![]() 3 new exploits ProFTPd 1.2.9RC1 - (mod_sql) SQL Injection ProFTPd 1.2.9RC1 - 'mod_sql' SQL Injection OpenBSD - (ibcs2_exec) Kernel Local Exploit OpenBSD - 'ibcs2_exec' Kernel Local Exploit Microsoft FrontPage Server Extensions - fp30reg.dll Exploit (MS03-051) Microsoft FrontPage Server Extensions - 'fp30reg.dll' Exploit (MS03-051) IA WebMail 3.x - (iaregdll.dll 1.0.0.5) Remote Exploit OpenBSD 2.x < 3.3 - exec_ibcs2_coff_prep_zmagic() Kernel Exploit IA WebMail 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit OpenBSD 2.x < 3.3 - 'exec_ibcs2_coff_prep_zmagic()' kernel stack overflow Foxmail 5.0 - PunyLib.dll Remote Stack Overflow Foxmail 5.0 - 'PunyLib.dll' Remote Stack Overflow Microsoft Windows - Lsasrv.dll RPC Remote Buffer Overflow (MS04-011) Microsoft Windows - 'Lsasrv.dll' RPC Remote Buffer Overflow (MS04-011) Microsoft Windows 2000/XP - Lsasrv.dll Remote Universal Exploit (MS04-011) Microsoft Windows 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011) Winamp 5.06 - IN_CDDA.dll Remote Buffer Overflow Winamp 5.06 - 'IN_CDDA.dll' Remote Buffer Overflow Microsoft Jet Database - (msjet40.dll) Reverse Shell Exploit (1) Microsoft Jet Database - 'msjet40.dll' Reverse Shell Exploit (1) Microsoft Jet Database - (msjet40.dll) Reverse Shell Exploit (2) Microsoft Jet Database - 'msjet40.dll' Reverse Shell Exploit (2) Microsoft Internet Explorer - (blnmgr.dll) COM Object Remote Exploit (MS05-038) Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote Exploit (MS05-038) Microsoft Internet Explorer 6 - (mshtml.dll datasrc) Denial of Service Microsoft Internet Explorer 6 - 'mshtml.dll datasrc' Denial of Service Microsoft Internet Explorer 6 - (mshtml.dll div) Denial of Service Microsoft Internet Explorer 6 - 'mshtml.dll div' Denial of Service Microsoft Internet Explorer 7.0 Beta 2 - (urlmon.dll) Denial of Service Microsoft Internet Explorer 7.0 Beta 2 - 'urlmon.dll' Denial of Service Admbook 1.2.2 - (x-forwarded-for) Remote Command Execution Admbook 1.2.2 - 'x-forwarded-for' Remote Command Execution Microsoft Internet Explorer 6 - (script action handlers) (mshtml.dll) Denial of Service Microsoft Internet Explorer 6 - (script action handlers) 'mshtml.dll' Denial of Service Microsoft Internet Explorer 6 - (mshtml.dll checkbox) Crash Microsoft Internet Explorer 6 - 'mshtml.dll checkbox' Crash Total Commander 6.x - (unacev2.dll) Buffer Overflow (PoC) Total Commander 6.x - 'unacev2.dll' Buffer Overflow (PoC) Mozilla Firefox 1.5.0.2 - (js320.dll/xpcom_core.dll) Denial of Service (PoC) Mozilla Firefox 1.5.0.2 - 'js320.dll/xpcom_core.dll' Denial of Service (PoC) Aardvark Topsites PHP 4.2.2 - (path) Remote File Inclusion Aardvark Topsites PHP 4.2.2 - 'path' Remote File Inclusion Aardvark Topsites PHP 4.2.2 - (lostpw.php) Remote File Inclusion Aardvark Topsites PHP 4.2.2 - 'lostpw.php' Remote File Inclusion ACal 2.2.6 - (day.php) Remote File Inclusion ACal 2.2.6 - 'day.php' Remote File Inclusion Ad Manager Pro 2.6 - (ipath) Remote File Inclusion Ad Manager Pro 2.6 - 'ipath' Remote File Inclusion A-Blog 2.0 - (menu.php) Remote File Inclusion A-Blog 2.0 - 'menu.php' Remote File Inclusion 2BGal 3.0 - (admin/configuration.inc.php) Local Inclusion Exploit 2BGal 3.0 - 'admin/configuration.inc.php' Local Inclusion Exploit a-ConMan 3.2b - (common.inc.php) Remote File Inclusion a-ConMan 3.2b - 'common.inc.php' Remote File Inclusion RealPlayer 10.5 ierpplug.dll Internet Explorer 7 - Denial of Service RealPlayer 10.5 'ierpplug.dll' Internet Explorer 7 - Denial of Service Macromedia Shockwave 10 (SwDir.dll) Internet Explorer 7 - Denial of Service Macromedia Shockwave 10 'SwDir.dll' Internet Explorer 7 - Denial of Service Microsoft Windows - NtRaiseHardError Csrss.exe-winsrv.dll Double-Free Microsoft Windows - NtRaiseHardError 'Csrss.exe/winsrv.dll' Double-Free BrowseDialog Class (ccrpbds6.dll) Internet Explorer 7 - Denial of Service BrowseDialog Class 'ccrpbds6.dll' Internet Explorer 7 - Denial of Service DivX Player 6.4.1 - (DivXBrowserPlugin npdivx32.dll) IE Denial of Service DivX Player 6.4.1 - DivXBrowserPlugin 'npdivx32.dll' IE Denial of Service ACGVclick 0.2.0 - (path) Remote File Inclusion ACGVclick 0.2.0 - 'path' Remote File Inclusion ACGVannu 1.3 - (index2.php) Remote User Pass Change ACGVannu 1.3 - 'index2.php' Remote User Pass Change CA BrightStor ARCserve 11.5.2.0 - (catirpc.dll) RPC Server Denial of Service CA BrightStor ARCserve 11.5.2.0 - 'catirpc.dll' RPC Server Denial of Service DivX Web Player 1.3.0 - (npdivx32.dll) Remote Denial of Service DivX Web Player 1.3.0 - 'npdivx32.dll' Remote Denial of Service Macromedia 10.1.4.20 - SwDir.dll Internet Explorer Stack Overflow Denial of Service Macromedia 10.1.4.20 - 'SwDir.dll' Internet Explorer Stack Overflow Denial of Service Adobe Reader plugin AcroPDF.dll 8.0.0.0 - Resource Consumption Adobe Reader Plugin 'AcroPDF.dll' 8.0.0.0 - Resource Consumption NetSprint Toolbar - ActiveX toolbar.dll Denial of Service (PoC) NetSprint Toolbar - ActiveX 'toolbar.dll' Denial of Service (PoC) ActSoft DVD-Tools - (dvdtools.ocx 3.8.5.0) Stack Overflow ActSoft DVD-Tools - 'dvdtools.ocx 3.8.5.0' Stack Overflow SmartCode VNC Manager 3.6 - (scvncctrl.dll) Denial of Service SmartCode VNC Manager 3.6 - 'scvncctrl.dll' Denial of Service Barcodewiz ActiveX Control 2.52 - (Barcodewiz.dll) Overwrite (SEH) Barcodewiz ActiveX Control 2.0 - (Barcodewiz.dll) Remote Buffer Overflow (PoC) Barcodewiz ActiveX Control 2.52 - 'Barcodewiz.dll' Overwrite (SEH) Barcodewiz ActiveX Control 2.0 - 'Barcodewiz.dll' Remote Buffer Overflow (PoC) Remote Display Dev kit 1.2.1.0 - RControl.dll Denial of Service Remote Display Dev kit 1.2.1.0 - 'RControl.dll' Denial of Service Hewlett Packard 1.0.0.309 - hpqvwocx.dll ActiveX Magview Overflow (PoC) Hewlett Packard 1.0.0.309 - 'hpqvwocx.dll' ActiveX Magview Overflow (PoC) Virtual CD 9.0.0.2 - (vc9api.DLL) Remote Shell Commands Execution Exploit Virtual CD 9.0.0.2 - 'vc9api.DLL' Remote Shell Commands Execution Exploit LeadTools Raster ISIS Object (LTRIS14e.DLL 14.5.0.44) - Remote Buffer Overflow LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow Vivotek Motion Jpeg Control - (MjpegDecoder.dll 2.0.0.13) Remote Exploit Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote Exploit Microsoft Internet Explorer 6 / Provideo Camimage - (ISSCamControl.dll 1.0.1.5) Remote Buffer Overflow Microsoft Internet Explorer 6 / Provideo Camimage - 'ISSCamControl.dll 1.0.1.5' Remote Buffer Overflow SafeNet High Assurance Remote 1.4.0 - (IPSecDrv.sys) Remote Denial of Service SafeNet High Assurance Remote 1.4.0 - 'IPSecDrv.sys' Remote Denial of Service Yahoo! Messenger Webcam 8.1 - (Ywcvwr.dll) Download / Execute Exploit Yahoo! Messenger Webcam 8.1 - (Ywcupl.dll) Download / Execute Exploit Yahoo! Messenger Webcam 8.1 - 'Ywcvwr.dll' Download / Execute Exploit Yahoo! Messenger Webcam 8.1 - 'Ywcupl.dll' Download / Execute Exploit BarCode ActiveX Control BarCodeAx.dll 4.9 - Remote Overflow BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow NCTAudioEditor2 ActiveX DLL (NCTWMAFile2.dll 2.6.2.157) - Exploit NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - Exploit 6ALBlog - (newsid) SQL Injection 6ALBlog - 'newsid' SQL Injection Avaxswf.dll 1.0.0.1 from Avax Vector - ActiveX Arbitrary Data Write