bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
1406 commits 1 branch 0 tags 258 MiB
C 27.8%
Python 26.1%
Ruby 15.3%
Perl 8.4%
HTML 8.2%
Other 13.8%
Find a file
Offensive Security 6f71665f8a DB: 2017-11-23 
28 new exploits

Apache 2.0.45 - 'APR' Crash

IPD (Integrity Protection Driver) - Denial of Service

Ubuntu 6.06 DHCPd - Remote Denial of Service
Ubuntu 6.06 - DHCPd Remote Denial of Service
Core FTP LE 2.1 build 1612 - Local Buffer Overflow (PoC)
CuteFTP 8.3.3 - 'create new site' Local Buffer Overflow (PoC)

Adobe Reader - Escape From '.PDF'

Oracle Solaris - 'su' Crash

SunOS 4.1.3 - kmem setgid /etc/crash

Solaris 2.5.1 - 'Ping' System Panic (Denial of Service)
Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1) - IP Options
Linux Kernel 2.0/2.1/2.2 - 'autofs'
Linux Kernel 2.2/2.3 (Debian Linux 2.1 / RedHat Linux 6.0 / SuSE Linux 6.1) - IP Options
Linux Kernel 2.0/2.1/2.2 - 'autofs' Denial of Service

S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service
SuSE Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service

Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize'
Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize' (Denial of Service)

Adobe Flash - Use-After-Free in Drawing Methods 'this'
Adobe Flash - Drawing Methods 'this' Use-After-Free

Symantec AntiVirus - Integer Overflow in TNEF Decoder
Symantec AntiVirus - TNEF Decoder Integer Overflow
Apple iOS/macOS - NSKeyedArchiver Heap Corruption Due to Rounding Error in 'TIKeyboardLayout initWithCoder:'
Apple iOS/macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in 'CAMediaTimingFunctionBuiltin'
Apple iOS/macOS - 'TIKeyboardLayout initWithCoder:' NSKeyedArchiver Heap Corruption Due to Rounding Error
Apple iOS/macOS - 'CAMediaTimingFunctionBuiltin' NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking
Microsoft Edge Chakra - Incorrect Usage of 'PushPopFrameHelper' in 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule'
Microsoft Edge Chakra - Incorrect Usage of 'TryUndeleteProperty'
Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrect Usage of 'PushPopFrameHelper' (Denial of Service)
Microsoft Edge Chakra - 'TryUndeleteProperty' Incorrect Usage  (Denial of Service)
Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath'
Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow'
Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath' (Denial of Service)
Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow' (Denial of Service)

Microsoft Edge Chakra - 'Parser::ParseCatch' does not Handle 'eval'
Microsoft Edge Chakra - 'Parser::ParseCatch' Does Not Handle 'eval()' (Denial of Service)

Microsoft Edge Chakra - Accesses to Uninitialized Pointers in 'StackScriptFunction::BoxState::Box'
Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service)

Xen - Unbounded Recursion in Pagetable De-typing
Xen - Pagetable De-typing  Unbounded Recursion

Vonage VDV-23 - Denial of Service
WebKit - 'WebCore::TreeScope::documentScope' Use-After-Free
WebKit - 'WebCore::InputType::element' Use-After-Free
WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free
WebKit - 'WebCore::AXObjectCache::performDeferredCacheUpdate' Use-After-Free
WebKit - 'WebCore::RenderText::localCaretRect' Out-of-Bounds Read
WebKit - 'WebCore::SimpleLineLayout::RunResolver::runForPoint' Out-of-Bounds Read
WebKit - 'WebCore::SVGPatternElement::collectPatternAttributes' Out-of-Bounds Read
WebKit - 'WebCore::Style::TreeResolver::styleForElement' Use-After-Free
WebKit - 'WebCore::DocumentLoader::frameLoader' Use-After-Free
WebKit - 'WebCore::RenderObject::previousSibling' Use-After-Free
WebKit - 'WebCore::FormSubmission::create' Use-After-Free

IBM DB2 - Universal Database 7.2 'db2licm' Local
IBM DB2 - Universal Database 7.2 'db2licm' Local Overflow

OpenBSD - 'ibcs2_exec' Kernel Local
OpenBSD - 'ibcs2_exec' Kernel Code Execution

SuSE Linux 9.0 - YaST Configuration Skribt Local
SuSE Linux 9.0 - YaST Configuration Skribt Overwrite Files

BSDi 3.0/4.0 - rcvtty[mh] Local
BSDi 3.0/4.0 - 'rcvtty[mh]' Privilege Escalation

Solaris locale - Format Strings 'noexec stack'
Solaris 2.6/7.0 - 'locale' Format Strings noexec stack Overflow

