bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/cgi/webapps/43455.txt
Offensive Security 2d8b561a5d DB: 2018-01-09 
26 changes to exploits/shellcodes

Need for Speed 2 - Remote Client Buffer Overflow
Need for Speed 2 - Remote Client Buffer Overflow (PoC)

Red Faction 1.20 - Server Reply Remote Buffer Overflow
Red Faction 1.20 - Server Reply Remote Buffer Overflow (PoC)

Medal of Honor - Remote Buffer Overflow
Medal of Honor - Remote Buffer Overflow (PoC)

Monolith Games - Local Buffer Overflow
Monolith Games - Local Buffer Overflow (PoC)

BaSoMail - Multiple Buffer Overflow Denial of Service Vulnerabilities
BaSoMail - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities

Orbz Game 2.10 - Remote Buffer Overflow
Orbz Game 2.10 - Remote Buffer Overflow (PoC)

Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow
Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow (PoC)

KNet Web Server 1.04c - Buffer Overflow Denial of Service
KNet Web Server 1.04c - Buffer Overflow (Denial of Service) (PoC)

ProRat Server 1.9 (Fix-2) - Buffer Overflow Crash
ProRat Server 1.9 (Fix-2) - Buffer Overflow / Crash (PoC)

Mozilla Products - 'Host:' Buffer Overflow Denial of Service String
Mozilla Products - 'Host:' Buffer Overflow (Denial of Service) (PoC) String

Virtools Web Player 3.0.0.100 - Buffer Overflow Denial of Service
Virtools Web Player 3.0.0.100 - Buffer Overflow (Denial of Service) (PoC)

FlatFrag 0.3 - Buffer Overflow / Denial of Service
FlatFrag 0.3 - Buffer Overflow (Denial of Service) (PoC)

zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service
zawhttpd 0.8.23 - GET Remote Buffer Overflow (Denial of Service) (PoC)

TinyFTPD 1.4 - 'USER' Remote Buffer Overflow Denial of Service
TinyFTPD 1.4 - 'USER' Remote Buffer Overflow (Denial of Service) (PoC)

Genecys 0.2 - Buffer Overflow / NULL pointer Denial of Service
Genecys 0.2 - Buffer Overflow / NULL Pointer (Denial of Service)

PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow Denial of Service
PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC)

FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow Denial of Service
FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow (Denial of Service) (PoC)

Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow Denial of Service
Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC)

TFTP Server 1.3 - Remote Buffer Overflow Denial of Service
TFTP Server 1.3 - Remote Buffer Overflow (Denial of Service) (PoC)

LeadTools Raster - Dialog File_D Object Remote Buffer Overflow
LeadTools Raster - Dialog File_D Object Remote Buffer Overflow (PoC)

LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow
LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow (PoC)

Xserver 0.1 Alpha - POST Remote Buffer Overflow
Xserver 0.1 Alpha - 'POST' Remote Buffer Overflow (PoC)

Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow
Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow (PoC)

QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow
QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow (PoC)

Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow / Denial of Service
Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow (Denial of Service) (PoC)

Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow Denial of Service
Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC)

Google Picasa 3.5 - Local Buffer Overflow (Denial of Service)
Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) (PoC)
Printoxx - Local Buffer Overflow
Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC)
Printoxx - Local Buffer Overflow (PoC)
Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC)

Apollo Player 37.0.0.0 - '.aap' Buffer Overflow Denial of Service
Apollo Player 37.0.0.0 - '.aap' Buffer Overflow (Denial of Service) (PoC)

Switch Sound File Converter - '.mpga' Buffer Overflow Denial of Service
Switch Sound File Converter - '.mpga' Buffer Overflow (Denial of Service) (PoC)
Wireshark 1.2.5 - LWRES getaddrbyname Stack Buffer Overflow
Xerox Workcenter 4150 - Remote Buffer Overflow
Wireshark 1.2.5 - 'LWRES getaddrbyname' Stack Buffer Overflow (PoC)
Xerox Workcenter 4150 - Remote Buffer Overflow (PoC)

iPhone / iTouch FtpDisc 1.0 - Buffer Overflow / Denial of Service
iPhone / iTouch FtpDisc 1.0 - Buffer Overflow (Denial of Service) (PoC)

Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow
Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow (PoC)
Mocha LPD 1.9 - Remote Buffer Overflow Denial of Service (PoC)
FontForge - '.BDF' Font File Stack Buffer Overflow
Mocha LPD 1.9 - Remote Buffer Overflow (Denial of Service) (PoC)
FontForge - '.BDF' Font File Stack Buffer Overflow (PoC)

Multiple Vendor AgentX++ - Stack Buffer Overflow
Multiple Vendor AgentX++ - Stack Buffer Overflow (PoC)

Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow
Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow (PoC)

Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow
Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow (PoC)

FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow
FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow (PoC)

LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow
LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow (PoC)

Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow
Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow (PoC)

Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow
Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow (PoC)

Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow
Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow (PoC)

Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service)
Hanso Player 1.4.0.0 - 'Skinfile' Buffer Overflow (Denial of Service)
Real player 14.0.2.633 - Buffer Overflow / Denial of Service
GOM Media Player 2.1.6.3499 - Buffer Overflow / Denial of Service
Real player 14.0.2.633 - Buffer Overflow (Denial of Service) (PoC)
GOM Media Player 2.1.6.3499 - Buffer Overflow (Denial of Service) (PoC)

BulletProof FTP Client 2010 - Buffer Overflow
BulletProof FTP Client 2010 - Buffer Overflow (PoC)

KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC)

Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows
Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows (PoC)

CSF Firewall - Buffer Overflow
CSF Firewall - Buffer Overflow (PoC)

Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH)
Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) (PoC)

Edraw Diagram Component 5 - ActiveX Buffer Overflow Denial of Service
Edraw Diagram Component 5 - ActiveX Buffer Overflow (Denial of Service) (PoC)

Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow (PoC)

Asterisk - 'ast_parse_digest()' Stack Buffer Overflow
Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC)

GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow
GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow (PoC)

Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow
Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC)

Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow Denial of Service
Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow (Denial of Service) (PoC)

Lattice Diamond Programmer 1.4.2 - Buffer Overflow
Lattice Diamond Programmer 1.4.2 - Buffer Overflow (PoC)
Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow Denial of Service
Ipswitch IMail 5.0 - Imapd Buffer Overflow Denial of Service
Ipswitch IMail 5.0 - LDAP Buffer Overflow Denial of Service
Ipswitch IMail 5.0 - IMonitor Buffer Overflow Denial of Service
Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow Denial of Service
Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow (Denial of Service) (PoC)
Ipswitch IMail 5.0 - Imapd Buffer Overflow (Denial of Service) (PoC)
Ipswitch IMail 5.0 - LDAP Buffer Overflow (Denial of Service) (PoC)
Ipswitch IMail 5.0 - IMonitor Buffer Overflow (Denial of Service) (PoC)
Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow (Denial of Service) (PoC)

Netscape Enterprise Server 3.6 - SSL Buffer Overflow Denial of Service
Netscape Enterprise Server 3.6 - SSL Buffer Overflow (Denial of Service) (PoC)

Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow
Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow (PoC)

Gene6 G6 FTP Server 2.0 - Buffer Overflow Denial of Service
Gene6 G6 FTP Server 2.0 - Buffer Overflow (Denial of Service) (PoC)

RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow
RedHat Linux 6.x - X Font Server Buffer Overflow (Denial of Service)

Computalynx CProxy Server 3.3 SP2 - Buffer Overflow Denial of Service
Computalynx CProxy Server 3.3 SP2 - Buffer Overflow (Denial of Service) (PoC)

Cerberus FTP Server 1.x - Buffer Overflow Denial of Service
Cerberus FTP Server 1.x - Buffer Overflow (Denial of Service) (PoC)

Microsoft SQL Server 2000 - SQLXML Buffer Overflow
Microsoft SQL Server 2000 - 'SQLXML' Buffer Overflow (PoC)

Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow
Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC)

Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow
Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow (PoC)

Hotfoon Dialer 4.0 - Buffer Overflow
Hotfoon Dialer 4.0 - Buffer Overflow (PoC)

IISPop 1.161/1.181 - Remote Buffer Overflow Denial of Service
IISPop 1.161/1.181 - Remote Buffer Overflow (Denial of Service) (PoC)

Linksys Devices 1.42/1.43 - GET Buffer Overflow
Linksys Devices 1.42/1.43 - 'GET' Buffer Overflow (PoC)

iCal 3.7 - Remote Buffer Overflow
iCal 3.7 - Remote Buffer Overflow (PoC)

Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow
Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow (PoC)

Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow
Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow (PoC)

Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow
Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow (PoC)

Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow
Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow (PoC)

Zoner Photo Studio 15 b3 - Buffer Overflow
Zoner Photo Studio 15 b3 - Buffer Overflow (PoC)

Novell Netware Enterprise Web Server 5.1/6.0 - CGI2Perl.NLM Buffer Overflow
Novell Netware Enterprise Web Server 5.1/6.0 - 'CGI2Perl.NLM' Buffer Overflow (PoC)

IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow
IBM U2 UniVerse 10.0.0.9 - 'uvrestore' Buffer Overflow (PoC)

Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow
Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow (PoC)

NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow
NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC)

myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow
myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow (PoC)

EffectOffice Server 2.6 - Remote Service Buffer Overflow
EffectOffice Server 2.6 - Remote Service Buffer Overflow (PoC)

Surfboard HTTPd 1.1.9 - Remote Buffer Overflow
Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC)

1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow
1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow (PoC)

Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow
Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow (PoC)

Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow
Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow (PoC)

Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow
Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow (PoC)

DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow
DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow (PoC)

VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow
VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC)

aGSM 2.35 Half-Life Server - Info Response Buffer Overflow
aGSM 2.35 Half-Life Server - Info Response Buffer Overflow (PoC)

cURL - Buffer Overflow
cURL - Buffer Overflow (PoC)

TagScanner 5.1 - Stack Buffer Overflow
TagScanner 5.1 - Stack Buffer Overflow (PoC)

Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow
Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow (PoC)

Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service
Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow (Denial of Service) (PoC)

QwikMail 0.3 - HELO Command Buffer Overflow
QwikMail 0.3 - 'HELO' Buffer Overflow (PoC)

NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow
NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow (PoC)

Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities
Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities (PoC)

Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow
Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow (PoC)

AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow
AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow (PoC)

Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of Service
Serva 32 TFTP 2.1.0 - Buffer Overflow (Denial of Service) (PoC)

Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow
Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow (PoC)

Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow
Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow (PoC)

PlanetDNS PlanetFileServer - Remote Buffer Overflow
PlanetDNS PlanetFileServer - Remote Buffer Overflow (PoC)

Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow
Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC)

Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow
Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC)

LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow
LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow (PoC)

VbsEdit 5.9.3 - '.smi' Buffer Overflow
VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC)

Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow
Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC)

AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow
AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow (PoC)

DSocks 1.3 - 'Name' Buffer Overflow
DSocks 1.3 - 'Name' Buffer Overflow (PoC)

IcoFX 2.5.0.0 - '.ico' Buffer Overflow
IcoFX 2.5.0.0 - '.ico' Buffer Overflow (PoC)
Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow
Microsoft Windows XP - 'cmd.exe' Buffer Overflow
Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow (PoC)
Microsoft Windows XP - 'cmd.exe' Buffer Overflow (PoC)

Packeteer PacketShaper 8.0 - Multiple Buffer Overflow Denial of Service Vulnerabilities
Packeteer PacketShaper 8.0 - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities

Bochs 2.3 - Buffer Overflow / Denial of Service
Bochs 2.3 - Buffer Overflow (Denial of Service) (PoC)

Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow
Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow (PoC)
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (1)
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (2)
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1)
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (2)

T1lib - intT1_Env_GetCompletePath Buffer Overflow
T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)

Foxmail Email Client 6.5 - 'mailto' Buffer Overflow
Foxmail Email Client 6.5 - 'mailto' Buffer Overflow (PoC)
Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow
Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow Denial of Service
Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow (PoC)
Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow (Denial of Service) (PoC)

Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow
Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow (PoC)

Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow
Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow (PoC)

MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow
MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow (PoC)

MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow
MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow (PoC)

Trend Micro OfficeScan - Buffer Overflow / Denial of Service
Trend Micro OfficeScan - Buffer Overflow (Denial of Service) (PoC)

ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow
ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow (PoC)

Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow
Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow (PoC)

Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow
Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow (PoC)

NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow
NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow (PoC)

ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow
ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC)

A10 Networks ACOS 2.7.0-P2 (build: 53) - Buffer Overflow
A10 Networks ACOS 2.7.0-P2 (Build 53) - Buffer Overflow (PoC)

Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow
Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow (PoC)

Jzip - Buffer Overflow (SEH Unicode) (Denial of Service)
Jzip - Buffer Overflow (Denial of Service) (SEH Unicode)

Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow
Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow (PoC)

BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow
BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow (PoC)

Adobe Flash Player 10.0.22 and AIR - URI Parsing Heap Buffer Overflow
Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC)

Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow
Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow (PoC)

Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow
Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow (PoC)

Xerox WorkCentre - PJL Daemon Buffer Overflow
Xerox WorkCentre - PJL Daemon Buffer Overflow (PoC)

Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow
Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow (PoC)

Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow
Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow (PoC)

Mocha W32 LPD 1.9 - Remote Buffer Overflow
Mocha W32 LPD 1.9 - Remote Buffer Overflow (PoC)

Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow
Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC)

BulletProof FTP Client 2010 - Buffer Overflow (SEH)
BulletProof FTP Client 2010 - Buffer Overflow (SEH) (PoC)

Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow
Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow (PoC)

D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow
D-Link WBR-2310 1.0.4 - 'GET' Remote Buffer Overflow (PoC)

HTML Help Workshop 1.4 - Buffer Overflow (SEH)
HTML Help Workshop 1.4 - Buffer Overflow (SEH) (PoC)

Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow (Denial of Service) (PoC) EIP Overwrite

TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow
TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC)

G-WAN 2.10.6 - Buffer Overflow / Denial of Service
G-WAN 2.10.6 - Buffer Overflow (Denial of Service) (PoC)

Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow Denial of Service
Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC)

TestDisk 6.14 - Check_OS2MB Stack Buffer Overflow
TestDisk 6.14 - 'Check_OS2MB' Stack Buffer Overflow (PoC)

ZOC SSH Client - Buffer Overflow (SEH)
ZOC SSH Client - Buffer Overflow (SEH) (PoC)

WebDrive 12.2 (B4172) - Buffer Overflow
WebDrive 12.2 (B4172) - Buffer Overflow (PoC)

PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH)
PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) (PoC)

Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow
Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow (PoC)
IKEView.exe Fox Beta 1 - Stack Buffer Overflow
IKEView.exe R60 - Stack Buffer Overflow
IKEView.exe Fox Beta 1 - Stack Buffer Overflow (PoC)
IKEView.exe R60 - Stack Buffer Overflow (PoC)

Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow
Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow (PoC)

Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow
Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow (PoC)
LanSpy 2.0.0.155 - Buffer Overflow
LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow
Last PassBroker 3.2.16 - Stack Buffer Overflow
LanSpy 2.0.0.155 - Buffer Overflow (PoC)
LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow (PoC)
Last PassBroker 3.2.16 - Stack Buffer Overflow (PoC)

Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow
Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC)
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH)
TECO TP3-PCLINK 2.1 - '.tpc' File Handling Buffer Overflow
TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) (PoC)
TECO TP3-PCLINK 2.1 - '.tpc' Handling Buffer Overflow (PoC)
TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow (PoC)
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_SetConfFileChunk Stack Buffer Overflow
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer Overflow
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_SetConfFileChunk' Stack Buffer Overflow (PoC)
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_GetConfFileChunk' Stack Buffer Overflow (PoC)

Advanced Encryption Package Buffer Overflow - Denial of Service
Advanced Encryption Package - Buffer Overflow (Denial of Service) (PoC)

InfraRecorder - '.m3u' File Buffer Overflow
InfraRecorder - '.m3u' File Buffer Overflow (PoC)

Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution
Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution (PoC)
Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow
yTree 1.94-1.1 - Local Buffer Overflow
Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow (PoC)
yTree 1.94-1.1 - Local Buffer Overflow (PoC)

NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow
NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow (PoC)

CyberCop Scanner Smbgrind 5.5 - Buffer Overflow
CyberCop Scanner Smbgrind 5.5 - Buffer Overflow (PoC)
STIMS Buffer 1.1.20 - Buffer Overflow (SEH) (Denial of Service)
STIMS Cutter 1.1.3.20 - Buffer Overflow Denial of Service
STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC)
STIMS Cutter 1.1.3.20 - Buffer Overflow (Denial of Service) (PoC)

4digits 1.1.4 - Local Buffer Overflow
4digits 1.1.4 - Local Buffer Overflow (PoC)

Websockify (C Implementation) 0.8.0 - Buffer Overflow
Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC)

Google Android - '/system/bin/sdcard' Stack Buffer Overflow
Google Android - '/system/bin/sdcard' Stack Buffer Overflow (PoC)

Oracle Orakill.exe 11.2.0 - Buffer Overflow
Oracle Orakill.exe 11.2.0 - Buffer Overflow (PoC)

Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow
Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow (PoC)
Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow
Core FTP LE 2.2 - Path Field Local Buffer Overflow
Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow (PoC)
Core FTP LE 2.2 - Path Field Local Buffer Overflow (PoC)

Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow
Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC)

ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow
ConQuest DICOM Server 1.4.17d - Stack Buffer (PoC)

QNAP NVR/NAS - Buffer Overflow
QNAP NVR/NAS - Buffer Overflow (PoC)
Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow
CDex 1.96 - Buffer Overflow
Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC)
CDex 1.96 - Buffer Overflow (PoC)

Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)

D3DGear 5.00 Build 2175 - Buffer Overflow
D3DGear 5.00 Build 2175 - Buffer Overflow (PoC)
VX Search Enterprise 10.1.12 - Denial of Service
Disk Pulse Enterprise 10.1.18 - Denial of Service
Sync Breeze Enterprise 10.1.16 - Denial of Service
DiskBoss Enterprise 8.5.12 - Denial of Service
BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC)

APNGDis 2.8 - 'filename' Stack Buffer Overflow
APNGDis 2.8 - 'filename' Stack Buffer Overflow (PoC)

wifirxpower - Local Buffer Overflow
wifirxpower - Local Buffer Overflow (PoC)
pinfo 0.6.9 - Local Buffer Overflow
Dmitry 1.3a - Local Buffer Overflow
pinfo 0.6.9 - Local Buffer Overflow (PoC)
Dmitry 1.3a - Local Buffer Overflow (PoC)

Mapscrn 2.03 - Local Buffer Overflow
Mapscrn 2.03 - Local Buffer Overflow (PoC)

Stunnel 3.24/4.00 - Daemon Hijacking (PoC)
Stunnel 3.24/4.00 - Daemon Hijacking

Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (PoC)
Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1)
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2)
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (1)
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (2)

Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator (PoC)
Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator

WinZip - MIME Parsing Overflow (PoC)
WinZip - MIME Parsing Overflow
glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow (PoC)
GNU Sharutils 4.2.1 - Local Format String (PoC)
glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow
GNU Sharutils 4.2.1 - Local Format String
GD Graphics Library - Local Heap Overflow (PoC)
libxml 2.6.12 nanoftp - Buffer Overflow (PoC)
GD Graphics Library - Local Heap Overflow
libxml 2.6.12 nanoftp - Buffer Overflow

WinRAR 3.4.1 - Corrupt '.ZIP' File (PoC)
WinRAR 3.4.1 - Corrupt '.ZIP' File

Exim 4.41 - 'dns_build_reverse' Local (PoC)
Exim 4.41 - 'dns_build_reverse' Local
tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow (PoC)
Microsoft Windows - NtClose DeadLock (PoC) (MS06-030)
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (PoC) (MS06-030)
tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow
Microsoft Windows - NtClose DeadLock (MS06-030)
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030)