Avax Vector 'Avaxswf.dll' 1.0.0.1 - ActiveX Arbitrary Data Write HP Digital Imaging (hpqxml.dll 2.0.0.133) - Arbitrary Data Write Exploit HP Digital Imaging 'hpqxml.dll 2.0.0.133' - Arbitrary Data Write Exploit AMX Corp. VNC ActiveX Control - (AmxVnc.dll 1.0.13.0) Buffer Overflow AMX Corp. VNC ActiveX Control - 'AmxVnc.dll 1.0.13.0' Buffer Overflow HP Digital Imaging (hpqvwocx.dll 2.1.0.556) - SaveToFile() Exploit HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - SaveToFile() Exploit WinPcap 4.0 - NPF.SYS Privilege Elevation (PoC) WinPcap 4.0 - 'NPF.SYS' Privilege Elevation (PoC) Program Checker - (sasatl.dll 1.5.0.531) JavaScript Heap Spraying Exploit Program Checker - 'sasatl.dll 1.5.0.531' JavaScript Heap Spraying Exploit SecureBlackbox (PGPBBox.dll 5.1.0.112) - Arbitrary Data Write Exploit Program Checker - (sasatl.dll 1.5.0.531) DebugMsgLog Heap Spraying Exploit Symantec AntiVirus - symtdi.sys Privilege Escalation SecureBlackbox 'PGPBBox.dll 5.1.0.112' - Arbitrary Data Write Exploit Program Checker - 'sasatl.dll 1.5.0.531' DebugMsgLog Heap Spraying Exploit Symantec AntiVirus - 'symtdi.sys' Privilege Escalation Data Dynamics ActiveReport ActiveX - (actrpt2.dll 2.5) Insecure Method Data Dynamics ActiveReport ActiveX - 'actrpt2.dll 2.5' Insecure Method Zenturi NixonMyPrograms Class (sasatl.dll 1.5.0.531) - Remote Buffer Overflow Zenturi NixonMyPrograms Class 'sasatl.dll 1.5.0.531' - Remote Buffer Overflow PHP - PHP_gd2.dll imagepsloadfont Local Buffer Overflow (PoC) PHP - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC) VMware IntraProcessLogging.dll 5.5.3.42958 - Arbitrary Data Write Exploit VMware 'IntraProcessLogging.dll' 5.5.3.42958 - Arbitrary Data Write Exploit VMware Inc 6.0.0 - (vielib.dll 2.2.5.42958) Remode Code Execution VMware Inc 6.0.0 - 'vielib.dll 2.2.5.42958' Remode Code Execution CHILKAT ASP String - (CkString.dll 1.1) SaveToFile() Insecure Method CHILKAT ASP String - 'CkString.dll 1.1' SaveToFile() Insecure Method 2532/Gigs 1.2.1 - (activateuser.php) Local File Inclusion PHP 5.2.0 (Windows x86) - (PHP_iisfunc.dll) Local Buffer Overflow 2532/Gigs 1.2.1 - 'activateuser.php' Local File Inclusion PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow NVR SP2 2.0 (nvUnifiedControl.dll 1.1.45.0) - SetText() Remote Exploit NVR SP2 2.0 (nvUtility.dll 1.0.14.0) - SaveXMLFile() Insecure Method NVR SP2 2.0 (nvUtility.dll 1.0.14.0) - DeleteXMLFile() Insecure Method NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - SetText() Remote Exploit NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - SaveXMLFile() Insecure Method NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - DeleteXMLFile() Insecure Method Postcast Server Pro 3.0.61 - / Quiksoft EasyMail (emsmtp.dll 6.0.1) Buffer Overflow Postcast Server Pro 3.0.61 - / Quiksoft EasyMail 'emsmtp.dll 6.0.1' Buffer Overflow Norman Virus Control - nvcoaft51.sys ioctl BF672028 Exploit Norman Virus Control - 'nvcoaft51.sys' ioctl BF672028 Exploit PPStream - (PowerPlayer.dll 2.0.1.3829) ActiveX Remote Overflow PPStream - 'PowerPlayer.dll 2.0.1.3829' ActiveX Remote Overflow Yahoo! Messenger - (YVerInfo.dll 2007.8.27.1) ActiveX Buffer Overflow Yahoo! Messenger - 'YVerInfo.dll 2007.8.27.1' ActiveX Buffer Overflow GlobalLink 2.7.0.8 - glItemCom.dll SetInfo() Heap Overflow Trend Micro ServerProtect - eng50.dll Remote Stack Overflow GlobalLink 2.7.0.8 - 'glItemCom.dll' SetInfo() Heap Overflow Trend Micro ServerProtect - 'eng50.dll' Remote Stack Overflow GlobalLink 2.7.0.8 - glitemflat.dll SetClientInfo() Heap Overflow GlobalLink 2.7.0.8 - 'glitemflat.dll' SetClientInfo() Heap Overflow BaoFeng2 - mps.dll ActiveX Multiple Remote Buffer Overflow PoCs BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow PoCs Ultra Crypto Component - (CryptoX.dll 2.0) SaveToFile() Insecure Method Ultra Crypto Component - (CryptoX.dll 2.0) Remote Buffer Overflow Ultra Crypto Component - 'CryptoX.dll 2.0' SaveToFile() Insecure Method Ultra Crypto Component - 'CryptoX.dll 2.0' Remote Buffer Overflow Microsoft Visual Studio 6.0 - (VBTOVSI.dll 1.0.0.0) File Overwrite Microsoft Visual Studio 6.0 - 'VBTOVSI.dll 1.0.0.0' File Overwrite HP ActiveX - (hpqutil.dll ListFiles hpqutil.dll) Remote Heap Overflow (PoC) HP ActiveX - 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC) EasyMail MessagePrinter Object - (emprint.dll 6.0.1.0) Buffer Overflow EasyMail MessagePrinter Object - 'emprint.dll 6.0.1.0' Buffer Overflow EB Design Pty Ltd - (EBCRYPT.dll 2.0) Multiple Remote Vulnerabilities EB Design Pty Ltd - 'EBCRYPT.dll 2.0' Multiple Remote Vulnerabilities ActiveKB KnowledgeBase 2.x - (catId) SQL Injection ActiveKB KnowledgeBase 2.x - 'catId' SQL Injection actSite 1.991 Beta - (base.php) Remote File Inclusion actSite 1.991 Beta - 'base.php' Remote File Inclusion GOM Player 2.1.6.3499 - (GomWeb3.dll 1.0.0.12) Remote Overflow GOM Player 2.1.6.3499 - 'GomWeb3.dll 1.0.0.12' Remote Overflow Media Player Classic 6.4.9 MP4 - File Stack Overflow Microsoft Windows Media Player 6.4 MP4 - File Stack Overflow (PoC) Nullsoft Winamp 5.32 - MP4 Tags Stack Overflow Media Player Classic 6.4.9 - '.MP4' File Stack Overflow Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow (PoC) Nullsoft Winamp 5.32 - .MP4 Tags Stack Overflow Online Media Technologies AVSMJPEGFILE.DLL 1.1 - Remote Buffer Overflow (PoC) Online Media Technologies 'AVSMJPEGFILE.DLL 1.1' - Remote Buffer Overflow (PoC) AuraCMS 2.2 - (admin_users.php) Remote Add Administrator Exploit AuraCMS 2.2 - Remote Add Administrator IBM Domino Web Access 7.0 Upload Module - inotes6.dll Buffer Overflow Macrovision Installshield - isusweb.dll Overwrite (SEH) IBM Domino Web Access Upload Module - dwa7w.dll Buffer Overflow IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Buffer Overflow Macrovision Installshield - 'isusweb.dll' Overwrite (SEH) IBM Domino Web Access Upload Module - 'dwa7w.dll' Buffer Overflow 0DayDB 2.3 - 'delete id' Remote Authentication Bypass photokron 1.7 - (update script) Remote Database Disclosure 0DayDB 2.3 - 'id' Parameter Remote Authentication Bypass photokron 1.7 - Remote Database Disclosure NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) - Buffer Overflow Binn SBuilder - (nid) Blind SQL Injection NUVICO DVR NVDV4 / PdvrAtl Module 'PdvrAtl.DLL 1.0.1.25' - Buffer Overflow Binn SBuilder - 'nid' Parameter Blind SQL Injection Xforum 1.4 - (topic) SQL Injection Xforum 1.4 - 'topic' Parameter SQL Injection RichStrong CMS - 'showproduct.asp cat' SQL Injection RichStrong CMS - 'cat' Parameter SQL Injection LulieBlog 1.0.1 - (delete id) Remote Authentication Bypass Macrovision FlexNet - isusweb.dll DownloadAndExecute Method Exploit FaScript FaMp3 1.0 - (show.php) SQL Injection FaScript FaName 1.0 - (page.php) SQL Injection FaScript FaPersian Petition - 'show.php' SQL Injection FaScript FaPersianHack 1.0 - (show.php) SQL Injection RTS Sentry Digital Surveillance - (CamPanel.dll 2.1.0.2) Buffer Overflow Blog:CMS 4.2.1b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Aria 0.99-6 - 'effect.php' Local File Inclusion MailBee WebMail Pro 4.1 - (ASP.NET) Remote File Disclosure LulieBlog 1.0.1 - Remote Authentication Bypass Macrovision FlexNet - 'isusweb.dll' DownloadAndExecute Method Exploit FaScript FaMp3 1.0 - SQL Injection FaScript