RedHat 6.1 man - 'egid 15' Local
RedHat 6.1 - 'man' Local Overflow / Privilege Escalation

splitvt < 1.6.5 - Local
splitvt < 1.6.5 - Overflow
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Privilege Escalation

Slackware 7.1 - '/usr/bin/mail' Local
Slackware 7.1 - '/usr/bin/mail' Privilege Escalation

GLIBC 2.1.3 - LD_PRELOAD Local
GLIBC 2.1.3 - 'LD_PRELOAD' Privilege Escalation

Resolv+ (RESOLV_HOST_CONF) - Linux Library Local
Resolv+ (RESOLV_HOST_CONF) - Linux Library Command Execution

LibXt - 'XtAppInitialize()' Overflow *xterm
LibXt - 'XtAppInitialize()' Local Overflow *xterm
ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Overflow
AOL Instant Messenger AIM - 'Away' Message Local
OpenBSD - 'ftp'
ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Local Overflow
AOL Instant Messenger AIM - 'Away' Message Local Overflow
OpenBSD - 'ftp' Local Overflow

IPD (Integrity Protection Driver) - Local
XV 3.x - '.BMP' Parsing Local Buffer Overflow

htpasswd Apache 1.3.31 - Local
htpasswd Apache 1.3.31 - Overflow
GlobalScape - CuteFTP macros '.mcr' Local
BSD bmon 1.2.1_2 - Local
GlobalScape - CuteFTP macros '.mcr' Local File Write
BSD bmon 1.2.1_2 - Local acls Bypass

Microsoft Windows - Improper Token Validation Local
Microsoft Windows - Improper Token Validation Privilege Escalation

Apple iTunes - Playlist Parsing Local Buffer Overflow

Setuid perl - 'PerlIO_Debug()' Overflow
Setuid perl - 'PerlIO_Debug()' Local Overflow
DelphiTurk e-Posta 1.0 - Local
GNU a2ps - 'Anything to PostScript' Not SUID Local
DelphiTurk e-Posta 1.0 - Credential Recover
GNU a2ps - Anything to PostScript Not SUID Local Overflow

GetDataBack Data Recovery 2.31 - Local
GetDataBack Data Recovery 2.31 - Licence Recover

Exim 4.41 - 'dns_build_reverse' Local
Exim 4.41 - 'dns_build_reverse' Local Read Emails

Willing Webcam 2.8 - Licence Information Disclosure Local
Willing Webcam 2.8 - Licence Information Disclosure

Appfluent Database IDS < 2.1.0.103 - Environment Variable Local
Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Overflow

TIBCO Rendezvous 7.4.11 - Password Extractor Local
TIBCO Rendezvous 7.4.11 - Password Extractor

Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local
Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation

XMPlay 3.3.0.4 - '.PLS' Local Buffer Overflow
Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Local
Apache 1.3.33/1.3.34 (Ubuntu / Debian) - CGI TTY Privilege Escalation
Plan 9 Kernel - 'devenv.c OTRUNC/pwrite' Privilege Escalation
Apache 1.3.34/1.3.33 (Ubuntu / Debian) - CGI TTY Privilege Escalation

PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local
PHP 4.4.6/5.2.1 - 'array_user_key_compare()' ZVAL dtor Local Overflow

PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local
PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Overflow

Microsoft Windows - Animated Cursor '.ani' Overflow (Hardware DEP)
Microsoft Windows - Animated Cursor '.ani' Local Overflow (Hardware DEP)
Oracle 10g R1 - 'pitrig_drop' PLSQL Injection 'get users hash'
Oracle 10g R1 - 'PITRIG_TRUNCATE' PLSQL Injection 'get users hash'
Oracle 10g R1 - 'pitrig_drop' Get Users Hash / PL/SQL Injection
Oracle 10g R1 - 'PITRIG_TRUNCATE' Get Users Hash / PL/SQL Injection

Debian XTERM - 'DECRQSS/comments'
Debian XTERM - 'DECRQSS/comments' Code Execution

BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Remote Overflow
BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Local Overflow

HyperVM - File Permissions Local
HyperVM - File Permissions Credential Disclosure

Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Remote
Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Overflow

VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Overflow
VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Local Overflow

Adobe Reader - Escape From '.PDF' Execute Embedded Executable

Free MP3 CD Ripper 2.6 - '.wav'
Free MP3 CD Ripper 2.6 - '.wav' Local Overflow

GSM SIM Utility 5.15 - Direct RET Local
GSM SIM Utility 5.15 - Direct RET Overflow

Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram'
Easy RM to MP3 2.7.3.700 - '.m3u' / '.pls' / '.smi' / '.wpl' / '.wax' / '.wvx' / '.ram' Local Overflow

Oracle Solaris - 'su' Local

Viscom VideoEdit Gold ActiveX 8.0 - Remote Code Execution
Viscom VideoEdit Gold ActiveX 8.0 - Code Execution

Digital Music Pad 8.2.3.4.8 - '.pls' Overflow (SEH)
Digital Music Pad 8.2.3.4.8 - '.pls' Local Overflow (SEH)

Adobe Flash Player - 'Button' Remote Code Execution (Metasploit)
Adobe Flash Player - 'Button' Arbitrary Code Execution (Metasploit)

MPlayer Lite r33064 - '.m3u' Overflow (SEH)
MPlayer Lite r33064 - '.m3u' Local Overflow (SEH)

ACDSee FotoSlate - '.PLP' File 'id' Overflow (Metasploit)
ACDSee FotoSlate - '.PLP' File 'id' Local Overflow (Metasploit)

Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Overflow
Lattice Semiconductor PAC-Designer 6.21 - '.PAC' Local Overflow

SunOS 4.1.3 -  '/etc/crash' SetGID kmem Privilege Escalation

Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Overflow / Privilege Escalation
Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation

Microsoft Windows - 'April Fools 2001'
Microsoft Windows - 'April Fools 2001' Set Incorrect Date

Solaris 2.5.1 - 'Ping'

BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Overflow / Privilege Escalation (1)
BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1)

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking 'Save Password'
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking Save Password
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Overflow / Privilege Escalation (3)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3)

Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE'
Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Decrypt Pages

Solaris 7.0 - 'chkperm'
Solaris 7.0 - 'chkperm' Privilege Escalation

S.u.S.E. Linux 5.2 - 'gnuplot'
S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation

S.u.S.E. 5.2 - 'lpc' Privilege Escalation
S.u.S.E Linux 5.2 - 'lpc' Privilege Escalation

NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)'
NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Read File

SGI IRIX 6.0.1 - 'colorview'
SGI IRIX 6.0.1 - 'colorview' Read Files

SGI IRIX 6.2 - 'day5notifier'
SGI IRIX 6.2 - 'day5notifier' Privilege Escalation

SGI IRIX 6.4 - 'datman'/'cdman'
SGI IRIX 6.4 - 'datman'/'cdman' Privilege Escalation

SGI IRIX 6.4 - 'login'
SGI IRIX 6.4 - 'login' Privilege Escalation

SGI IRIX 6.4 - 'rmail'
SGI IRIX 6.4 - 'rmail' Privilege Escalation

SGI IRIX 5.1/5.2 - 'sgihelp'
SGI IRIX 5.1/5.2 - 'sgihelp' Privilege Escalation
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (1)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Buffer Overflow (2)
RedHat Linux 4.2/5.2/6.0 / S.u.S.E. Linux 6.0/6.1 - Cron Buffer Overflow (1)
RedHat Linux 4.2/5.2/6.0 / S.u.S.E. Linux 6.0/6.1 - Cron Buffer Overflow (2)
RedHat Linux 4.2/5.2/6.0 / S.u.S.E Linux 6.0/6.1 - Cron Buffer Overflow (1)
RedHat Linux 4.2/5.2/6.0 / S.u.S.E Linux 6.0/6.1 - Cron Buffer Overflow (2)

Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd'
Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd' Privilege Escalation

S.u.S.E. Linux 6.2 sscw - HOME Environment Variable Buffer Overflow
SuSE Linux 6.2 sscw - HOME Environment Variable Buffer Overflow

S.u.S.E. Linux 6.1/6.2 - 'cwdtools'
SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation

Solaris 7.0 - 'kcms_configure'
Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation

FreeBSD 3.3 - Seyon setgid Dialer
FreeBSD 3.3 - Seyon SetGID Dialer

SGI IRIX 6.2 - 'midikeys'/'soundplayer'
SGI IRIX 6.2 - 'midikeys'/'soundplayer' Privilege Escalation
Microsoft Windows 95/98/NT 4.0 - 'autorun.inf'
FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu'
Microsoft Windows 95/98/NT 4.0 - 'autorun.inf' Code Execution
FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Privilege Escalation

Corel Linux OS 1.0 - 'setxconf'
Corel Linux OS 1.0 - 'setxconf' Privilege Escalation

Halloween Linux 4.0 / S.u.S.E. Linux 6.0/6.1/6.2/6.3 - 'kreatecd'
Halloween Linux 4.0 / SuSE Linux 6.0/6.1/6.2/6.3 - 'kreatecd' Privilege Escalation

