Offensive Security 28b54c9669 DB: 2017-06-28 ... 4 new exploits OpenSSL ASN.1 < 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs OpenSSL ASN.1 < 0.9.6j/0.9.7b - Brute Forcer for Parsing Bugs Solaris 2.7 / 2.8 Catman - Local Insecure tmp Symlink Exploit Solaris 2.7/2.8 Catman - Local Insecure tmp Symlink Exploit RedHat 6.1 / 6.2 - TTY Flood Users Exploit RedHat 6.1/6.2 - TTY Flood Users Exploit Linux Kernel 2.4.x / 2.6.x - Assembler Inline Function Local Denial of Service Linux Kernel 2.4.x/2.6.x - Assembler Inline Function Local Denial of Service Linux Kernel 2.4.28 / 2.6.9 - 'scm_send Local' Denial of Service Linux Kernel 2.6.9 / 2.4.22-28 - 'igmp.c' Local Denial of Service Linux Kernel 2.4.28/2.6.9 - 'scm_send Local' Denial of Service Linux Kernel 2.4.22-28/2.6.9 - 'igmp.c' Local Denial of Service Linux Kernel 2.4.28 / 2.6.9 - vc_resize int Local Overflow Linux Kernel 2.4.28 / 2.6.9 - Memory Leak Local Denial of Service Linux Kernel 2.4.28 / 2.6.9 - 'ip_options_get' Local Overflow Linux Kernel 2.4.28/2.6.9 - vc_resize int Local Overflow Linux Kernel 2.4.28/2.6.9 - Memory Leak Local Denial of Service Linux Kernel 2.4.28/2.6.9 - 'ip_options_get' Local Overflow Apple Mac OSX 10.3.7 - Input Validation Flaw parse_machfile() Denial of Service Apple Mac OSX 10.3.7 - Input Validation Flaw 'parse_machfile()' Denial of Service Xaraya 1.0.0 RC4 - create() Denial of Service Xaraya 1.0.0 RC4 - 'create()' Denial of Service BitchX 1.1-final - do_hook() Remote Denial of Service BitchX 1.1-final - 'do_hook()' Remote Denial of Service Quake 3 Engine Client - CG_ServerCommand() Remote Overflow Quake 3 Engine Client - 'CG_ServerCommand()' Remote Overflow Apache (mod_rewrite) < 1.3.37 / 2.0.59 / 2.2.3 - Remote Overflow (PoC) Apache (mod_rewrite) < 1.3.37/2.0.59/2.2.3 - Remote Overflow (PoC) FreeBSD 5.4 / 6.0 - (ptrace PT_LWPINFO) Local Denial of Service FreeBSD 5.4/6.0 - (ptrace PT_LWPINFO) Local Denial of Service Asterisk 1.0.12 / 1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC) Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC) PHP 4.4.4/5.1.6 - htmlentities() Local Buffer Overflow (PoC) PHP 4.4.4/5.1.6 - 'htmlentities()' Local Buffer Overflow (PoC) Microsoft Windows - NetrWkstaUserEnum() Remote Denial of Service Microsoft Windows - 'NetrWkstaUserEnum()' Remote Denial of Service Apple Mac OSX 10.4.8 - AppleTalk ATPsndrsp() Heap Buffer Overflow (PoC) Apple Mac OSX 10.4.8 - AppleTalk 'ATPsndrsp()' Heap Buffer Overflow (PoC) Apple Mac OSX 10.4.x Kernel - shared_region_map_file_np() Memory Corruption Apple Mac OSX 10.4.x Kernel - 'shared_region_map_file_np()' Memory Corruption PHP 4.4.4 - Unserialize() ZVAL Reference Counter Overflow (PoC) Netrek 2.12.0 - pmessage2() Remote Limited Format String PHP 5 - wddx_deserialize() String Append Crash Asterisk 1.2.15 / 1.4.0 - Unauthenticated Remote Denial of Service PHP 4.4.4 - 'Unserialize()' ZVAL Reference Counter Overflow (PoC) Netrek 2.12.0 - 'pmessage2()' Remote Limited Format String PHP 5 - 'wddx_deserialize()' String Append Crash Asterisk 1.2.15/1.4.0 - Unauthenticated Remote Denial of Service Asterisk 1.2.16 / 1.4.1 - SIP INVITE Remote Denial of Service PHP 4.4.5 / 4.4.6 - session_decode() Double-Free (PoC) Asterisk 1.2.16/1.4.1 - SIP INVITE Remote Denial of Service PHP 4.4.5/4.4.6 - 'session_decode()' Double-Free (PoC) Opera 9.10 - alert() Remote Denial of Service Opera 9.10 - 'alert()' Remote Denial of Service PHP 5.2.3 - bz2 com_print_typeinfo() Denial of Service PHP 5.2.3 - glob() Denial of Service Asterisk < 1.2.22 / 1.4.8 / 2.2.1 - chan_skinny Remote Denial of Service PHP 5.2.3 - 'bz2 com_print_typeinfo()' Denial of Service PHP 5.2.3 - 'glob()' Denial of Service Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service Asterisk < 1.2.22 / 1.4.8 IAX2 channel driver - Remote Crash Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash HP ActiveX - 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC) HP - ActiveX 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC) EDraw Office Viewer Component 5.3 - FtpDownloadFile() Remote Buffer Overflow EDraw Office Viewer Component 5.3 - 'FtpDownloadFile()' Remote Buffer Overflow eXtremail 2.1.1 - memmove() Remote Denial of Service eXtremail 2.1.1 - 'memmove()' Remote Denial of Service Adobe Shockwave - ShockwaveVersion() Stack Overflow (PoC) Adobe Shockwave - 'ShockwaveVersion()' Stack Overflow (PoC) Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC) Apple Mac OSX 10.4.x Kernel - 'i386_set_ldt()' Integer Overflow (PoC) OpenSSL < 0.9.7l / 0.9.8d - SSLv2 Client Crash SkyFex Client 1.0 - ActiveX Start() Method Remote Stack Overflow DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service (PoC) OpenSSL < 0.9.7l/0.9.8d - SSLv2 Client Crash SkyFex Client 1.0 - ActiveX 'Start()' Method Remote Stack Overflow DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC) KingSoft - 'UpdateOcx2.dll' SetUninstallName() Heap Overflow (PoC) KingSoft - 'UpdateOcx2.dll' 'SetUninstallName()' Heap Overflow (PoC) Adobe Acrobat Reader 8.1.2 - Malformed PDF Remote Denial of Service (PoC) Adobe Acrobat Reader 8.1.2 - Malformed '.PDF' Remote Denial of Service (PoC) Postfix < 2.4.9 / 2.5.5 / 2.6-20080902 - '.forward' Local Denial of Service Postfix < 2.4.9/2.5.5/2.6-20080902 - '.forward' Local Denial of Service fhttpd 0.4.2 un64() - Remote Denial of Service fhttpd 0.4.2 - 'un64()' Remote Denial of Service VBA32 Personal AntiVirus 3.12.8.x - (malformed archive) Denial of Service VBA32 Personal AntiVirus 3.12.8.x - Malformed Archive Denial of Service AyeView 2.20 - Malformed .GIF Image Local Crash AyeView 2.20 - Malformed '.GIF' Image Local Crash Solaris 9 PortBind - XDR-DECODE taddr2uaddr() Remote Denial of Service Solaris 9 PortBind - XDR-DECODE 'taddr2uaddr()' Remote Denial of Service Linux Kernel < 2.4.36.9 / 2.6.27.5 - Unix Sockets Local Kernel Panic Exploit Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit DesignWorks Professional 4.3.1 - Local '.CCT' File Stack Buffer Overflow (PoC) DesignWorks Professional 4.3.1 - '.CCT' File Local Stack Buffer Overflow (PoC) Vinagre < 2.24.2 - show_error() Remote Format String (PoC) Vinagre < 2.24.2 - 'show_error()' Remote Format String (PoC) Linux Kernel 2.6.27.7-generic / 2.6.18 / 2.6.24-1 - Local Denial of Service Linux Kernel 2.6.27.7-generic/2.6.18/2.6.24-1 - Local Denial of Service MW6 Barcode ActiveX - 'Barcode.dll' Remote Heap Overflow (PoC) MW6 Barcode - ActiveX 'Barcode.dll' Remote Heap Overflow (PoC) Multiple Vendors libc:fts_*() - Local Denial of Service Multiple Vendors - 'libc:fts_*()' Local Denial of Service Icewarp Merak Mail Server 9.4.1 - Base64FileEncode() Buffer Overflow (PoC) Icewarp Merak Mail Server 9.4.1 - 'Base64FileEncode()' Buffer Overflow (PoC) OpenSSL 0.9.8k / 1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service Soulseek 157 NS x / 156.x - Remote Distributed Search Code Execution Soulseek 157 NS x/156.x - Remote Distributed Search Code Execution Notepad++ 5.4.5 - Local .C/CPP Stack Buffer Overflow (PoC) Notepad++ 5.4.5 - '.C' / '.CPP' Local Stack Buffer Overflow (PoC) Drupal 6.16 / 5.21 - Denial of Service Drupal 5.21/6.16 - Denial of Service SopCast SopCore Control ActiveX - Remote Execution (PoC) UUSee ReliPlayer ActiveX - Remote Execution (PoC) SopCast SopCore Control - ActiveX Remote Execution (PoC) UUSee ReliPlayer - ActiveX Remote Execution (PoC) Aqua Real 1.0 / 2.0 - Local Crash (PoC) Aqua Real 1.0/2.0 - Local Crash (PoC) iPhone - WebCore::CSSSelector() Remote Crash iPhone - 'WebCore::CSSSelector()' Remote Crash avtech software 'avc781viewer.dll' ActiveX - Multiple Vulnerabilities Avtech Software - ActiveX 'avc781viewer.dll' Multiple Vulnerabilities Apple Safari 4.0.3 / 4.0.4 - Stack Exhaustion Apple Safari 4.0.3/4.0.4 - Stack Exhaustion Multiple browsers - history.go() Denial of Service Multiple browsers - window.print() Denial of Service Multiple browsers - 'history.go()' Denial of Service Multiple browsers - 'window.print()' Denial of Service FreeBSD Kernel - mountnfs() Exploit FreeBSD Kernel - 'mountnfs()' Exploit Microsoft Internet Explorer 6 / 7 - Remote Denial of Service Microsoft Internet Explorer 6/7 - Remote Denial of Service PHP 5.3.3 - ibase_gen_id() Off-by-One Overflow PHP 5.3.3 - 'ibase_gen_id()' Off-by-One Overflow Microsoft DRM Technology 'msnetobj.dll' ActiveX - Multiple Vulnerabilities RarCrack 0.2 - 'Filename' init() .bss (PoC) Microsoft DRM Technology - 'msnetobj.dll' ActiveX Multiple Vulnerabilities RarCrack 0.2 - 'Filename' 'init()' '.bss' (PoC) Mozilla Firefox 3.5.10 / 3.6.6 - WMP Memory Corruption Using Popups Mozilla Firefox 3.5.10/3.6.6 - WMP Memory Corruption Using Popups Microsoft Windows Mobile 6.1 / 6.5 - Double-Free Denial of Service Microsoft Windows Mobile 6.1/6.5 - Double-Free Denial of Service LeadTools 11.5.0.9 (ltdlg11n.ocx) - GetColorRes() Access Violation Denial of Service LeadTools 11.5.0.9 (lttmb11n.ocx) - BrowseDir() Access Violation Denial of Service LeadTools 11.5.0.9 - 'ltdlg11n.ocx' GetColorRes() Access Violation Denial of Service LeadTools 11.5.0.9 - 'lttmb11n.ocx' BrowseDir() Access Violation Denial of Service VideoLAN VLC Media Player 1.1 - Subtitle StripTags() Function Memory Corruption VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Function Memory Corruption PHP 5.3.5 - grapheme_extract() Null Pointer Dereference PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Novell ZenWorks 10 / 11 - TFTPD Remote Code Execution Novell ZenWorks 10/11 - TFTPD Remote Code Execution PHP 5.3.6 - shmop_read() Integer Overflow Denial of Service PHP 5.3.6 - 'shmop_read()' Integer Overflow Denial of Service PHP 5.3.10 - spl_autoload_register() Local Denial of Service PHP 5.3.10 - spl_autoload_call() Local Denial of Service PHP 5.3.10 - 'spl_autoload_register()' Local Denial of Service PHP 5.3.10 - 'spl_autoload_call()' Local Denial of Service PHP 5.3.10 - spl_autoload() Local Denial of Service PHP 5.3.10 - 'spl_autoload()' Local Denial of Service Apple iOS 5.1.1 - Safari Browser - JS match() & search() Crash (PoC) Apple iOS 5.1.1 Safari Browser - 'JS match()' / 'search()' Crash (PoC) Linux Kernel 2.0 / 2.1 - Send a SIGIO Signal To Any Process Linux Kernel 2.0/2.1 - Send a SIGIO Signal To Any Process Linux Kernel 2.0 / 2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service Linux Kernel 2.2 / 2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options Linux Kernel 2.0 / 2.1 / 2.2 - autofs Exploit Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1) - IP Options Linux Kernel 2.0/2.1/2.2 - autofs Exploit HP HP-UX 10.20 / IBM AIX 4.1.5 - connect() Denial of Service HP HP-UX 10.20 / IBM AIX 4.1.5 - 'connect()' Denial of Service Linux Kernel 2.0 / 2.0.33 - i_count Overflow (PoC) Linux Kernel 2.0/2.0.33 - i_count Overflow (PoC) FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - setsockopt() Denial of Service FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - 'setsockopt()' Denial of Service Linux Kernel 2.2.12 / 2.2.14 / 2.3.99 (RedHat 6.x) - Socket Denial of Service Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service PHP 6.0 - openssl_verify() Local Buffer Overflow (PoC) PHP 6.0 - 'openssl_verify()' Local Buffer Overflow (PoC) Linux Kernel 2.1.89 / 2.2.x - Zero-Length Fragment Linux Kernel 2.1.89/2.2.x - Zero-Length Fragment Wireshark 1.8.2 / 1.6.0 - Buffer Overflow (PoC) Wireshark 1.6.0/1.8.2 - Buffer Overflow (PoC) MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2 / 5.2.1 - File Scanner Malicious Archive Denial of Service MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2/5.2.1 - File Scanner Malicious Archive Denial of Service Linux Kernel 2.2 / 2.4 - Deep Symbolic Link Denial of Service Linux Kernel 2.2/2.4 - Deep Symbolic Link Denial of Service Linux Kernel 2.4.18 / 2.4.19 - Privileged File Descriptor Resource Exhaustion Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion Zlib 1.1.4 - Compression Library gzprintf() Buffer Overrun (1) Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (1) PHP 4.3 - socket_iovec_alloc() Integer Overflow PHP 4.3 - 'socket_iovec_alloc()' Integer Overflow PHP 4.x - socket_recv() Signed Integer Memory Corruption PHP 4.x - socket_recvfrom() Signed Integer Memory Corruption PHP 4.x - 'socket_recv()' Signed Integer Memory Corruption PHP 4.x - 'socket_recvfrom()' Signed Integer Memory Corruption Linux Kernel 2.4 / 2.6 - Sigqueue Blocking Denial of Service Linux Kernel 2.4/2.6 - Sigqueue Blocking Denial of Service Colloquy 1.3.5 / 1.3.6 - Denial of Service Colloquy 1.3.5/1.3.6 - Denial of Service FreeBSD 4.10/5.x - execve() Unaligned Memory Access Denial of Service FreeBSD 4.10/5.x - 'execve()' Unaligned Memory Access Denial of Service PHP 3/4/5 - Multiple Local / Remote Vulnerabilities (1) PHP 3/4/5 - Local/Remote Multiple Vulnerabilities (1) Linux Kernel 2.4.x / 2.6.x - Local Denial of Service / Memory Disclosure Vulnerabilities Linux Kernel 2.4.x/2.6.x - Local Denial of Service / Memory Disclosure Vulnerabilities PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (2) PHP 3/4/5 - Local/Remote Multiple Vulnerabilities (2) Linux Kernel 2.6.32-642 / 3.16.0-4 - 'inode' Integer Overflow Linux Kernel 2.6.32-642 /3.16.0-4 - 'inode' Integer Overflow Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Linux Kernel 2.4.x/2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC) Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index (PoC) Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow SIEMENS Solid Edge ST4/ST5 SEListCtrlX ActiveX - SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution SIEMENS Solid Edge ST4/ST5 SEListCtrlX - ActiveX SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution Apache CXF < 2.5.10 / 2.6.7 / 2.7.4 - Denial of Service Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service Firebird 1.5 - Local Inet_Server Buffer Overflow Firebird 1.5 - Inet_Server Local Buffer Overflow Apple Mac OSX 10.x - '.zip' Parsing BOMStackPop() Function Overflow Apple Mac OSX 10.x - '.zip' Parsing 'BOMStackPop()' Function Overflow FreeBSD 5.x I386_Set_LDT() - Multiple Local Denial of Service Vulnerabilities FreeBSD 5.x - 'I386_Set_LDT()' Multiple Local Denial of Service Vulnerabilities FortKnox Personal Firewall 9.0.305.0 / 10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption FortKnox Personal Firewall 9.0.305.0/10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption PulseAudio 0.9.5 - Assert() Remote Denial of Service PulseAudio 0.9.5 - 'Assert()' Remote Denial of Service VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read VBScript 5.8.7600.16385/5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read PHP openssl_x509_parse() - Memory Corruption PHP - 'openssl_x509_parse()' Memory Corruption MW6 Technologies Aztec ActiveX - (Data parameter) Buffer Overflow MW6 Technologies Datamatrix ActiveX - (Data Parameter) - Buffer Overflow MW6 Technologies MaxiCode ActiveX - (Data parameter) Buffer Overflow MW6 Technologies Aztec - ActiveX 'Data Pparameter Buffer Overflow MW6 Technologies Datamatrix - ActiveX 'Data' Parameter Buffer Overflow MW6 Technologies MaxiCode - ActiveX 'Data' Parameter Buffer Overflow MySQL 6.0.9 - GeomFromWKB() Function First Argument Geometry Value Handling Denial of Service MySQL 6.0.9 - 'GeomFromWKB()' Function First Argument Geometry Value Handling Denial of Service PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service phpMyAdmin 4.0.x / 4.1.x / 4.2.x - Denial of Service phpMyAdmin 4.0.x/4.1.x/4.2.x - Denial of Service UltraPlayer 2.112 Malformed - '.avi' File Denial of Service UltraPlayer 2.112 - Malformed '.avi' File Denial of Service Linux Kernel 3.13 / 3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service Linux Kernel 3.13/3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service Advantech Webaccess 8.0 / 3.4.3 ActiveX - Multiple Vulnerabilities PHP 5.4/5.5/5.6 - SplDoublyLinkedList Unserialize() Use-After-Free PHP GMP unserialize() - Use-After-Free PHP 5.4/5.5/5.6 - SplObjectStorage Unserialize() Use-After-Free Advantech Webaccess 8.0 / 3.4.3 - ActiveX Multiple Vulnerabilities PHP 5.4/5.5/5.6 - SplDoublyLinkedList 'Unserialize()' Use-After-Free PHP GMP - 'unserialize()' Use-After-Free PHP 5.4/5.5/5.6 - SplObjectStorage 'Unserialize()' Use-After-Free PHP 5.4/5.5/5.6 - Unserialize() Use-After-Free Vulnerabilities PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free Vulnerabilities Python 2.7 strop.replace() Method - Integer Overflow Python 3.3 < 3.5 product_setstate() Function - Out-of-Bounds Read Python 2.7 - 'strop.replace()' Method Integer Overflow Python 3.3 < 3.5 - 'product_setstate()' Function Out-of-Bounds Read Linux Kernel 3.x / 4.x - prima WLAN Driver Heap Overflow Linux Kernel 3.x/4.x - prima WLAN Driver Heap Overflow NTPd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow Linux Kernel 3.10 / 3.18 / 4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick) ImageMagick 6.9.3-9/7.0.1-0 - Multiple Vulnerabilities (ImageTragick) Linux ARM/ARM64 - perf_event_open() Arbitrary Memory Read Linux ARM/ARM64 - 'perf_event_open()' Arbitrary Memory Read PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write PHP 5.5.37/5.6.23/7.0.8 - 'bzread()' Out-of-Bounds Write Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - PacketBB Dissector Denial of Service Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - WSP Dissector Denial of Service Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - RLC Dissector Denial of Service Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4- PacketBB Dissector Denial of Service Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - WSP Dissector Denial of Service Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - RLC Dissector Denial of Service PHP 5.0.0 - hw_docbyanchor() Local Denial of Service PHP 5.0.0 - 'hw_docbyanchor()' Local Denial of Service Linux Kernel 4.8.0-22 / 3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Linux Kernel 3.10.0-327/4.8.0-22 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation man-db 2.4.1 - open_cat_stream() Local uid=man Exploit man-db 2.4.1 - 'open_cat_stream()' Local uid=man Exploit Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Privilege Escalation Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (PoC) Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Privilege Escalation Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator (PoC) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Privilege Escalation xsplumber - strcpy() Buffer Overflow xsplumber - 'strcpy()' Buffer Overflow BSDi 3.0 / 4.0 - rcvtty[mh] Local Exploit BSDi 3.0/4.0 - rcvtty[mh] Local Exploit Solaris 2.5 / 2.5.1 - getgrnam() Local Overflow Solaris 2.5/2.5.1 - 'getgrnam()' Local Overflow Solaris 7 / 8-beta - arp Local Overflow Solaris 7/8-beta - ARP Local Overflow Solaris 2.6 / 2.7 - '/usr/bin/write' Local Overflow Solaris 2.6/2.7 - '/usr/bin/write' Local Overflow LibXt - XtAppInitialize() Overflow *xterm Exploit LibXt - 'XtAppInitialize()' Overflow *xterm Exploit SGI IRIX - '/bin/login Local' Buffer Overflow SGI IRIX - '/bin/login' Local Buffer Overflow LibPNG 1.2.5 - png_jmpbuf() Local Buffer Overflow LibPNG 1.2.5 - 'png_jmpbuf()' Local Buffer Overflow CDRecord's ReadCD - '$RSH' exec() SUID Shell Creation CDRecord's ReadCD - '$RSH' 'exec()' SUID Shell Creation Linux Kernel 2.4.27 / 2.6.8 - 'binfmt_elf' Executable File Read Exploit Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read Exploit Linux Kernel 2.6.x < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation Setuid perl - PerlIO_Debug() Overflow Setuid perl - 'PerlIO_Debug()' Overflow Linux Kernel 2.4.x / 2.6.x - 'uselib()' Privilege Escalation (3) Linux Kernel 2.4.x/2.6.x - 'uselib()' Privilege Escalation (3) Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2) Linux Kernel 2.4.x/2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2) ePSXe 1.6.0 - nogui() Local Exploit ePSXe 1.6.0 - 'nogui()' Local Exploit Solaris 9 / 10 - ld.so Privilege Escalation (1) Solaris 9 / 10 - ld.so Privilege Escalation (2) Solaris 9/10 - 'ld.so' Privilege Escalation (1) Solaris 9/10 - 'ld.so' Privilege Escalation (2) Python 2.4.2 - realpath() Local Stack Overflow Python 2.4.2 - 'realpath()' Local Stack Overflow Solaris 10 sysinfo() - Local Kernel Memory Disclosure (1) Solaris 10 - 'sysinfo()' Local Kernel Memory Disclosure (1) Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 - Multiple Buffer Overflow Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflow PHP 4.4.3 / 5.1.4 - (objIndex) Local Buffer Overflow (PoC) PHP 4.4.3 / 5.1.4 - (sscanf) Local Buffer Overflow PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow (PoC) PHP 4.4.3/5.1.4 - 'sscanf' Local Buffer Overflow Solaris 8 / 9 - '/usr/ucb/ps' Local Information Leak Exploit Solaris 8/9 - '/usr/ucb/ps' Local Information Leak Exploit OpenBSD 3.x < 4.0 - vga_ioctl() Privilege Escalation OpenBSD 3.x < 4.0 - 'vga_ioctl()' Privilege Escalation PHP < 4.4.5 / 5.2.1 - PHP_binary Session Deserialization Information Leak PHP < 4.4.5 / 5.2.1 - WDDX Session Deserialization Information Leak PHP 4.4.6 - mssql_[p]connect() Local Buffer Overflow PHP 5.2.1 - substr_compare() Information Leak Exploit PHP < 4.4.5 / 5.2.1 - (shmop functions) Local Code Execution PHP < 4.4.5 / 5.2.1 - (shmop) SSL RSA Private-Key Disclosure PHP < 4.4.5/5.2.1 - PHP_binary Session Deserialization Information Leak PHP < 4.4.5/5.2.1 - WDDX Session Deserialization Information Leak PHP 4.4.6 - 'mssql_[p]connect()' Local Buffer Overflow PHP 5.2.1 - 'substr_compare()' Information Leak Exploit PHP < 4.4.5/5.2.1 - 'shmop' Functions Local Code Execution PHP < 4.4.5/5.2.1 - 'shmop' SSL RSA Private-Key Disclosure PHP 4.4.6 - crack_opendict() Local Buffer Overflow (PoC) PHP 4.4.6 - snmpget() object id Local Buffer Overflow (PoC) PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow (PoC) PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow (PoC) PHP 4.4.6 - cpdf_open() Local Source Code Disclosure (PoC) PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure (PoC) PHP 5.2.1 - session_regenerate_id() Double-Free Exploit PHP 5.2.1 - 'session_regenerate_id()' Double-Free Exploit PHP 4.4.6 - ibase_connect() Local Buffer Overflow PHP 4.4.6 / 5.2.1 - array_user_key_compare() ZVAL dtor Local Exploit PHP 5.2.0 (OSX) - header() Space Trimming Buffer Underflow Exploit PHP 4.4.6 / 5.2.1 - ext/gd Already Freed Resources Usage Exploit PHP 5.2.1 - hash_update_file() Freed Resource Usage Exploit PHP 5.2.1 - Unserialize() Local Information Leak Exploit PHP < 4.4.5 / 5.2.1 - _SESSION unset() Local Exploit PHP < 4.4.5 / 5.2.1 - _SESSION Deserialization Overwrite PHP 4.4.6 - 'ibase_connect()' Local Buffer Overflow PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Exploit PHP 5.2.0 (OSX) - 'header()' Space Trimming Buffer Underflow Exploit PHP 4.4.6/5.2.1 - ext/gd Already Freed Resources Usage Exploit PHP 5.2.1 - 