FaName 1.0 - SQL Injection FaScript FaPersian Petition - SQL Injection FaScript FaPersianHack 1.0 - SQL Injection RTS Sentry Digital Surveillance - 'CamPanel.dll 2.1.0.2' Buffer Overflow Blog:CMS 4.2.1b - SQL Injection / Cross-Site Scripting Aria 0.99-6 - 'page' Parameter Local File Inclusion MailBee WebMail Pro 4.1 - Remote File Disclosure PHP-RESIDENCE 0.7.2 - 'Search' SQL Injection PHP-RESIDENCE 0.7.2 - 'Search' Parameter SQL Injection Digital Data Communications - (RtspVaPgCtrl) Remote Buffer Overflow AuraCMS 1.62 - (stat.php) Remote Code Execution Digital Data Communications - 'RtspVaPgCtrl' Class Remote Buffer Overflow AuraCMS 1.62 - 'stat.php' Remote Code Execution OpenBSD 4.2 - rtlabel_id2name() Local Null Pointer Dereference Denial of Service OpenBSD 4.2 - 'rtlabel_id2name()' Local Null Pointer Dereference Dos Toshiba Surveillance - (MeIpCamX.dll 1.0.0.4) Remote Buffer Overflow Toshiba Surveillance - 'MeIpCamX.dll 1.0.0.4' Remote Buffer Overflow LulieBlog 1.02 - (voircom.php id) SQL Injection LulieBlog 1.02 - SQL Injection Sejoong Namo ActiveSquare 6 - NamoInstaller.dll install Method Exploit Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' install Method Exploit MailBee Objects 5.5 - (MailBee.dll) Remote Insecure Method Exploit MailBee Objects 5.5 - 'MailBee.dll' Remote Insecure Method Exploit SafeNet IPSecDrv.sys 10.4.0.12 - Local kernel Ring0 SYSTEM Exploit Chilkat Mail ActiveX 7.8 - (ChilkatCert.dll) Insecure Method Exploit SafeNet 'IPSecDrv.sys' 10.4.0.12 - Local kernel Ring0 SYSTEM Exploit Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method Exploit Chilkat FTP ActiveX 2.0 - (ChilkatCert.dll) Insecure Method Exploit Chilkat FTP ActiveX 2.0 - 'ChilkatCert.dll' Insecure Method Exploit Sejoong Namo ActiveSquare 6 - NamoInstaller.dll ActiveX Buffer Overflow Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' ActiveX Buffer Overflow Yahoo! JukeBox MediaGrid - ActiveX mediagrid.dll AddBitmap() Buffer Overflow Yahoo! JukeBox MediaGrid - ActiveX 'mediagrid.dll' AddBitmap() Buffer Overflow AuraCMS 2.2 - (gallery_data.php) SQL Injection AuraCMS 2.2 - 'albums' Pramater SQL Injection DESlock+ <= 3.2.6 - DLMFENC.sys Local Kernel Ring0 link list zero (PoC) DESlock+ <= 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC) DESlock+ <= 3.2.6 - DLMFDISK.sys Local kernel Ring0 SYSTEM Exploit DESlock+ <= 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit D-Link MPEG4 SHM Audio Control - (VAPGDecoder.dll 1.7.0.5) Buffer Overflow D-Link MPEG4 SHM Audio Control - 'VAPGDecoder.dll 1.7.0.5' Buffer Overflow KingSoft - UpdateOcx2.dll SetUninstallName() Heap Overflow (PoC) KingSoft - 'UpdateOcx2.dll' SetUninstallName() Heap Overflow (PoC) AuraCMS 2.2.1 - (online.php) Blind SQL Injection AuraCMS 2.2.1 - 'X-Forwarded-For' HTTP Header Blind SQL Injection AuraCMS 2.x - (user.php) Security Code Bypass / Add Administrator Exploit AuraCMS 2.x - 'user.php' Security Code Bypass / Add Administrator Real Player - rmoc3260.dll ActiveX Control Remote Code Execution Real Player - 'rmoc3260.dll' ActiveX Control Remote Code Execution Microsoft Works 7 - WkImgSrv.dll ActiveX Denial of Service (PoC) Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Denial of Service (PoC) 5th Avenue Shopping Cart - (category_id) SQL Injection 5th Avenue Shopping Cart - 'category_id' SQL Injection HP Software Update - (Hpufunction.dll 4.0.0.1) Insecure Method (PoC) HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method (PoC) Microsoft Works 7 - WkImgSrv.dll ActiveX Remote Buffer Overflow Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Remote Buffer Overflow Miniweb 2.0 - (historymonth) SQL Injection Miniweb 2.0 - 'historymonth' Parameter SQL Injection Admidio 1.4.8 - (getfile.php) Remote File Disclosure Admidio 1.4.8 - 'getfile.php' Remote File Disclosure muvee autoProducer 6.1 - (TextOut.dll) ActiveX Remote Buffer Overflow muvee autoProducer 6.1 - 'TextOut.dll' ActiveX Remote Buffer Overflow Deterministic Network Enhancer - dne2000.sys kernel Ring0 SYSTEM Exploit Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM Exploit Visual Basic Enterprise Edition SP6 - vb6skit.dll Buffer Overflow (PoC) Visual Basic Enterprise Edition SP6 - 'vb6skit.dll' Buffer Overflow (PoC) AcmlmBoard 1.A2 - (pow) SQL Injection AcmlmBoard 1.A2 - 'pow' SQL Injection CMailServer 5.4.6 - (CMailCOM.dll) Remote Overwrite (SEH) CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH) AuraCMS 2.2.2 - (pages_data.php) Arbitrary Edit/Add/Delete Exploit AuraCMS 2.2.2 - 'pages_data.php' Arbitrary Edit/Add/Delete Exploit NCTsoft - AudFile.dll ActiveX Control Remote Buffer Overflow NCTsoft - 'AudFile.dll' ActiveX Control Remote Buffer Overflow ABG Blocking Script 1.0a - (abg_path) Remote File Inclusion ABG Blocking Script 1.0a - 'abg_path' Remote File Inclusion VMware Workstation - (hcmon.sys 6.0.0.45731) Local Denial of Service VMware Workstation - 'hcmon.sys 6.0.0.45731' Local Denial of Service ACG-PTP 1.0.6 - (adid) SQL Injection ACG-PTP 1.0.6 - 'adid' SQL Injection Microsoft Windows Media Encoder XP SP2 - wmex.dll ActiveX Buffer Overflow (MS08-053) Microsoft Windows Media Encoder XP SP2 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) x10media mp3 search engine 1.5.5 - Remote File Inclusion X10media Mp3 Search Engine 1.5.5 - Remote File Inclusion addalink 4 - (category_id) SQL Injection addalink 4 - 'category_id' SQL Injection 6rbScript 3.3 - (singerid) SQL Injection 6rbScript 3.3 - 'singerid' SQL Injection DESlock+ 3.2.7 - (vdlptokn.sys) Local Denial of Service DESlock+ 3.2.7 - 'vdlptokn.sys' Local Denial of Service AdMan 1.1.20070907 - (campaignId) SQL Injection AdMan 1.1.20070907 - 'campaignId' SQL Injection Absolute Poll Manager XE 4.1 - (xlacomments.asp) SQL Injection Absolute Poll Manager XE 4.1 - 'xlacomments.asp' SQL Injection MW6 Datamatrix - ActiveX (Datamatrix.dll) Insecure Method Exploit MW6 PDF417 - ActiveX (MW6PDF417.dll) Remote Insecure Method Exploit MW6 Datamatrix - ActiveX 'Datamatrix.dll' Insecure Method Exploit MW6 PDF417 - ActiveX 'MW6PDF417.dll' Remote Insecure Method Exploit Article Publisher PRO 1.5 - (SQL Injection) Authentication Bypass Article Publisher PRO 1.5 - (Authentication Bypass) SQL Injection AJ ARTICLE - (SQL Injection) Remote Authentication Bypass AJ ARTICLE - (Authentication Bypass) SQL Injection Apoll 0.7b - (SQL Injection) Remote Authentication Bypass Apoll 0.7b - (Authentication Bypass) SQL Injection WEBBDOMAIN Petition 1.02/2.0/3.0 - (SQL Injection) Authentication Bypass WEBBDOMAIN Polls 1.01 - (SQL Injection) Authentication Bypass WEBBDOMAIN Petition 1.02/2.0/3.0 - (Authentication Bypass) SQL Injection WEBBDOMAIN Polls 1.01 - (Authentication Bypass) SQL Injection WEBBDOMAIN Webshop 1.02 - (SQL Injection) Authentication Bypass WEBBDOMAIN Webshop 1.02 - (Authentication Bypass) SQL Injection WEBBDOMAIN Post Card 1.02 - (SQL Injection) Authentication Bypass WEBBDOMAIN Post Card 1.02 - (Authentication Bypass) SQL Injection Anti-Keylogger Elite 3.3.0 - (AKEProtect.sys) Privilege Escalation Anti-Keylogger Elite 3.3.0 - 'AKEProtect.sys' Privilege Escalation Active Price Comparison 4 - (ProductID) Blind SQL Injection Active Price Comparison 4 - 'ProductID' Blind SQL Injection Active Test 2.1 - (QuizID) Blind SQL Injection Active Test 2.1 - 