A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security 1e70058c1e DB: 2016-10-27
3 new exploits

ProFTPd 1.2.9RC1 - (mod_sql) SQL Injection
ProFTPd 1.2.9RC1 - 'mod_sql' SQL Injection

OpenBSD - (ibcs2_exec) Kernel Local Exploit
OpenBSD - 'ibcs2_exec' Kernel Local Exploit

Microsoft FrontPage Server Extensions - fp30reg.dll Exploit (MS03-051)
Microsoft FrontPage Server Extensions - 'fp30reg.dll' Exploit (MS03-051)
IA WebMail 3.x - (iaregdll.dll 1.0.0.5) Remote Exploit
OpenBSD 2.x < 3.3 - exec_ibcs2_coff_prep_zmagic() Kernel Exploit
IA WebMail 3.x - 'iaregdll.dll 1.0.0.5' Remote Exploit
OpenBSD 2.x < 3.3 - 'exec_ibcs2_coff_prep_zmagic()' kernel stack overflow

Foxmail 5.0 - PunyLib.dll Remote Stack Overflow
Foxmail 5.0 - 'PunyLib.dll' Remote Stack Overflow

Microsoft Windows - Lsasrv.dll RPC Remote Buffer Overflow (MS04-011)
Microsoft Windows - 'Lsasrv.dll' RPC Remote Buffer Overflow (MS04-011)

Microsoft Windows 2000/XP - Lsasrv.dll Remote Universal Exploit (MS04-011)
Microsoft Windows 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011)

Winamp 5.06 - IN_CDDA.dll Remote Buffer Overflow
Winamp 5.06 - 'IN_CDDA.dll' Remote Buffer Overflow

Microsoft Jet Database - (msjet40.dll) Reverse Shell Exploit (1)
Microsoft Jet Database - 'msjet40.dll' Reverse Shell Exploit (1)

Microsoft Jet Database - (msjet40.dll) Reverse Shell Exploit (2)
Microsoft Jet Database - 'msjet40.dll' Reverse Shell Exploit (2)

Microsoft Internet Explorer - (blnmgr.dll) COM Object Remote Exploit (MS05-038)
Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote Exploit (MS05-038)

Microsoft Internet Explorer 6 - (mshtml.dll datasrc) Denial of Service
Microsoft Internet Explorer 6 - 'mshtml.dll datasrc' Denial of Service

Microsoft Internet Explorer 6 - (mshtml.dll div) Denial of Service
Microsoft Internet Explorer 6 - 'mshtml.dll div' Denial of Service

Microsoft Internet Explorer 7.0 Beta 2 - (urlmon.dll) Denial of Service
Microsoft Internet Explorer 7.0 Beta 2 - 'urlmon.dll' Denial of Service

Admbook 1.2.2 - (x-forwarded-for) Remote Command Execution
Admbook 1.2.2 - 'x-forwarded-for' Remote Command Execution

Microsoft Internet Explorer 6 - (script action handlers) (mshtml.dll) Denial of Service
Microsoft Internet Explorer 6 - (script action handlers) 'mshtml.dll' Denial of Service

Microsoft Internet Explorer 6 - (mshtml.dll checkbox) Crash
Microsoft Internet Explorer 6 - 'mshtml.dll checkbox' Crash

Total Commander 6.x - (unacev2.dll) Buffer Overflow (PoC)
Total Commander 6.x - 'unacev2.dll' Buffer Overflow (PoC)

Mozilla Firefox 1.5.0.2 - (js320.dll/xpcom_core.dll) Denial of Service (PoC)
Mozilla Firefox 1.5.0.2 - 'js320.dll/xpcom_core.dll' Denial of Service (PoC)

Aardvark Topsites PHP 4.2.2 - (path) Remote File Inclusion
Aardvark Topsites PHP 4.2.2 - 'path' Remote File Inclusion

Aardvark Topsites PHP 4.2.2 - (lostpw.php) Remote File Inclusion
Aardvark Topsites PHP 4.2.2 - 'lostpw.php' Remote File Inclusion

ACal 2.2.6 - (day.php) Remote File Inclusion
ACal 2.2.6 - 'day.php' Remote File Inclusion

Ad Manager Pro 2.6 - (ipath) Remote File Inclusion
Ad Manager Pro 2.6 - 'ipath' Remote File Inclusion

A-Blog 2.0 - (menu.php) Remote File Inclusion
A-Blog 2.0 - 'menu.php' Remote File Inclusion

2BGal 3.0 - (admin/configuration.inc.php) Local Inclusion Exploit
2BGal 3.0 - 'admin/configuration.inc.php' Local Inclusion Exploit

a-ConMan 3.2b - (common.inc.php) Remote File Inclusion
a-ConMan 3.2b - 'common.inc.php' Remote File Inclusion

RealPlayer 10.5 ierpplug.dll Internet Explorer 7 - Denial of Service
RealPlayer 10.5 'ierpplug.dll' Internet Explorer 7 - Denial of Service

Macromedia Shockwave 10 (SwDir.dll) Internet Explorer 7 - Denial of Service
Macromedia Shockwave 10 'SwDir.dll' Internet Explorer 7 - Denial of Service

Microsoft Windows - NtRaiseHardError Csrss.exe-winsrv.dll Double-Free
Microsoft Windows - NtRaiseHardError 'Csrss.exe/winsrv.dll' Double-Free

BrowseDialog Class (ccrpbds6.dll) Internet Explorer 7 - Denial of Service
BrowseDialog Class 'ccrpbds6.dll' Internet Explorer 7 - Denial of Service

DivX Player 6.4.1 - (DivXBrowserPlugin npdivx32.dll) IE Denial of Service
DivX Player 6.4.1 - DivXBrowserPlugin 'npdivx32.dll' IE Denial of Service

ACGVclick 0.2.0 - (path) Remote File Inclusion
ACGVclick 0.2.0 - 'path' Remote File Inclusion

ACGVannu 1.3 - (index2.php) Remote User Pass Change
ACGVannu 1.3 - 'index2.php' Remote User Pass Change

CA BrightStor ARCserve 11.5.2.0 - (catirpc.dll) RPC Server Denial of Service
CA BrightStor ARCserve 11.5.2.0 - 'catirpc.dll' RPC Server Denial of Service

DivX Web Player 1.3.0 - (npdivx32.dll) Remote Denial of Service
DivX Web Player 1.3.0 - 'npdivx32.dll' Remote Denial of Service

Macromedia 10.1.4.20 - SwDir.dll Internet Explorer Stack Overflow Denial of Service
Macromedia 10.1.4.20 - 'SwDir.dll' Internet Explorer Stack Overflow Denial of Service

Adobe Reader plugin AcroPDF.dll 8.0.0.0 - Resource Consumption
Adobe Reader Plugin 'AcroPDF.dll' 8.0.0.0 - Resource Consumption

NetSprint Toolbar - ActiveX toolbar.dll Denial of Service (PoC)
NetSprint Toolbar - ActiveX 'toolbar.dll' Denial of Service (PoC)

ActSoft DVD-Tools - (dvdtools.ocx 3.8.5.0) Stack Overflow
ActSoft DVD-Tools - 'dvdtools.ocx 3.8.5.0' Stack Overflow

SmartCode VNC Manager 3.6 - (scvncctrl.dll) Denial of Service
SmartCode VNC Manager 3.6 - 'scvncctrl.dll' Denial of Service
Barcodewiz ActiveX Control 2.52 - (Barcodewiz.dll) Overwrite (SEH)
Barcodewiz ActiveX Control 2.0 - (Barcodewiz.dll) Remote Buffer Overflow (PoC)
Barcodewiz ActiveX Control 2.52 - 'Barcodewiz.dll' Overwrite (SEH)
Barcodewiz ActiveX Control 2.0 - 'Barcodewiz.dll' Remote Buffer Overflow (PoC)

Remote Display Dev kit 1.2.1.0 - RControl.dll Denial of Service
Remote Display Dev kit 1.2.1.0 - 'RControl.dll' Denial of Service

Hewlett Packard 1.0.0.309 - hpqvwocx.dll ActiveX Magview Overflow (PoC)
Hewlett Packard 1.0.0.309 - 'hpqvwocx.dll' ActiveX Magview Overflow (PoC)

Virtual CD 9.0.0.2 - (vc9api.DLL) Remote Shell Commands Execution Exploit
Virtual CD 9.0.0.2 - 'vc9api.DLL' Remote Shell Commands Execution Exploit

LeadTools Raster ISIS Object (LTRIS14e.DLL 14.5.0.44) - Remote Buffer Overflow
LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow

Vivotek Motion Jpeg Control - (MjpegDecoder.dll 2.0.0.13) Remote Exploit
Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote Exploit

Microsoft Internet Explorer 6 / Provideo Camimage - (ISSCamControl.dll 1.0.1.5) Remote Buffer Overflow
Microsoft Internet Explorer 6 / Provideo Camimage - 'ISSCamControl.dll 1.0.1.5' Remote Buffer Overflow

SafeNet High Assurance Remote 1.4.0 - (IPSecDrv.sys) Remote Denial of Service
SafeNet High Assurance Remote 1.4.0 - 'IPSecDrv.sys' Remote Denial of Service
Yahoo! Messenger Webcam 8.1 - (Ywcvwr.dll) Download / Execute Exploit
Yahoo! Messenger Webcam 8.1 - (Ywcupl.dll) Download / Execute Exploit
Yahoo! Messenger Webcam 8.1 - 'Ywcvwr.dll' Download / Execute Exploit
Yahoo! Messenger Webcam 8.1 - 'Ywcupl.dll' Download / Execute Exploit

