabilities Multiple Browsers - Tabbed Browsing Vulnerabilities Skype extension for Firefox Beta 2.2.0.95 - Clipboard Writing Skype Extension for Firefox Beta 2.2.0.95 - Clipboard Writing Multiple D-Link Products - Captcha Bypass D-Link - Captcha Bypass Multiple Web Browser (FF3.6.7/SM 2.0.6) - Clickjacking Multiple Browser (FF3.6.7/SM 2.0.6) - Clickjacking Check Point Software Firewall-1 4.0/1.4.1 - Resource Exhaustion hassan Consulting shopping cart 1.18 - Directory Traversal Hassan Consulting Shopping Cart 1.18 - Directory Traversal Adobe SVG Viewer 3.0 - postURL/getURL Restriction Bypass Adobe SVG Viewer 3.0 - 'postURL'/'getURL' Restriction Bypass ACLogic CesarFTP 0.99 - Remote Resource Exhaustion Multiple Linksys Devices - DHCP Information Disclosure Linksys - DHCP Information Disclosure Oracle HTML DB 1.5/1.6 - wwv_flow.accept p_t02 Parameter Cross-Site Scripting Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept' 'p_t02' Parameter Cross-Site Scripting Oracle HTML DB 1.5/1.6 - f p Parameter Cross-Site Scripting Oracle HTML DB 1.5/1.6 - 'f?p=' Parameter Cross-Site Scripting Multiple Cisco Products - WebSense Content Filtering Bypass Cisco - WebSense Content Filtering Bypass Multiple Vendors - RAR Handling Remote Null Pointer Dereference ClamAV / UnRAR - .RAR Handling Remote Null Pointer Dereference Multiple Cisco Products - 'file' Parameter Directory Traversal Cisco - 'file' Parameter Directory Traversal Multiple D-Link DCS Products - 'security.cgi' Cross-Site Request Forgery D-Link DCS - 'security.cgi' Cross-Site Request Forgery Multiple Vendors - 'RuntimeDiagnosticPing()' Stack Buffer Overflow D-Link / PLANEX COMMUNICATIONS - 'RuntimeDiagnosticPing()' Stack Buffer Overflow Multiple Aztech Modem Routers - Session Hijacking Aztech Modem Routers - Session Hijacking Mambo Component Security Images 3.0.5 - Inclusion Mambo Component Security Images 3.0.5 - Remote File Inclusion Joomla! Component com_bayesiannaivefilter 1.1 - Inclusion Joomla! Component com_bayesiannaivefilter 1.1 - Remote File Inclusion Mambo Component 'com_phpshop' 1.2 RC2b - File Inclusion Mambo Component 'com_a6mambocredits' 1.0.0 - File Inclusion Mambo Component 'com_phpshop' 1.2 RC2b - Remote File Inclusion Mambo Component 'com_a6mambocredits' 1.0.0 - Remote File Inclusion Mambo Component bigAPE-Backup 1.1 - File Inclusion NES Game and NES System c108122 - File Inclusion Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion NES Game and NES System c108122 - Remote File Inclusion Mambo Component com_serverstat 0.4.4 - File Inclusion Mambo Component com_serverstat 0.4.4 - Remote File Inclusion Wili-CMS 0.1.1 - File Inclusion / Cross-Site Scripting / Full Path Disclosure Wili-CMS 0.1.1 - Remote File Inclusion / Cross-Site Scripting / Full Path Disclosure phpBB Admin Topic Action Logging Mod 0.94b - File Inclusion phpBB Admin Topic Action Logging Mod 0.94b - Remote File Inclusion phpBB User Viewed Posts Tracker 1.0 - File Inclusion phpBB User Viewed Posts Tracker 1.0 - Remote File Inclusion phpBB Random User Registration Number 1.0 Mod - Inclusion phpBB Random User Registration Number 1.0 Mod - Remote File Inclusion Softerra PHP Developer Library 1.5.3 - File Inclusion Softerra PHP Developer Library 1.5.3 - Remote File Inclusion phpBB ACP User Registration Mod 1.0 - File Inclusion phpBB ACP User Registration Mod 1.0 - Remote File Inclusion Electronic Engineering Tool (EE TOOL) 0.4.1 - File Inclusion Electronic Engineering Tool (EE TOOL) 0.4.1 - Remote File Inclusion phpBB Spider Friendly Module 1.3.10 - File Inclusion phpBB Spider Friendly Module 1.3.10 - Remote File Inclusion Tucows Client Code Suite (CSS) 1.2.1015 - File Inclusion Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion pre Multiple Vendors