'hash_update_file()' Freed Resource Usage Exploit PHP 5.2.1 - 'Unserialize()' Local Information Leak Exploit PHP < 4.4.5/5.2.1 - '_SESSION' 'unset()' Local Exploit PHP < 4.4.5/5.2.1 - '_SESSION' Deserialization Overwrite PHP 5.2.3 - snmpget() object id Local Buffer Overflow PHP 5.2.3 - 'snmpget()' Object id Local Buffer Overflow IBM AIX 5.3 SP6 - FTP gets() Privilege Escalation IBM AIX 5.3 SP6 - FTP 'gets()' Privilege Escalation PHP 5.2.3 - snmpget() object id Local Buffer Overflow (EDI) PHP 5.2.3 - 'snmpget()' object id Local Buffer Overflow (EDI) PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit PHP 4.4.7/5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation Numark Cue 5.0 rev 2 - Local '.m3u' File Stack Buffer Overflow Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow Adobe Reader - util.printf() JavaScript Function Stack Overflow (1) Adobe Reader - util.printf() JavaScript Function Stack Overflow (2) Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (1) Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (2) Microsoft SQL Server - sp_replwritetovarbin() Heap Overflow Microsoft SQL Server - 'sp_replwritetovarbin()' Heap Overflow PHP 5.2.8 gd library - imageRotate() Information Leak PHP 5.2.8 gd library - 'imageRotate()' Information Leak Adobe Acrobat Reader 8.1.2 < 9.0 - getIcon() Memory Corruption Adobe Acrobat Reader 8.1.2 < 9.0 - 'getIcon()' Memory Corruption PHP - mb_ereg(i)_replace() Evaluate Replacement String PHP - 'mb_ereg(i)_replace()' Evaluate Replacement String Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) Linux Kernel 2.4/2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) FreeBSD 6.1 - kqueue() Null Pointer Dereference Privilege Escalation Multiple BSD Operating Systems - setusercontext() Vulnerabilities Avast! 4.8.1335 Professional - Local Kernel Buffer Overflow FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation Multiple BSD Operating Systems - 'setusercontext()' Vulnerabilities Avast! 4.8.1335 Professional - Kernel Local Buffer Overflow Linux Kernel 2.4.x / 2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Privilege Escalation Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Privilege Escalation OtsTurntables 1.00.027 - '.m3u' / '.ofl' Local Universal Buffer Overflow (SEH) OtsTurntables 1.00.027 - '.m3u' / '.ofl' Universal Local Buffer Overflow (SEH) Linux Kernel 2.4 / 2.6 (Fedora 11) - 'sock_sendpage()' Privilege Escalation (2) Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Privilege Escalation (2) Millenium MP3 Studio - (pls/mpf/m3u) Local Universal Buffer Overflows (SEH) Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflows (SEH) Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Privilege Escalation (3) Linux Kernel 2.4/2.6 - 'sock_sendpage()' Privilege Escalation (3) PlayMeNow 7.3 / 7.4 - Malformed '.M3U' Playlist File Buffer PlayMeNow 7.3/7.4 - Malformed '.M3U' Playlist File Buffer Mini-stream Ripper 3.0.1.1 - '.pls' Local Universal Buffer Overflow Mini-stream Ripper 3.0.1.1 - '.pls' Universal Local Buffer Overflow PlayMeNow 7.3 / 7.4 - Buffer Overflow (Metasploit) PlayMeNow 7.3/7.4 - Buffer Overflow (Metasploit) HTMLDOC 1.9.x-r1629 (Windows x86) - Local .html Buffer Overflow HTMLDOC 1.9.x-r1629 (Windows x86) - '.html' Local Buffer Overflow (Tod Miller's) Sudo/SudoEdit 1.6.9p21 / 1.7.2p4 - Privilege Escalation (Tod Miller's) Sudo/SudoEdit 1.6.9p21/1.7.2p4 - Privilege Escalation PHP 6.0 Dev - str_transliterate() Buffer Overflow PHP 6.0 Dev - 'str_transliterate()' Buffer Overflow Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - OpenSession() Buffer Overflow Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - 'OpenSession()' Buffer Overflow IP2location.dll 1.0.0.1 - Function Initialize() Buffer Overflow IP2location.dll 1.0.0.1 - Function 'Initialize()' Buffer Overflow FreeBSD Kernel - nfs_mount() Exploit FreeBSD Kernel - 'nfs_mount()' Exploit MUSE 4.9.0.006 - '.pls' Local Universal Buffer Overflow (SEH) Triologic Media Player 8 - '.m3u' Local Universal Unicode Buffer Overflow (SEH) MUSE 4.9.0.006 - '.pls' Universal Local Buffer Overflow (SEH) Triologic Media Player 8 - '.m3u' Universal Unicode Local Buffer Overflow (SEH) FreeBSD - mbufs() sendfile Cache Poisoning Privilege Escalation FreeBSD - 'mbufs()' sendfile Cache Poisoning Privilege Escalation Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - CAN BCM Privilege Escalation Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Privilege Escalation AOL 9.5 - Phobos.Playlist Import() Stack Based Buffer Overflow (Metasploit) AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit) Adobe - Collab.collectEmailInfo() Buffer Overflow (Metasploit) Adobe - 'Collab.collectEmailInfo()' Buffer Overflow (Metasploit) NetOp Remote Control 8.0 / 9.1 / 9.2 / 9.5 - Buffer Overflow NetOp Remote Control 8.0/9.1/9.2/9.5 - Buffer Overflow PHP 5.3.5 - socket_connect() Buffer Overflow PHP 5.3.5 - 'socket_connect()' Buffer Overflow Linux Kernel 2.6.28 / 3.0 (DEC Alpha Linux) - Privilege Escalation Linux Kernel 2.6.28/3.0 (DEC Alpha Linux) - Privilege Escalation mount.cifs - chdir() Arbitrary Root File Identification mount.cifs - 'chdir()' Arbitrary Root File Identification Slackware Linux 3.1 / 3.2 - color_xterm Buffer Overflow (1) Slackware Linux 3.1 / 3.2 - color_xterm Buffer Overflow (2) Slackware Linux 3.1/3.2 - 'color_xterm' Buffer Overflow (1) Slackware Linux 3.1/3.2 - color_xterm Buffer Overflow (2) Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - vsyslog() Buffer Overflow Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Buffer Overflow Xi Graphics Accelerated X 4.0.x / 5.0 - Buffer Overflow Xi Graphics Accelerated X 4.0.x/5.0 - Buffer Overflow RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap tgetent() Buffer Overflow (2) RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Buffer Overflow (2) QSSL QNX 4.25 A - crypt() Exploit QSSL QNX 4.25 A - 'crypt()' Exploit Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (2) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2 / 1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1) Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2) X 11.0/3.3.3/3.3.4/3.3.5/3.3.6/4.0 - libX11 _XAsyncReply() Stack Corruption X 11.0/3.3.3/3.3.4/3.3.5/3.3.6/4.0 - libX11 '_XAsyncReply()' Stack Corruption Linux Kernel 2.2.x - sysctl() Memory Reading (PoC) Linux Kernel 2.2.x - 'sysctl()' Memory Reading (PoC) Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1) Linux Kernel 2.2.18 (RedHat 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2) Linux Kernel 2.2.18 (RedHat 6.2/7.0 / 2.2.14/2.2.18/2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (1) Linux Kernel 2.2.18 (RedHat 6.2/7.0 / 2.2.14/2.2.18/2.2.18ow4) - ptrace/execve Race Condition Privilege Escalation (2) Linux Kernel 2.2 / 2.4 - procfs Stream redirection to Process Memory Privilege Escalation Linux Kernel 2.2/2.4 - procfs Stream redirection to Process Memory Privilege Escalation Linux Kernel 2.2 / 2.4 - Ptrace/Setuid Exec Privilege Escalation Linux Kernel 2.2/2.4 - Ptrace/Setuid Exec Privilege Escalation Linux Kernel 2.2.x / 2.3 / 2.4.x - d_path() Path Truncation (PoC) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation (PoC) Python 1.5.2 Pickle - Unsafe eval() Code Execution Python 1.5.2 Pickle - Unsafe 'eval()' Code Execution Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (1) Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (2) Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow (3) Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (1) Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (2) Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3) ESCPUtil 1.15.2 2 - Local Printer Name Buffer Overflow ESCPUtil 1.15.2 2 - Printer Name Local Buffer Overflow Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Privilege Escalation (1) Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Privilege Escalation (2) Linux Kernel 2.2.x/2.4.x - Privileged Process Hijacking Privilege Escalation (1) Linux Kernel 2.2.x/2.4.x - Privileged Process Hijacking Privilege Escalation (2) Linux Kernel 2.2.x / 2.4.x - I/O System Call File Existence Linux Kernel 2.2.x/2.4.x - I/O System Call File Existence Zblast 1.2 - Local 'Username' Buffer Overrun Zblast 1.2 - 'Username' Local Buffer Overrun Linux PAM 0.77 - Pam_Wheel Module getlogin() 'Username' Spoofing Privilege Escalation Linux PAM 0.77 - Pam_Wheel Module 'getlogin()' 'Username' Spoofing Privilege Escalation Linux Kernel 2.2.x / 2.4.x - '/proc' Filesystem Potential Information Disclosure Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Potential Information Disclosure Tripbit Secure Code Analizer 1.0 - Local fgets() Buffer Overrun Elm 2.3/2.4 - Local TERM Environment Variable Buffer Overrun Tripbit Secure Code Analizer 1.0 - 'fgets()' Local Buffer Overrun Elm 2.3/2.4 - TERM Environment Variable Local Buffer Overrun GNU AN - Local Command Line Option Buffer Overflow GNU AN - Command Line Option Local Buffer Overflow OpenBSD 3.3 - Semget() Integer Overflow (1) OpenBSD 3.3 - Semget() Integer Overflow (2) OpenBSD 3.3 - 'Semget()' Integer Overflow (1) OpenBSD 3.3 - 'Semget()' Integer Overflow (2) Sendmail 8.12.9 - Prescan() Variant Remote Buffer Overrun Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (1) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (2) Wireless Tools 26 (IWConfig) - Local ARGV Command Line Buffer Overflow (3) Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (1) Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (2) Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (3) Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Memory Read Linux Kernel 2.5.x/2.6.x - CPUFreq Proc Handler Integer Handling Memory Read HP-UX 7-11 - Local X Font Server Buffer Overflow HP-UX 7-11 - X Font Server Local Buffer Overflow Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1) Linux Kernel 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1) Photodex ProShow Gold/Producer 5.0.3310 / 6.0.3410 - ScsiAccess Privilege Escalation Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - ScsiAccess Privilege Escalation Newsgrab 0.5.0pre4 - Multiple Local And Remote Vulnerabilities Newsgrab 0.5.0pre4 - Local/Remote Multiple Vulnerabilities Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1) Linux Kernel 2.4.30 / 2.6.11.5 - BlueTooth 'bluez_sock_create' Privilege Escalation Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1) Linux Kernel 2.4.30/2.6.11.5 - BlueTooth 'bluez_sock_create' Privilege Escalation Ophcrack 3.5.0 - Local Code Execution Buffer Overflow Ophcrack 3.5.0 - Code Execution Local Buffer Overflow PHP 4.x/5.0/5.1 - mb_send_mail() Function Parameter Restriction Bypass PHP 4.x/5.0/5.1 - 'mb_send_mail()' Function Parameter Restriction Bypass Linux Kernel 2.4.x / 2.5.x / 2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities IBM AIX 6.1 / 7.1 - Privilege Escalation IBM AIX 6.1/7.1 - Privilege Escalation Nodejs - js-yaml load() Code Exec (Metasploit) Nodejs - 'js-yaml load()' Code Exec (Metasploit) PHP 5.2.1 - Session.Save_Path() TMPDIR open_basedir Restriction Bypass PHP 5.2.1 - 'Session.Save_Path()' TMPDIR open_basedir Restriction Bypass ELinks Relative 0.10.6 / 011.1 - Path Arbitrary Code Execution ELinks Relative 0.10.6/011.1 - Path Arbitrary Code Execution suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass Exploit Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3) Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escalation (3) Microsoft Office 2007 / 2010 - OLE Arbitrary Command Execution Microsoft Office 2007/2010 - OLE Arbitrary Command Execution MySQL / MariaDB / PerconaDB 5.5.51 / 5.6.32 / 5.7.14 - Code Execution / Privilege Escalation MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit) ImageMagick 6.9.3-9/7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit) Proxifier for Mac 2.17 / 2.18 - Privesc Escalation Proxifier for Mac 2.17/2.18 - Privesc Escalation Sendmail 8.12.8 - Prescan() BSD Remote Command Execution Sendmail 8.12.8 (BSD) - 'Prescan()' Remote Command Execution BFTPd - vsprintf() Format Strings Exploit BFTPd - 'vsprintf()' Format Strings Exploit OpenBSD ftpd 2.6 / 2.7 - Remote Exploit OpenBSD ftpd 2.6/2.7 - Remote Exploit Subversion 1.0.2 - svn_time_from_cstring() Remote Exploit Rlpr 2.04 - msg() Remote Format String Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Exploit Rlpr 2.04 - 'msg()' Remote Format String Courier-IMAP 3.0.2-r1 - auth_debug() Remote Format String Courier-IMAP 3.0.2-r1 - 'auth_debug()' Remote Format String PHP 4.3.7 - openlog() Buffer Overflow PHP 4.3.7 - 'openlog()' Buffer Overflow Apple iTunes - Playlist Local Parsing Buffer Overflow Apple iTunes - Playlist Parsing Local Buffer Overflow Newspost 2.1 - socket_getline() Remote Buffer Overflow (2) Newspost 2.1 - 'socket_getline()' Remote Buffer Overflow (2) CA Unicenter 3.1 - CAM log_security() Stack Overflow (Metasploit) CA Unicenter 3.1 - CAM 'log_security()' Stack Overflow (Metasploit) sobexsrv 1.0.0_pre3 Bluetooth - syslog() Remote Format String sobexsrv 1.0.0_pre3 Bluetooth - 'syslog()' Remote Format String Mozilla Firefox 1.04 - compareTo() Remote Code Execution Mozilla Firefox 1.04 - 'compareTo()' Remote Code Execution Mozilla Firefox 1.5 (Linux) - location.QueryInterface() Code Execution (Metasploit) Mozilla Firefox 1.5 (OSX) - location.QueryInterface() Code Execution (Metasploit) Mozilla Firefox 1.5 (Linux) - 'location.QueryInterface()' Code Execution (Metasploit) Mozilla Firefox 1.5 (OSX) - 'location.QueryInterface()' Code Execution (Metasploit) crossfire-server 1.9.0 - SetUp() Remote Buffer Overflow crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow MySQL 4.1.18 / 5.0.20 - Local+Remote Information Leakage Exploit Quake 3 Engine 1.32b - R_RemapShader() Remote Client Buffer Overflow MySQL 4.1.18/5.0.20 - Local/Remote Information Leakage Exploit Quake 3 Engine 1.32b - 'R_RemapShader()' Remote Client Buffer Overflow iShopCart - vGetPost() Remote Buffer Overflow (cgi) iShopCart - 'vGetPost()' Remote Buffer Overflow (CGI) Cisco VPN 3000 Concentrator 4.1.7 / 4.7.2 - 'FTP' Remote Exploit Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote Exploit XMPlay 3.3.0.4 - (PLS) Local+Remote Buffer Overflow Oracle 9i / 10g - (read/write/execute) Exploitation Suite XMPlay 3.3.0.4 - '.PLS' Local/Remote Buffer Overflow Oracle 9i/10g - (read/write/execute) Exploitation Suite Oracle 9i / 10g (extproc) - Local / Remote Command Execution Oracle 9i / 10g - 'utl_file' FileSystem Access Exploit Oracle 9i/10g - 'extproc' Local/Remote Command Execution Oracle 9i/10g - 'utl_file' FileSystem Access Exploit Portable OpenSSH 3.6.1p-PAM / 4.1-SuSE - Timing Attack Exploit Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack Exploit PHP 4.4.3 < 4.4.6 - PHPinfo() Cross-Site Scripting PHP 4.4.3 < 4.4.6 - 'PHPinfo()' Cross-Site Scripting XAMPP for Windows 1.6.0a - mssql_connect() Remote Buffer Overflow XAMPP for Windows 1.6.0a - 'mssql_connect()' Remote Buffer Overflow IPIX Image Well ActiveX - 'iPIX-ImageWell-ipix.dll' Buffer Overflow IPIX Image Well - ActiveX 'iPIX-ImageWell-ipix.dll' Buffer Overflow Zenturi ProgramChecker ActiveX - 'sasatl.dll' Remote Buffer Overflow Zenturi ProgramChecker - ActiveX 'sasatl.dll' Remote Buffer Overflow Zenturi ProgramChecker - ActiveX NavigateUrl() Insecure Method Exploit Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method Exploit NCTAudioStudio2 - ActiveX DLL 2.6.1.148 CreateFile() Insecure Method NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()/ Insecure Method HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - SaveToFile() Exploit HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' Exploit NeoTracePro 3.25 - ActiveX TraceTarget() Remote Buffer Overflow NeoTracePro 3.25 - ActiveX 'TraceTarget()' Remote Buffer Overflow Versalsoft HTTP File Uploader - AddFile() Remote Buffer Overflow Versalsoft HTTP File Uploader - 'AddFile()' Remote Buffer Overflow Data Dynamics ActiveReport ActiveX - 'actrpt2.dll 2.5' Insecure Method Data Dynamics ActiveReport - ActiveX 'actrpt2.dll 2.5' Insecure Method Yahoo! Widget < 4.0.5 - GetComponentVersion() Remote Overflow CHILKAT ASP String - 'CkString.dll 1.1' SaveToFile() Insecure Method Yahoo! Widget < 4.0.5 - 'GetComponentVersion()' Remote Overflow CHILKAT ASP String - 'CkString.dll 1.1' 'SaveToFile()' Insecure Method NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - SetText() Remote Exploit NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - SaveXMLFile() Insecure Method NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - DeleteXMLFile() Insecure Method NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote Exploit NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - 'SaveXMLFile()' Insecure Method NVR SP2 2.0 'nvUtility.dll 1.0.14.0' - 'DeleteXMLFile()' Insecure Method Microsoft MSN Messenger 7.x (8.0?) - Video Remote Heap Overflow Microsoft MSN Messenger 7.x/8.0? - Video Remote Heap Overflow GlobalLink 2.7.0.8 - 'glItemCom.dll' SetInfo() Heap Overflow GlobalLink 2.7.0.8 - 'glItemCom.dll' 'SetInfo()' Heap Overflow GlobalLink 2.7.0.8 - 'glitemflat.dll' SetClientInfo() Heap Overflow Ultra Crypto Component - 'CryptoX.dll 2.0' SaveToFile() Insecure Method GlobalLink 2.7.0.8 - 'glitemflat.dll' 'SetClientInfo()' Heap Overflow Ultra Crypto Component - 'CryptoX.dll 2.0' 'SaveToFile()' Insecure Method jetAudio 7.x - ActiveX DownloadFromMusicStore() Code Execution jetAudio 7.x - ActiveX 'DownloadFromMusicStore()' Code Execution Persits Software XUpload Control - AddFolder() Buffer Overflow Persits Software XUpload Control - 'AddFolder()' Buffer Overflow idautomation bar code ActiveX - Multiple Vulnerabilities idautomation bar code - ActiveX Multiple Vulnerabilities C6 Messenger ActiveX - Remote Download and Execute Exploit C6 Messenger - ActiveX Remote Download and Execute Exploit NuMedia Soft Nms DVD Burning SDK ActiveX - 'NMSDVDX.dll' Exploit NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Exploit GdPicture Pro ActiveX - 'gdpicture4s.ocx' File Overwrite / Exec Exploit GdPicture Pro - ActiveX 'gdpicture4s.ocx' File Overwrite / Exec Exploit MW6 Aztec ActiveX - 'Aztec.dll' Remote Insecure Method Exploit MW6 Barcode ActiveX - 'Barcode.dll' Insecure Method Exploit MW6 Aztec - ActiveX 'Aztec.dll' Remote Insecure Method Exploit MW6 Barcode - ActiveX 'Barcode.dll' Insecure Method Exploit GE Fanuc Real Time Information Portal 2.6 - writeFile() API Exploit (Metasploit) GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API Exploit (Metasploit) EasyMail ActiveX - 'emmailstore.dll 6.5.0.3' Buffer Overflow EasyMail - ActiveX 'emmailstore.dll 6.5.0.3' Buffer Overflow Megacubo 5.0.7 - (mega://) Remote eval() Injection Megacubo 5.0.7 - 'mega://' Remote 'eval()' Injection Word Viewer OCX 3.2 ActiveX - (Save) Remote File Overwrite Word Viewer OCX 3.2 - ActiveX 'Save' Remote File Overwrite EDraw Office Viewer 5.4 - HttpDownloadFile() Insecure Method EDraw Office Viewer 5.4 - 'HttpDownloadFile()' Insecure Method Oracle Secure Backup 10g - exec_qr() Command Injection Oracle Secure Backup 10g - 'exec_qr()' Command Injection Linux Kernel 2.6.20 / 2.6.24 / 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Adobe Reader 8.1.4/9.1 - GetAnnots() Remote Code Execution Adobe 8.1.4/9.1 - customDictionaryOpen() Code Execution BaoFeng - ActiveX OnBeforeVideoDownload() Remote Buffer Overflow Adobe Reader 8.1.4/9.1 - 'GetAnnots()' Remote Code Execution Adobe 8.1.4/9.1 - 'customDictionaryOpen()' Code Execution BaoFeng - ActiveX 'OnBeforeVideoDownload()' Remote Buffer Overflow AOL IWinAmpActiveX Class ConvertFile() - Remote Buffer Overflow AOL IWinAmpActiveX Class - 'ConvertFile()' Remote Buffer Overflow Virtualmin < 3.703 - Multiple Local+Remote Vulnerabilities Virtualmin < 3.703 - Local/Remote Multiple Vulnerabilities Quiksoft EasyMail 6.0.3.0 - imap connect() ActiveX Buffer Overflow Quiksoft EasyMail 6.0.3.0 - IMAP 'connect()' ActiveX Buffer Overflow EnjoySAP 6.4 / 7.1 - File Overwrite EnjoySAP 6.4/7.1 - File Overwrite Blender 2.34 / 2.35a / 2.4 / 2.49b - '.blend' Command Injection Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection Solaris 10 / 11 Telnet - Remote Authentication Bypass (Metasploit) Solaris 10/11 Telnet - Remote Authentication Bypass (Metasploit) mDNSResponder 10.4.0 / 10.4.8 (OSX) - UPnP Location Overflow (Metasploit) mDNSResponder 10.4.0/10.4.8 (OSX) - UPnP Location Overflow (Metasploit) Opera 9.50 / 9.61 historysearch - Command Execution (Metasploit) Opera 9.50/9.61 historysearch - Command Execution (Metasploit) Squid 2.5.x / 3.x - NTLM Buffer Overflow (Metasploit) PoPToP < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) Squid 2.5.x/3.x - NTLM Buffer Overflow (Metasploit) PoPToP < 1.1.3-b3/1.1.3-20030409 - Negative Read Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 sp2 - 'jrd8_create_database' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'jrd8_create_database' Buffer Overflow (Metasploit) Borland Interbase 2007/2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit) HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution (Metasploit) HP-UX LPD 10.20/11.00/11.11 - Command Execution (Metasploit) PHP 5.3 - preg_match() Full Path Disclosure PHP 5.3 - 'preg_match()' Full Path Disclosure Trend Micro Web-Deployment ActiveX - Remote Execution (PoC) Trend Micro Web-Deployment - ActiveX Remote Execution (PoC) Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' 'OpenFile()' Remote Overflow Bigant Messenger 2.52 - 'AntCore.dll' RegisterCom() Remote Heap Overflow Bigant Messenger 2.52 - 'AntCore.dll' 'RegisterCom()' Remote Heap Overflow Apple Safari 4.0.5 - parent.close() (memory Corruption) Code Execution Apple Safari 4.0.5 - 'parent.close()' Memory Corruption Code Execution Apple Safari 4.0.5 - parent.close() Memory Corruption (ASLR + DEP Bypass) Apple Safari 4.0.5 - 'parent.close()' Memory Corruption (ASLR + DEP Bypass) ComponentOne VSFlexGrid 7 / 8 - 'Archive()' method Remote Buffer Overflow ComponentOne VSFlexGrid 7/8 - 'Archive()' method Remote Buffer Overflow Apple Mac OSX EvoCam Web Server 3.6.6 / 3.6.7 - Buffer Overflow Apple Mac OSX EvoCam Web Server 3.6.6/3.6.7 - Buffer Overflow Nginx 0.7.65 / 0.8.39 (dev) - Source Disclosure / Download Nginx 0.7.65/0.8.39 (dev) - Source Disclosure / Download SigPlus Pro 3.74 - ActiveX LCDWriteString() Remote Buffer Overflow JIT Spray (ASLR + DEP Bypass) SigPlus Pro 3.74 - ActiveX 'LCDWriteString()' Remote Buffer Overflow JIT Spray (ASLR + DEP Bypass) McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion (Remote Code Execution) McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (2) Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (2) Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (Metasploit) Viscom Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Buffer Overflow (Metasploit) Viscom Image Viewer CP Gold 