BarCode ActiveX Control BarCodeAx.dll 4.9 - Remote Overflow
BarCode ActiveX Control 'BarCodeAx.dll' 4.9 - Remote Overflow

NCTAudioEditor2 ActiveX DLL (NCTWMAFile2.dll 2.6.2.157) - Exploit
NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - Exploit

6ALBlog - (newsid) SQL Injection
6ALBlog - 'newsid' SQL Injection

Avaxswf.dll 1.0.0.1 from Avax Vector - ActiveX Arbitrary Data Write
Avax Vector 'Avaxswf.dll' 1.0.0.1 - ActiveX Arbitrary Data Write

HP Digital Imaging (hpqxml.dll 2.0.0.133) - Arbitrary Data Write Exploit
HP Digital Imaging 'hpqxml.dll 2.0.0.133' - Arbitrary Data Write Exploit

AMX Corp. VNC ActiveX Control - (AmxVnc.dll 1.0.13.0) Buffer Overflow
AMX Corp. VNC ActiveX Control - 'AmxVnc.dll 1.0.13.0' Buffer Overflow

HP Digital Imaging (hpqvwocx.dll 2.1.0.556) - SaveToFile() Exploit
HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - SaveToFile() Exploit

WinPcap 4.0 - NPF.SYS Privilege Elevation (PoC)
WinPcap 4.0 - 'NPF.SYS' Privilege Elevation (PoC)

Program Checker - (sasatl.dll 1.5.0.531) JavaScript Heap Spraying Exploit
Program Checker - 'sasatl.dll 1.5.0.531' JavaScript Heap Spraying Exploit
SecureBlackbox (PGPBBox.dll 5.1.0.112) - Arbitrary Data Write Exploit
Program Checker - (sasatl.dll 1.5.0.531) DebugMsgLog Heap Spraying Exploit
Symantec AntiVirus - symtdi.sys Privilege Escalation
SecureBlackbox 'PGPBBox.dll 5.1.0.112' - Arbitrary Data Write Exploit
Program Checker - 'sasatl.dll 1.5.0.531' DebugMsgLog Heap Spraying Exploit
Symantec AntiVirus - 'symtdi.sys' Privilege Escalation

Data Dynamics ActiveReport ActiveX - (actrpt2.dll 2.5) Insecure Method
Data Dynamics ActiveReport ActiveX - 'actrpt2.dll 2.5' Insecure Method

Zenturi NixonMyPrograms Class (sasatl.dll 1.5.0.531) - Remote Buffer Overflow
Zenturi NixonMyPrograms Class 'sasatl.dll 1.5.0.531' - Remote Buffer Overflow

PHP - PHP_gd2.dll imagepsloadfont Local Buffer Overflow (PoC)
PHP - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)

VMware IntraProcessLogging.dll 5.5.3.42958 - Arbitrary Data Write Exploit
VMware 'IntraProcessLogging.dll' 5.5.3.42958 - Arbitrary Data Write Exploit

VMware Inc 6.0.0 - (vielib.dll 2.2.5.42958) Remode Code Execution
VMware Inc 6.0.0 - 'vielib.dll 2.2.5.42958' Remode Code Execution

CHILKAT ASP String - (CkString.dll 1.1) SaveToFile() Insecure Method
CHILKAT ASP String - 'CkString.dll 1.1' SaveToFile() Insecure Method
2532/Gigs 1.2.1 - (activateuser.php) Local File Inclusion
PHP 5.2.0 (Windows x86) - (PHP_iisfunc.dll) Local Buffer Overflow
2532/Gigs 1.2.1 - 'activateuser.php' Local File Inclusion
PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow
NVR SP2 2.0 (nvUnifiedControl.dll 1.1.45.0) - SetText() Remote Exploit
NVR SP2 2.0 (nvUtility.dll 1.0.14.0) - SaveXMLFile() Insecure Method
NVR SP2 2.0 (nvUtility.dll 1.0.14.0) - DeleteXMLFile() Insecure Method
NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - SetText() Remote Exploit
NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - SaveXMLFile() Insecure Method
NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - DeleteXMLFile() Insecure Method

Postcast Server Pro 3.0.61 - / Quiksoft EasyMail (emsmtp.dll 6.0.1) Buffer Overflow
Postcast Server Pro 3.0.61 - / Quiksoft EasyMail 'emsmtp.dll 6.0.1' Buffer Overflow

Norman Virus Control - nvcoaft51.sys ioctl BF672028 Exploit
Norman Virus Control - 'nvcoaft51.sys' ioctl BF672028 Exploit

PPStream - (PowerPlayer.dll 2.0.1.3829) ActiveX Remote Overflow
PPStream - 'PowerPlayer.dll 2.0.1.3829' ActiveX Remote Overflow

Yahoo! Messenger - (YVerInfo.dll 2007.8.27.1) ActiveX Buffer Overflow
Yahoo! Messenger - 'YVerInfo.dll 2007.8.27.1' ActiveX Buffer Overflow
GlobalLink 2.7.0.8 - glItemCom.dll SetInfo() Heap Overflow
Trend Micro ServerProtect - eng50.dll Remote Stack Overflow
GlobalLink 2.7.0.8 - 'glItemCom.dll' SetInfo() Heap Overflow
Trend Micro ServerProtect - 'eng50.dll' Remote Stack Overflow

GlobalLink 2.7.0.8 - glitemflat.dll SetClientInfo() Heap Overflow
GlobalLink 2.7.0.8 - 'glitemflat.dll' SetClientInfo() Heap Overflow

BaoFeng2 - mps.dll ActiveX Multiple Remote Buffer Overflow PoCs
BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow PoCs
Ultra Crypto Component - (CryptoX.dll 2.0) SaveToFile() Insecure Method
Ultra Crypto Component - (CryptoX.dll 2.0) Remote Buffer Overflow
Ultra Crypto Component - 'CryptoX.dll 2.0' SaveToFile() Insecure Method
Ultra Crypto Component - 'CryptoX.dll 2.0' Remote Buffer Overflow

Microsoft Visual Studio 6.0 - (VBTOVSI.dll 1.0.0.0) File Overwrite
Microsoft Visual Studio 6.0 - 'VBTOVSI.dll 1.0.0.0' File Overwrite

HP ActiveX - (hpqutil.dll ListFiles hpqutil.dll) Remote Heap Overflow (PoC)
HP ActiveX - 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC)

EasyMail MessagePrinter Object - (emprint.dll 6.0.1.0) Buffer Overflow
EasyMail MessagePrinter Object - 'emprint.dll 6.0.1.0' Buffer Overflow

EB Design Pty Ltd - (EBCRYPT.dll 2.0) Multiple Remote Vulnerabilities
EB Design Pty Ltd - 'EBCRYPT.dll 2.0' Multiple Remote Vulnerabilities

ActiveKB KnowledgeBase 2.x - (catId) SQL Injection
ActiveKB KnowledgeBase 2.x - 'catId' SQL Injection

actSite 1.991 Beta - (base.php) Remote File Inclusion
actSite 1.991 Beta - 'base.php' Remote File Inclusion

GOM Player 2.1.6.3499 - (GomWeb3.dll 1.0.0.12) Remote Overflow
GOM Player 2.1.6.3499 - 'GomWeb3.dll 1.0.0.12' Remote Overflow
Media Player Classic 6.4.9 MP4 - File Stack Overflow
Microsoft Windows Media Player 6.4 MP4 - File Stack Overflow (PoC)
Nullsoft Winamp 5.32 - MP4 Tags Stack Overflow
Media Player Classic 6.4.9 - '.MP4' File Stack Overflow
Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow (PoC)
Nullsoft Winamp 5.32 - .MP4 Tags Stack Overflow

Online Media Technologies AVSMJPEGFILE.DLL 1.1 - Remote Buffer Overflow (PoC)
Online Media Technologies 'AVSMJPEGFILE.DLL 1.1' - Remote Buffer Overflow (PoC)

AuraCMS 2.2 - (admin_users.php) Remote Add Administrator Exploit
AuraCMS 2.2 - Remote Add Administrator
IBM Domino Web Access 7.0 Upload Module - inotes6.dll Buffer Overflow
Macrovision Installshield - isusweb.dll Overwrite (SEH)
IBM Domino Web Access Upload Module - dwa7w.dll Buffer Overflow
IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Buffer Overflow
Macrovision Installshield - 'isusweb.dll' Overwrite (SEH)
IBM Domino Web Access Upload Module - 'dwa7w.dll' Buffer Overflow
0DayDB 2.3 - 'delete id' Remote Authentication Bypass
photokron 1.7 - (update script) Remote Database Disclosure
0DayDB 2.3 - 'id' Parameter Remote Authentication Bypass
photokron 1.7 - Remote Database Disclosure
NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) - Buffer Overflow
Binn SBuilder - (nid) Blind SQL Injection
NUVICO DVR NVDV4 / PdvrAtl Module 'PdvrAtl.DLL 1.0.1.25' - Buffer Overflow
Binn SBuilder - 'nid' Parameter Blind SQL Injection