Microsoft Word 2000/2003 - Hlink Local Buffer Overflow (PoC)
Microsoft Word 2000/2003 - Hlink Local Buffer Overflow

Cheese Tracker 0.9.9 - Local Buffer Overflow (PoC)
Cheese Tracker 0.9.9 - Local Buffer Overflow

PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow (PoC)
PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow

BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow (PoC)
BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow

Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST (PoC)
Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST
PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow (PoC)
PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow (PoC)
PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow
PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow

PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure (PoC)
PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure
WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation (PoC)
Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak (PoC)
WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation
Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak

Kodak Image Viewer - TIF/TIFF Code Execution (PoC) (MS07-055)
Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055)

Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow (PoC)
Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow

Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow (PoC)
Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow

DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC)
DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak

XnView 1.93.6 - '.taac' Local Buffer Overflow (PoC)
XnView 1.93.6 - '.taac' Local Buffer Overflow
OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow (PoC)
Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution (PoC)
OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow
Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution

Microsoft Windows Server 2003 - Token Kidnapping Local (PoC)
Microsoft Windows Server 2003 - Token Kidnapping Local

Debian - Symlink In Login Arbitrary File Ownership (PoC)
Debian - Symlink In Login Arbitrary File Ownership

Trend Micro Internet Security Pro 2009 - Priviliege Escalation (PoC)
Trend Micro Internet Security Pro 2009 - Priviliege Escalation

Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (PoC) (SEH)
Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (SEH)

Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure (PoC)
Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure

Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow (PoC)
Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow

GPG2/Kleopatra 2.0.11 - Malformed Certificate (PoC)
GPG2/Kleopatra 2.0.11 - Malformed Certificate

Alleycode 2.21 - Local Overflow (SEH) (PoC)
Alleycode 2.21 - Local Overflow (SEH)

GPG4Win GNU - Privacy Assistant (PoC)
GPG4Win GNU - Privacy Assistant

VMware Fusion 2.0.5 - vmx86 kext Local (PoC)
VMware Fusion 2.0.5 - vmx86 kext Local

Mozilla Codesighs - Memory Corruption (PoC)
Mozilla Codesighs - Memory Corruption

Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC)
Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow

LDAP - Injection (PoC)
LDAP - Injection

QuickZip 4.x - '.zip' Local Universal Buffer Overflow (PoC)
QuickZip 4.x - '.zip' Local Universal Buffer Overflow
ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow (PoC)
Crimson Editor r3.70 - Overwrite (SEH) (PoC)
Kenward Zipper 1.4 - Local Stack Buffer Overflow (PoC)
ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow
Crimson Editor r3.70 - Overwrite (SEH)
Kenward Zipper 1.4 - Local Stack Buffer Overflow

Stud_PE 2.6.05 - Local Stack Overflow (PoC)
Stud_PE 2.6.05 - Local Stack Overflow

Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow (PoC)
Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow

EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC)
EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow

Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow (PoC)
Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow
PhotoFiltre Studio X - '.tif' Local Buffer Overflow (PoC)
Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow (PoC)
PhotoFiltre Studio X - '.tif' Local Buffer Overflow
Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow

Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow (PoC)
Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow

Audio Converter 8.1 - Local Stack Buffer Overflow (PoC)
Audio Converter 8.1 - Local Stack Buffer Overflow
Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) ROP/WPM
SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC)
Audio Converter 8.1 - Local Stack Buffer Overflow ROP/WPM
SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow

BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (PoC) (ASLR + DEP Bypass)
BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (ASLR + DEP Bypass)

Acoustica Audio Converter Pro 1.1 (build 25) -  '.mp3 / .wav / .ogg / .wma' Local Heap Overflow (PoC)
Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow

Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC)
Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure

Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow (PoC)
Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow

PHP 5.3.6 - Local Buffer Overflow (ROP) (PoC)
PHP 5.3.6 - Local Buffer Overflow (ROP)

Xorg 1.4 < 1.11.2 - File Permission Change (PoC)
Xorg 1.4 < 1.11.2 - File Permission Change

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 - LSA Secrets

Linux Kernel 2.2.x - 'sysctl()' Memory Reading (PoC)
Linux Kernel 2.2.x - 'sysctl()' Memory Reading

Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) (PoC)
Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042)

Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation (PoC)
Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation

HT Editor 2.0.20 - Local Buffer Overflow (ROP) (PoC)
HT Editor 2.0.20 - Local Buffer Overflow (ROP)

Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read (PoC)
Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read

Linux Kernel 2.6 - Console Keymap Local Command Injection (PoC)
Linux Kernel 2.6 - Console Keymap Local Command Injection

ACE Stream Media 2.1 - 'acestream://' Format String (PoC)
ACE Stream Media 2.1 - 'acestream://' Format String

Linux Kernel 3.13 - SGID Privilege Escalation (PoC)
Linux Kernel 3.13 - SGID Privilege Escalation

Comodo Internet Security - HIPS/Sandbox Escape (PoC)
Comodo Internet Security - HIPS/Sandbox Escape