'QuizID' Blind SQL Injection EasyMail ActiveX - (emmailstore.dll 6.5.0.3) Buffer Overflow EasyMail ActiveX - 'emmailstore.dll 6.5.0.3' Buffer Overflow ESET Smart Security 3.0.672 - (epfw.sys) Privilege Escalation ESET Smart Security 3.0.672 - 'epfw.sys' Privilege Escalation PowerStrip 3.84 - (pstrip.sys) Privilege Escalation PowerStrip 3.84 - 'pstrip.sys' Privilege Escalation PGP Desktop 9.0.6 - (PGPwded.sys) Local Denial of Service PGP Desktop 9.0.6 - 'PGPwded.sys' Local Denial of Service Miniweb 2.0 - (Authentication Bypass) SQL Injection Miniweb 2.0 - SQL Injection (Authentication Bypass) MW6 Barcode ActiveX - (Barcode.dll) Remote Heap Overflow (PoC) MW6 Barcode ActiveX - 'Barcode.dll' Remote Heap Overflow (PoC) A Better Member-Based ASP Photo Gallery - (entry) SQL Injection A Better Member-Based ASP Photo Gallery - 'entry' SQL Injection mks_vir 9b < 1.2.0.0b297 - (mksmonen.sys) Privilege Escalation mks_vir 9b < 1.2.0.0b297 - 'mksmonen.sys' Privilege Escalation Morovia Barcode ActiveX 3.6.2 - (MrvBarCd.dll) Insecure Method Exploit Morovia Barcode ActiveX 3.6.2 - 'MrvBarCd.dll' Insecure Method Exploit CloneCD/DVD ElbyCDIO.sys < 6.0.3.2 - Privilege Escalation CloneCD/DVD 'ElbyCDIO.sys' < 6.0.3.2 - Privilege Escalation AdaptBB 1.0 - (topic_id) SQL Injection / Credentials Disclosure AdaptBB 1.0 - 'topic_id' SQL Injection / Credentials Disclosure X10Media Mp3 - Search Engine < 1.6.2 Admin Access X10media Mp3 Search Engine < 1.6.2 Admin Access Microsoft Media Player - (quartz.dll .mid) Denial of Service Microsoft Media Player - 'quartz.dll .mid' Denial of Service Microsoft Media Player - (quartz.dll .wav) Multiple Remote Denial of Service Vulnerabilities Microsoft Media Player - 'quartz.dll .wav' Multiple Remote Denial of Service Vulnerabilities ArcaVir 2009 < 9.4.320X.9 - (ps_drv.sys) Privilege Escalation ArcaVir 2009 < 9.4.320X.9 - 'ps_drv.sys' Privilege Escalation Roxio CinePlayer 3.2 - (SonicMediaPlayer.dll) Remote Buffer Overflow Roxio CinePlayer 3.2 - 'SonicMediaPlayer.dll' Remote Buffer Overflow Roxio CinePlayer 3.2 - (IAManager.dll) Remote Buffer Overflow (heap spray) Roxio CinePlayer 3.2 - 'IAManager.dll' Remote Buffer Overflow (heap spray) AdaptBB 1.0 - (forumspath) Remote File Inclusion AdaptBB 1.0 - 'forumspath' Remote File Inclusion Online Armor < 3.5.0.12 - (OAmon.sys) Privilege Escalation Online Armor < 3.5.0.12 - 'OAmon.sys' Privilege Escalation McAfee 3.6.0.608 - naPolicyManager.dll ActiveX Arbitrary Data Write McAfee 3.6.0.608 - 'naPolicyManager.dll' ActiveX Arbitrary Data Write DESlock+ 4.0.2 - dlpcrypt.sys Local Kernel Ring0 Code Execution DESlock+ 4.0.2 - 'dlpcrypt.sys' Local Kernel Ring0 Code Execution Soritong MP3 Player 1.0 - (SKIN) Local Stack Overflow (SEH) Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (SEH) Miniweb 2.0 Module Publisher - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Miniweb 2.0 Module Survey Pro - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Miniweb 2.0 Module Publisher - Blind SQL Injection / Cross-Site Scripting Miniweb 2.0 Module Survey Pro - Blind SQL Injection / Cross-Site Scripting TheGreenBow VPN Client - tgbvpn.sys Local Denial of Service TheGreenBow VPN Client - 'tgbvpn.sys' Local Denial of Service GDivX Zenith Player AviFixer Class - (fix.dll 1.0.0.1) Buffer Overflow (PoC) GDivX Zenith Player AviFixer Class - 'fix.dll 1.0.0.1' Buffer Overflow (PoC) Accommodation Hotel Booking Portal - (hotel_id) SQL Injection Accommodation Hotel Booking Portal - 'hotel_id' SQL Injection EasyMail Objects EMSMTP.DLL 6.0.1 - ActiveX Control Remote Buffer Overflow EasyMail Objects 'EMSMTP.DLL 6.0.1' - ActiveX Control Remote Buffer Overflow Mozilla Thunderbird 2.0.0.23 Mozilla SeaMonkey 2.0 - (jar50.dll) Null Pointer Dereference Mozilla Thunderbird 2.0.0.23 Mozilla SeaMonkey 2.0 - 'jar50.dll' Null Pointer Dereference Avast! 4.8.1351.0 AntiVirus - aswMon2.sys Kernel Memory Corruption Avast! 4.8.1351.0 AntiVirus - 'aswMon2.sys' Kernel Memory Corruption SAP GUI for Windows - sapirrfc.dll ActiveX Overflow SAP GUI for Windows - 'sapirrfc.dll' ActiveX Overflow Authentium SafeCentral 2.6 - shdrv.sys Local kernel Ring0 SYSTEM Exploit Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM Exploit Microsoft Internet Explorer - iepeers.dll Use-After-Free Exploit (Metasploit) Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free Exploit (Metasploit) Liquid XML Studio 2010 <= 8.061970 - (LtXmlComHelp8.dll) OpenFile() Remote Overflow Liquid XML Studio 2010 <= 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow SAFARI APPLE 4.0.5 - (object tag) (JavaScriptCore.dll) Denial of Service (Crash) SAFARI APPLE 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash) Multiple Vendor librpc.dll Signedness Error - Remote Code Execution Multiple Vendor 'librpc.dll' Signedness Error - Remote Code Execution Micropoint ProActive Denfense Mp110013.sys 1.3.10123.0 - Privilege Escalation Micropoint ProActive Denfense 'Mp110013.sys' 1.3.10123.0 - Privilege Escalation iMesh 7.1.0.x - (IMWeb.dll 7.0.0.x) Remote Heap Overflow iMesh 7.1.0.x - 'IMWeb.dll 7.0.0.x' Remote Heap Overflow avtech software (avc781viewer.dll) ActiveX - Multiple Vulnerabilities avtech software 'avc781viewer.dll' ActiveX - Multiple Vulnerabilities HP Operations Manager 8.16 - (srcvw4.dll) LoadFile()/SaveFile() Remote Unicode Stack Overflow (PoC) HP Operations Manager 8.16 - 'srcvw4.dll' LoadFile()/SaveFile() Remote Unicode Stack Overflow (PoC) ZipGenius 6.3.1.2552 - zgtips.dll Stack Buffer Overflow ZipGenius 6.3.1.2552 - 'zgtips.dll' Stack Buffer Overflow Avast! 4.7 - aavmker4.sys Privilege Escalation Avast! 4.7 - 'aavmker4.sys' Privilege Escalation Bigant Messenger 2.52 - (AntCore.dll) RegisterCom() Remote Heap Overflow Bigant Messenger 2.52 - 'AntCore.dll' RegisterCom() Remote Heap Overflow Apple Safari 4.0.5 - JavaScriptCore.dll Stack Exhaustion Apple Safari 4.0.5 - 'JavaScriptCore.dll' Stack Exhaustion 724CMS Enterprise 4.59 - (section.php) Local File Inclusion 724CMS Enterprise 4.59 - (section.php) SQL Injection 724CMS Enterprise 4.59 - 'section.php' Local File Inclusion 724CMS Enterprise 4.59 - 'section.php' SQL Injection MiniWebsvr 0.0.10 - Directory Traversal/Listing Exploits MiniWebsvr 0.0.10 - Directory Traversal / Listing 4Images 1.7.7 - (image_utils.php) Remote Command Execution 4Images 1.7.7 - 'image_utils.php' Remote Command Execution CommuniCrypt Mail 1.16 - (ANSMTP.dll/AOSMTP.dll) ActiveX CommuniCrypt Mail 1.16 - 'ANSMTP.dll/AOSMTP.dll' ActiveX Rumba FTP Client FTPSFtp.dll 4.2.0.0 - OpenSession() Buffer Overflow Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - OpenSession() Buffer Overflow Kingsoft Webshield KAVSafe.sys 2010.4.14.609 (2010.5.23) - Kernel Mode Privilege Escalation Kingsoft Webshield 'KAVSafe.sys' 2010.4.14.609 (2010.5.23) - Kernel Mode Privilege Escalation Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric Shellcode (67 bytes) Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes) AdaptCMS 2.0.0 Beta - (init.php) Remote File Inclusion AdaptCMS 2.0.0 Beta - 'init.php' Remote File Inclusion Microsoft - MSHTML.dll CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak Microsoft - 'MSHTML.dll' CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak Adobe Reader 9.3.2 - (CoolType.dll) Remote Memory Corruption / Denial of Service Adobe Reader 9.3.2 - 'CoolType.dll' Remote Memory Corruption / Denial of Service Zemana AntiLogger AntiLog32.sys 1.5.2.755 - Privilege Escalation Zemana AntiLogger 'AntiLog32.sys' 1.5.2.755 - Privilege Escalation Avast! Internet Security 5.0 - aswFW.sys kernel driver IOCTL Memory Pool Corruption Avast! Internet Security 5.0 - 'aswFW.sys' Kernel Driver IOCTL Memory Pool Corruption QQ Computer Manager - TSKsp.sys Local Denial of Service QQ Computer Manager - 'TSKsp.sys' Local Denial of Service SmartCode ServerX VNC Server ActiveX 1.1.5.0 - (scvncsrvx.dll) Denial of Service SmartCode ServerX VNC Server ActiveX 1.1.5.0 - 'scvncsrvx.dll' Denial of Service Adobe Dreamweaver CS5 11.0 build 4909 - 'mfc90loc.dll' DLL Hijacking Adobe Dreamweaver CS5 11.0 build 4909 - 'mfc90loc.dll' DLL Hijacking Microsoft Vista - (fveapi.dll) BitLocker Drive Encryption API Hijacking Exploit Microsoft Vista - 'fveapi.dll' BitLocker Drive Encryption API Hijacking Exploit Nvidia Driver - 'nview.dll' DLL Hijacking Nvidia Driver - 'nview.dll' DLL Hijacking Adobe Extension Manager CS5 5.0.298 - 'dwmapi.dll' DLL Hijacking Adobe Extension Manager CS5 5.0.298 - 'dwmapi.dll' DLL Hijacking Corel PHOTO-PAINT X3 13.0.0.576 - 'crlrib.dll' DLL Hijacking Corel PHOTO-PAINT X3 13.0.0.576 - 'crlrib.dll' DLL Hijacking Google Earth 5.1.3535.3218 - 'quserex.dll' DLL Hijacking Google Earth 5.1.3535.3218 - 'quserex.dll' DLL Hijacking LeadTools ActiveX Raster Twain 16.5 - (LtocxTwainu.dll) Buffer Overflow LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow Trend Micro Internet Security 2010 - ActiveX Remote Exploit (UfPBCtrl.DLL) Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Exploit A-Blog 2.0 - (sources/search.php) SQL Injection A-Blog 2.0 - 'sources/search.php' SQL Injection Microsoft DRM Technology (msnetobj.dll) ActiveX - Multiple Vulnerabilities Microsoft DRM Technology 'msnetobj.dll' ActiveX - Multiple Vulnerabilities Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - (SoftekATL.dll) Buffer Overflow (PoC) Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Buffer Overflow (PoC) VMware Workstation 7.1.1 - VMkbd.sys Denial of Service VMware Workstation 7.1.1 - 'VMkbd.sys' Denial of Service AuraCMS - 'pfd.php' SQL Injection AuraCMS 1.62 - 'pfd.php' SQL Injection Rising - RSNTGDI.sys Local Denial of Service Rising - 'RSNTGDI.sys' Local Denial of Service CA Internet Security Suite 2010 - KmxSbx.sys Kernel Pool Overflow CA Internet Security Suite 2010 - 'KmxSbx.sys' Kernel Pool Overflow Crystal Reports Viewer 12.0.0.549 - ActiveX Exploit (PrintControl.dll) Crystal Reports Viewer 12.0.0.549 - 'PrintControl.dll' ActiveX Exploit Irfanview 4.27 - JP2000.dll plugin Denial of Service Irfanview 4.27 - 'JP2000.dll' plugin Denial of Service Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys 2011.1.13.89 - Local Kernel Mode Denial of Service Kingsoft AntiVirus 2011 SP5.2 'KisKrnl.sys' 2011.1.13.89 - Local Kernel Mode Denial of Service Oracle Document Capture - empop3.dll Insecure Methods Oracle Document Capture - 'empop3.dll' Insecure Methods DESlock+ <= 4.1.10 - vdlptokn.sys Local Kernel Ring0 SYSTEM Exploit DESlock+ <= 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit Microsoft IIS - ISAPI w3who.dll Query String Overflow (Metasploit) Microsoft IIS - ISAPI nsiislog.dll ISAPI POST Overflow (Metasploit) Microsoft IIS - ISAPI FrontPage fp30reg.dll Chunked Overflow (Metasploit) Microsoft IIS - ISAPI 'w3who.dll' Query String Overflow (Metasploit) Microsoft IIS - ISAPI 'nsiislog.dll' ISAPI POST Overflow (Metasploit) Microsoft IIS - ISAPI FrontPage 'fp30reg.dll' Chunked Overflow (Metasploit) Microsoft Services - nwwks.dll (MS06-066) Microsoft Services - 'nwwks.dll' (MS06-066) Microsoft Services - nwapi32.dll (MS06-066) Microsoft Services - 'nwapi32.dll' (MS06-066) ISS - PAM.dll ICQ Parser Buffer Overflow (Metasploit) ISS - 'PAM.dll' ICQ Parser Buffer Overflow (Metasploit) Microsoft IIS 5.0 - WebDAV ntdll.dll Path Overflow (Metasploit) Microsoft IIS 5.0 - WebDAV 'ntdll.dll' Path Overflow (Metasploit) RealPlayer - ierpplug.dll ActiveX Control Playlist Name Buffer Overflow (Metasploit) RealPlayer - 'ierpplug.dll' ActiveX Control Playlist Name Buffer Overflow (Metasploit) Microsoft Windows Media Encoder 9 - wmex.dll ActiveX Buffer Overflow (Metasploit) Yahoo! Messenger - YVerInfo.dll ActiveX Control Buffer Overflow (Metasploit) Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (Metasploit) Yahoo! Messenger - 'YVerInfo.dll' ActiveX Control Buffer Overflow (Metasploit) WinDVD7 - IASystemInfo.dll ActiveX Control Buffer Overflow (Metasploit) WinDVD7 - 'IASystemInfo.dll' ActiveX Control Buffer Overflow (Metasploit) SonicWALL Aventail - epi.dll AuthCredential Format String (Metasploit) SonicWALL Aventail - 'epi.dll' AuthCredential Format String (Metasploit) BaoFeng Storm - mps.dll ActiveX OnBeforeVideoDownload Buffer Overflow (Metasploit) BaoFeng Storm - 'mps.dll' ActiveX OnBeforeVideoDownload Buffer Overflow (Metasploit) Ask.com Toolbar - askBar.dll ActiveX Control Buffer Overflow (Metasploit) Ask.com Toolbar - 'askBar.dll' ActiveX Control Buffer Overflow (Metasploit) Tumbleweed FileTransfer - vcst_eu.dll ActiveX Control Buffer Overflow (Metasploit) Tumbleweed FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit) RKD Software BarCodeAx.dll 4.9 - ActiveX Remote Stack Buffer Overflow (Metasploit) RKD Software 'BarCodeAx.dll' 4.9 - ActiveX Remote Stack Buffer Overflow (Metasploit) Juniper SSL-VPN IVE - JuniperSetupDLL.dll ActiveX Control Buffer Overflow (Metasploit) Juniper SSL-VPN IVE - 'JuniperSetupDLL.dll' ActiveX Control Buffer Overflow (Metasploit) RealPlayer - rmoc3260.dll ActiveX Control Heap Corruption (Metasploit) RealPlayer - 'rmoc3260.dll' ActiveX Control Heap Corruption (Metasploit) WebEx UCF - atucfobj.dll ActiveX NewObject Method Buffer Overflow (Metasploit) WebEx UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit) Winamp Ultravox Streaming Metadata (in_mp3.dll) - Buffer Overflow (Metasploit) Winamp Ultravox Streaming Metadata 'in_mp3.dll' - Buffer Overflow (Metasploit) DjVu - DjVu_ActiveX_MSOffice.dll ActiveX ComponentBuffer Overflow (Metasploit) DjVu - 'DjVu_ActiveX_MSOffice.dll' ActiveX ComponentBuffer Overflow (Metasploit) Microsoft Works 7 - WkImgSrv.dll WKsPictureInterface() ActiveX Exploit (Metasploit) Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX Exploit (Metasploit) AASync 2.2.1.0 - (Windows x86) Stack Buffer Overflow 'LIST' (Metasploit) AASync 2.2.1.0 (Windows x86) - Stack Buffer Overflow 'LIST' (Metasploit) BadBlue 2.5 - ext.dll Buffer Overflow (Metasploit) BadBlue 2.5 - 'ext.dll' Buffer Overflow (Metasploit) Amlibweb NetOpacs - webquery.dll Stack Buffer Overflow (Metasploit) Amlibweb NetOpacs - 'webquery.dll' Stack Buffer Overflow (Metasploit) Microsoft Windows Explorer 6.0.2900.5512 - (Shmedia.dll 6.0.2900.5512) AVI Preview Denial of Service (PoC) Microsoft Windows Explorer 6.0.2900.5512 - 'Shmedia.dll 6.0.2900.5512' AVI Preview Denial of Service (PoC) Microsoft Windows XP - afd.sys Local Kernel Denial of Service Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service Microsoft Visio - VISIODWG.dll DXF File Handling (Metasploit) Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (Metasploit) Microsoft Windows 7 SP1 - mrxdav.sys WebDav Privilege Escalation (MS16-016) Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) GDI+ - CreateDashedPath Integer Overflow in gdiplus.dll GDI+ - 'gdiplus.dll' CreateDashedPath Integer Overflow Kingsoft AntiVirus 2012 KisKrnl.sys 2011.7.8.913 - Local Kernel Mode Privilege Escalation Kingsoft AntiVirus 2012 'KisKrnl.sys' 2011.7.8.913 - Local Kernel Mode Privilege Escalation Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Based Buffer Overflow (PoC) Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC) VideoLAN VLC Media Player 1.1.11 - (libav) libavcodec_plugin.dll Denial of Service VideoLAN VLC Media Player 1.1.11 - (libav) 'libavcodec_plugin.dll' Denial of Service HP OpenView Network Node Manager - ov.dll _OVBuildPath Buffer Overflow (Metasploit) HP OpenView Network Node Manager - 'ov.dll' _OVBuildPath Buffer Overflow (Metasploit) VideoLAN VLC Media Player 1.2.0 - (libtaglib_pluggin.dll) Denial of Service VideoLAN VLC Media Player 1.2.0 - 'libtaglib_pluggin.dll' Denial of Service Tracker Software pdfSaver ActiveX 3.60 - (pdfxctrl.dll) Stack Buffer Overflow (SEH) Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) ASUS Net4Switch - ipswcom.dll ActiveX Stack Buffer Overflow (Metasploit) ASUS Net4Switch - 'ipswcom.dll' ActiveX Stack Buffer Overflow (Metasploit) Quest Toad for Oracle Explain Plan Display ActiveX Control - (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite (PoC) Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite (PoC) Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite (PoC) Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite (PoC) RealPlayer .mp4 - file handling memory Corruption RealPlayer - '.mp4' file handling memory Corruption D-Link DCS-5605 Network Surveillance - ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Quest InTrust 10.4.x - Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution D-Link DCS-5605 Network Surveillance - ActiveX Control 'DcsCliCtrl.dll' lstrcpyW Remote Buffer Overflow Quest InTrust 10.4.x - Annotation Objects ActiveX Control 'AnnotateX.dll' Uninitialized Pointer Remote Code Execution Microsoft IIS - MDAC msadcs.dll RDS DataStub Content-Type Overflow (Metasploit) Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (Metasploit) HP HP-UX 10.34 / ms Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 - Denial of Service HP HP-UX 10.34 / Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 - Denial of Service MDAC 2.1.2.4202.3 / ms Win NT 4.0/SP1-6 JET/ODBC Patch and RDS Fix - Registry Key Vulnerabilities MDAC 2.1.2.4202.3 / Microsoft Windows NT 4.0/SP1-6 JET/ODBC Patch and RDS Fix - Registry Key Vulnerabilities AdminStudio - LaunchHelp.dll ActiveX Arbitrary Code Execution (Metasploit) AdminStudio - 'LaunchHelp.dll' ActiveX Arbitrary Code Execution (Metasploit) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (1) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (2) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (1) Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (2) Microsoft Internet Explorer 4 / Outlook 2000/5.5 - MSHTML.dll Crash Microsoft Internet Explorer 4 / Outlook 2000/5.5 - 'MSHTML.dll' Crash MSI - NTIOLib.sys / WinIO.sys Local Privilege Escalation MSI - 'NTIOLib.sys' / 'WinIO.sys' Local Privilege Escalation Working Resources BadBlue 1.7 - ext.dll Cross-Site Scripting Working Resources BadBlue 1.7 - 'ext.dll' Cross-Site Scripting QQPlayer 3.7.892 - m2p quartz.dll Heap Pointer Overwrite (PoC) QQPlayer 3.7.892 - m2p 'quartz.dll' Heap Pointer Overwrite (PoC) Microsoft Windows XP/95/98/2000/NT 4 - Riched20.dll Attribute Buffer Overflow Microsoft Windows XP/95/98/2000/NT 4 - 'Riched20.dll' Attribute Buffer Overflow Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV ntdll.dll Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV ntdll.dll Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV ntdll.dll Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV ntdll.dll Buffer Overflow (4) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (4) Working Resources 1.7.x/2.15 BadBlue - ext.dll Command Execution Working Resources 1.7.x/2.15 BadBlue - 'ext.dll' Command Execution Microsoft Shlwapi.dll 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service Microsoft 'Shlwapi.dll' 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service Microsoft Internet Explorer 5 - Remote URLMON.dll Buffer Overflow Microsoft Internet Explorer 5 - Remote 'URLMON.dll' Buffer Overflow Novell NetIQ Privileged User Manager 2.3.1 - auth.dll pa_modify_accounts() Remote Code Execution Novell NetIQ Privileged User Manager 2.3.1 - ldapagnt.dll ldapagnt_eval() Perl Code Evaluation Remote Code Execution Novell NetIQ Privileged User Manager 2.3.1 - 'auth.dll' pa_modify_accounts() Remote Code Execution Novell NetIQ Privileged User Manager 2.3.1 - 'ldapagnt.dll' ldapagnt_eval() Perl Code Evaluation Remote Code Execution Microsoft Windows 2000/NT 4 Media Services - nsiislog.dll Remote Buffer Overflow Microsoft Windows 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin IN_MIDI.dll Track Data Size Buffer Overflow NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow myServer 0.4.x - cgi-lib.dll Remote Buffer Overflow myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow Nvidia Install Application 2.1002.85.551 - (NVI2.dll) Unicode Buffer Overflow (PoC) Nvidia Install Application 2.1002.85.551 - 'NVI2.dll' Unicode Buffer Overflow (PoC) Microsoft ListBox/ComboBox Control - User32.dll Function Buffer Overrun Microsoft ListBox/ComboBox Control - 'User32.dll' Function Buffer Overrun Irfanview 4.33 - IMXCF.dll Plugin Code Execution Irfanview 4.33 - 'IMXCF.dll' Plugin Code Execution Centrinity FirstClass HTTP Server 7.1 - Directory Disclosure Centrinity FirstClass HTTP Server 7.1 - Directory Disclosure YaSoft Switch Off 2.3 - swnet.dll Remote Buffer Overflow YaSoft Switch Off 2.3 - 'swnet.dll' Remote Buffer Overflow Symantec Client Firewall Products 5 - SYMNDIS.SYS Driver Remote Denial of Service Symantec Client Firewall Products 5 - 'SYMNDIS.SYS' Driver Remote Denial of Service Panda ActiveScan 5.0 - ascontrol.dll Remote Heap Overflow Panda ActiveScan 5.0 - ascontrol.dll Denial of Service Panda ActiveScan 5.0 - 'ascontrol.dll' Remote Heap Overflow Panda ActiveScan 5.0 - 'ascontrol.dll' Denial of Service Foxit Reader 5.4.4.1128 Firefox Plugin - npFoxitReaderPlugin.dll Stack Buffer Overflow Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow Yahoo! Messenger 5.6 - YInsthelper.dll Multiple Buffer Overflow Vulnerabilities Yahoo! Messenger 5.6 - 'YInsthelper.dll' Multiple Buffer Overflow Vulnerabilities Novell Groupwise Client - gwcls1.dll ActiveX Remote Code Execution (Metasploit) Novell Groupwise Client - 'gwcls1.dll' ActiveX Remote Code Execution (Metasploit) F-Secure Policy Manager 5.11 - FSMSH.dll CGI Application Installation Full Path Disclosure F-Secure Policy Manager 5.11 - 'FSMSH.dll' CGI Application Installation Full Path Disclosure Mitsubishi MX ActiveX Component 3 - (ActUWzd.dll (WzTitle)) Remote Exploit Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' (WzTitle) Remote Exploit Easy DVD Player 3.5.1 - (libav) libavcodec_plugin.dll Denial of Service Easy DVD Player 3.5.1 - (libav) 'libavcodec_plugin.dll' Denial of Service Nullsoft Winamp 5.0.x - Variant IN_CDDA.dll Remote Buffer Overflow Nullsoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow WPS Office - Wpsio.dll Stack Buffer Overflow WPS Office - 'Wpsio.dll' Stack Buffer Overflow AN HTTPD - CMDIS.dll Remote Buffer Overflow AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow MiniWeb HTTP Server (build 300) - Crash (PoC) MiniWeb HTTP Server 300 - Crash (PoC) Sigma ISP Manager 6.6 - Sigmaweb.dll SQL Injection Sigma ISP Manager 6.6 - 'Sigmaweb.dll' SQL Injection SAS Integration Technologies Client 9.31_M1 (SASspk.dll) - Stack Based Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow Microsoft Windows 98SE - User32.dll Icon Handling Denial of Service Microsoft Windows 98SE - 'User32.dll' Icon Handling Denial of Service Oracle WebCenter Content - CheckOutAndOpen.dll ActiveX Remote Code Execution (Metasploit) Oracle WebCenter Content - 'CheckOutAndOpen.dll' ActiveX Remote Code Execution (Metasploit) Microsoft Visual Studio .NET - msdds.dll Remote Code Execution Microsoft Visual Studio .NET - 'msdds.dll' Remote Code Execution TP-Link PS110U Print Server TL - Sensitive Information Enumeration TP-Link PS110U Print Server TL - Sensitive Information Enumeration Novell Client 2 SP3 - nicm.sys Privilege Escalation (Metasploit) Novell Client 2 SP3 - 'nicm.sys' Privilege Escalation (Metasploit) StarUML - WinGraphviz.dll ActiveX Buffer Overflow StarUML - 'WinGraphviz.dll' ActiveX Buffer Overflow MiniWeb (Build 300) - Arbitrary File Upload (Metasploit) MiniWeb 300 - Arbitrary File Upload (Metasploit) Yahoo! Messenger 7.0/7.5 - jscript.dll Non-ASCII Character Denial of Service Yahoo! Messenger 7.0/7.5 - 'jscript.dll' Non-ASCII Character Denial of Service Microsoft PowerPoint 2003 - mso.dll PPT Processing Unspecified Code Execution Microsoft PowerPoint 2003 - 'mso.dll' .PPT Processing Unspecified Code Execution Agnitum Outpost Firewall 3.5.631 - FiltNT.SYS Local Denial of Service Agnitum Outpost Firewall 3.5.631 - 'FiltNT.SYS' Local Denial of Service Microsoft Internet Explorer 6 - IMSKDIC.dll Denial of Service Microsoft Internet Explorer 6 - 'IMSKDIC.dll' Denial of Service Microsoft Internet Explorer 6 - MSOE.dll Denial of Service Microsoft Internet Explorer 6 - 'MSOE.dll' Denial of Service Microsoft Internet Explorer 6 - TSUserEX.dll ActiveX Control Memory Corruption Microsoft Internet Explorer 6 - 'TSUserEX.dll' ActiveX Control Memory Corruption Computer Associates Personal Firewall 9.0 - HIPS Driver (kmxfw.sys) Privilege Escalation Computer Associates Personal Firewall 9.0 - HIPS Driver (kmxstart.sys) Privilege Escalation Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxfw.sys' Privilege Escalation Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxstart.sys' Privilege Escalation Avira Internet Security - avipbb.sys Filter Bypass / Privilege Escalation Avira Internet Security - 'avipbb.sys' Filter Bypass / Privilege Escalation Novell Client 4.91 - NWSPOOL.dll Remote Buffer Overflow Novell Client 4.91 - 'NWSPOOL.dll' Remote Buffer Overflow FortKnox Personal Firewall 9.0.305.0 / 10.0.305.0 - Kernel Driver (fortknoxfw.sys) Memory Corruption FortKnox Personal Firewall 9.0.305.0 / 10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption Kerio Personal Firewall 4.3 - IPHLPAPI.dll Privilege Escalation Kerio Personal Firewall 4.3 - 'IPHLPAPI.dll' Privilege Escalation PrecisionID Barcode - PrecisionID_Barcode.dll ActiveX 1.9 Control Arbitrary File Overwrite PrecisionID Barcode - 'PrecisionID_Barcode.dll' ActiveX 1.9 Control Arbitrary File Overwrite CA Multiple Products Console Server and InoCore.dll - Remote Code Execution Vulnerabilities CA Multiple Products Console Server and 'InoCore.dll' - Remote Code Execution Vulnerabilities SSC DiskAccess NFS Client - DAPCNFSD.dll Stack Buffer Overflow SSC DiskAccess NFS Client - 'DAPCNFSD.dll' Stack Buffer Overflow Comodo Firewall 2.3.6 - CMDMon.SYS Multiple Denial of Service Vulnerabilities Comodo Firewall 2.3.6 - 'CMDMon.SYS' Multiple Denial of Service Vulnerabilities Microsoft Windows XP/2000 - WinMM.dll .WAV Files Remote Denial of Service Microsoft Windows XP/2000 - 'WinMM.dll' .WAV Files Remote Denial of Service Symantec SYMTDI.SYS Device Driver - Local Denial of Service Symantec 'SYMTDI.SYS' Device Driver - Local Denial of Service eSellerate SDK 3.6.5 - eSellerateControl365.dll ActiveX Control Buffer Overflow eSellerate SDK 3.6.5 - 'eSellerateControl365.dll' ActiveX Control Buffer Overflow NextPage LivePublish 2.02 - LPEXT.dll Cross-Site Scripting NextPage LivePublish 2.02 - 'LPEXT.dll' Cross-Site Scripting Sienzo Digital Music Mentor - DSKernel2.dll ActiveX Control Stack Buffer Overflow Sienzo Digital Music Mentor - 'DSKernel2.dll' ActiveX Control Stack Buffer Overflow Roxio CinePlayer 3.2 - SonicDVDDashVRNav.dll ActiveX Control Remote Buffer Overflow Roxio CinePlayer 3.2 - 'SonicDVDDashVRNav.dll' ActiveX Control Remote Buffer Overflow Dart ZipLite Compression 1.8.5.3 - DartZipLite.dll ActiveX Control Buffer Overflow Dart ZipLite Compression 1.8.5.3 - 'DartZipLite.dll' ActiveX Control Buffer Overflow F-Secure Policy Manager 7.00 - FSMSH.dll Remote Denial of Service Apple Safari 3.0.1 for Windows - Corefoundation.dll Denial of Service F-Secure Policy Manager 7.00 - 'FSMSH.dll' Remote Denial of Service Apple Safari 3.0.1 for Windows - 'Corefoundation.dll' Denial of Service VMware Tools 3.1 - HGFS.Sys Privilege Escalation VMware Tools 3.1 - 'HGFS.Sys' Privilege Escalation Microsoft Windows Kernel win32k.sys - Integer Overflow (MS13-101) Microsoft Windows Kernel 'win32k.sys' - Integer Overflow (MS13-101) Baidu Soba Search Bar 5.4 - BaiduBar.dll ActiveX Control Remote Code Execution Baidu Soba Search Bar 5.4 - 'BaiduBar.dll' ActiveX Control Remote Code Execution Microsoft Internet Explorer 5.0.1 - TBLinf32.dll ActiveX Control Remote Code Execution Microsoft Internet Explorer 5.0.1 - 'TBLinf32.dll' ActiveX Control Remote Code Execution Microsoft Internet Explorer 5.0.1 - Vector Markup Language VGX.dll Remote Buffer Overflow Microsoft Internet Explorer 5.0.1 - Vector Markup Language 'VGX.dll' Remote Buffer Overflow Yahoo! Messenger 8.1 - KDU_V32M.DLL Remote Denial of Service Yahoo! Messenger 8.1 - 'KDU_V32M.DLL' Remote Denial of Service BitDefender AntiVirus 2008 - bdelev.dll ActiveX Control Double-Free BitDefender AntiVirus 2008 - 'bdelev.dll' ActiveX Control Double-Free AkkyWareHOUSE 7-zip32.dll 4.42 - Heap Based Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow Microsoft Agent agentdpv.dll ActiveX Control - Malformed URL Stack Buffer Overflow Microsoft Agent - 'agentdpv.dll' ActiveX Control Malformed URL Stack Buffer Overflow Macrovision SafeDisc - SecDRV.SYS Method_Neither Privilege Escalation SpeedFan - Speedfan.sys Privilege Escalation Macrovision SafeDisc - 'SecDRV.SYS' Method_Neither Privilege Escalation SpeedFan - 'Speedfan.sys' Privilege Escalation RealPlayer 10.0/10.5/11 - ierpplug.dll ActiveX Control Import Playlist Name Stack Buffer Overflow RealPlayer 10.0/10.5/11 - 'ierpplug.dll' ActiveX Control Import Playlist Name Stack Buffer Overflow GWExtranet 3.0 - Scp.dll Multiple HTML Injection Vulnerabilities GWExtranet 3.0 - 'Scp.dll' Multiple HTML Injection Vulnerabilities RealMedia RealPlayer 10.5/11 - ierpplug.dll PlayerProperty ActiveX Control Buffer Overflow