Xforum 1.4 - (topic) SQL Injection
Xforum 1.4 - 'topic' Parameter SQL Injection

RichStrong CMS - 'showproduct.asp cat' SQL Injection
RichStrong CMS - 'cat' Parameter SQL Injection
LulieBlog 1.0.1 - (delete id) Remote Authentication Bypass
Macrovision FlexNet - isusweb.dll DownloadAndExecute Method Exploit
FaScript FaMp3 1.0 - (show.php) SQL Injection
FaScript FaName 1.0 - (page.php) SQL Injection
FaScript FaPersian Petition - 'show.php' SQL Injection
FaScript FaPersianHack 1.0 - (show.php) SQL Injection
RTS Sentry Digital Surveillance - (CamPanel.dll 2.1.0.2) Buffer Overflow
Blog:CMS 4.2.1b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Aria 0.99-6 - 'effect.php' Local File Inclusion
MailBee WebMail Pro 4.1 - (ASP.NET) Remote File Disclosure
LulieBlog 1.0.1 - Remote Authentication Bypass
Macrovision FlexNet - 'isusweb.dll' DownloadAndExecute Method Exploit
FaScript FaMp3 1.0 - SQL Injection
FaScript FaName 1.0 - SQL Injection
FaScript FaPersian Petition - SQL Injection
FaScript FaPersianHack 1.0 - SQL Injection
RTS Sentry Digital Surveillance - 'CamPanel.dll 2.1.0.2' Buffer Overflow
Blog:CMS 4.2.1b - SQL Injection / Cross-Site Scripting
Aria 0.99-6 - 'page' Parameter Local File Inclusion
MailBee WebMail Pro 4.1 - Remote File Disclosure

PHP-RESIDENCE 0.7.2 - 'Search' SQL Injection
PHP-RESIDENCE 0.7.2 - 'Search' Parameter SQL Injection
Digital Data Communications - (RtspVaPgCtrl) Remote Buffer Overflow
AuraCMS 1.62 - (stat.php) Remote Code Execution
Digital Data Communications - 'RtspVaPgCtrl' Class Remote Buffer Overflow
AuraCMS 1.62 - 'stat.php' Remote Code Execution

OpenBSD 4.2 - rtlabel_id2name() Local Null Pointer Dereference Denial of Service
OpenBSD 4.2 - 'rtlabel_id2name()' Local Null Pointer Dereference Dos

Toshiba Surveillance - (MeIpCamX.dll 1.0.0.4) Remote Buffer Overflow
Toshiba Surveillance - 'MeIpCamX.dll 1.0.0.4' Remote Buffer Overflow

LulieBlog 1.02 - (voircom.php id) SQL Injection
LulieBlog 1.02 - SQL Injection

Sejoong Namo ActiveSquare 6 - NamoInstaller.dll install Method Exploit
Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' install Method Exploit

MailBee Objects 5.5 - (MailBee.dll) Remote Insecure Method Exploit
MailBee Objects 5.5 - 'MailBee.dll' Remote Insecure Method Exploit
SafeNet IPSecDrv.sys 10.4.0.12 - Local kernel Ring0 SYSTEM Exploit
Chilkat Mail ActiveX 7.8 - (ChilkatCert.dll) Insecure Method Exploit
SafeNet 'IPSecDrv.sys' 10.4.0.12 - Local kernel Ring0 SYSTEM Exploit
Chilkat Mail ActiveX 7.8 - 'ChilkatCert.dll' Insecure Method Exploit

Chilkat FTP ActiveX 2.0 - (ChilkatCert.dll) Insecure Method Exploit
Chilkat FTP ActiveX 2.0 - 'ChilkatCert.dll' Insecure Method Exploit

Sejoong Namo ActiveSquare 6 - NamoInstaller.dll ActiveX Buffer Overflow
Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' ActiveX Buffer Overflow

Yahoo! JukeBox MediaGrid - ActiveX mediagrid.dll AddBitmap() Buffer Overflow
Yahoo! JukeBox MediaGrid - ActiveX 'mediagrid.dll' AddBitmap() Buffer Overflow

AuraCMS 2.2 - (gallery_data.php) SQL Injection
AuraCMS 2.2 - 'albums' Pramater SQL Injection

DESlock+ <= 3.2.6 - DLMFENC.sys Local Kernel Ring0 link list zero (PoC)
DESlock+ <= 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC)

DESlock+ <= 3.2.6 - DLMFDISK.sys Local kernel Ring0 SYSTEM Exploit
DESlock+ <= 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit

D-Link MPEG4 SHM Audio Control - (VAPGDecoder.dll 1.7.0.5) Buffer Overflow
D-Link MPEG4 SHM Audio Control - 'VAPGDecoder.dll 1.7.0.5' Buffer Overflow

KingSoft - UpdateOcx2.dll SetUninstallName() Heap Overflow (PoC)
KingSoft - 'UpdateOcx2.dll' SetUninstallName() Heap Overflow (PoC)

AuraCMS 2.2.1 - (online.php) Blind SQL Injection
AuraCMS 2.2.1 - 'X-Forwarded-For' HTTP Header Blind SQL Injection

AuraCMS 2.x - (user.php) Security Code Bypass / Add Administrator Exploit
AuraCMS 2.x - 'user.php' Security Code Bypass / Add Administrator

Real Player - rmoc3260.dll ActiveX Control Remote Code Execution
Real Player - 'rmoc3260.dll' ActiveX Control Remote Code Execution

Microsoft Works 7 - WkImgSrv.dll ActiveX Denial of Service (PoC)
Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Denial of Service (PoC)

5th Avenue Shopping Cart - (category_id) SQL Injection
5th Avenue Shopping Cart - 'category_id' SQL Injection

HP Software Update - (Hpufunction.dll 4.0.0.1) Insecure Method (PoC)
HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method (PoC)

Microsoft Works 7 - WkImgSrv.dll ActiveX Remote Buffer Overflow
Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Remote Buffer Overflow

Miniweb 2.0 - (historymonth) SQL Injection
Miniweb 2.0 - 'historymonth' Parameter SQL Injection

Admidio 1.4.8 - (getfile.php) Remote File Disclosure
Admidio 1.4.8 - 'getfile.php' Remote File Disclosure

muvee autoProducer 6.1 - (TextOut.dll) ActiveX Remote Buffer Overflow
muvee autoProducer 6.1 - 'TextOut.dll' ActiveX Remote Buffer Overflow

Deterministic Network Enhancer - dne2000.sys kernel Ring0 SYSTEM Exploit
Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM Exploit

Visual Basic Enterprise Edition SP6 - vb6skit.dll Buffer Overflow (PoC)
Visual Basic Enterprise Edition SP6 - 'vb6skit.dll' Buffer Overflow (PoC)

AcmlmBoard 1.A2 - (pow) SQL Injection
AcmlmBoard 1.A2 - 'pow' SQL Injection

CMailServer 5.4.6 - (CMailCOM.dll) Remote Overwrite (SEH)
CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)

AuraCMS 2.2.2 - (pages_data.php) Arbitrary Edit/Add/Delete Exploit
AuraCMS 2.2.2 - 'pages_data.php' Arbitrary Edit/Add/Delete Exploit

NCTsoft - AudFile.dll ActiveX Control Remote Buffer Overflow
NCTsoft - 'AudFile.dll' ActiveX Control Remote Buffer Overflow

ABG Blocking Script 1.0a - (abg_path) Remote File Inclusion
ABG Blocking Script 1.0a - 'abg_path' Remote File Inclusion

VMware Workstation - (hcmon.sys 6.0.0.45731) Local Denial of Service
VMware Workstation - 'hcmon.sys 6.0.0.45731' Local Denial of Service

ACG-PTP 1.0.6 - (adid) SQL Injection
ACG-PTP 1.0.6 - 'adid' SQL Injection

Microsoft Windows Media Encoder XP SP2 - wmex.dll ActiveX Buffer Overflow (MS08-053)
Microsoft Windows Media Encoder XP SP2 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053)

x10media mp3 search engine 1.5.5 - Remote File Inclusion
X10media Mp3 Search Engine 1.5.5 - Remote File Inclusion

addalink 4 - (category_id) SQL Injection
addalink 4 - 'category_id' SQL Injection

6rbScript 3.3 - (singerid) SQL Injection
6rbScript 3.3 - 'singerid' SQL Injection

DESlock+ 3.2.7 - (vdlptokn.sys) Local Denial of Service
DESlock+ 3.2.7 - 'vdlptokn.sys' Local Denial of Service

AdMan 1.1.20070907 - (campaignId) SQL Injection
AdMan 1.1.20070907 - 'campaignId' SQL Injection

Absolute Poll Manager XE 4.1 - (xlacomments.asp) SQL Injection
Absolute Poll Manager XE 4.1 - 'xlacomments.asp' SQL Injection
MW6 Datamatrix - ActiveX (Datamatrix.dll) Insecure Method Exploit
MW6 PDF417 - ActiveX (MW6PDF417.dll) Remote Insecure Method Exploit
MW6 Datamatrix - ActiveX 'Datamatrix.dll' Insecure Method Exploit
MW6 PDF417 - ActiveX 'MW6PDF417.dll' Remote Insecure Method Exploit

Article Publisher PRO 1.5 - (SQL Injection) Authentication Bypass
Article Publisher PRO 1.5 - (Authentication Bypass) SQL Injection

AJ ARTICLE - (SQL Injection) Remote Authentication Bypass
AJ ARTICLE - (Authentication Bypass) SQL Injection