6 - ActiveX TifMergeMultiFiles() Buffer Overflow Viscom Image Viewer CP Gold 6 - ActiveX 'TifMergeMultiFiles()' Buffer Overflow Microsoft WMITools ActiveX - Remote Command Execution Microsoft WMITools - ActiveX Remote Command Execution Novell iPrint 5.52 - ActiveX GetDriverSettings() Remote Exploit (ZDI-10-256) Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote Exploit Apple QTJava - toQTPointer() Arbitrary Memory Access (Metasploit) Apple QTJava - 'toQTPointer()' Arbitrary Memory Access (Metasploit) Java - Statement.invoke() Trusted Method Chain Exploit (Metasploit) Java - 'Statement.invoke()' Trusted Method Chain Exploit (Metasploit) Mozilla Firefox 3.5 - escape() Return Value Memory Corruption (Metasploit) Mozilla Firefox 3.5 - 'escape()' Return Value Memory Corruption (Metasploit) Mozilla Suite/Firefox InstallVersion->compareTo() - Code Execution (Metasploit) Mozilla Suite/Firefox - InstallVersion->compareTo() Code Execution (Metasploit) Sun Solaris sadmind - adm_build_path() Buffer Overflow (Metasploit) Sun Solaris sadmind - 'adm_build_path()' Buffer Overflow (Metasploit) Microsoft DNS RPC Service - extractQuotedChar() Overflow 'SMB' (MS07-029) (Metasploit) Microsoft DNS RPC Service - 'extractQuotedChar()' Overflow 'SMB' (MS07-029) (Metasploit) Firebird Relational Database - SVC_attach() Buffer Overflow (Metasploit) Firebird Relational Database - 'SVC_attach()' Buffer Overflow (Metasploit) Firebird Relational Database - isc_create_database() Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_create_database()' Buffer Overflow (Metasploit) Firebird Relational Database - isc_attach_database() Buffer Overflow (Metasploit) Firebird Relational Database - 'isc_attach_database()' Buffer Overflow (Metasploit) Worldweaver DX Studio Player 3.0.29 - shell.execute() Command Execution (Metasploit) Worldweaver DX Studio Player 3.0.29 - 'shell.execute()' Command Execution (Metasploit) Zenturi ProgramChecker ActiveX - Control Arbitrary File Download (Metasploit) Zenturi ProgramChecker - ActiveX Control Arbitrary File Download (Metasploit) CA BrightStor ARCserve Backup - AddColumn() ActiveX Buffer Overflow (Metasploit) Microsoft Internet Explorer - createTextRange() Code Execution (MS06-013) (Metasploit) CA BrightStor ARCserve Backup - 'AddColumn()' ActiveX Buffer Overflow (Metasploit) Microsoft Internet Explorer - 'createTextRange()' Code Execution (MS06-013) (Metasploit) AOL Radio AmpX - ActiveX Control ConvertFile() Buffer Overflow (Metasploit) AOL Radio AmpX - ActiveX Control 'ConvertFile()' Buffer Overflow (Metasploit) NCTAudioFile2 2.x - ActiveX Control SetFormatLikeSample() Buffer Overflow (Metasploit) NCTAudioFile2 2.x - ActiveX Control 'SetFormatLikeSample()' Buffer Overflow (Metasploit) SasCam Webcam Server 2.6.5 - Get() method Buffer Overflow (Metasploit) SasCam Webcam Server 2.6.5 - 'Get()' Method Buffer Overflow (Metasploit) Microsoft DNS RPC Service - extractQuotedChar() TCP Overflow (MS07-029) (Metasploit) Microsoft DNS RPC Service - 'extractQuotedChar()' TCP Overflow (MS07-029) (Metasploit) httpdx - h_handlepeer() Function Buffer Overflow (Metasploit) httpdx - 'h_handlepeer()' Function Buffer Overflow (Metasploit) CA CAM (Windows x86) - log_security() Stack Buffer Overflow (Metasploit) CA CAM (Windows x86) - 'log_security()' Stack Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - CreateBinding() Buffer Overflow (Metasploit) Trend Micro ServerProtect 5.58 - 'CreateBinding()' Buffer Overflow (Metasploit) XtreamerPRO Media-player 2.6.0 / 2.7.0 - Multiple Vulnerabilities XtreamerPRO Media-player 2.6.0/2.7.0 - Multiple Vulnerabilities Black Ice Cover Page SDK - insecure method DownloadImageFileURL() Exploit (Metasploit) Black Ice Cover Page SDK - Insecure Method 'DownloadImageFileURL()' Exploit (Metasploit) CTEK SkyRouter 4200 / 4300 - Command Execution (Metasploit) CTEK SkyRouter 4200/4300 - Command Execution (Metasploit) Mozilla Firefox 4.0.1 - Array.reduceRight() Exploit Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Exploit LotusCMS 3.0 - eval() Remote Command Execution (Metasploit) LotusCMS 3.0 - 'eval()' Remote Command Execution (Metasploit) Apache Tomcat - Remote Exploit (PUT Request) and Account Scanner Apache Tomcat - Account Scanner / 'PUT' Request Remote Exploit Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion (Remote Code Execution) Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject() Exploit McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Exploit Mozilla Firefox 8/9 - AttributeChildRemoved() Use-After-Free (Metasploit) Mozilla Firefox 8/9 - 'AttributeChildRemoved()' Use-After-Free (Metasploit) RabidHamster R4 - Log Entry sprintf() Buffer Overflow (Metasploit) RabidHamster R4 - Log Entry 'sprintf()' Buffer Overflow (Metasploit) Samsung NET-i viewer - Multiple ActiveX BackupToAvi() Remote Overflow (Metasploit) Samsung NET-i viewer - Multiple ActiveX 'BackupToAvi()' Remote Overflow (Metasploit) Microsoft IIS 6.0 / 7.5 (+ PHP) - Multiple Vulnerabilities Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities Linux Kernel 2.0.30 / 2.0.35 / 2.0.36 / 2.0.37 - Blind TCP Spoofing Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing ETL Delegate 5.9.x / 6.0.x - Buffer Overflow ETL Delegate 5.9.x/6.0.x - Buffer Overflow Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (1) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (3) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (1) Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Buffer Overflow (3) Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion (Remote Command Execution) Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution PHP IRC Bot pbot - eval() Remote Code Execution (Metasploit) PHP IRC Bot pbot - 'eval()' Remote Code Execution (Metasploit) Icecast 1.3.7/1.3.8 - print_client() Format String Icecast 1.3.7/1.3.8 - 'print_client()' Format String FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - glob() Buffer Overflow FreeBSD 4.2-stable ftpd - glob() Buffer Overflow Vulnerabilities OpenBSD 2.x < 2.8 ftpd - glob() Buffer Overflow FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities OpenBSD 2.x < 2.8 FTPd - 'glob()' Buffer Overflow Apache Tomcat 3.2.3/3.2.4 - Source.jsp Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - RealPath.jsp Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Malformed Request Information Disclosure Working Resources BadBlue 1.7.3 - cleanSearchString() Cross-Site Scripting Working Resources BadBlue 1.7.3 - 'cleanSearchString()' Cross-Site Scripting NTR - ActiveX Control StopModule() Remote Code Execution (Metasploit) NTR - ActiveX Control 'StopModule()' Remote Code Execution (Metasploit) NTR - ActiveX Control Check() Method Buffer Overflow (Metasploit) HP Application Lifecycle Management - XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution (Metasploit) NTR - ActiveX Control 'Check()' Method Buffer Overflow (Metasploit) HP Application Lifecycle Management - 'XGO.ocx' ActiveX 'SetShapeNodeType()' Remote Code Execution (Metasploit) ghttpd 1.4.x - Log() Function Buffer Overflow ghttpd 1.4.x - 'Log()' Function Buffer Overflow zkfingerd 0.9.1 - say() Format String zkfingerd 0.9.1 - 'say()' Format String Linux Kernel 2.0.x / 2.2.x / 2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 gethostbyname() - Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Buffer Overflow Zlib 1.1.4 - Compression Library gzprintf() Buffer Overrun (2) Zlib 1.1.4 - Compression Library 'gzprintf()' Buffer Overrun (2) BitchX 1.0 - Remote Send_CTCP() Memory Corruption BitchX 1.0 - Remote 'Send_CTCP()' Memory Corruption PoPToP PPTP 1.0/1.1.x - Negative read() Argument Remote Buffer Overflow PoPToP PPTP 1.0/1.1.x - Negative 'read()' Argument Remote Buffer Overflow Invision Power Board (IP.Board) 3.3.4 - Unserialize() PHP Code Execution (Metasploit) Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution (Metasploit) NetIQ Privileged User Manager 2.3.1 - ldapagnt_eval() Remote Perl Code Execution (Metasploit) NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Remote Perl Code Execution (Metasploit) Valve Software Half-Life Server 1.1.1.0 / 3.1.1.1c1 / 4.1.1.1a - Multiplayer Request Buffer Overflow Valve Software Half-Life Server 1.1.1.0/3.1.1.1c1/4.1.1.1a - Multiplayer Request Buffer Overflow WU-FTPD 2.6.2 / 2.6.0 / 2.6.1 - 'realpath()' Off-by-One Buffer Overflow FreeBSD 4.8 - realpath() Off-by-One Buffer Overflow WU-FTPD 2.6.0/2.6.1/2.6.2 - 'realpath()' Off-by-One Buffer Overflow FreeBSD 4.8 - 'realpath()' Off-by-One Buffer Overflow InduSoft Web Studio - ISSymbol.ocx InternationalSeparator() Heap Overflow (Metasploit) InduSoft Web Studio - 'ISSymbol.ocx' 'InternationalSeparator()' Heap Overflow (Metasploit) GNU Anubis 3.6.x/3.9.x - auth.c auth_ident() Function Overflow GNU Anubis 3.6.x/3.9.x - 'auth.c' 'auth_ident()' Function Overflow Rlpr 2.0 - msg() Function Multiple Vulnerabilities Rlpr 2.0 - 'msg()' Function Multiple Vulnerabilities PHP 4.x/5.0 - Strip_Tags() Function Bypass PHP 4.x/5.0 - 'Strip_Tags()' Function Bypass Movable Type 4.2x / 4.3x - Web Upgrade Remote Code Execution (Metasploit) Movable Type 4.2x/4.3x - Web Upgrade Remote Code Execution (Metasploit) NullSoft Winamp 2-5 - '.wsz' Remote Code Execution NullSoft Winamp 2.4 < 5.0.4 - '.wsz' Remote Code Execution Portable UPnP SDK - unique_service_name() Remote Code Execution (Metasploit) Portable UPnP SDK - 'unique_service_name()' Remote Code Execution (Metasploit) Novell ZENworks Configuration Management 10 SP3 / 11 SP2 - Remote Execution (Metasploit) Novell ZENworks Configuration Management 10 SP3/11 SP2 - Remote Execution (Metasploit) PHP 4/5 - addslashes() Null Byte Bypass PHP 4/5 - 'addslashes()' Null Byte Bypass Smail 3 - Multiple Remote and Local Vulnerabilities Smail 3 - Multiple Remote/Local Vulnerabilities SIEMENS Solid Edge ST4/ST5 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx Remote Code Execution SIEMENS Solid Edge ST4/ST5 WebPartHelper - ActiveX RFMSsvs!JShellExecuteEx Remote Code Execution Novell Zenworks Mobile Device Managment 2.6.1 / 2.7.0 - Local File Inclusion (Metasploit) Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) Java Applet - Driver Manager Privileged toString() Remote Code Execution (Metasploit) Java Applet - Driver Manager Privileged 'toString()' Remote Code Execution (Metasploit) Oracle Java - storeImageArray() Invalid Array Indexing Oracle Java - 'storeImageArray()' Invalid Array Indexing PHP 4.x - tempnam() Function open_basedir Restriction Bypass PHP 4.x - 'tempnam()' Function open_basedir Restriction Bypass Oracle Java - IntegerInterleavedRaster.verify() Signed Integer Overflow Oracle Java - 'IntegerInterleavedRaster.verify()' Signed Integer Overflow Java - storeImageArray() Invalid Array Indexing (Metasploit) Java - 'storeImageArray()' Invalid Array Indexing (Metasploit) Oracle Java - BytePackedRaster.verify() Signed Integer Overflow Oracle Java - 'BytePackedRaster.verify()' Signed Integer Overflow Oracle Java - ShortComponentRaster.verify() Memory Corruption Oracle Java - 'ShortComponentRaster.verify()' Memory Corruption Apache 1.3.35 / 2.0.58 / 2.2.2 - Arbitrary HTTP Request Headers Security Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security Python 2.5 - PyLocale_strxfrm Function Remote Information Leak Python 2.5 - 'PyLocale_strxfrm' Function Remote Information Leak PHP 4.4.4 - Zip_Entry_Read() Integer Overflow PHP 5.1.6 - Chunk_Split() Function