shopping malls - Multiple Vulnerabilities PreProject Multi-Vendor Shopping Malls - Multiple Vulnerabilities Easy Px 41 CMS 09.00.00B1 - (fiche) Local File Inclusion Easy Px 41 CMS 09.00.00B1 - 'fiche' Local File Inclusion Joomla! Component Book Library 1.0 - File Inclusion Joomla! Component Book Library 1.0 - Remote File Inclusion Community Translate - File Inclusion Community Translate - Remote File Inclusion EZsneezyCal CMS 95.1-95.2 - File Inclusion EZRecipeZee CMS 91 - File Inclusion EZsneezyCal CMS 95.1-95.2 - Remote File Inclusion EZRecipeZee CMS 91 - Remote File Inclusion AIOCP 1.4.001 - File Inclusion AIOCP 1.4.001 - Remote File Inclusion Gbook MX 4.1.0 (Arabic Version) - File Inclusion Gbook MX 4.1.0 (Arabic Version) - Remote File Inclusion Multiple D-Link Routers - Authentication Bypass D-Link Routers - Authentication Bypass (2) 29o3 CMS - (LibDir) Multiple Remote File Inclusion 29o3 CMS - 'LibDir' Multiple Remote File Inclusion MyNews 1.0 CMS - SQL Injection / Local File Inclusion / Cross-Site Scripting MyNews CMS 1.0 - SQL Injection / Local File Inclusion / Cross-Site Scripting Pre Multiple Vendors Shopping Malls - SQL Injection PreProject Multi-Vendor Shopping Malls - SQL Injection Pre Multiple Vendors Shopping Malls - 'products.php?sid' SQL Injection PreProject Multi-Vendor Shopping Malls - 'products.php?sid' SQL Injection Pre Multiple Vendors Shopping Malls - SQL Injection / Authentication Bypass PreProject Multi-Vendor Shopping Malls - SQL Injection / Authentication Bypass Multiple D-Link Routers (Multiple Models) - Authentication Bypass D-Link Routers - Authentication Bypass (1) Multiple Linksys Routers - Cross-Site Request Forgery Linksys Routers - Cross-Site Request Forgery Joomla! Component 'Scriptegrator' 1.5 - File Inclusion Joomla! Component 'Scriptegrator' 1.5 - Local File Inclusion BbZL.php - File Inclusion BbZL.php - Remote File Inclusion FCMS 2.7.2 CMS - Multiple Cross-Site Request Forgery Vulnerabilities FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities Cyberoam Central Console 2.00.2 - File Inclusion Cyberoam Central Console 2.00.2 - Remote File Inclusion Dolibarr ERP & CRM 3 - Authenticated OS Command Injection (Metasploit) Dolibarr ERP & CRM - OS Command Injection Dolibarr ERP/CRM 3 - Authenticated OS Command Injection (Metasploit) Dolibarr ERP/CRM - OS Command Injection VamCart 0.9 CMS - Multiple Vulnerabilities PBBoard 2.1.4 CMS - Multiple Vulnerabilities VamCart CMS 0.9 - Multiple Vulnerabilities PBBoard CMS 2.1.4 - Multiple Vulnerabilities Flynax General Classifieds 4.0 CMS - Multiple Vulnerabilities Flynax General Classifieds CMS 4.0 - Multiple Vulnerabilities PG Dating Pro 1.0 CMS - Multiple Vulnerabilities PG Dating Pro CMS 1.0 - Multiple Vulnerabilities Artmedic Webdesign Kleinanzeigen Script - File Inclusion Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion Multiple D-Link Devices - Multiple Vulnerabilities D-Link - Multiple Vulnerabilities Utopia News Pro 1.1.3 - header.php sitetitle Parameter Cross-Site Scripting Utopia News Pro 1.1.3 - 'header.php' 'sitetitle' Parameter Cross-Site Scripting Utopia News Pro 1.1.3 - footer.php Multiple Parameter Cross-Site Scripting Utopia News Pro 1.1.3 - 'footer.php' Multiple Parameter Cross-Site Scripting Multiple D-Link Devices - OS-Command Injection via UPnP Interface D-Link - OS-Command Injection via UPnP Interface WordPress Plugin Spicy Blogroll - File Inclusion WordPress Plugin Spicy Blogroll - Local File Inclusion OliveOffice Mobile Suite 2.0.3 iOS - File Inclusion OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion ActiveWeb Contentserver 5.6.2929 CMS - Client-Side Filtering Bypass ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass Piwigo 2.5.3 CMS - Multiple Web