S.u.S.E. Linux 6.x - Arbitrary File Deletion
SuSE Linux 6.x - Arbitrary File Deletion

S.u.S.E. Linux 6.3/6.4 Gnomelib - Buffer Overflow
SuSE Linux 6.3/6.4 Gnomelib - Buffer Overflow

RedHat Linux 6.0/6.1/6.2 - 'pam_console'
RedHat Linux 6.0/6.1/6.2 - 'pam_console' Monitor Activity After Logout
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1)
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2)
S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3)
S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1)
S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2)
S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3)

CVSWeb Developer CVSWeb 1.80 - Insecure perl 'open'
CVSWeb Developer CVSWeb 1.80 - Insecure Perl 'open' Code Execution

Netscape iCal 2.1 Patch2 - iPlanet iCal 'csstart'
Netscape iCal 2.1 Patch2 - iPlanet iCal 'csstart' Privilege Escalation

Debian 2.2 / S.u.S.E 6.3/6.4/7.0 - man '-l' Format String
Debian 2.2 / Su.S.E 6.3/6.4/7.0 - man '-l' Format String

Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow
Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / SuSE Linux 6.x/7.0/7.1 - 'Man -S' Heap Overflow
S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Shell Definition Format String
S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Buffer Overflow
SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Shell Definition Format String
SuSE Linux 6.4/7.0/7.1/7.2 Berkeley Parallel Make - Buffer Overflow

SCO OpenServer 5.0.x - 'mana' REMOTE_ADDR Authentication Bypass
SCO OpenServer 5.0.x - 'mana' 'REMOTE_ADDR' Authentication Bypass

Samhain Labs 1.x - HSFTP Remote Format String

Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'
Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'File Memory Corruption / Arbitrary Code Execution

LiquidXML Studio 2010 - ActiveX Remote
LiquidXML Studio 2010 - ActiveX Code Execution

HexChat 2.9.4 - Local
HexChat 2.9.4 - Overflow

Winamp 5.63 - 'winamp.ini' Local
Winamp 5.63 - 'winamp.ini' Local Overflow

Apple 2.0.4 - Safari Local
Apple 2.0.4 - Safari Local Cross-Site Scripting

Gold MP4 Player - '.swf' Local
Gold MP4 Player - '.swf' Local Overflow

Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation
Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr SetGID Privilege Escalation

Linux Kernel - 'offset2lib Stack Clash'
Linux Kernel - 'offset2lib' Stack Clash

Microsoft IIS - WebDAV 'ntdll.dll' Remote
Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow

Microsoft Windows 2000/NT 4 - RPC Locator Service Remote
Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow

Microsoft Windows 2000/XP - SMB Authentication Remote
Microsoft Windows 2000/XP - SMB Authentication Remote Overflow

Apache 2.0.45 - 'APR' Remote

Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote
Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Overflow

Microsoft Windows Media Services - 'nsiislog.dll' Remote
Microsoft Windows Media Services - 'nsiislog.dll' Remote Overflow

Citadel/UX BBS 6.07 - Remote
Citadel/UX BBS 6.07 - Remote Overflow

NIPrint LPD-LPR Print Server 4.10 - Remote
NIPrint LPD-LPR Print Server 4.10 - Remote Overflow
IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote
Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote
IA WebMail Server 3.x - 'iaregdll.dll 1.0.0.5' Remote Overflow
Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Overflow

RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote
RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Overflow

INND/NNRP < 1.6.x - Overflow
INND/NNRP < 1.6.x - Remote Overflow

OpenBSD ftpd 2.6/2.7 - Remote
OpenBSD ftpd 2.6/2.7 - Remote Overflow

IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote
IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote Overflow

Subversion 1.0.2 - 'svn_time_from_cstring()' Remote
Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Overflow

OpenFTPd 0.30.2 - Remote
OpenFTPd 0.30.2 - Remote Overflow

WU-IMAP 2000.287(1-2) - Remote
WU-IMAP 2000.287(1-2) - Remote Overflow

XV 3.x - '.BMP' Parsing Local Buffer Overflow

PHP 4.3.7/5.0.0RC3 - memory_limit Remote
PHP 4.3.7/5.0.0RC3 - 'memory_limit' Remote Overflow

SHOUTcast DNAS/Linux 1.9.4 - Format String Remote
SHOUTcast DNAS/Linux 1.9.4 - Format String Remote Overflow

Apple iTunes - Playlist Parsing Local Buffer Overflow

3CServer 1.1 (FTP Server) - Remote
3CServer 1.1 (FTP Server) - Remote Overflow

SHOUTcast 1.9.4 (Windows) - File Request Format String Remote
SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Overflow