Integer Overflow PHP 4.4.4 - 'Zip_Entry_Read()' Integer Overflow PHP 5.1.6 - 'Chunk_Split()' Function Integer Overflow PHP 5.1.6 - Imap_Mail_Compose() Function Buffer Overflow PHP 5.1.6 - Msg_Receive() Memory Allocation Integer Overflow PHP 5.1.6 - 'Imap_Mail_Compose()' Function Buffer Overflow PHP 5.1.6 - 'Msg_Receive()' Memory Allocation Integer Overflow Zimbra Collaboration Server 7.2.2 / 8.0.2 - Local File Inclusion (Metasploit) Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit) Ghostscript 8.0.1/8.15 - zseticcspace() Function Buffer Overflow Ghostscript 8.0.1/8.15 - 'zseticcspace()' Function Buffer Overflow VideoCharge Studio 2.12.3.685 - GetHttpResponse() MITM Remote Code Execution VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution Python socket.recvfrom_into() - Remote Buffer Overflow Python - 'socket.recvfrom_into()' Remote Buffer Overflow Vim 'mch_expand_wildcards()' - Heap Based Buffer Overflow Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow Boat Browser 8.0 / 8.0.1 - Remote Code Execution Boat Browser 8.0/8.0.1 - Remote Code Execution Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit) Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit) Pro Softnet IDrive Online Backup 3.4.0 - ActiveX SaveToFile() Arbitrary File Overwrite Pro Softnet IDrive Online Backup 3.4.0 - ActiveX 'SaveToFile()' Arbitrary File Overwrite RealVNC 4.1.0 / 4.1.1 - Authentication Bypass RealVNC 4.1.0/4.1.1 - Authentication Bypass PHP 5.5.33 / 7.0.4 - SNMP Format String PHP 5.5.33/7.0.4 - SNMP Format String Cisco ASA Software 8.x / 9.x - IKEv1 and IKEv2 Buffer Overflow Cisco ASA Software 8.x/9.x - IKEv1 / IKEv2 Buffer Overflow OpenSSHd 7.2p2 - Username Enumeration OpenSSH 7.2p2 - Username Enumeration Drupal Module Coder < 7.x-1.3 / 7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039) Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039) FreePBX 13 / 14 - Remote Command Execution / Privilege Escalation FreePBX 13/14 - Remote Command Execution / Privilege Escalation Subversion 1.6.6 / 1.6.12 - Code Execution Subversion 1.6.6/1.6.12 - Code Execution Ansible 2.1.4 / 2.2.1 - Command Execution Ansible 2.1.4/2.2.1 - Command Execution Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit) Piwik 2.14.0/2.16.0/2.17.1/3.0.1 - Superuser Plugin Upload (Metasploit) GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit) Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit) GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit) Ruby on Rails 4.0.x/4.1.x/4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit) Easy File Sharing Web Server 7.2 - GET HTTP Request (PassWD) Buffer Overflow (SEH) Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit) Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit) UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit vBulletin - LAST.php SQL Injection UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit vBulletin - 'LAST.php' SQL Injection phpBB 1.0.0 / 2.0.10 - admin_cash.php Remote Exploit PHP 4.3.9 + phpBB 2.x - Unserialize() Remote Exploit (Compiled) phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Exploit PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit (Compiled) e107 - include() Remote Exploit e107 - 'include()' Remote Exploit CuteNews 1.4.0 - Shell Inject Remote Command Execution CuteNews 1.4.0 - Shell Injection / Remote Command Execution CuteNews 1.4.1 - Shell Inject Remote Command Execution CuteNews 1.4.1 - Shell Injection / Remote Command Execution WebWiz Products 1.0 / 3.06 - Login Bypass (SQL Injection) WebWiz Products 1.0/3.06 - Login Bypass (SQL Injection) NOCC Webmail 1.0 - (Local Inclusion) Remote Code Execution NOCC Webmail 1.0 - Local File Inclusion / Remote Code Execution 4Images 1.7.1 - (Local Inclusion) Remote Code Execution 4Images 1.7.1 - Local File Inclusion / Remote Code Execution Fast Click 1.1.3 / 2.3.8 - 'show.php' Remote File Inclusion Fast Click 1.1.3/2.3.8 - 'show.php' Remote File Inclusion UBB Threads 6.4.x < 6.5.2 - (thispath) Remote File Inclusion UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File Inclusion UBB Threads 5.x / 6.x - Multiple Remote File Inclusion UBBCentral UBB.Threads 5.x/6.x - Multiple Remote File Inclusion XMB 1.9.6 Final - basename() Remote Command Execution PHPay 2.02 - 'nu_mail.inc.php' Remote mail() Injection XMB 1.9.6 Final - 'basename()' Remote Command Execution PHPay 2.02 - 'nu_mail.inc.php' 'mail()' Remote Injection Phaos 0.9.2 - basename() Remote Command Execution Phaos 0.9.2 - 'basename()' Remote Command Execution Newsscript 0.5 - Remote File Inclusion / Local File Inclusion Newsscript 0.5 - Local/Remote File Inclusion exV2 < 2.0.4.3 - extract() Remote Command Execution exV2 < 2.0.4.3 - 'extract()' Remote Command Execution KGB 1.87 - (Local Inclusion) Remote Code Execution KGB 1.87 - Local File Inclusion / Remote Code Execution UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution UBBCentral UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution Invision Gallery 2.0.7 - readfile() & SQL Injection Invision Gallery 2.0.7 - 'readfile()' / SQL Injection Flatnuke 2.5.8 - file() Privilege Escalation / Code Execution Flatnuke 2.5.8 - 'file()' Privilege Escalation / Code Execution Invision Gallery 2.0.7 (Linux) - readfile() / SQL Injection Invision Gallery 2.0.7 (Linux) - 'readfile()' / SQL Injection Imageview 5 - 'Cookie/index.php' Remote / Local File Inclusion Imageview 5 - 'Cookie/index.php' Local/Remote File Inclusion Woltlab Burning Board Lite 1.0.2 - decode_cookie() SQL Injection Woltlab Burning Board Lite 1.0.2 - 'decode_cookie()' SQL Injection PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Injection Cacti 0.8.6i - cmd.php popen() Remote Injection Cacti 0.8.6i - 'cmd.php' 'popen()' Remote Injection P-News 1.16 / 1.17 - 'user.dat' Remote Password Disclosure P-News 1.16/1.17 - 'user.dat' Remote Password Disclosure Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (1) Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (2) Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (1) Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (2) Woltlab Burning Board 1.0.2 / 2.3.6 - search.php SQL Injection (3) Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (3) Jupiter CMS 1.1.5 - 'index.php' Remote / Local File Inclusion Jupiter CMS 1.1.5 - 'index.php' Local/Remote File Inclusion PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 exec() eExploit PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()' Exploit MySpeach 3.0.7 - Remote / Local File Inclusion MySpeach 3.0.7 - Local/Remote File Inclusion YAAP 1.5 - __autoload() Remote File Inclusion YAAP 1.5 - '__autoload()' Remote File Inclusion Quick.Cart 2.2 - Remote File Inclusion / Local File Inclusion Remote Code Execution Quick.Cart 2.2 - Local/Remote File Inclusion / Remote Code Execution Sendcard 3.4.1 - (Local File Inclusion) Remote Code Execution Sendcard 3.4.1 - Local File Inclusion / Remote Code Execution Entertainment CMS - (Local Inclusion) Remote Command Execution Entertainment CMS - Local File Inclusion / Remote Command Execution iziContents rc6 - Remote File Inclusion / Local File Inclusion iziContents rc6 - Local/Remote File Inclusion PHP Project Management 0.8.10 - Multiple Remote File Inclusion / Local File Inclusion Vulnerabilities PHP Project Management 0.8.10 - Multiple Local/Remote File Inclusions Rayzz Script 2.0 - Remote File Inclusion / Local File Inclusion Rayzz Script 2.0 - Local/Remote File Inclusion SerWeb 2.0.0 dev1 2007-02-20 - Multiple Remote File Inclusion / Local File Inclusion Vulnerabilities SerWeb 2.0.0 dev1 2007-02-20 - Multiple Local/Remote File Inclusion Vulnerabilities SquirrelMail G/PGP Encryption Plugin - deletekey() Command Injection SquirrelMail G/PGP Encryption Plugin - 'deletekey()' Command Injection Agares phpAutoVideo 2.21 - Remote / Local File Inclusion Agares phpAutoVideo 2.21 - Local/Remote File Inclusion TeamCalPro 3.1.000 - Multiple Remote / Local File Inclusion TeamCalPro 3.1.000 - Multiple Local/Remote File Inclusions NetRisk 1.9.7 - Remote / Local File Inclusion NetRisk 1.9.7 - Local/Remote File Inclusion AJchat 0.10 - unset() bug SQL Injection AJchat 0.10 - 'unset()' bug SQL Injection jspwiki 2.4.104 / 2.5.139 - Multiple Vulnerabilities jspwiki 2.4.104/2.5.139 - Multiple Vulnerabilities LookStrike Lan Manager 0.9 - Remote / Local File Inclusion LookStrike Lan Manager 0.9 - Local/Remote File Inclusion ExBB 0.22 - Local / Remote File Inclusion ExBB 0.22 - Local/Remote File Inclusion HomePH Design 2.10 RC2 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting HomePH Design 2.10 RC2 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting ourvideo CMS 9.5 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting ourvideo CMS 9.5 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting Pivot 1.40.5 - Dreamwind load_template() Credentials Disclosure Pivot 1.40.5 - Dreamwind 'load_template()' Credentials Disclosure 1024 CMS 1.4.4 - Multiple Remote / Local File Inclusion 1024 CMS 1.4.4 - Multiple Local/Remote File Inclusion Yourownbux 3.1 / 3.2 Beta - SQL Injection Yourownbux 3.1/3.2 Beta - SQL Injection Ol BookMarks Manager 0.7.5 - Remote File Inclusion / Local File Inclusion / SQL Injection Ol BookMarks Manager 0.7.5 - Local File Inclusion / Remote File Inclusion / SQL Injection wotw 5.0 - Local / Remote File Inclusion wotw 5.0 - Local/Remote File Inclusion PHPmyGallery 1.0beta2 - Remote File Inclusion / Local File Inclusion PHPmyGallery 1.0beta2 - Local/Remote File Inclusion PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local/Remote File Inclusion ASPSiteWare Automotive Dealer 1.0 / 2.0 - SQL Injection ASPSiteWare RealtyListing 1.0 / 2.0 - SQL Injection ASPSiteWare Automotive Dealer 1.0/2.0 - SQL Injection ASPSiteWare RealtyListing 1.0/2.0 - SQL Injection phpskelsite 1.4 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting phpskelsite 1.4 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting PlaySms 0.9.3 - Multiple Remote / Local File Inclusion PlaySms 0.9.3 - Multiple Local/Remote File Inclusions Simple Machines Forum (SMF) 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass Simple Machines Forum (SMF) 1.0.13/1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass phpList 2.10.x - (Remote Code Execution by environ Inclusion) Local File Inclusion phpList 2.10.x - Remote Code Execution / Local File Inclusion GNUBoard 4.31.04 (09.01.30) - Multiple Local+Remote Vulnerabilities GNUBoard 4.31.04 (09.01.30) - Local/Remote Multiple Vulnerabilities OpenHelpDesk 1.0.100 - eval() Code Execution (Metasploit) OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit) Wili-CMS 0.4.0 - Remote File Inclusion / Local File Inclusion / Authentication Bypass Wili-CMS 0.4.0 - Local File Inclusion / Remote File Inclusion / Authentication Bypass PHP Director 0.21 - (SQL into outfile) eval() Injection PHP Director 0.21 - (SQL Into Outfile) 'eval()' Injection UBB.Threads 5.5.1 - (message) SQL Injection UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injection Geeklog 1.5.2 - SEC_authenticate() SQL Injection Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection WebPortal CMS 0.8b - Multiple Remote / Local File Inclusion WebPortal CMS 0.8b - Multiple Local/Remote File Inclusions PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Inject Bitweaver 2.6 - saveFeed() Remote Code Execution PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Injection Bitweaver 2.6 - 'saveFeed()' Remote Code Execution School Data Navigator - (page) Local / Remote File Inclusion School Data Navigator - 'page' Local/Remote File Inclusion phpCollegeExchange 0.1.5c - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting phpCollegeExchange 0.1.5c - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting ClearContent - 'image.php url' Remote File Inclusion / Local File Inclusion ClearContent - 'image.php url' Local/Remote File Inclusion e107 Plugin my_gallery 2.4.1 - readfile() Local File Disclosure e107 Plugin my_gallery 2.4.1 - 'readfile()' Local File Disclosure skadate dating - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting skadate dating - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting Ultrize TimeSheet 1.2.2 - readfile() Local File Disclosure Ultrize TimeSheet 1.2.2 - 'readfile()' Local File Disclosure aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass/File Disclosure) Multiple Remote Vulnerabilities aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass / File Disclosure) Multiple Remote Vulnerabilities Facil Helpdesk - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiples Remote Vulnerabilities IsolSoft Support Center 2.