Palringo 2.8.1 - Local Stack Buffer Overflow (PoC)
Palringo 2.8.1 - Local Stack Buffer Overflow
Linux Kernel (x86-64) - Rowhammer Privilege Escalation (PoC)
Rowhammer - NaCl Sandbox Escape (PoC)
Linux Kernel (x86-64) - Rowhammer Privilege Escalation
Rowhammer - NaCl Sandbox Escape

Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation (PoC)
Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation

Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052)
Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (MS15-052)

Linux (x86) - Memory Sinkhole Privilege Escalation (PoC)
Linux (x86) - Memory Sinkhole Privilege Escalation

Core FTP Server 1.2 - Local Buffer Overflow (PoC)
Core FTP Server 1.2 - Local Buffer Overflow

Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051)
Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)

VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC)
VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys'

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method)

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method)

GNU Screen 4.5.0 - Local Privilege Escalation (PoC)
GNU Screen 4.5.0 - Local Privilege Escalation
Man-db 2.6.7.1 - Local Privilege Escalation (PoC)
Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation (PoC)
Man-db 2.6.7.1 - Local Privilege Escalation
Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation

Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation (PoC)
Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation

TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC)
TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change

Multiple CPUs - 'Spectre' Information Disclosure (PoC)
Multiple CPUs - 'Spectre' Information Disclosure

Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation

glibc ld.so - Memory Leak / Buffer Overflow
GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow

Microsoft IIS 5.0 - WebDAV Remote (PoC)
Microsoft IIS 5.0 - WebDAV Remote

Microsoft Windows Server 2000 - RSVP Server Authority Hijacking (PoC)
Microsoft Windows Server 2000 - RSVP Server Authority Hijacking

ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow (4)

Titan FTP Server - Long Command Heap Overflow (PoC)
Titan FTP Server - Long Command Heap Overflow

SLX Server 6.1 - Arbitrary File Creation (PoC)
SLX Server 6.1 - Arbitrary File Creation

zgv 5.5 - Multiple Arbitrary Code Executions (PoC)
zgv 5.5 - Multiple Arbitrary Code Executions

Microsoft Internet Explorer - Remote Code Execution (PoC)
Microsoft Internet Explorer - Remote Code Execution

Exim 4.43 - 'auth_spa_server()' Remote (PoC)
Exim 4.43 - 'auth_spa_server()' Remote

Microsoft Windows - DTC Remote (PoC) (MS05-051) (2)
Microsoft Windows - DTC Remote (MS05-051) (2)

Watchfire AppScan QA 5.0.x - Remote Code Execution (PoC)
Watchfire AppScan QA 5.0.x - Remote Code Execution

KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC)
KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow

Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2)
Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (MS06-005) (2)

RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow (PoC)
RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow

AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow (PoC)
AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow

Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution (PoC)
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution

Easy File Sharing FTP Server 2.0 - 'PASS' Remote (PoC)
Easy File Sharing FTP Server 2.0 - 'PASS' Remote

BulletProof FTP Client 2.45 - Remote Buffer Overflow (PoC)
BulletProof FTP Client 2.45 - Remote Buffer Overflow

Intel Centrino ipw2200BG - Wireless Driver Remote Overflow (PoC)
Intel Centrino ipw2200BG - Wireless Driver Remote Overflow

WebMod 0.48 - Content-Length Remote Buffer Overflow (PoC)
WebMod 0.48 - Content-Length Remote Buffer Overflow

OpenBSD - ICMPv6 Fragment Remote Execution (PoC)
OpenBSD - ICMPv6 Fragment Remote Execution

Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027)
Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027)

Apple Safari 3 for Windows Beta - Remote Command Execution (PoC)
Apple Safari 3 for Windows Beta - Remote Command Execution

Flash Player/Plugin Video - File Parsing Remote Code Execution (PoC)
Flash Player/Plugin Video - File Parsing Remote Code Execution

Apple QuickTime (Multiple Browsers) - Command Execution (PoC)
Apple QuickTime (Multiple Browsers) - Command Execution

Apple QuickTime /w IE .qtl Version XAS - Remote (PoC)
Apple QuickTime /w IE .qtl Version XAS - Remote

QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC)
QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow

ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod (PoC)
ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod

HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method (PoC)
HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method

Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting (PoC)
Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting

Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal

MicroTik RouterOS 3.13 - SNMP write (Set request) (PoC)
MicroTik RouterOS 3.13 - SNMP write (Set request)

Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload (PoC)
Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload

Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution (PoC)
Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution

Opera 9.61 - 'opera:historysearch' Code Execution (PoC)
Opera 9.61 - 'opera:historysearch' Code Execution

Chilkat Crypt - ActiveX Arbitrary File Creation/Execution (PoC)
Chilkat Crypt - ActiveX Arbitrary File Creation/Execution

Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069)
Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)

Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection (PoC)
Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection

GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption (PoC)
GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption

Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002)
Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (MS09-002)

Zervit Web Server 0.4 - Directory Traversal / Memory Corruption (PoC)
Zervit Web Server 0.4 - Directory Traversal / Memory Corruption

Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2)
Apple Mac OSX - Java applet Remote Deserialization Remote (2)

VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow (PoC)
VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow

Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC) (MS09-054)
Microsoft Internet Explorer 5/6/7 - Memory Corruption (MS09-054)

Pegasus Mail Client 4.51 - Remote Buffer Overflow (PoC)
Pegasus Mail Client 4.51 - Remote Buffer Overflow

TLS - Renegotiation (PoC)
TLS - Renegotiation
Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC)
Trend Micro Web-Deployment - ActiveX Remote Execution (PoC)
Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution
Trend Micro Web-Deployment - ActiveX Remote Execution

MX Simulator Server - Remote Buffer Overflow (PoC)
MX Simulator Server - Remote Buffer Overflow
Apache OFBiz - Remote Execution (via SQL Execution) (PoC)
Apache OFBiz - Admin Creator (PoC)
Apache OFBiz - Remote Execution (via SQL Execution)
Apache OFBiz - Admin Creator

Adobe Flash / Reader - Live Malware (PoC)
Adobe Flash / Reader - Live Malware

Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow (PoC)
Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow

KingView 6.5.3 - SCADA HMI Heap Overflow (PoC)
KingView 6.5.3 - SCADA HMI Heap Overflow

Microsoft Data Access Components - Remote Overflow (PoC) (MS11-002)
Microsoft Data Access Components - Remote Overflow (MS11-002)
HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC)
HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC)
HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution
HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution

Solar FTP Server 2.1.1 - PASV Buffer Overflow (PoC)
Solar FTP Server 2.1.1 - PASV Buffer Overflow

Apache mod_proxy - Reverse Proxy Exposure (PoC)
Apache mod_proxy - Reverse Proxy Exposure

Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite (PoC)
Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite

Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite (PoC)
Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite

Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution (PoC)
Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution

OpenVAS Manager 4.0 - Authentication Bypass (PoC)
OpenVAS Manager 4.0 - Authentication Bypass

w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution (PoC)
w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution

Legend Perl IRC Bot - Remote Code Execution (PoC)
Legend Perl IRC Bot - Remote Code Execution

dhclient 4.1 - Bash Environment Variable Command Injection (PoC) (Shellshock)
dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)

WebDrive 12.2 (Build #4172) - Remote Buffer Overflow (PoC)
WebDrive 12.2 (Build #4172) - Remote Buffer Overflow

Endian Firewall < 3.0.0 - OS Command Injection (Python) (PoC)
Endian Firewall < 3.0.0 - OS Command Injection (Python)

Fortigate OS 4.x < 5.0.7 - SSH Backdoor Access

OpenSSHd 7.2p2 - Username Enumeration (PoC)
OpenSSHd 7.2p2 - Username Enumeration

Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution

Intel Active Management Technology - System Privileges

Xplico - Remote Code Execution (Metasploit)

Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution

S9Y Serendipity 0.7-beta1 - SQL Injection (PoC)
S9Y Serendipity 0.7-beta1 - SQL Injection

AWStats 5.7 < 6.2 - Multiple Remote (PoC)
AWStats 5.7 < 6.2 - Multiple Remote

WoltLab Burning Book 1.1.2 - SQL Injection (PoC)
WoltLab Burning Book 1.1.2 - SQL Injection

Invision Power Board 2.1.7 - ACTIVE Cross-Site Scripting / SQL Injection
Invision Power Board (IP.Board) 2.1.7 - 'ACTIVE' Cross-Site Scripting / SQL Injection

EQdkp 1.3.2f - 'user_id' Authentication Bypass (PoC)
EQdkp 1.3.2f - 'user_id' Authentication Bypass

Invision Power Board 2.3.5 - Multiple Vulnerabilities (2)
Invision Power Board (IP.Board) 2.3.5 - Multiple Vulnerabilities (2)

FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC)
FOSS Gallery Public 1.0 - Arbitrary File Upload

Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC)
Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection

Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation (PoC)
Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation

Invision Power Board 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure
Invision Power Board (IP.Board) 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure

Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption (PoC)
Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption

IPB (nv2) Awards < 1.1.0 - SQL Injection (PoC)
IPB (nv2) Awards < 1.1.0 - SQL Injection

X-Cart Pro 4.0.13 - SQL Injection (PoC)
X-Cart Pro 4.0.13 - SQL Injection

Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute (PoC)
Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute

IPB 3.0.1 - SQL Injection
Invision Power Board 3.0.1 - SQL Injection

WebsiteBaker 2.8.1 - Cross-Site Request Forgery (PoC)
WebsiteBaker 2.8.1 - Cross-Site Request Forgery
BS Auto Classifieds - 'info.php' SQL Injection (PoC)
BS Business Directory - 'articlesdetails.php' SQL Injection (PoC)
BS Classifieds Ads - 'articlesdetails.php' SQL Injection (PoC)
BS Events Directory - 'articlesdetails.php' SQL Injection (PoC)
BS Auto Classifieds - 'info.php' SQL Injection
BS Business Directory - 'articlesdetails.php' SQL Injection
BS Classifieds Ads - 'articlesdetails.php' SQL Injection
BS Events Directory - 'articlesdetails.php' SQL Injection

BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC)
BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password)

Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) (PoC)
Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account)

SWAT Samba Web Administration Tool - Cross-Site Request Forgery (PoC)
SWAT Samba Web Administration Tool - Cross-Site Request Forgery

Plone and Zope - Remote Command Execution (PoC)
Plone and Zope - Remote Command Execution

Invision Power Board 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting
Invision Power Board (IP.Board) 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting

Invision Power Board 1.x - 'index.php' showtopic Cross-Site Scripting
Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting

Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities
Invision Power Board (IP.Board) 1.3 - Multiple Cross-Site Scripting Vulnerabilities

Invision Power Board 1.3 - 'Pop' Cross-Site Scripting
Invision Power Board (IP.Board) 1.3 - 'Pop' Cross-Site Scripting

Invision Power Board 1.3 - 'SSI.php' Cross-Site Scripting
Invision Power Board (IP.Board) 1.3 - 'SSI.php' Cross-Site Scripting

Invision Power Services Invision Board 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities
Invision Power Board (IP.Board) 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities

Invision Power Board 1.x/2.0.3 - SML Code Script Injection
Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection

IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover
Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover

Invision Power Board 2.0.3/2.1 - 'Act' Cross-Site Scripting
Invision Power Board (IP.Board) 2.0.3/2.1 - 'Act' Cross-Site Scripting

Invision Power Board 1.0.3 - Attached File Cross-Site Scripting
Invision Power Board (IP.Board) 1.0.3 - Attached File Cross-Site Scripting

Invision Power Services Invision Board 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

Invision Power Services Invision Board 2.0.4 - 'index.php?st' Cross-Site Scripting
Invision Power Board (IP.Board) 2.0.4 - 'index.php?st' Cross-Site Scripting

Invision Power Services Invision Board 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities
Invision Power Board (IP.Board) 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities
Invision Power Services Invision Board 2.0.4 - Print Action 't' Cross-Site Scripting
Invision Power Services Invision Board 2.0.4 - Mail Action 'MID' Cross-Site Scripting
Invision Power Services Invision Board 2.0.4 - Help Action 'HID' Cross-Site Scripting
Invision Power Board (IP.Board) 2.0.4 - Print Action 't' Cross-Site Scripting
Invision Power Board (IP.Board) 2.0.4 - Mail Action 'MID' Cross-Site Scripting
Invision Power Board (IP.Board) 2.0.4 - Help Action 'HID' Cross-Site Scripting

Invision Power Board 1.x/2.x - Multiple SQL Injections
Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections

Invision Power Board 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities
Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities

Invision Power Board 3.0.3 - '.txt' MIME-Type Cross-Site Scripting
Invision Power Board (IP.Board) 3.0.3 - '.txt' MIME-Type Cross-Site Scripting

IP Board 3.x - Cross-Site Request Forgery / Token Hjiacking
Invision Power Board (IP.Board) 3.x - Cross-Site Request Forgery / Token Hjiacking

Invision Power Board 4.2.1 - 'searchText' Cross-Site Scripting
Invision Power Board (IP.Board) 4.2.1 - 'searchText' Cross-Site Scripting

TOTOLINK Routers - Backdoor / Remote Code Execution (PoC)
TOTOLINK Routers - Backdoor / Remote Code Execution

IP.Board 4.x - Persistent Cross-Site Scripting
Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting

IP.Board 4.1.4.x - Persistent Cross-Site Scripting
Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting

NETGEAR R7000 - Command Injection (PoC)
NETGEAR R7000 - Command Injection

WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass  / SQL Injection
WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection
Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration
Photos in Wifi 1.0.1 - Path Traversal
SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities
FiberHome LM53Q1 - Multiple Vulnerabilities
WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload
Vanilla < 2.1.5 - Cross-Site Request Forgery

Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE (PoC)
Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE

Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC)
Joomla! 3.7.0 - 'com_fields' SQL Injection

Apache Struts 2.3.x Showcase - Remote Code Execution (PoC)
Apache Struts 2.3.x Showcase - Remote Code Execution

AIX - execve /bin/sh Shellcode (88 bytes)

Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)
2018-01-09 05:02:30 +00:00

21 lines
No EOL
1.1 KiB
Text
Raw Blame History

# Exploit Title: Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration
# Date: 01/05/2018
# Exploit Author: Steve Kaun
# Vendor Homepage: https://www.synology.com
# Version: Before 6.1.3-15152
# CVE : CVE-2017-9554
Previously this was identified by the developer and the disclosure states "via unspecified vectors" it is possible to enumerate usernames via forget_passwd.cgi
Haven't identified any other disclosures that actually identified the attack vector, figure it would be helpful to another.
"An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors."
Well then... Here you go, cracked the code and figured it out.
https://IP_Address:5001/webman/forget_passwd.cgi?user=XXX
Where XXX should be your injection point for username lists.
Several usernames I've found are admin, administrator, root, nobody, ftp, and more. I'm unsure of whether Synology is pulling these entries from it's passwd file or not, but there you go.
Reference in a new issue View git blame Copy permalink