LimeWire 4.1.2 < 4.5.6 - 'GET' Remote
LimeWire 4.1.2 < 4.5.6 - 'GET' Remote File Read

Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote
Cyrus imapd 2.2.4 < 2.2.8 - 'imapmagicplus' Remote Overflow

MailEnable Enterprise 1.x - IMAPd Remote
MailEnable Enterprise 1.x - IMAPd Remote Overflow

Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote
Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow

HP OpenView OmniBack II - Generic Remote
HP OpenView OmniBack II - Generic Remote Command Execution

CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote
CA BrightStor ARCserve Backup Agent - 'dbasqlr.exe' Remote Overflow

CA BrightStor ARCserve Backup - Overflow
CA BrightStor ARCserve Backup - Remote Overflow
HP OpenView Network Node Manager 7.50 - Remote
DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote
HP OpenView Network Node Manager 7.50 - Remote Command Execution
DameWare Mini Remote Control 4.0 < 4.9 - Client Agent Remote Overflow
Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote
Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote
Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote
Veritas NetBackup 6.0 (Linux) - 'bpjava-msvc' Remote Command Execution
Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Command Execution
Veritas NetBackup 6.0 (OSX) - 'bpjava-msvc' Remote Command Execution

Mercury Mail Transport System 4.01b - PH SERVER Remote
Mercury Mail Transport System 4.01b - PH SERVER Remote Overflow

Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote
Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote File System Access

XMPlay 3.3.0.4 - '.PLS' Local/Remote Buffer Overflow

3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow
3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Remote Overflow

Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote
Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Overflow

Microsoft DNS Server - Dynamic DNS Updates Remote
Microsoft DNS Server - Dynamic DNS Update/Change

Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote
Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote Overflow

IBM Lotus Domino Server 6.5 - Unauthenticated Remote
IBM Lotus Domino Server 6.5 - Unauthenticated Remote Overflow

Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote
Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote Overflow

IBM Tivoli Provisioning Manager - Unauthenticated Remote
IBM Tivoli Provisioning Manager - Unauthenticated Remote Overflow (Egghunter)

HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()'
HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' File Write

Apache Tomcat Connector mod_jk - 'exec-shield' Remote
Apache Tomcat Connector mod_jk - 'exec-shield' Remote Overflow

NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Remote
NVR SP2 2.0 'nvUnifiedControl.dll 1.1.45.0' - 'SetText()' Command Execution

Lighttpd 1.4.16 - FastCGI Header Overflow Remote
Lighttpd 1.4.16 - FastCGI Header Overflow Remote Command Execution

Lighttpd 1.4.17 - FastCGI Header Overflow Remote
Lighttpd 1.4.17 - FastCGI Header Overflow Arbitrary Code Execution

SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote
SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution

Move Networks Quantum Streaming Player - Overflow (SEH)
Move Networks Quantum Streaming Player - Remote Overflow (SEH)

Fonality trixbox - 'langChoice' Local File Inclusion (connect-back) (2)

Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote
Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote File Download

Sun Solaris 10 - snoop(1M) Utility Remote
Sun Solaris 10 - snoop(1M) Utility Remote Command Execution

NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll'
NuMedia Soft Nms DVD Burning SDK - ActiveX 'NMSDVDX.dll' Command Execution

Autodesk DWF Viewer Control / LiveUpdate Module - Remote
Autodesk DWF Viewer Control / LiveUpdate Module - Remote Code Execution

Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote
Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Overflow

Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11'
Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Remote Overflow

EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote
EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote Overflow

Core FTP LE 2.1 build 1612 - Local Buffer Overflow (PoC)

CuteFTP 8.3.3 - 'create new site' Local Buffer Overflow (PoC)

Samba 2.2.x - 'nttrans' Overflow (Metasploit)
Samba 2.2.x - 'nttrans' Remote Overflow (Metasploit)

Unreal Tournament 2004 - 'Secure' Overflow (Metasploit)
Unreal Tournament 2004 - 'Secure' Remote Overflow (Metasploit)

BigAnt Server 2.52 - Overflow (SEH)
BigAnt Server 2.52 - Remote Overflow (SEH)

NetTransport Download Manager 2.90.510 - Overflow (SEH)
NetTransport Download Manager 2.90.510 - Remote Overflow (SEH)

(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Overflow

Xftp client 3.0 - 'PWD' Remote
Xftp client 3.0 - 'PWD' Remote Overflow

File Sharing Wizard 1.5.0 - Overflow (SEH)
File Sharing Wizard 1.5.0 - Remote Overflow (SEH)