Apoll 0.7b - (SQL Injection) Remote Authentication Bypass
Apoll 0.7b - (Authentication Bypass) SQL Injection
WEBBDOMAIN Petition 1.02/2.0/3.0 - (SQL Injection) Authentication Bypass
WEBBDOMAIN Polls 1.01 - (SQL Injection) Authentication Bypass
WEBBDOMAIN Petition 1.02/2.0/3.0 - (Authentication Bypass) SQL Injection
WEBBDOMAIN Polls 1.01 - (Authentication Bypass) SQL Injection

WEBBDOMAIN Webshop 1.02 - (SQL Injection) Authentication Bypass
WEBBDOMAIN Webshop 1.02 - (Authentication Bypass) SQL Injection

WEBBDOMAIN Post Card 1.02 - (SQL Injection) Authentication Bypass
WEBBDOMAIN Post Card 1.02 - (Authentication Bypass) SQL Injection

Anti-Keylogger Elite 3.3.0 - (AKEProtect.sys) Privilege Escalation
Anti-Keylogger Elite 3.3.0 - 'AKEProtect.sys' Privilege Escalation

Active Price Comparison 4 - (ProductID) Blind SQL Injection
Active Price Comparison 4 - 'ProductID' Blind SQL Injection

Active Test 2.1 - (QuizID) Blind SQL Injection
Active Test 2.1 - 'QuizID' Blind SQL Injection

EasyMail ActiveX - (emmailstore.dll 6.5.0.3) Buffer Overflow
EasyMail ActiveX - 'emmailstore.dll 6.5.0.3' Buffer Overflow

ESET Smart Security 3.0.672 - (epfw.sys) Privilege Escalation
ESET Smart Security 3.0.672 - 'epfw.sys' Privilege Escalation

PowerStrip 3.84 - (pstrip.sys) Privilege Escalation
PowerStrip 3.84 - 'pstrip.sys' Privilege Escalation

PGP Desktop 9.0.6 - (PGPwded.sys) Local Denial of Service
PGP Desktop 9.0.6 - 'PGPwded.sys' Local Denial of Service

Miniweb 2.0 - (Authentication Bypass) SQL Injection
Miniweb 2.0 - SQL Injection (Authentication Bypass)

MW6 Barcode ActiveX - (Barcode.dll) Remote Heap Overflow (PoC)
MW6 Barcode ActiveX - 'Barcode.dll' Remote Heap Overflow (PoC)

A Better Member-Based ASP Photo Gallery - (entry) SQL Injection
A Better Member-Based ASP Photo Gallery - 'entry' SQL Injection

mks_vir 9b < 1.2.0.0b297 - (mksmonen.sys) Privilege Escalation
mks_vir 9b < 1.2.0.0b297 - 'mksmonen.sys' Privilege Escalation

Morovia Barcode ActiveX 3.6.2 - (MrvBarCd.dll) Insecure Method Exploit
Morovia Barcode ActiveX 3.6.2 - 'MrvBarCd.dll' Insecure Method Exploit

CloneCD/DVD ElbyCDIO.sys < 6.0.3.2 - Privilege Escalation
CloneCD/DVD 'ElbyCDIO.sys' < 6.0.3.2 - Privilege Escalation

AdaptBB 1.0 - (topic_id) SQL Injection / Credentials Disclosure
AdaptBB 1.0 - 'topic_id' SQL Injection / Credentials Disclosure

X10Media Mp3 - Search Engine < 1.6.2 Admin Access
X10media Mp3 Search Engine < 1.6.2 Admin Access

Microsoft Media Player - (quartz.dll .mid) Denial of Service
Microsoft Media Player - 'quartz.dll .mid' Denial of Service

Microsoft Media Player - (quartz.dll .wav) Multiple Remote Denial of Service Vulnerabilities
Microsoft Media Player - 'quartz.dll .wav' Multiple Remote Denial of Service Vulnerabilities

ArcaVir 2009 < 9.4.320X.9 - (ps_drv.sys) Privilege Escalation
ArcaVir 2009 < 9.4.320X.9 - 'ps_drv.sys' Privilege Escalation

Roxio CinePlayer 3.2 - (SonicMediaPlayer.dll) Remote Buffer Overflow
Roxio CinePlayer 3.2 - 'SonicMediaPlayer.dll' Remote Buffer Overflow

Roxio CinePlayer 3.2 - (IAManager.dll) Remote Buffer Overflow (heap spray)
Roxio CinePlayer 3.2 - 'IAManager.dll' Remote Buffer Overflow (heap spray)

AdaptBB 1.0 - (forumspath) Remote File Inclusion
AdaptBB 1.0 - 'forumspath' Remote File Inclusion

Online Armor < 3.5.0.12 - (OAmon.sys) Privilege Escalation
Online Armor < 3.5.0.12 - 'OAmon.sys' Privilege Escalation

McAfee 3.6.0.608 - naPolicyManager.dll ActiveX Arbitrary Data Write
McAfee 3.6.0.608 - 'naPolicyManager.dll' ActiveX Arbitrary Data Write

DESlock+ 4.0.2 - dlpcrypt.sys Local Kernel Ring0 Code Execution
DESlock+ 4.0.2 - 'dlpcrypt.sys' Local Kernel Ring0 Code Execution

Soritong MP3 Player 1.0 - (SKIN) Local Stack Overflow (SEH)
Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (SEH)
Miniweb 2.0 Module Publisher - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Miniweb 2.0 Module Survey Pro - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Miniweb 2.0 Module Publisher - Blind SQL Injection / Cross-Site Scripting
Miniweb 2.0 Module Survey Pro - Blind SQL Injection / Cross-Site Scripting

TheGreenBow VPN Client - tgbvpn.sys Local Denial of Service
TheGreenBow VPN Client - 'tgbvpn.sys' Local Denial of Service

GDivX Zenith Player AviFixer Class - (fix.dll 1.0.0.1) Buffer Overflow (PoC)
GDivX Zenith Player AviFixer Class - 'fix.dll 1.0.0.1' Buffer Overflow (PoC)

Accommodation Hotel Booking Portal - (hotel_id) SQL Injection
Accommodation Hotel Booking Portal - 'hotel_id' SQL Injection

EasyMail Objects EMSMTP.DLL 6.0.1 - ActiveX Control Remote Buffer Overflow
EasyMail Objects 'EMSMTP.DLL 6.0.1' - ActiveX Control Remote Buffer Overflow

Mozilla Thunderbird 2.0.0.23 Mozilla SeaMonkey 2.0 - (jar50.dll) Null Pointer Dereference
Mozilla Thunderbird 2.0.0.23 Mozilla SeaMonkey 2.0 - 'jar50.dll' Null Pointer Dereference

Avast! 4.8.1351.0 AntiVirus - aswMon2.sys Kernel Memory Corruption
Avast! 4.8.1351.0 AntiVirus - 'aswMon2.sys' Kernel Memory Corruption

SAP GUI for Windows - sapirrfc.dll ActiveX Overflow
SAP GUI for Windows - 'sapirrfc.dll' ActiveX Overflow

Authentium SafeCentral 2.6 - shdrv.sys Local kernel Ring0 SYSTEM Exploit
Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM Exploit

Microsoft Internet Explorer - iepeers.dll Use-After-Free Exploit (Metasploit)
Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free Exploit (Metasploit)

Liquid XML Studio 2010 <= 8.061970 - (LtXmlComHelp8.dll) OpenFile() Remote Overflow
Liquid XML Studio 2010 <= 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow

SAFARI APPLE 4.0.5 - (object tag) (JavaScriptCore.dll) Denial of Service (Crash)
SAFARI APPLE 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash)

Multiple Vendor librpc.dll Signedness Error - Remote Code Execution
Multiple Vendor 'librpc.dll' Signedness Error - Remote Code Execution

Micropoint ProActive Denfense Mp110013.sys 1.3.10123.0 - Privilege Escalation
Micropoint ProActive Denfense 'Mp110013.sys' 1.3.10123.0 - Privilege Escalation

iMesh 7.1.0.x - (IMWeb.dll 7.0.0.x) Remote Heap Overflow
iMesh 7.1.0.x - 'IMWeb.dll 7.0.0.x' Remote Heap Overflow

avtech software (avc781viewer.dll) ActiveX - Multiple Vulnerabilities
avtech software 'avc781viewer.dll' ActiveX - Multiple Vulnerabilities

HP Operations Manager 8.16 - (srcvw4.dll) LoadFile()/SaveFile() Remote Unicode Stack Overflow (PoC)
HP Operations Manager 8.16 - 'srcvw4.dll' LoadFile()/SaveFile() Remote Unicode Stack Overflow (PoC)

ZipGenius 6.3.1.2552 - zgtips.dll Stack Buffer Overflow
ZipGenius 6.3.1.2552 - 'zgtips.dll' Stack Buffer Overflow

Avast! 4.7 - aavmker4.sys Privilege Escalation
Avast! 4.7 - 'aavmker4.sys' Privilege Escalation

Bigant Messenger 2.52 - (AntCore.dll) RegisterCom() Remote Heap Overflow
Bigant Messenger 2.52 - 'AntCore.dll' RegisterCom() Remote Heap Overflow