Vulnerabilities Piwigo CMS 2.5.3 - Multiple Web Vulnerabilities Office Assistant Pro 2.2.2 iOS - File Inclusion Office Assistant Pro 2.2.2 iOS - Local File Inclusion WiFiles HD 1.3 iOS - File Inclusion WiFiles HD 1.3 iOS - Locla File Inclusion PDF Album 1.7 iOS - File Inclusion PDF Album 1.7 iOS - Local File Inclusion Multiple D-Link Routers - Multiple Vulnerabilities D-Link Routers - Multiple Vulnerabilities Multiple Consona Products - 'n6plugindestructor.asp' Cross-Site Scripting Consona - 'n6plugindestructor.asp' Cross-Site Scripting Photo Org WonderApplications 8.3 iOS - File Inclusion Photo Org WonderApplications 8.3 iOS - Local File Inclusion Pre Projects Multiple Vendors Shopping Malls - 'products.php' SQL Injection PreProject Multi-Vendor Shopping Malls - 'products.php' SQL Injection PhotoSync Wifi & Bluetooth 1.0 - File Inclusion PhotoSync Wifi & Bluetooth 1.0 - Local File Inclusion Photorange 1.0 iOS - File Inclusion Photorange 1.0 iOS - Local File Inclusion GS Foto Uebertraeger 3.0 iOS - File Inclusion GS Foto Uebertraeger 3.0 iOS - Local File Inclusion iFunBox Free 1.1 iOS - File Inclusion iFunBox Free 1.1 iOS - Local File Inclusion Pimcore 2.3.0/3.0 CMS - SQL Injection Pimcore CMS 2.3.0/3.0 - SQL Injection Dolibarr 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr 3.1 ERP/CRM - Multiple Script URI Cross-Site Scripting Dolibarr ERP/CRM 3.1 - Multiple Script URI Cross-Site Scripting Dolibarr 3.x - 'adherents/fiche.php' SQL Injection Dolibarr CMS 3.x - 'adherents/fiche.php' SQL Injection 11in1 CMS 1.2.1 - 'index.php' class Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - admin/index.php class Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - 'index.php' 'class' Parameter Traversal Local File Inclusion 11in1 CMS 1.2.1 - 'admin/index.php' 'class' Parameter Traversal Local File Inclusion Wifi Drive Pro 1.2 iOS - File Inclusion Photo Manager Pro 4.4.0 iOS - File Inclusion Mobile Drive HD 1.8 - File Inclusion Web Wifi Drive Pro 1.2 iOS - Local File Inclusion Photo Manager Pro 4.4.0 iOS - Local File Inclusion Mobile Drive HD 1.8 - Local File Inclusion Dolibarr 3.2 Alpha - Multiple Directory Traversal Vulnerabilities Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities 11in1 CMS 1.2.1 - admin/comments topicID Parameter SQL Injection 11in1 CMS 1.2.1 - admin/tps id Parameter SQL Injection 11in1 CMS 1.2.1 - 'admin/comments' 'topicID' Parameter SQL Injection 11in1 CMS 1.2.1 - 'admin/tps' 'id' Parameter SQL Injection PhotoWebsite 3.1 iOS - File Inclusion PhotoWebsite 3.1 iOS - Local File Inclusion vPhoto-Album 4.2 iOS - File Inclusion vPhoto-Album 4.2 iOS - Local File Inclusion PDF Converter & Editor 2.1 iOS - File Inclusion PDF Converter & Editor 2.1 iOS - Local File Inclusion Wireless Photo Transfer 3.0 iOS - File Inclusion Wireless Photo Transfer 3.0 iOS - Local File Inclusion WordPress Plugin Really Simple Guest Post 1.0.6 - File Inclusion WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion My.WiFi USB Drive 1.0 iOS - File Inclusion My.WiFi USB Drive 1.0 iOS - Local File Inclusion Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure WordPress Plugin Dharma Booking 2.38.3 - File Inclusion WordPress Plugin Dharma Booking 2.38.3 - Remote File Inclusion Multiple Vendors (RomPager 4.34) - Misfortune Cookie Router Authentication Bypass RomPager 4.34 (Multiple Router Vendors) - 'Misfortune Cookie' Authentication Bypass Multiple NETGEAR Routers - Password Disclosure NETGEAR Routers - Password Disclosure	2017-10-08 05:01:28 +00:00