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiples Vulnerabilities Facil Helpdesk - (Local File Inclusion / Remote File Inclusion / Cross-Site Scripting) Multiples Remote Vulnerabilities IsolSoft Support Center 2.5 - (Local File Inclusion / Remote File Inclusion / Cross-Site Scripting) Multiples Vulnerabilities ZeroBoard 4.1 pl7 - now_connect() Remote Code Execution ZeroBoard 4.1 pl7 - 'now_connect()' Remote Code Execution DedeCMS 5.1 - SQL Injection DeDeCMS 5.1 - SQL Injection TwonkyMedia Server 4.4.17 / 5.0.65 - Cross-Site Scripting TwonkyMedia Server 4.4.17/5.0.65 - Cross-Site Scripting Xerver 4.31 / 4.32 - HTTP Response Splitting Xerver 4.31/4.32 - HTTP Response Splitting sugar crm 5.5.0.rc2 / 5.2.0j - Multiple Vulnerabilities Sugar CRM 5.5.0.rc2/5.2.0j - Multiple Vulnerabilities Quate CMS 0.3.5 - Remote File Inclusion / Local File Inclusion Quate CMS 0.3.5 - Local/Remote File Inclusion Invision Power Board 3.0.4 / 3.0.4 / 2.3.6 - Local File Inclusion / SQL Injection UBB.Threads 7.5.4 2 - Multiple File Inclusion Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection UBBCentral UBB.Threads 7.5.4 2 - Multiple File Inclusion NAS Uploader 1.0 / 1.5 - Arbitrary File Upload NAS Uploader 1.0/1.5 - Arbitrary File Upload Pandora FMS Monitoring Application 2.1.x / 3.x - SQL Injection Pandora FMS Monitoring Application 2.1.x /3.x - SQL Injection UBB Threads 6.0 - Remote File Inclusion UBBCentral UBB.Threads 6.0 - Remote File Inclusion fileNice PHP file browser - Remote File Inclusion / Local File Inclusion fileNice PHP file browser - Local/Remote File Inclusion Pay Per Minute Video Chat Script 2.0 / 2.1 - Multiple Vulnerabilities Pay Per Minute Video Chat Script 2.0/2.1 - Multiple Vulnerabilities ProfitCode Shopping Cart - Multiple Local File Inclusion / Remote File Inclusion Vulnerabilities ProfitCode Shopping Cart - Multiple Local/Remote File Inclusion Vulnerabilities Izumi 1.1.0 - (Remote File Inclusion / Local File Inclusion) Multiple Include Izumi 1.1.0 - (Local File Inclusion / Remote File Inclusion) Multiple Include TSOKA:CMS 1.1 / 1.9 / 2.0 - SQL Injection / Cross-Site Scripting TSOKA:CMS 1.1/1.9/2.0 - SQL Injection / Cross-Site Scripting Facil-CMS 0.1RC2 - Local / Remote File Inclusion Facil-CMS 0.1RC2 - Local/Remote File Inclusion jevoncms - Local File Inclusion / Remote File Inclusion jevoncms - Local/Remote File Inclusion Vieassociative Openmairie 1.01 Beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Vieassociative Openmairie 1.01 Beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openurgence vaccin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Police Municipale Open Main Courante 1.01beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openurgence vaccin 1.03 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Police Municipale Open Main Courante 1.01beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openscrutin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openscrutin 1.03 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openreglement 1.04 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openreglement 1.04 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openregistrecil 1.02 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openregistrecil 1.02 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openplanning 1.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openfoncier 2.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Madirish Webmail 2.01 - 'baseDir' Remote File Inclusion / Local File Inclusion Openplanning 1.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Openfoncier 2.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Madirish Webmail 2.01 - 'baseDir' Local/Remote File Inclusion Opencourrier 2.03beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Opencourrier 2.03beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions AutoDealer 1.0 / 2.0 - MSSQL Injection AutoDealer 1.0/2.0 - MSSQL Injection Openannuaire Openmairie Annuaire 2.00 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion Openannuaire Openmairie Annuaire 2.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions Waibrasil - Remote File Inclusion / Local File Inclusion Waibrasil - Local/Remote File Inclusion Spaw Editor 1.0 / 2.0 - Arbitrary File Upload Spaw Editor 1.0/2.0 - Arbitrary File Upload PHP SETI@home Web monitor - (PHPsetimon) Remote File Inclusion / Local File Inclusion PHP SETI@home Web monitor - 'PHPsetimon' Local/Remote File Inclusion vBulletin(R) 3.8.6 - faq.php Information Disclosure vBulletin 3.8.6 - 'faq.php' Information Disclosure Open Realty 2.x / 3.x - Persistent Cross-Site Scripting Open Realty 2.x/3.x - Persistent Cross-Site Scripting vBulletin 3.8.4 / 3.8.5 - Registration Bypass vBulletin 3.8.4/3.8.5 - Registration Bypass vbShout 5.2.2 - Remote / Local File Inclusion vbShout 5.2.2 - Local/Remote File Inclusion Zoopeer 0.1 / 0.2 - 'FCKeditor' Arbitrary File Upload Zoopeer 0.1/0.2 - 'FCKeditor' Arbitrary File Upload xt:Commerce Shopsoftware 3 / 4 - 'FCKeditor' Arbitrary File Upload xt:Commerce Shopsoftware 3/4 - 'FCKeditor' Arbitrary File Upload CakePHP 1.3.5 / 1.2.8 - Unserialize() CakePHP 1.3.5/1.2.8 - 'Unserialize()' Exploit vBSEO 3.5.2 / 3.2.2 - Persistent Cross-Site Scripting via LinkBacks vBSEO Sitemap 2.5 / 3.0 - Multiple Vulnerabilities vBSEO 3.2.2/3.5.2 - Persistent Cross-Site Scripting via LinkBacks vBSEO Sitemap 2.5/3.0 - Multiple Vulnerabilities Geomi CMS 1.2 / 3.0 - SQL Injection Geomi CMS 1.2/3.0 - SQL Injection cChatBox for vBulletin 3.6.8 / 3.7.x - SQL Injection cChatBox for vBulletin 3.6.8/3.7.x - SQL Injection Redmine SCM Repository 0.9.x / 1.0.x - Arbitrary Command Execution (Metasploit) Redmine SCM Repository 0.9.x/1.0.x - Arbitrary Command Execution (Metasploit) vBulletin - misc.php Template Name Arbitrary Code Execution (Metasploit) vBulletin - 'misc.php' Template Name Arbitrary Code Execution (Metasploit) CakePHP 1.3.5 / 1.2.8 - Cache Corruption Exploit (Metasploit) CakePHP 1.3.5/1.2.8 - Cache Corruption Exploit (Metasploit) SmarterMail 7.3 / 7.4 - Multiple Vulnerabilities SmarterMail 7.3/7.4 - Multiple Vulnerabilities WordPress Plugin BackWPup - Remote Code Execution /Local Code Execution WordPress Plugin BackWPup - Remote Code Execution / Local Code Execution WebSVN 2.3.2 - Unproper Metacharacters Escaping exec() Remote Command Injection WebSVN 2.3.2 - Unproper Metacharacters Escaping 'exec()' Remote Command Injection LuxCal Web Calendar 2.4.2 / 2.5.0 - SQL Injection LuxCal Web Calendar 2.4.2/2.5.0 - SQL Injection Joomla! Component 'com_virtuemart' 1.5 / 1.1.7 - Blind Time-Based SQL Injection (Metasploit) Joomla! Component 'com_virtuemart' 1.1.7/1.5 - Blind Time-Based SQL Injection (Metasploit) WSN Classifieds 6.2.12 / 6.2.18 - Multiple Vulnerabilities Family Connections CMS 2.5.0 / 2.7.1 - 'less.php' Remote Command Execution WSN Classifieds 6.2.12/6.2.18 - Multiple Vulnerabilities Family Connections CMS 2.5.0/2.7.1 - 'less.php' Remote Command Execution Typo3 4.5 < 4.7 - Remote Code Execution (Remote File Inclusion / Local File Inclusion) Typo3 4.5 < 4.7 - Remote Code Execution / Local File Inclusion / Remote File Inclusion phpMyAdmin 3.3.x / 3.4.x - Local File Inclusion via XXE Injection (Metasploit) phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XXE Injection (Metasploit) Log1 CMS - writeInfo() PHP Code Injection (Metasploit) Log1 CMS - 'writeInfo()' PHP Code Injection (Metasploit) MiniCMS 1.0 / 2.0 - PHP Code Inject MiniCMS 1.0/2.0 - PHP Code Injection 4Images 1.7.6-9 - Cross-Site Request Forgery / Inject PHP Code 4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection FreePBX 2.10.0 / 2.9.0 - Multiple Vulnerabilities FreePBX 2.9.0/2.10.0 - Multiple Vulnerabilities FreePBX 2.10.0 / 2.9.0 - callmenum Remote Code Execution (Metasploit) FreePBX 2.9.0/2.10.0 - 'callmenum' Remote Code Execution (Metasploit) Woltlab Burning Board 2.2 / 2.3 - [WN]KT KickTipp 3.1 - SQL Injection Woltlab Burning Board 2.2/2.3 [WN]KT KickTipp 3.1 - SQL Injection SugarCRM CE 6.3.1 - Unserialize() PHP Code Execution (Metasploit) webERP 4.08.1 - Local / Remote File Inclusion SugarCRM CE 6.3.1 - 'Unserialize()' PHP Code Execution (Metasploit) webERP 4.08.1 - Local/Remote File Inclusion Tiki Wiki CMS Groupware 8.3 - Unserialize() PHP Code Execution (Metasploit) Tiki Wiki CMS Groupware 8.3 - 'Unserialize()' PHP Code Execution (Metasploit) House Style 0.1.2 - readfile() Local File Disclosure House Style 0.1.2 - 'readfile()' Local File Disclosure OTRS Open Technology Real Services 3.1.8 / 3.1.9 - Cross-Site Scripting OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting ServersCheck Monitoring Software 9.0.12 / 9.0.14 - Persistent Cross-Site Scripting ServersCheck Monitoring Software 9.0.12/9.0.14 - Persistent Cross-Site Scripting airVisionNVR 1.1.13 - readfile() Disclosure / SQL Injection airVisionNVR 1.1.13 - 'readfile()' Disclosure / SQL Injection Kerio Control Unified Threat Management 9.1.0 build 1087 / 9.1.1 build 1324 - Multiple Vulnerabilities Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities IP.Gallery 4.2.x / 5.0.x - Persistent Cross-Site Scripting IP.Gallery 4.2.x/5.0.x - Persistent Cross-Site Scripting Alt-N MDaemon 13.0.3 / 12.5.6 - Email Body HTML/JS Injection Alt-N MDaemon 12.5.6/13.0.3 - Email Body HTML/JS Injection parachat 5.5 - Directory Traversal Parachat 5.5 - Directory Traversal DCP-Portal 3.7/4.x/5.x - calendar.php Multiple Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'calendar.php' Multiple Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - announcement.php cid Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - news.php cid Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - contents.php cid Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'announcement.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'news.