Apple Safari 4.0.5 - JavaScriptCore.dll Stack Exhaustion
Apple Safari 4.0.5 - 'JavaScriptCore.dll' Stack Exhaustion
724CMS Enterprise 4.59 - (section.php) Local File Inclusion
724CMS Enterprise 4.59 - (section.php) SQL Injection
724CMS Enterprise 4.59 - 'section.php' Local File Inclusion
724CMS Enterprise 4.59 - 'section.php' SQL Injection

MiniWebsvr 0.0.10 - Directory Traversal/Listing Exploits
MiniWebsvr 0.0.10 - Directory Traversal / Listing

4Images 1.7.7 - (image_utils.php) Remote Command Execution
4Images 1.7.7 - 'image_utils.php' Remote Command Execution

CommuniCrypt Mail 1.16 - (ANSMTP.dll/AOSMTP.dll) ActiveX
CommuniCrypt Mail 1.16 - 'ANSMTP.dll/AOSMTP.dll' ActiveX

Rumba FTP Client FTPSFtp.dll 4.2.0.0 - OpenSession() Buffer Overflow
Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - OpenSession() Buffer Overflow

Kingsoft Webshield KAVSafe.sys 2010.4.14.609 (2010.5.23) - Kernel Mode Privilege Escalation
Kingsoft Webshield 'KAVSafe.sys' 2010.4.14.609 (2010.5.23) - Kernel Mode Privilege Escalation
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric Shellcode (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes)

AdaptCMS 2.0.0 Beta - (init.php) Remote File Inclusion
AdaptCMS 2.0.0 Beta - 'init.php' Remote File Inclusion

Microsoft - MSHTML.dll CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak
Microsoft - 'MSHTML.dll' CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak

Adobe Reader 9.3.2 - (CoolType.dll) Remote Memory Corruption / Denial of Service
Adobe Reader 9.3.2 - 'CoolType.dll' Remote Memory Corruption / Denial of Service

Zemana AntiLogger AntiLog32.sys 1.5.2.755 - Privilege Escalation
Zemana AntiLogger 'AntiLog32.sys' 1.5.2.755 - Privilege Escalation

Avast! Internet Security 5.0 - aswFW.sys kernel driver IOCTL Memory Pool Corruption
Avast! Internet Security 5.0 - 'aswFW.sys' Kernel Driver IOCTL Memory Pool Corruption

QQ Computer Manager - TSKsp.sys Local Denial of Service
QQ Computer Manager - 'TSKsp.sys' Local Denial of Service

SmartCode ServerX VNC Server ActiveX 1.1.5.0 - (scvncsrvx.dll) Denial of Service
SmartCode ServerX VNC Server ActiveX 1.1.5.0 - 'scvncsrvx.dll' Denial of Service

Adobe Dreamweaver CS5 11.0 build 4909 -  'mfc90loc.dll' DLL Hijacking
Adobe Dreamweaver CS5 11.0 build 4909 - 'mfc90loc.dll' DLL Hijacking

Microsoft Vista - (fveapi.dll) BitLocker Drive Encryption API Hijacking Exploit
Microsoft Vista - 'fveapi.dll' BitLocker Drive Encryption API Hijacking Exploit

Nvidia Driver -  'nview.dll' DLL Hijacking
Nvidia Driver - 'nview.dll' DLL Hijacking

Adobe Extension Manager CS5 5.0.298 -  'dwmapi.dll' DLL Hijacking
Adobe Extension Manager CS5 5.0.298 - 'dwmapi.dll' DLL Hijacking

Corel PHOTO-PAINT X3 13.0.0.576 -  'crlrib.dll' DLL Hijacking
Corel PHOTO-PAINT X3 13.0.0.576 - 'crlrib.dll' DLL Hijacking

Google Earth 5.1.3535.3218 -  'quserex.dll' DLL Hijacking
Google Earth 5.1.3535.3218 - 'quserex.dll' DLL Hijacking

LeadTools ActiveX Raster Twain 16.5 - (LtocxTwainu.dll) Buffer Overflow
LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow

Trend Micro Internet Security 2010 - ActiveX Remote Exploit (UfPBCtrl.DLL)
Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Exploit

A-Blog 2.0 - (sources/search.php) SQL Injection
A-Blog 2.0 - 'sources/search.php' SQL Injection

Microsoft DRM Technology (msnetobj.dll) ActiveX - Multiple Vulnerabilities
Microsoft DRM Technology 'msnetobj.dll' ActiveX - Multiple Vulnerabilities

Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - (SoftekATL.dll) Buffer Overflow (PoC)
Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Buffer Overflow (PoC)

VMware Workstation 7.1.1 - VMkbd.sys Denial of Service
VMware Workstation 7.1.1 - 'VMkbd.sys' Denial of Service

AuraCMS - 'pfd.php' SQL Injection
AuraCMS 1.62 - 'pfd.php' SQL Injection

Rising - RSNTGDI.sys Local Denial of Service
Rising - 'RSNTGDI.sys' Local Denial of Service

CA Internet Security Suite 2010 - KmxSbx.sys Kernel Pool Overflow
CA Internet Security Suite 2010 - 'KmxSbx.sys' Kernel Pool Overflow

Crystal Reports Viewer 12.0.0.549 - ActiveX Exploit (PrintControl.dll)
Crystal Reports Viewer 12.0.0.549 - 'PrintControl.dll' ActiveX Exploit

Irfanview 4.27 - JP2000.dll plugin Denial of Service
Irfanview 4.27 - 'JP2000.dll' plugin Denial of Service

Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys 2011.1.13.89 - Local Kernel Mode Denial of Service
Kingsoft AntiVirus 2011 SP5.2 'KisKrnl.sys' 2011.1.13.89 - Local Kernel Mode Denial of Service

Oracle Document Capture - empop3.dll Insecure Methods
Oracle Document Capture - 'empop3.dll' Insecure Methods

DESlock+ <= 4.1.10 - vdlptokn.sys Local Kernel Ring0 SYSTEM Exploit
DESlock+ <= 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit
Microsoft IIS - ISAPI w3who.dll Query String Overflow (Metasploit)
Microsoft IIS - ISAPI nsiislog.dll ISAPI POST Overflow (Metasploit)
Microsoft IIS - ISAPI FrontPage fp30reg.dll Chunked Overflow (Metasploit)
Microsoft IIS - ISAPI 'w3who.dll' Query String Overflow (Metasploit)
Microsoft IIS - ISAPI 'nsiislog.dll' ISAPI POST Overflow (Metasploit)
Microsoft IIS - ISAPI FrontPage 'fp30reg.dll' Chunked Overflow (Metasploit)

Microsoft Services - nwwks.dll (MS06-066)
Microsoft Services - 'nwwks.dll' (MS06-066)

Microsoft Services - nwapi32.dll (MS06-066)
Microsoft Services - 'nwapi32.dll' (MS06-066)

ISS - PAM.dll ICQ Parser Buffer Overflow (Metasploit)
ISS - 'PAM.dll' ICQ Parser Buffer Overflow (Metasploit)

Microsoft IIS 5.0 - WebDAV ntdll.dll Path Overflow (Metasploit)
Microsoft IIS 5.0 - WebDAV 'ntdll.dll' Path Overflow (Metasploit)

RealPlayer - ierpplug.dll ActiveX Control Playlist Name Buffer Overflow (Metasploit)
RealPlayer - 'ierpplug.dll' ActiveX Control Playlist Name Buffer Overflow (Metasploit)
Microsoft Windows Media Encoder 9 - wmex.dll ActiveX Buffer Overflow (Metasploit)
Yahoo! Messenger - YVerInfo.dll ActiveX Control Buffer Overflow (Metasploit)
Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (Metasploit)
Yahoo! Messenger - 'YVerInfo.dll' ActiveX Control Buffer Overflow (Metasploit)

WinDVD7 - IASystemInfo.dll ActiveX Control Buffer Overflow (Metasploit)
WinDVD7 - 'IASystemInfo.dll' ActiveX Control Buffer Overflow (Metasploit)

SonicWALL Aventail - epi.dll AuthCredential Format String (Metasploit)
SonicWALL Aventail - 'epi.dll' AuthCredential Format String (Metasploit)

BaoFeng Storm - mps.dll ActiveX OnBeforeVideoDownload Buffer Overflow (Metasploit)
BaoFeng Storm - 'mps.dll' ActiveX OnBeforeVideoDownload Buffer Overflow (Metasploit)

Ask.com Toolbar - askBar.dll ActiveX Control Buffer Overflow (Metasploit)
Ask.com Toolbar - 'askBar.dll' ActiveX Control Buffer Overflow (Metasploit)

Tumbleweed FileTransfer - vcst_eu.dll ActiveX Control Buffer Overflow (Metasploit)
Tumbleweed FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit)

RKD Software BarCodeAx.dll 4.9 - ActiveX Remote Stack Buffer Overflow (Metasploit)
RKD Software 'BarCodeAx.dll' 4.9 - ActiveX Remote Stack Buffer Overflow (Metasploit)

Juniper SSL-VPN IVE - JuniperSetupDLL.dll ActiveX Control Buffer Overflow (Metasploit)
Juniper SSL-VPN IVE - 'JuniperSetupDLL.dll' ActiveX Control Buffer Overflow (Metasploit)

RealPlayer - rmoc3260.dll ActiveX Control Heap Corruption (Metasploit)
RealPlayer - 'rmoc3260.dll' ActiveX Control Heap Corruption (Metasploit)