Sun Java Web Server 7.0 u7 - Remote
Sun Java Web Server 7.0 u7 - Remote Overflow

Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote
Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Overflow

Sun Java Web Server 7.0 u7 - Overflow (DEP Bypass)
Sun Java Web Server 7.0 u7 - Remote Overflow (DEP Bypass)

SopCast 3.2.9 - Remote
SopCast 3.2.9 - Remote Command Execution

Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote
Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Exeuction

Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild'
Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Remote Overflow
Microsoft Data Access Components - Overflow (PoC) (MS11-002)
Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Remote
Microsoft Data Access Components - Remote Overflow (PoC) (MS11-002)
Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Command Execution
Samba 2.2.8 (Solaris SPARC) - 'trans2open' Overflow (Metasploit)
Veritas Backup Exec Name Service - Overflow (Metasploit)
Samba 2.2.8 (Solaris SPARC) - 'trans2open' Remote Overflow (Metasploit)
Veritas Backup Exec Name Service - Remote Overflow (Metasploit)

Microsoft Private Communications Transport - Overflow (MS04-011) (Metasploit)
Microsoft Private Communications Transport - Remote Overflow (MS04-011) (Metasploit)
Microsoft RRAS Service - Overflow (MS06-025) (Metasploit)
Microsoft DNS RPC Service - 'extractQuotedChar()' Overflow 'SMB' (MS07-029) (Metasploit)
Microsoft RRAS Service - Remote Overflow (MS06-025) (Metasploit)
Microsoft DNS RPC Service - 'extractQuotedChar()' Remote Overflow 'SMB' (MS07-029) (Metasploit)

Microsoft NetDDE Service - Overflow (MS04-031) (Metasploit)
Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)

CA BrightStor Agent for Microsoft SQL - Overflow (Metasploit)
CA BrightStor Agent for Microsoft SQL - Remote Overflow (Metasploit)

CA BrightStor Universal Agent - Overflow (Metasploit)
CA BrightStor Universal Agent - Remote Overflow (Metasploit)

Knox Arkeia Backup Client Type 77 (Windows x86) - Overflow (Metasploit)
Knox Arkeia Backup Client Type 77 (Windows x86) - Remote Overflow (Metasploit)

Unreal Tournament 2004 (Windows) - 'secure' Overflow (Metasploit)
Unreal Tournament 2004 (Windows) - 'secure' Remote Overflow (Metasploit)

freeFTPd 1.0 - 'Username' Overflow (Metasploit)
freeFTPd 1.0 - 'Username' Remote Overflow (Metasploit)

War-FTPD 1.65 - 'Username' Overflow (Metasploit)
War-FTPD 1.65 - 'Username' Remote Overflow (Metasploit)

3Com 3CDaemon 2.0 FTP Server - 'Username' Overflow (Metasploit)
3Com 3CDaemon 2.0 FTP Server - 'Username' Remote Overflow (Metasploit)

Microsoft RPC DCOM Interface - Overflow (MS03-026) (Metasploit)
Microsoft RPC DCOM Interface - Remote Overflow (MS03-026) (Metasploit)

MaxDB WebDBM - 'Database' Overflow (Metasploit)
MaxDB WebDBM - 'Database' Remote Overflow (Metasploit)

Savant Web Server 3.1 - Overflow (Metasploit)
Savant Web Server 3.1 - Remote Overflow (Metasploit)

McAfee ePolicy Orchestrator / ProtectionPilot - Overflow (Metasploit)
McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit)

Unreal Tournament 2004 (Linux) - 'secure' Overflow (Metasploit)
Unreal Tournament 2004 (Linux) - 'secure' Remote Overflow (Metasploit)

Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit)

Knox Arkeia Backup Client Type 77 (OSX) - Overflow (Metasploit)
Knox Arkeia Backup Client Type 77 (OSX) - Remote Overflow (Metasploit)

Samba 2.2.8 (OSX/PPC) - 'trans2open' Overflow (Metasploit)
Samba 2.2.8 (OSX/PPC) - 'trans2open' Remote Overflow (Metasploit)

Samba 2.2.8 (BSD x86) - 'trans2open' Overflow (Metasploit)
Samba 2.2.8 (BSD x86) - 'trans2open' Remote Overflow (Metasploit)

Progea Movicon 11 - 'TCPUploadServer' Remote
Progea Movicon 11 - 'TCPUploadServer' Remote File System

Easy File Sharing HTTP Server 7.2 - Overflow (SEH) (Metasploit)
Easy File Sharing HTTP Server 7.2 - Remote Overflow (SEH) (Metasploit)

Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe'
Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Remote Overflow

JBoss AS 2.0 - Remote
JBoss AS 2.0 - Remote Command Execution

WorldMail IMAPd 3.0 - Overflow (SEH) (Egghunter)
WorldMail IMAPd 3.0 - Remote Overflow (SEH) (Egghunter)

HP Diagnostics Server - 'magentservice.exe' Overflow (Metasploit)
HP Diagnostics Server - 'magentservice.exe' Remote Overflow (Metasploit)

Mozilla Firefox 4.0.1 - 'Array.reduceRight()'
Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Remote Overflow
Adobe Flash Player - '.mp4 cprt' Overflow (Metasploit)
Apache Tomcat - Account Scanner / 'PUT' Request Remote
Adobe Flash Player - '.mp4 cprt' Remote Overflow (Metasploit)
Apache Tomcat - Account Scanner / 'PUT' Request Command Execution

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()'
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Code Execution

IRIX 6.4 - 'pfdisplay.cgi'
IRIX 6.4 - 'pfdisplay.cgi' Code Execution

SGI IRIX 6.3 - cgi-bin 'webdist.cgi'
SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Command Execution

Microsoft Internet Explorer 5 - ActiveX 'Object for constructing type libraries for scriptlets'
Microsoft Internet Explorer 5 - ActiveX Object For Constructing Type Libraries For Scriptlets File Write

Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog'
Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog' Remote Overflow

ALLMediaServer 0.8 - Overflow (SEH)
ALLMediaServer 0.8 - Remote Overflow (SEH)

S.u.S.E. Linux 6.3/6.4 - Installed Package Disclosure
SuSE Linux 6.3/6.4 - Installed Package Disclosure

Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE'
Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Remote File Upload

Samhain Labs 1.x - HSFTP Remote Format String

GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Overflow
GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Remote Overflow

IBM Cognos - 'tm1admsd.exe' Overflow (Metasploit)
IBM Cognos - 'tm1admsd.exe' Remote Overflow (Metasploit)

Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote
Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Heap Spray

Plesk < 9.5.4 - Remote
Plesk < 9.5.4 - Remote Command Execution

Microsoft PowerPoint 2003 - 'powerpnt.exe'
Microsoft PowerPoint 2003 - 'powerpnt.exe' Remote Overflow

HP LoadRunner - 'magentproc.exe' Overflow (Metasploit)
HP LoadRunner - 'magentproc.exe' Remote Overflow (Metasploit)

ImgSvr 0.6 - 'Template' Local File Inclusion

Nginx 1.4.0 (Generic Linux x64) - Remote
Nginx 1.4.0 (Generic Linux x64) - Remote Overflow

Easy Internet Sharing Proxy Server 2.2 - Overflow (SEH) (Metasploit)
Easy Internet Sharing Proxy Server 2.2 - Remote Overflow (SEH) (Metasploit)

Oracle 9i/10g Database - Network Foundation Remote
Oracle 9i/10g Database - Network Foundation Remote Overflow

Yaws 1.55 - 'Terminal Escape Sequence in Logs' Command Injection
Yaws 1.55 - 'Logs' Terminal Escape Sequence Command Injection

Plesk Server Administrator (PSA) - 'locale' Local File Inclusion

VSAT Sailor 900 - Remote
VSAT Sailor 900 - Remote Overflow

Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH)
Easy File Sharing Web Server 7.2 - Remote Overflow (Egghunter) (SEH)

TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote
TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote Command Execution

Microsoft IIS - WebDav 'ScStoragePathFromUrl' Overflow (Metasploit)
Microsoft IIS - WebDav 'ScStoragePathFromUrl' Remote Overflow (Metasploit)

CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote
CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Code Execution
phpBB 2.0.6 - 'search_id' SQL Injection MD5 Hash Remote
PHP-Nuke 6.9 - 'cid' SQL Injection Remote
phpBB 2.0.6 - 'search_id' SQL Injection / MD5 Hash
PHP-Nuke 6.9 - 'cid' SQL Injection

AWStats 5.0 < 6.3 - Input Validation Hole in 'logfile'
AWStats 5.0 < 6.3 - 'logfile' File Inclusion / Command Execution
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote
phpBB - highlight Arbitrary File Upload 'Santy.A'
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Information Leak
phpBB < 2.0.10 - 'Santy.A Worm' 'highlight' Arbitrary File Upload

e107 - 'include()' Remote
e107 - 'include()' Remote File Upload

phpBB 2.0.10 - Bot Install Altavista 'ssh.D.Worm'
phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista

PostNuke PostWrap Module - Remote
PostNuke PostWrap Module - Remote File Inclusion / Code Execution
phpBB 2.0.13 - 'downloads.php' mod Remote
phpBB 2.0.13 - 'Calendar Pro' mod Remote
phpBB 2.0.13 - 'downloads.php' mod Get Hash
phpBB 2.0.13 - 'Calendar Pro' mod Get Hash

PhotoPost - Arbitrary Data Remote
PhotoPost - Arbitrary Data Hash
eXtropia Shopping Cart - 'web_store.cgi' Remote
Mambo 4.5.2.1 - Fetch Password Hash Remote
eXtropia Shopping Cart - 'web_store.cgi' Remote Command Execution
Mambo 4.5.2.1 - Fetch Password Hash

Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Overwrite Remote
Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Remote Command Execution

vuBB 0.2 - 'cookie' Final SQL Injection 'mq=off'
vuBB 0.2 Final - 'cookie' SQL Injection

JiRos Banner Experience 1.0 - Create Authentication Bypass Remote
JiRos Banner Experience 1.0 - Unauthorised Create Admin
phpBB 2.0.20 - Admin/Restore DB/default_lang Remote
Sugar Suite Open Source 4.2 - 'OptimisticLock' Remote
phpBB 2.0.20 - Admin/Restore DB/default_lang Remote Command Execution
Sugar Suite Open Source 4.2 - 'OptimisticLock' Command Execution

DeluxeBB 1.06 - 'Attachment mod_mime' Remote
DeluxeBB 1.06 - 'Attachment mod_mime' Remote Command Execution

Drupal 4.7 - 'Attachment mod_mime' Remote
Drupal 4.7 - 'Attachment mod_mime' Remote Command Execution

Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Remote
Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Local File Inclusion

Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics Remote
Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics

PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote
PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote Command Execution

phpBB 2.0.21 - Poison Null Byte Remote
phpBB 2.0.21 - Poison Null Byte Remote File Upload

PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Admin 2 'exec()'
PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Command Execution

Philex 0.2.3 - Remote File Inclusion / File Disclosure Remote
Philex 0.2.3 - Remote File Inclusion / File Disclosure

MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote
MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass

Fonality trixbox - 'langChoice' Local File Inclusion (connect-back) (2)

LoveCMS 1.6.2 Final - Update Settings Remote
LoveCMS 1.6.2 Final - Update Settings

addalink 4 Beta - Write Approved Links Remote
addalink 4 Beta - Write Approved Links

The Rat CMS Alpha 2 - 'download.php' Remote
The Rat CMS Alpha 2 - 'download.php' Priviledge Escalation

Graugon Forum 1 - 'id' Command Injection 'via SQL Injection'
Graugon Forum 1 - 'id' Command Injection / SQL Injection

Coppermine Photo Gallery 1.4.22 - Remote
Coppermine Photo Gallery 1.4.22 - SQL Injection

Barracuda IMFirewall 620 -
Barracuda IMFirewall 620 - Multiple Vulnerabilities

Barracuda Web Firewall 660 Firmware 7.3.1.007 -
Barracuda Web Firewall 660 Firmware 7.3.1.007 - Multiple Vulnerabilities

CakePHP 1.3.5/1.2.8 - 'Unserialize()'
CakePHP 1.3.5/1.2.8 - 'Unserialize()' File Inclusion

JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote
JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Command Execution

WordPress Plugin Akismet 2.1.3 -
WordPress Plugin Akismet 2.1.3 - Cross-Site Scripting

ImgSvr 0.6 - 'Template' Local File Inclusion

Plesk Server Administrator (PSA) - 'locale' Local File Inclusion

Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting
2017-11-23 05:02:28 +00:00
platforms DB: 2017-11-23 2017-11-23 05:02:28 +00:00
files.csv DB: 2017-11-23 2017-11-23 05:02:28 +00:00
README.md Fix #104: Add --json support for --id & --www 2017-10-23 11:41:09 +01:00
searchsploit Fix #104: Add --json support for --id & --www 2017-10-23 11:41:09 +01:00

README.md

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446
  searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"

  For more examples, see the manual: https://www.exploit-db.com/searchsploit/

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                                Use "-v" (verbose) to try even more combinations
       --exclude="term"       Remove values from results. By using "|" to separated you can chain multiple values.
                                e.g. --exclude="term1|term2|term3".

=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
 Exploit Title                                                                          |  Path
                                                                                        | (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)                     | win_x86/local/40564.c
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)          | windows/local/21844.rb
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)                     | windows/dos/18755.c
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86-64/local/39525.py
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86/local/39446.py
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                         | windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)        | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)                   | windows/local/18176.py
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).