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - 'contents.php' 'cid' Parameter Cross-Site Scripting DCP-Portal 3.7/4.x/5.x - calendar.php HTTP Response Splitting DCP-Portal 3.7/4.x/5.x - 'calendar.php' HTTP Response Splitting UBBCentral UBB.Threads 6.2.3/6.5 - showflat.php Cat Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - calendar.php Cat Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' Cat Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - online.php Cat Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' 'Cat' Parameter Cross-Site Scripting UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php' 'Cat' Parameter Cross-Site Scripting phpVms Virtual Airline Administration 2.1.934 / 2.1.935 - SQL Injection phpVms Virtual Airline Administration 2.1.934/2.1.935 - SQL Injection phpMyAdmin 3.5.8 / 4.0.0-RC2 - Multiple Vulnerabilities phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities UBBCentral UBB.Threads 6.0 - editpost.php SQL Injection UBBCentral UBB.Threads 6.0 - 'editpost.php' SQL Injection Wifi Photo Transfer 2.1 / 1.1 PRO - Multiple Vulnerabilities Wifi Photo Transfer 2.1/1.1 PRO - Multiple Vulnerabilities File Lite 3.3 / 3.5 PRO iOS - Multiple Vulnerabilities File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities IPB (Invision Power Board) 1.x? / 2.x / 3.x - Admin Account Takeover IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover UBBCentral 6.0 - UBB.threads Printthread.php SQL Injection UBBCentral UBB.Threads 6.0 - 'Printthread.php' SQL Injection Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x / 7.x) - Persistent Cross-Site Scripting Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x/7.x) - Persistent Cross-Site Scripting SPIP - CMS < 3.0.9 / 2.1.22 / 2.0.23 - Privilege Escalation SPIP - CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation YaPiG 0.9x - Remote File Inclusion / Local File Inclusion YaPiG 0.9x - Local/Remote File Inclusion UBBCentral UBB.Threads 5.5.1/6.x - download.php Number Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - calendar.php Multiple Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - modifypost.php Number Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - viewmessage.php message Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - addfav.php main Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - notifymod.php Number Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - grabnext.php posted Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php' 'message' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php' 'main' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php' 'Number' Parameter SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php' 'posted' Parameter SQL Injection Cuppa CMS - 'alertConfigField.php' Remote / Local File Inclusion Cuppa CMS - 'alertConfigField.php' Local/Remote File Inclusion Xibo 1.2.2 / 1.4.1 - 'index.php' p Parameter Directory Traversal Xibo 1.2.2/1.4.1 - 'index.php' p Parameter Directory Traversal UBB.Threads 6.3 - showflat.php SQL Injection UBBCentral UBB.Threads 6.3 - 'showflat.php' SQL Injection Virtual Hosting Control System 2.2/2.4 - 'login.php' check_login() Function Authentication Bypass Virtual Hosting Control System 2.2/2.4 - 'login.php' 'check_login()' Function Authentication Bypass ATutor 1.5.x - admin/fix_content.php submit Parameter Cross-Site Scripting ATutor 1.5.x - 'admin/fix_content.php' 'submit' Parameter Cross-Site Scripting Mirapoint Web Mail - Expression() HTML Injection Mirapoint Web Mail - 'Expression()' HTML Injection Onpub CMS 1.4 / 1.5 - Multiple SQL Injections Onpub CMS 1.4/1.5 - Multiple SQL Injections ImpressPages CMS 3.6 - manage() Function Remote Code Execution ImpressPages CMS 3.6 - 'manage()' Function Remote Code Execution Coppermine Photo Gallery 1.4.10 - Multiple Remote File Inclusion / Local File Inclusion Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusion Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass (Metasploit) Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass (Metasploit) UBB.Threads 6.1.1 - UBBThreads.php SQL Injection UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL Injection WHMCompleteSolution (WHMCS) 4.x / 5.x - Multiple Web Vulnerabilities WHMCompleteSolution (WHMCS) 4.x/5.x - Multiple Web Vulnerabilities Jenkins 1.523 - Inject Persistent HTML Code Jenkins 1.523 - Persistent HTML Code CTERA 3.2.29.0 / 3.2.42.0 - Persistent Cross-Site Scripting CTERA 3.2.29.0/3.2.42.0 - Persistent Cross-Site Scripting UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection Drupal < 6.16 / 5.22 - Multiple Vulnerabilities Drupal < 5.22/6.16 - Multiple Vulnerabilities AdvertisementManager 3.1 - 'req' Parameter Local File Inclusion / Remote File Inclusion AdvertisementManager 3.1 - 'req' Parameter Local/Remote File Inclusion Ultra Electronics 7.2.0.19 / 7.4.0.7 - Multiple Vulnerabilities Ultra Electronics 7.2.0.19/7.4.0.7 - Multiple Vulnerabilities net2ftp 0.98 (stable) - 'admin1.template.php' Local File Inclusion / Remote File Inclusion net2ftp 0.98 (stable) - 'admin1.template.php' Local/Remote File Inclusion MyBB 1.8.2 - unset_globals() Function Bypass / Remote Code Execution MyBB 1.8.2 - 'unset_globals()' Function Bypass / Remote Code Execution WordPress Plugin Spellchecker 3.1 - 'general.php' Local File Inclusion / Remote File Inclusion WordPress Plugin Spellchecker 3.1 - 'general.php' Local/Remote File Inclusion Pimcore 3.0 / 2.3.0 CMS - SQL Injection phpList 3.0.6 / 3.0.10 - SQL Injection Pimcore 2.3.0/3.0 CMS - SQL Injection phpList 3.0.6/3.0.10 - SQL Injection Guppy CMS 5.0.9 / 5.00.10 - Authentication Bypass/Change Email Guppy CMS 5.0.9/5.00.10 - Authentication Bypass/Change Email UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting UBBCentral UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting OSClass 2.3.3 - 'index.php' getParam() Function Multiple Parameter Cross-Site Scripting OSClass 2.3.3 - 'index.php' 'getParam()' Function Multiple Parameter Cross-Site Scripting OpenEMR 4.1 - 'Interface/fax/fax_dispatch.php' File Parameter exec() Call Arbitrary Shell Command Execution OpenEMR 4.1 - 'Interface/fax/fax_dispatch.php' File Parameter 'exec()' Call Arbitrary Shell Command Execution Fork CMS 3.x - backend/modules/error/actions/index.php parse() Function Multiple Parameter Error Display Cross-Site Scripting Fork CMS 3.x - 'backend/modules/error/actions/index.php' 'parse()' Function Multiple Parameter Error Display Cross-Site Scripting DedeCMS < 5.7-sp1 - Remote File Inclusion DeDeCMS < 5.7-sp1 - Remote File Inclusion WK UDID 1.0.1 iOS - Command Inject WK UDID 1.0.1 iOS - Command Injection MindTouch DekiWiki - Multiple Remote File Inclusion / Local File Inclusion MindTouch DekiWiki - Multiple Local/Remote File Inclusions PHP 5.5.9 - cgimode fpm writeprocmemfile Bypass disable function PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function Western Digital My Cloud 04.01.03-421 / 04.01.04-422 - Command Injection Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection Belkin Router N150 1.00.08 / 1.00.09 - Directory Traversal Belkin Router N150 1.00.08/1.00.09 - Directory Traversal b374k Web Shell 3.2.3 / 2.8 - Cross-Site Request Forgery / Command Injection b374k Web Shell 3.2.3/2.8 - Cross-Site Request Forgery / Command Injection CakePHP 2.2.8 / 2.3.7 - AssetDispatcher Class Local File Inclusion CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion AlegroCart 1.2.8 - Local File Inclusion / Remote File Inclusion AlegroCart 1.2.8 - Local/Remote File Inclusion HumHub 0.11.2 / 0.20.0-beta.2 - SQL Injection HumHub 0.11.2/0.20.0-beta.2 - SQL Injection xBoard 5.0 / 5.5 / 6.0 - 'view.php' Local File Inclusion xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion qEngine 4.1.6 / 6.0.0 - 'task.php' Local File Inclusion qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion Atlassian Confluence 5.2 / 5.8.14 / 5.8.15 - Multiple Vulnerabilities Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities dotDefender Firewall 5.00.12865 / 5.13-13282 - Cross-Site Request Forgery dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery Chamilo LMS IDOR - (messageId) Delete POST Inject Chamilo LMS IDOR - 'messageId' Delete POST Injection WordPress Plugin Site Import 1.0.1 - Local File Inclusion / Remote File Inclusion WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion WordPress Plugin Brandfolder 3.0 - Remote File Inclusion / Local File Inclusion WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion PQI Air Pen Express 6W51-0000R2 / 6W51-0000R2XXX - Multiple Vulnerabilities PQI Air Pen Express 6W51-0000R2/6W51-0000R2XXX - Multiple Vulnerabilities Novell ServiceDesk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities Totemomail 4.x / 5.x - Persistent Cross-Site Scripting Totemomail 4.x/5.x - Persistent Cross-Site Scripting Tiki Wiki CMS Calendar 14.2 / 12.5 LTS / 9.11 LTS / 6.15 - Remote Code Execution Tiki Wiki CMS Calendar 6.15/9.11 LTS/12.5 LTS/14.2 - Remote Code Execution Relay Ajax Directory Manager relayb01-071706 / 1.5.1 / 1.5.3 - Unauthenticated Arbitrary File Upload Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Unauthenticated Arbitrary File Upload Untangle NGFW 12.1.0 Beta - execEvil() Command Injection Untangle NGFW 12.1.0 Beta - 'execEvil()' Command Injection GSX Analyzer 10.12 / 11 - 'main.swf' Hard-Coded Superadmin Credentials GSX Analyzer 10.12/11 - 'main.swf' Hard-Coded Superadmin Credentials Micro Focus Filr 2 2.0.0.421 / 1.2 1.2.0.846 - Multiple Vulnerabilities Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities Trend Micro Deep Discovery 3.7 / 3.8 SP1 (3.81) / 3.8 SP2 (3.82) - hotfix_upload.cgi Filename Remote Code Execution Trend Micro Deep Discovery 3.7/3.8 SP1 (3.81)/3.8 SP2 (3.82) - 'hotfix_upload.cgi' Filename Remote Code Execution WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities Zabbix 2.2.x / 3.0.x - SQL Injection Zabbix 2.2.x/3.0.x - SQL Injection Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection Lepton CMS 2.2.0/2.2.1 - Directory Traversal Lepton CMS 2.2.0/2.2.1 - PHP Code Injection RSS News AutoPilot Script 1.0.1 / 3.1.0 - Admin Panel Authentication Bypass RSS News AutoPilot Script 1.0.1/3.1.0 - Admin Panel Authentication Bypass Oracle BI Publisher 11.1.1.6.0 / 11.1.1.7.0 / 11.1.1.9.0 / 12.2.1.0.0 - XML External Entity Injection Oracle BI Publisher 11.1.1.6.0/11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 - XML External Entity Injection SPIP 3.1.1 / 3.1.2 - File Enumeration / Path Traversal SPIP 3.1.1/3.1.2 - File Enumeration / Path Traversal WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery WordPress Plugin Quiz And Survey Master 4.5.4/4.7.8 - Cross-Site Request Forgery Zoneminder 1.29 / 1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery RSS News AutoPilot Script 1.0.1 / 3.0.3 - Cross-Site Request Forgery RSS News AutoPilot Script 1.0.1/3.0.3 - Cross-Site Request Forgery Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'license.php' Remote Command Execution (Metasploit) OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'welcome' Remote Command Execution (Metasploit) OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit) OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit) Nuxeo 6.0 / 7.1 / 7.2 / 7.3 - Remote Code Execution (Metasploit) Nuxeo 6.0/7.1/7.2/7.3 - Remote Code Execution (Metasploit) Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution Horde Groupware Webmail 3/4/5 - Multiple Remote Code Execution Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting GLPI 0.90.4 - SQL Injection WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection		2017-06-28 05:01:23 +00:00
..
dos
local
remote	DB: 2017-05-18	2017-05-18 05:01:18 +00:00
webapps	DB: 2017-06-28	2017-06-28 05:01:23 +00:00