WebEx UCF - atucfobj.dll ActiveX NewObject Method Buffer Overflow (Metasploit)
WebEx UCF - 'atucfobj.dll' ActiveX NewObject Method Buffer Overflow (Metasploit)

Winamp Ultravox Streaming Metadata (in_mp3.dll) - Buffer Overflow (Metasploit)
Winamp Ultravox Streaming Metadata 'in_mp3.dll' - Buffer Overflow (Metasploit)

DjVu - DjVu_ActiveX_MSOffice.dll ActiveX ComponentBuffer Overflow (Metasploit)
DjVu - 'DjVu_ActiveX_MSOffice.dll' ActiveX ComponentBuffer Overflow (Metasploit)

Microsoft Works 7 - WkImgSrv.dll WKsPictureInterface() ActiveX Exploit (Metasploit)
Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX Exploit (Metasploit)

AASync 2.2.1.0 - (Windows x86) Stack Buffer Overflow 'LIST' (Metasploit)
AASync 2.2.1.0 (Windows x86) - Stack Buffer Overflow 'LIST' (Metasploit)

BadBlue 2.5 - ext.dll Buffer Overflow (Metasploit)
BadBlue 2.5 - 'ext.dll' Buffer Overflow (Metasploit)

Amlibweb NetOpacs - webquery.dll Stack Buffer Overflow (Metasploit)
Amlibweb NetOpacs - 'webquery.dll' Stack Buffer Overflow (Metasploit)

Microsoft Windows Explorer 6.0.2900.5512 - (Shmedia.dll 6.0.2900.5512) AVI Preview Denial of Service (PoC)
Microsoft Windows Explorer 6.0.2900.5512 - 'Shmedia.dll 6.0.2900.5512' AVI Preview Denial of Service (PoC)

Microsoft Windows XP - afd.sys Local Kernel Denial of Service
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service

Microsoft Visio - VISIODWG.dll DXF File Handling (Metasploit)
Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (Metasploit)

Microsoft Windows 7 SP1 - mrxdav.sys WebDav Privilege Escalation (MS16-016)
Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016)

GDI+ - CreateDashedPath Integer Overflow in gdiplus.dll
GDI+ - 'gdiplus.dll' CreateDashedPath Integer Overflow

Kingsoft AntiVirus 2012 KisKrnl.sys 2011.7.8.913 - Local Kernel Mode Privilege Escalation
Kingsoft AntiVirus 2012 'KisKrnl.sys' 2011.7.8.913 - Local Kernel Mode Privilege Escalation

Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Based Buffer Overflow (PoC)
Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC)

VideoLAN VLC Media Player 1.1.11 - (libav) libavcodec_plugin.dll Denial of Service
VideoLAN VLC Media Player 1.1.11 - (libav) 'libavcodec_plugin.dll' Denial of Service

HP OpenView Network Node Manager - ov.dll _OVBuildPath Buffer Overflow (Metasploit)
HP OpenView Network Node Manager - 'ov.dll' _OVBuildPath Buffer Overflow (Metasploit)

VideoLAN VLC Media Player 1.2.0 - (libtaglib_pluggin.dll) Denial of Service
VideoLAN VLC Media Player 1.2.0 - 'libtaglib_pluggin.dll' Denial of Service

Tracker Software pdfSaver ActiveX 3.60 - (pdfxctrl.dll) Stack Buffer Overflow (SEH)
Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH)

ASUS Net4Switch - ipswcom.dll ActiveX Stack Buffer Overflow (Metasploit)
ASUS Net4Switch - 'ipswcom.dll' ActiveX Stack Buffer Overflow (Metasploit)

Quest Toad for Oracle Explain Plan Display ActiveX Control - (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite (PoC)
Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite (PoC)

Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite (PoC)
Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite (PoC)

RealPlayer .mp4 - file handling memory Corruption
RealPlayer - '.mp4' file handling memory Corruption
D-Link DCS-5605 Network Surveillance - ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow
Quest InTrust 10.4.x - Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution
D-Link DCS-5605 Network Surveillance - ActiveX Control 'DcsCliCtrl.dll' lstrcpyW Remote Buffer Overflow
Quest InTrust 10.4.x - Annotation Objects ActiveX Control 'AnnotateX.dll' Uninitialized Pointer Remote Code Execution

Microsoft IIS - MDAC msadcs.dll RDS DataStub Content-Type Overflow (Metasploit)
Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (Metasploit)

HP HP-UX 10.34 / ms Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 - Denial of Service
HP HP-UX 10.34 / Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 - Denial of Service

MDAC 2.1.2.4202.3 / ms Win NT 4.0/SP1-6 JET/ODBC Patch and RDS Fix - Registry Key Vulnerabilities
MDAC 2.1.2.4202.3 / Microsoft Windows NT 4.0/SP1-6 JET/ODBC Patch and RDS Fix - Registry Key Vulnerabilities

AdminStudio - LaunchHelp.dll ActiveX Arbitrary Code Execution (Metasploit)
AdminStudio - 'LaunchHelp.dll' ActiveX Arbitrary Code Execution (Metasploit)
Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel  Exploit (1)
Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel  Exploit (2)
Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (1)
Halloween Linux 4.0 / RedHat Linux 6.1/6.2 - imwheel Exploit (2)

Microsoft Internet Explorer 4 / Outlook 2000/5.5 - MSHTML.dll Crash
Microsoft Internet Explorer 4 / Outlook 2000/5.5 - 'MSHTML.dll' Crash

MSI - NTIOLib.sys / WinIO.sys Local Privilege Escalation
MSI - 'NTIOLib.sys' / 'WinIO.sys' Local Privilege Escalation

Working Resources BadBlue 1.7 - ext.dll Cross-Site Scripting
Working Resources BadBlue 1.7 - 'ext.dll' Cross-Site Scripting

QQPlayer 3.7.892 - m2p quartz.dll Heap Pointer Overwrite (PoC)
QQPlayer 3.7.892 - m2p 'quartz.dll' Heap Pointer Overwrite (PoC)

Microsoft Windows XP/95/98/2000/NT 4 - Riched20.dll Attribute Buffer Overflow
Microsoft Windows XP/95/98/2000/NT 4 - 'Riched20.dll' Attribute Buffer Overflow
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV ntdll.dll Buffer Overflow (1)
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV ntdll.dll Buffer Overflow (2)
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV ntdll.dll Buffer Overflow (3)
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV ntdll.dll Buffer Overflow (4)
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (1)
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (2)
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (3)
Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (4)

Working Resources 1.7.x/2.15 BadBlue - ext.dll Command Execution
Working Resources 1.7.x/2.15 BadBlue - 'ext.dll' Command Execution

Microsoft Shlwapi.dll 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service
Microsoft 'Shlwapi.dll' 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service

Microsoft Internet Explorer 5 - Remote URLMON.dll Buffer Overflow
Microsoft Internet Explorer 5 - Remote 'URLMON.dll' Buffer Overflow
Novell NetIQ Privileged User Manager 2.3.1 - auth.dll pa_modify_accounts() Remote Code Execution
Novell NetIQ Privileged User Manager 2.3.1 - ldapagnt.dll ldapagnt_eval() Perl Code Evaluation Remote Code Execution
Novell NetIQ Privileged User Manager 2.3.1 - 'auth.dll' pa_modify_accounts() Remote Code Execution
Novell NetIQ Privileged User Manager 2.3.1 - 'ldapagnt.dll' ldapagnt_eval() Perl Code Evaluation Remote Code Execution

Microsoft Windows 2000/NT 4 Media Services - nsiislog.dll Remote Buffer Overflow
Microsoft Windows 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow

NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin IN_MIDI.dll Track Data Size Buffer Overflow
NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow

myServer 0.4.x - cgi-lib.dll Remote Buffer Overflow
myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow

Nvidia Install Application 2.1002.85.551 - (NVI2.dll) Unicode Buffer Overflow (PoC)
Nvidia Install Application 2.1002.85.551 - 'NVI2.dll' Unicode Buffer Overflow (PoC)

Microsoft ListBox/ComboBox Control - User32.dll Function Buffer Overrun
Microsoft ListBox/ComboBox Control - 'User32.dll' Function Buffer Overrun

Irfanview 4.33 - IMXCF.dll Plugin Code Execution
Irfanview 4.33 - 'IMXCF.dll' Plugin Code Execution

Centrinity FirstClass HTTP Server 7.1 -  Directory Disclosure
Centrinity FirstClass HTTP Server 7.1 - Directory Disclosure

YaSoft Switch Off 2.3 - swnet.dll Remote Buffer Overflow
YaSoft Switch Off 2.3 - 'swnet.dll' Remote Buffer Overflow

Symantec Client Firewall Products 5 - SYMNDIS.SYS Driver Remote Denial of Service
Symantec Client Firewall Products 5 - 'SYMNDIS.SYS' Driver Remote Denial of Service
Panda ActiveScan 5.0 - ascontrol.dll Remote Heap Overflow
Panda ActiveScan 5.0 - ascontrol.dll Denial of Service
Panda ActiveScan 5.0 - 'ascontrol.dll' Remote Heap Overflow
Panda ActiveScan 5.0 - 'ascontrol.dll' Denial of Service

Foxit Reader 5.4.4.1128 Firefox Plugin - npFoxitReaderPlugin.dll Stack Buffer Overflow
Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow

Yahoo! Messenger 5.6 - YInsthelper.dll Multiple Buffer Overflow Vulnerabilities
Yahoo! Messenger 5.6 - 'YInsthelper.dll' Multiple Buffer Overflow Vulnerabilities