Offensive Security	bfb5d80e10	DB: 2017-10-07 ... 4 new exploits Konqueror 3.5.9 - (font color) Remote Crash Konqueror 3.5.9 - 'font color' Remote Crash Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow hammer software metagauge 1.0.0.17 - Directory Traversal Hammer Software MetaGauge 1.0.0.17 - Directory Traversal Billion Router 7700NR4 - Remote Command Execution Billion 7700NR4 Router - Remote Command Execution Unitrends UEB 9.1 - 'Unitrends bpserverd' Remote Command Execution Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution else if CMS 0.6 - Multiple Vulnerabilities Else If CMS 0.6 - Multiple Vulnerabilities Picturesolution 2.1 - 'config.php path' Remote File Inclusion Picturesolution 2.1 - 'config.php' 'path' Remote File Inclusion tsmim Lessons Library - 'show.php' SQL Injection Tsmim Lessons Library - 'show.php' SQL Injection Simple Machines Forum (SMF) 1.1.6 - POST Filter Security Bypass Simple Machines Forum (SMF) 1.1.6 - 'POST' Filter Security Bypass PHP-Fusion v7.02.07 - Blind SQL Injection PHP-Fusion 7.02.07 - Blind SQL Injection ZTE ZXHN H108N - Unauthenticated Config Download ZTE ZXHN H108N Router - Unauthenticated Config Download Unitrends UEB 9.1 - Privilege Escalation	2017-10-07 05:01:30 +00:00
Offensive Security	9ee6a8e2ee	DB: 2017-10-06 ... 1 new exploits AyeView 2.20 - (invalid bitmap header parsing) Crash AyeView 2.20 - Invalid Bitmap Header Parsing Crash Home Web Server r1.7.1 (build 147) - Gui Thread-Memory Corruption Home Web Server r1.7.1 (build 147) - GUI Thread-Memory Corruption Mozilla Firefox 1.0.6/1.0.7 - IFRAME Handling Denial of Service Mozilla Firefox 1.0.6/1.0.7 - iFrame Handling Denial of Service Linux Kernel < 4.14.rc3 - Local Denial of Service Linux Kernel < 4.14.rc3 - Local Denial of Service SHTTPD 1.34 - (POST) Remote Buffer Overflow SHTTPD 1.34 - 'POST' Remote Buffer Overflow SlimFTPd - LIST Concatenation Overflow (Metasploit) SlimFTPd - 'LIST' Concatenation Overflow (Metasploit) NetTerm NetFTPD - USER Buffer Overflow (Metasploit) NetTerm NetFTPD - 'USER' Buffer Overflow (Metasploit) Microsoft Virtual Machine 2000/3100/3200/3300 Series - com.ms.activeX.ActiveXComponent Arbitrary Program Execution Microsoft Virtual Machine 2000/3100/3200/3300 Series - 'com.ms.activeX.ActiveXComponent' Arbitrary Program Execution Zemra Botnet CnC Web Panel - Remote Code Execution (Metasploit) Zemra Botnet (CnC Web Panel) - Remote Code Execution (Metasploit) phpMyTeam 2.0 - (smileys_dir) Remote File Inclusion phpMyTeam 2.0 - 'smileys_dir' Remote File Inclusion Galerie 3.2 - (pic) WBB Lite Addon Blind SQL Injection Galerie 3.2 - 'pic' WBB Lite Addon Blind SQL Injection Civica - Display.asp SQL Injection Civica - 'Display.asp' SQL Injection AfterLogic MailBee WebMail Pro 3.x - default.asp mode2 Parameter Cross-Site Scripting AfterLogic MailBee WebMail Pro 3.x - 'default.asp' 'mode2' Parameter Cross-Site Scripting Picosafe Web Gui - Multiple Vulnerabilities Picosafe Web GUI - Multiple Vulnerabilities HBGK DVR 3.0.0 build20161206 - Authentication Bypass HBGK DVR 3.0.0 build20161206 - Authentication Bypass NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution	2017-10-06 05:01:30 +00:00
Offensive Security	d4e17b950d	DB: 2017-10-05 ... 9 new exploits FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service FreeBSD 6.0 - 'nfsd' Remote Kernel Panic (Denial of Service) FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service SunOS 5.10 Sun Cluster - rpc.metad Denial of Service (PoC) SunOS 5.10 Sun Cluster - 'rpc.metad' Denial of Service (PoC) Minix 3.1.2a - tty panic Local Denial of Service Minix 3.1.2a - tty panic Remote Denial of Service Minix 3.1.2a - Local TTY Panic (Denial of Service) Minix 3.1.2a - Remote TTY Panic (Denial of Service) Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service) QNX 6.4.0 - bitflipped elf binary 'id' Kernel Panic Exploit QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service) FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit FreeBSD 