RealMedia RealPlayer 10.5/11 - 'ierpplug.dll' PlayerProperty ActiveX Control Buffer Overflow AuraCMS 2.2 - 'lihatberita' Module 'id' Parameter SQL Injection AuraCMS 2.2 - 'lihatberita' Module SQL Injection Panda Internet Security/AntiVirus+Firewall 2008 - CPoint.sys Memory Corruption Panda Internet Security/AntiVirus+Firewall 2008 - 'CPoint.sys' Memory Corruption SAP Internet Transaction Server 6200.1017.50954.0 - Bu WGate wgate.dll ~service Parameter Cross-Site Scripting SAP Internet Transaction Server 6200.1017.50954.0 - Bu WGate 'wgate.dll' ~service Parameter Cross-Site Scripting Anti-Trojan Elite 4.2.1 - Atepmon.sys IOCTL Request Local Overflow Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow Symantec Multiple Products - Client Proxy ActiveX (CLIproxy.dll) Remote Overflow Symantec Multiple Products - Client Proxy ActiveX 'CLIproxy.dll' Remote Overflow Microsoft Windows XP SP3 - MQAC.sys Arbitrary Write Privilege Escalation Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation Microsoft Windows XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation Microsoft Windows XP SP3 - 'BthPan.sys' Arbitrary Write Privilege Escalation VirtualBox Guest Additions - VBoxGuest.sys Privilege Escalation (Metasploit) VirtualBox Guest Additions - 'VBoxGuest.sys' Privilege Escalation (Metasploit) AuraCMS 1.62 - 'pdf.php' SQL Injection VMware Workstations 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read Netgear WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit Netgear WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit Microsoft Windows 8.1 (x86/x64) - (ahcache.sys/NtApphelpCacheControl) Privilege Escalation Microsoft Windows 8.1 (x86/x64) - 'ahcache.sys' NtApphelpCacheControl Privilege Escalation JetAudio 8.1.3 - (Corrupted mp4) Crash (PoC) JetAudio 8.1.3 - '.mp4' Crash (PoC) Microsoft Windows - HTTP.sys PoC (MS15-034) Microsoft Windows - 'HTTP.sys' PoC (MS15-034) MS Windows (HTTP.sys) - HTTP Request Parsing Denial of Service (MS15-034) Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034) Microsoft Windows - CNG.SYS Kernel Security Feature Bypass PoC (MS15-052) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass PoC (MS15-052) FinePlayer 2.20 (.mp4) - Crash (PoC) FinePlayer 2.20 - '.mp4' Crash (PoC) Microsoft Office 2007 - wwlib.dll fcPlcfFldMom Uninitialized Heap Usage Microsoft Office 2007 - wwlib.dll Type Confusion (MS15-081) Microsoft Office 2007 - OGL.dll DpOutputSpanStretch::OutputSpan Out of Bounds Write (MS15-080) Microsoft Office 2007 - mso.dll Arbitrary Free (MS15-081) Microsoft Office 2007 - mso.dll Use-After-Free (MS15-081) Microsoft Office 2007 - 'wwlib.dll' fcPlcfFldMom Uninitialized Heap Usage Microsoft Office 2007 - 'wwlib.dll' Type Confusion (MS15-081) Microsoft Office 2007 - 'OGL.dll' DpOutputSpanStretch::OutputSpan Out of Bounds Write (MS15-080) Microsoft Office 2007 - 'mso.dll' Arbitrary Free (MS15-081) Microsoft Office 2007 - 'mso.dll' Use-After-Free (MS15-081) Microsoft Windows - ATMFD.DLL Out-of-Bounds Read Due to - Malformed FDSelect Offset in the CFF Table Microsoft Windows - ATMFD.DLL Out-of-Bounds Read Due to - Malformed Name INDEX in the CFF Table Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed FDSelect Offset in the CFF Table Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed Name INDEX in the CFF Table Microsoft Windows - ATMFD.DLL Write to Uninitialized Address Due to - Malformed CFF Table Microsoft Windows - ATMFD.dll CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access Microsoft Windows - ATMFD.DLL CFF table (ATMFD+0x34072 - / ATMFD+0x3407b) Invalid Memory Access Microsoft Windows - ATMFD.dll CharString Stream Out-of-Bounds Reads Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to - Malformed CFF Table Microsoft Windows - 'ATMFD.dll' CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 - / ATMFD+0x3407b) Invalid Memory Access Microsoft Windows - 'ATMFD.dll' CharString Stream Out-of-Bounds Reads Microsoft Office 2007 - msxml5.dll Crash (PoC) Microsoft Office 2007 - 'msxml5.dll' Crash (PoC) Microsoft Office 2007 - OGL.dll ValidateBitmapInfo Bounds Check Failure (MS15-097) Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097) Microsoft Windows - Kernel win32k.sys Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows - Kernel win32k.sys Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows - Kernel 'win32k.sys' Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Windows - Kernel 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115) Microsoft Office / COM Object - els.dll DLL Planting (MS15-134) Microsoft Office / COM Object - 'els.dll' DLL Planting (MS15-134) Microsoft Office / COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132) Microsoft Office / COM Object - DLL Planting with 'comsvcs.dll' Delay Load of 'mqrt.dll' (MS15-132) Microsoft Windows devenum.dll!DeviceMoniker::Load() - Heap Corruption Buffer Underflow (MS16-007) Microsoft Office - COM Object DLL Planting with WMALFXGFXDSP.dll (MS16-007) Microsoft Windows = devenum.dll!DeviceMoniker::Load() Heap Corruption Buffer Underflow (MS16-007) Microsoft Office - COM Object DLL Planting with 'WMALFXGFXDSP.dll' (MS16-007) QuickHeal 16.00 - webssx.sys Driver Denial of Service QuickHeal 16.00 - 'webssx.sys' Driver Denial of Service Comodo Anti-Virus - SHFolder.dll Local Privilege Elevation Exploit Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Elevation Exploit Microsoft Windows - Kernel ATMFD.dll OTF Font Processing Pool-Based Buffer Overflow (MS16-026) Microsoft Windows - Kernel ATMFD.dll OTF Font Processing Stack Corruption (MS16-026) Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026) Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026) Hyper-V - vmswitch.sys VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow Hyper-V - 'vmswitch.sys' VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow Microsoft Windows - Kernel win32k.sys TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039) Microsoft Windows - Kernel 'win32k.sys' TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039) Adobe Flash - MP4 File Stack Corruption Adobe Flash - .MP4 File Stack Corruption Microsoft Windows - gdi32.dll Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055) Microsoft Windows - gdi32.dll Multiple Issues in the EMF COMMENT_MULTIFORMATS Record Handling (MS16-055) Microsoft Windows - gdi32.dll Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple Issues in the EMF COMMENT_MULTIFORMATS Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - Kernel ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074) Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - Kernel 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074) VMware Virtual Machine Communication Interface (VMCI) vmci.sys - (PoC) VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC) Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067) Microsoft Windows - 'NetAPI32.dll' Code Execution (Python) (MS08-067) SAP Adaptive Server Enterprise 16 - Denial of Service SAP Adaptive Server Enterprise 16 - Denial of Service Boonex Dolphin 7.3.2 - Authentication Bypass SmallFTPd 1.0.3 - 'mkd' Command Denial of Service Komfy Switch with Camera DKZ-201S/W - WiFi Password Disclosure |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).