Novell Groupwise Client - gwcls1.dll ActiveX Remote Code Execution (Metasploit)
Novell Groupwise Client - 'gwcls1.dll' ActiveX Remote Code Execution (Metasploit)

F-Secure Policy Manager 5.11 - FSMSH.dll CGI Application Installation Full Path Disclosure
F-Secure Policy Manager 5.11 - 'FSMSH.dll' CGI Application Installation Full Path Disclosure

Mitsubishi MX ActiveX Component 3 - (ActUWzd.dll (WzTitle)) Remote Exploit
Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' (WzTitle) Remote Exploit

Easy DVD Player 3.5.1 - (libav) libavcodec_plugin.dll Denial of Service
Easy DVD Player 3.5.1 - (libav) 'libavcodec_plugin.dll' Denial of Service

Nullsoft Winamp 5.0.x - Variant IN_CDDA.dll Remote Buffer Overflow
Nullsoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow

WPS Office - Wpsio.dll Stack Buffer Overflow
WPS Office - 'Wpsio.dll' Stack Buffer Overflow

AN HTTPD - CMDIS.dll Remote Buffer Overflow
AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow

MiniWeb HTTP Server (build 300) - Crash (PoC)
MiniWeb HTTP Server 300 - Crash (PoC)

Sigma ISP Manager 6.6 - Sigmaweb.dll SQL Injection
Sigma ISP Manager 6.6 - 'Sigmaweb.dll' SQL Injection

SAS Integration Technologies Client 9.31_M1 (SASspk.dll) - Stack Based Overflow
SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow

Microsoft Windows 98SE - User32.dll Icon Handling Denial of Service
Microsoft Windows 98SE - 'User32.dll' Icon Handling Denial of Service

Oracle WebCenter Content - CheckOutAndOpen.dll ActiveX Remote Code Execution (Metasploit)
Oracle WebCenter Content - 'CheckOutAndOpen.dll' ActiveX Remote Code Execution (Metasploit)

Microsoft Visual Studio .NET - msdds.dll Remote Code Execution
Microsoft Visual Studio .NET - 'msdds.dll' Remote Code Execution

TP-Link PS110U  Print Server TL - Sensitive Information Enumeration
TP-Link PS110U Print Server TL - Sensitive Information Enumeration

Novell Client 2 SP3 - nicm.sys Privilege Escalation (Metasploit)
Novell Client 2 SP3 - 'nicm.sys' Privilege Escalation (Metasploit)

StarUML - WinGraphviz.dll ActiveX Buffer Overflow
StarUML - 'WinGraphviz.dll' ActiveX Buffer Overflow

MiniWeb (Build 300) - Arbitrary File Upload (Metasploit)
MiniWeb 300 - Arbitrary File Upload (Metasploit)

Yahoo! Messenger 7.0/7.5 - jscript.dll Non-ASCII Character Denial of Service
Yahoo! Messenger 7.0/7.5 - 'jscript.dll' Non-ASCII Character Denial of Service

Microsoft PowerPoint 2003 - mso.dll PPT Processing Unspecified Code Execution
Microsoft PowerPoint 2003 - 'mso.dll' .PPT Processing Unspecified Code Execution

Agnitum Outpost Firewall 3.5.631 - FiltNT.SYS Local Denial of Service
Agnitum Outpost Firewall 3.5.631 - 'FiltNT.SYS' Local Denial of Service

Microsoft Internet Explorer 6 - IMSKDIC.dll Denial of Service
Microsoft Internet Explorer 6 - 'IMSKDIC.dll' Denial of Service

Microsoft Internet Explorer 6 - MSOE.dll Denial of Service
Microsoft Internet Explorer 6 - 'MSOE.dll' Denial of Service

Microsoft Internet Explorer 6 - TSUserEX.dll ActiveX Control Memory Corruption
Microsoft Internet Explorer 6 - 'TSUserEX.dll' ActiveX Control Memory Corruption
Computer Associates Personal Firewall 9.0 - HIPS Driver (kmxfw.sys) Privilege Escalation
Computer Associates Personal Firewall 9.0 - HIPS Driver (kmxstart.sys) Privilege Escalation
Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxfw.sys' Privilege Escalation
Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxstart.sys' Privilege Escalation

Avira Internet Security - avipbb.sys Filter Bypass / Privilege Escalation
Avira Internet Security - 'avipbb.sys' Filter Bypass / Privilege Escalation

Novell Client 4.91 - NWSPOOL.dll Remote Buffer Overflow
Novell Client 4.91 - 'NWSPOOL.dll' Remote Buffer Overflow

FortKnox Personal Firewall 9.0.305.0 / 10.0.305.0 - Kernel Driver (fortknoxfw.sys) Memory Corruption
FortKnox Personal Firewall 9.0.305.0 / 10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption

Kerio Personal Firewall 4.3 - IPHLPAPI.dll Privilege Escalation
Kerio Personal Firewall 4.3 - 'IPHLPAPI.dll' Privilege Escalation

PrecisionID Barcode - PrecisionID_Barcode.dll ActiveX 1.9 Control Arbitrary File Overwrite
PrecisionID Barcode - 'PrecisionID_Barcode.dll' ActiveX 1.9 Control Arbitrary File Overwrite

CA Multiple Products Console Server and InoCore.dll - Remote Code Execution Vulnerabilities
CA Multiple Products Console Server and 'InoCore.dll' - Remote Code Execution Vulnerabilities

SSC DiskAccess NFS Client - DAPCNFSD.dll Stack Buffer Overflow
SSC DiskAccess NFS Client - 'DAPCNFSD.dll' Stack Buffer Overflow

Comodo Firewall 2.3.6 - CMDMon.SYS Multiple Denial of Service Vulnerabilities
Comodo Firewall 2.3.6 - 'CMDMon.SYS' Multiple Denial of Service Vulnerabilities

Microsoft Windows XP/2000 - WinMM.dll .WAV Files Remote Denial of Service
Microsoft Windows XP/2000 - 'WinMM.dll' .WAV Files Remote Denial of Service

Symantec SYMTDI.SYS Device Driver - Local Denial of Service
Symantec 'SYMTDI.SYS' Device Driver - Local Denial of Service

eSellerate SDK 3.6.5 - eSellerateControl365.dll ActiveX Control Buffer Overflow
eSellerate SDK 3.6.5 - 'eSellerateControl365.dll' ActiveX Control Buffer Overflow

NextPage LivePublish 2.02 - LPEXT.dll Cross-Site Scripting
NextPage LivePublish 2.02 - 'LPEXT.dll' Cross-Site Scripting

Sienzo Digital Music Mentor - DSKernel2.dll ActiveX Control Stack Buffer Overflow
Sienzo Digital Music Mentor - 'DSKernel2.dll' ActiveX Control Stack Buffer Overflow

Roxio CinePlayer 3.2 - SonicDVDDashVRNav.dll ActiveX Control Remote Buffer Overflow
Roxio CinePlayer 3.2 - 'SonicDVDDashVRNav.dll' ActiveX Control Remote Buffer Overflow

Dart ZipLite Compression 1.8.5.3 - DartZipLite.dll ActiveX Control Buffer Overflow
Dart ZipLite Compression 1.8.5.3 - 'DartZipLite.dll' ActiveX Control Buffer Overflow
F-Secure Policy Manager 7.00 - FSMSH.dll Remote Denial of Service
Apple Safari 3.0.1 for Windows - Corefoundation.dll Denial of Service
F-Secure Policy Manager 7.00 - 'FSMSH.dll' Remote Denial of Service
Apple Safari 3.0.1 for Windows - 'Corefoundation.dll' Denial of Service

VMware Tools 3.1 - HGFS.Sys Privilege Escalation
VMware Tools 3.1 - 'HGFS.Sys' Privilege Escalation

Microsoft Windows Kernel win32k.sys - Integer Overflow (MS13-101)
Microsoft Windows Kernel 'win32k.sys' - Integer Overflow (MS13-101)

Baidu Soba Search Bar 5.4 - BaiduBar.dll ActiveX Control Remote Code Execution
Baidu Soba Search Bar 5.4 - 'BaiduBar.dll' ActiveX Control Remote Code Execution

Microsoft Internet Explorer 5.0.1 - TBLinf32.dll ActiveX Control Remote Code Execution
Microsoft Internet Explorer 5.0.1 - 'TBLinf32.dll' ActiveX Control Remote Code Execution

Microsoft Internet Explorer 5.0.1 - Vector Markup Language VGX.dll Remote Buffer Overflow
Microsoft Internet Explorer 5.0.1 - Vector Markup Language 'VGX.dll' Remote Buffer Overflow

Yahoo! Messenger 8.1 - KDU_V32M.DLL Remote Denial of Service
Yahoo! Messenger 8.1 - 'KDU_V32M.DLL' Remote Denial of Service

BitDefender AntiVirus 2008 - bdelev.dll ActiveX Control Double-Free
BitDefender AntiVirus 2008 - 'bdelev.dll' ActiveX Control Double-Free

AkkyWareHOUSE 7-zip32.dll 4.42 - Heap Based Buffer Overflow
AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow

Microsoft Agent agentdpv.dll ActiveX Control - Malformed URL Stack Buffer Overflow
Microsoft Agent - 'agentdpv.dll' ActiveX Control Malformed URL Stack Buffer Overflow
Macrovision SafeDisc - SecDRV.SYS Method_Neither Privilege Escalation
SpeedFan - Speedfan.sys Privilege Escalation
Macrovision SafeDisc - 'SecDRV.SYS' Method_Neither Privilege Escalation
SpeedFan - 'Speedfan.sys' Privilege Escalation

RealPlayer 10.0/10.5/11 - ierpplug.dll ActiveX Control Import Playlist Name Stack Buffer Overflow
RealPlayer 10.0/10.5/11 - 'ierpplug.dll' ActiveX Control Import Playlist Name Stack Buffer Overflow

GWExtranet 3.0 - Scp.dll Multiple HTML Injection Vulnerabilities
GWExtranet 3.0 - 'Scp.dll' Multiple HTML Injection Vulnerabilities

RealMedia RealPlayer 10.5/11 - ierpplug.dll PlayerProperty ActiveX Control Buffer Overflow
RealMedia RealPlayer 10.5/11 - 'ierpplug.dll' PlayerProperty ActiveX Control Buffer Overflow

AuraCMS 2.2 - 'lihatberita' Module 'id' Parameter SQL Injection
AuraCMS 2.2 - 'lihatberita' Module SQL Injection

Panda Internet Security/AntiVirus+Firewall 2008 - CPoint.sys Memory Corruption
Panda Internet Security/AntiVirus+Firewall 2008 - 'CPoint.sys' Memory Corruption

SAP Internet Transaction Server 6200.1017.50954.0 - Bu WGate wgate.dll ~service Parameter Cross-Site Scripting
SAP Internet Transaction Server 6200.1017.50954.0 - Bu WGate 'wgate.dll' ~service Parameter Cross-Site Scripting

Anti-Trojan Elite 4.2.1 - Atepmon.sys IOCTL Request Local Overflow
Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow

Symantec Multiple Products - Client Proxy ActiveX (CLIproxy.dll) Remote Overflow
Symantec Multiple Products - Client Proxy ActiveX 'CLIproxy.dll' Remote Overflow

Microsoft Windows XP SP3 - MQAC.sys Arbitrary Write Privilege Escalation
Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation

Microsoft Windows XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation
Microsoft Windows XP SP3 - 'BthPan.sys' Arbitrary Write Privilege Escalation

VirtualBox Guest Additions - VBoxGuest.sys Privilege Escalation (Metasploit)
VirtualBox Guest Additions - 'VBoxGuest.sys' Privilege Escalation (Metasploit)

AuraCMS 1.62 - 'pdf.php' SQL Injection

VMware Workstations 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read
VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read

Netgear WNR500  Wireless Router - Parameter Traversal Arbitrary File Access Exploit
Netgear WNR500 Wireless Router - Parameter Traversal Arbitrary File Access Exploit

Microsoft Windows 8.1 (x86/x64) - (ahcache.sys/NtApphelpCacheControl) Privilege Escalation
Microsoft Windows 8.1 (x86/x64) - 'ahcache.sys' NtApphelpCacheControl Privilege Escalation

JetAudio 8.1.3 - (Corrupted mp4) Crash (PoC)
JetAudio 8.1.3 - '.mp4' Crash (PoC)

Microsoft Windows - HTTP.sys PoC (MS15-034)
Microsoft Windows - 'HTTP.sys' PoC (MS15-034)

MS Windows (HTTP.sys) - HTTP Request Parsing Denial of Service (MS15-034)
Microsoft Windows - 'HTTP.sys'  HTTP Request Parsing Denial of Service (MS15-034)

Microsoft Windows - CNG.SYS Kernel Security Feature Bypass PoC (MS15-052)
Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass PoC (MS15-052)

FinePlayer 2.20 (.mp4) - Crash (PoC)
FinePlayer 2.20 - '.mp4' Crash (PoC)
Microsoft Office 2007 - wwlib.dll fcPlcfFldMom Uninitialized Heap Usage
Microsoft Office 2007 - wwlib.dll Type Confusion (MS15-081)
Microsoft Office 2007 - OGL.dll DpOutputSpanStretch::OutputSpan Out of Bounds Write (MS15-080)
Microsoft Office 2007 - mso.dll Arbitrary Free (MS15-081)
Microsoft Office 2007 - mso.dll Use-After-Free (MS15-081)
Microsoft Office 2007 - 'wwlib.dll' fcPlcfFldMom Uninitialized Heap Usage
Microsoft Office 2007 - 'wwlib.dll' Type Confusion (MS15-081)
Microsoft Office 2007 - 'OGL.dll' DpOutputSpanStretch::OutputSpan Out of Bounds Write (MS15-080)
Microsoft Office 2007 - 'mso.dll' Arbitrary Free (MS15-081)
Microsoft Office 2007 - 'mso.dll' Use-After-Free (MS15-081)
Microsoft Windows - ATMFD.DLL Out-of-Bounds Read Due to - Malformed FDSelect Offset in the CFF Table
Microsoft Windows - ATMFD.DLL Out-of-Bounds Read Due to - Malformed Name INDEX in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed FDSelect Offset in the CFF Table
Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to - Malformed Name INDEX in the CFF Table
Microsoft Windows - ATMFD.DLL Write to Uninitialized Address Due to - Malformed CFF Table
Microsoft Windows - ATMFD.dll CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access
Microsoft Windows - ATMFD.DLL CFF table (ATMFD+0x34072 - / ATMFD+0x3407b) Invalid Memory Access
Microsoft Windows - ATMFD.dll CharString Stream Out-of-Bounds Reads
Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to - Malformed CFF Table
Microsoft Windows - 'ATMFD.dll' CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access
Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 - / ATMFD+0x3407b) Invalid Memory Access
Microsoft Windows - 'ATMFD.dll' CharString Stream Out-of-Bounds Reads

Microsoft Office 2007 - msxml5.dll Crash (PoC)
Microsoft Office 2007 - 'msxml5.dll' Crash (PoC)

Microsoft Office 2007 - OGL.dll ValidateBitmapInfo Bounds Check Failure (MS15-097)
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
Microsoft Windows - Kernel win32k.sys Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115)
Microsoft Windows - Kernel win32k.sys Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115)
Microsoft Windows - Kernel 'win32k.sys' Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115)
Microsoft Windows - Kernel 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115)

Microsoft Office / COM Object - els.dll DLL Planting (MS15-134)
Microsoft Office / COM Object - 'els.dll' DLL Planting (MS15-134)

Microsoft Office / COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132)
Microsoft Office / COM Object - DLL Planting with 'comsvcs.dll' Delay Load of 'mqrt.dll' (MS15-132)
Microsoft Windows devenum.dll!DeviceMoniker::Load() - Heap Corruption Buffer Underflow (MS16-007)
Microsoft Office - COM Object DLL Planting with WMALFXGFXDSP.dll (MS16-007)
Microsoft Windows = devenum.dll!DeviceMoniker::Load() Heap Corruption Buffer Underflow (MS16-007)
Microsoft Office - COM Object DLL Planting with 'WMALFXGFXDSP.dll' (MS16-007)

QuickHeal 16.00 - webssx.sys Driver Denial of Service
QuickHeal 16.00 - 'webssx.sys' Driver Denial of Service

Comodo Anti-Virus - SHFolder.dll Local Privilege Elevation Exploit
Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Elevation Exploit
Microsoft Windows - Kernel ATMFD.dll OTF Font Processing Pool-Based Buffer Overflow (MS16-026)
Microsoft Windows - Kernel ATMFD.dll OTF Font Processing Stack Corruption (MS16-026)
Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026)
Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026)

Hyper-V - vmswitch.sys VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow
Hyper-V - 'vmswitch.sys' VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow

Microsoft Windows - Kernel win32k.sys TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039)
Microsoft Windows - Kernel 'win32k.sys' TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039)

Adobe Flash - MP4 File Stack Corruption
Adobe Flash - .MP4 File Stack Corruption
Microsoft Windows - gdi32.dll Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055)
Microsoft Windows - gdi32.dll Multiple Issues in the EMF COMMENT_MULTIFORMATS Record Handling (MS16-055)
Microsoft Windows - gdi32.dll Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Microsoft Windows - 'gdi32.dll' Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055)
Microsoft Windows - 'gdi32.dll' Multiple Issues in the EMF COMMENT_MULTIFORMATS Record Handling (MS16-055)
Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)
Microsoft Windows - Kernel ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)
Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)
Microsoft Windows - Kernel 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074)

VMware Virtual Machine Communication Interface (VMCI) vmci.sys - (PoC)
VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC)

Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067)
Microsoft Windows - 'NetAPI32.dll' Code Execution (Python) (MS08-067)

SAP Adaptive Server Enterprise  16 - Denial of Service
SAP Adaptive Server Enterprise 16 - Denial of Service
Boonex Dolphin 7.3.2 - Authentication Bypass
SmallFTPd 1.0.3 - 'mkd' Command Denial of Service
Komfy Switch with Camera DKZ-201S/W - WiFi Password Disclosure
2016-10-27 05:01:19 +00:00
platforms DB: 2016-10-27 2016-10-27 05:01:19 +00:00
files.csv DB: 2016-10-27 2016-10-27 05:01:19 +00:00
README.md Note about dependencies 2016-10-26 16:44:58 +01:00
searchsploit Hardcode ${gitpath} path 2016-10-26 13:13:51 +01:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin)            | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                  | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)            | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080)                | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)   | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)            | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.
root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).