7.x - Dumping Environment Local Kernel Panic (Denial of Service) FreeBSD and OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic Denial of Service (2) Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2) Apple Mac OSX < 10.6.7 - Kernel Panic Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service) genstat 14.1.0.5943 - Multiple Vulnerabilities GenStat 14.1.0.5943 - Multiple Vulnerabilities FreeBSD 3.0 - UNIX-domain Panic (Denial of Service) Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service) Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service Apple Mac OSX 10.2.2 - Directory Kernel Panic (Denial of Service) OpenBSD 5.5 - Local Kernel Panic OpenBSD 5.5 - Local Kernel Panic (Denial of Service) OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service) FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2) Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Privilege Escalation FreeBSD TOP - Format String FreeBSD /usr/bin/top - Format String Qpopper 4.0.8 (FreeBSD) - (poppassd) Privilege Escalation Qpopper 4.0.8 (FreeBSD) - Privilege Escalation Sudo 1.6.9p18 - (Defaults setenv) Privilege Escalation Sudo 1.6.9p18 - 'Defaults SetEnv' Privilege Escalation FreeBSD 8.0 Run-Time Link-Editor (rtld) - Privilege Escalation FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Privilege Escalation FreeBSD 3.0 - UNIX-domain panic FreeBSD 3.5/4.x - top Format String FreeBSD 3.5/4.x /usr/bin/top - Format String OpenBSD 5.6 - Multiple Local Kernel Panics Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation DiskBoss Enterprise 8.4.16 - Local Buffer Overflow Microsoft Windows - RPC Locator Service Remote Exploit Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit Microsoft Windows - SMB Authentication Remote Exploit Microsoft Windows 2000/XP - SMB Authentication Remote Exploit Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit Winmail Mail Server 2.3 - Remote Format String Winmail Mail Server 2.3 Build 0402 - Remote Format String Linux eXtremail 1.5.x - Remote Format Strings Exploit eXtremail 1.5.x (Linux) - Remote Format Strings Exploit QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow QBik WinGate WWW Proxy Server 6.1.1.1077 - 'POST' Remote Buffer Overflow Solaris 9 (UltraSPARC) - sadmind Remote Code Execution Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution Sun One WebServer 6.1 - JSP Source Viewing Sun One WebServer 6.1 - .JSP Source Viewing Solaris 7.0 - Recursive mutex_enter Panic MySQL - Windows Remote System Level Exploit (Stuxnet technique) MySQL - 'Stuxnet Technique' Windows Remote System Exploit vTigerCRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit) vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit) vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload (Metasploit) vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit) ERS Data System 1.8.1 - Java Deserialization Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Linux/x86_64 - Fork Bomb Shellcode (11 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) vtiger CRM 4.2 - (calpath) Multiple Remote File Inclusion vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusion Flatnuke 2.7.1 - (level) Privilege Escalation Flatnuke 2.7.1 - 'level' Privilege Escalation Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting Cilem Haber 1.4.4 (Tr) - Database Disclosure (Python) Cilem Haber 1.4.4 (Tr) - Database Disclosure Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion vtiger CRM 5.1.0 - Local File Inclusion vTiger CRM 5.1.0 - Local File Inclusion phpmychat plus 1.94 rc1 - Multiple Vulnerabilities template CMS 2.1.1 - Multiple Vulnerabilities phpmybittorrent 2.04 - Multiple Vulnerabilities phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities Template CMS 2.1.1 - Multiple Vulnerabilities phpMyBitTorrent 2.04 - Multiple Vulnerabilities vtiger CRM 4.2 Leads Module - record Parameter Cross-Site Scripting vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting vtiger CRM 4.2 - SQL Injection vTiger CRM 4.2 Leads Module - 'record' Parameter Cross-Site Scripting vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting vTiger CRM 4.2 - SQL Injection DreamLevels Dream Poll 3.0 - View_Results.php SQL Injection DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection osCommerce 2.2 - admin/orders_status.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/products_attributes.php page Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/countries.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/languages.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/manufacturers.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/products_expected.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/reviews.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/specials.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/stats_products_purchased.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/stats_products_viewed.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/tax_classes.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/tax_rates.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/zones.php page Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting Cilem Haber Free Edition - hata.asp hata Parameter Cross-Site Scripting Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion vtiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities ITS SCADA 'Username' - SQL Injection ITS SCADA - 'Username' SQL Injection vtiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting vtiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection vTiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Parameter Cross-Site Scripting vTiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities Vtiger CRM 6.3.0 - Authenticated Remote Code Execution vTiger CRM 6.3.0 - Authenticated Remote Code Execution EPESI 1.8.2 rev20170830 - Cross-Site Scripting Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution ClipBucket 2.8.3 - Remote Code Execution	2017-10-05 05:01:29 +00:00
Offensive Security	4df0e06052	DB: 2017-10-04 ... 22 new exploits All browsers - Crash Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed _glyf_ Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - win32k.sys .TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) NoMachine 5.3.9 - Privilege Escalation Microsoft Word 2007 (x86) - Information Disclosure Apple Mac OS X + Safari - Local Javascript Quarantine Bypass Australian Education App - Remote Code Execution CenturyLink ZyXEL PK5001Z Router - Root Remote Code Execution Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Unauthenticated Root Remote Code Execution Web interface for DNSmasq / Mikrotik - SQL Injection Web Interface for DNSmasq / Mikrotik - SQL Injection Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion Uniview NVR - Password Disclosure Nuevomailer < 6.0 - SQL Injection IBM Informix Dynamic Server - Code Injection / Remote Code Execution WordPress Plugin Sabai Discuss - Cross-Site Scripting Tilde CMS 1.01 - Multiple Vulnerabilities VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass JoySale 2.2.1 - Arbitrary File Upload AirMaster 3000M - Multiple Vulnerabilities RPi Cam Control < 6.3.14 - Remote Command Execution iTech Movie Script 7.51 - SQL Injection CMS Web-Gooroo < 1.141 - Multiple Vulnerabilities PHP-SecureArea < 2.7 - Multiple Vulnerabilities Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass Fiberhome AN5506-04-F - Command Injection	2017-10-04 05:01:32 +00:00