A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
c66d2f584e
5 new exploits Microsoft Internet Explorer - DHTML Object Handling Vulnerabilities (MS05-020) Microsoft Internet Explorer - DHTML Object Handling (MS05-020) Stoney FTPd - Denial of Service (rxBot mods ftpd) Stoney FTPd - 'rxBot mods ftpd' Denial of Service Microsoft Windows Server 2000 - UPNP (getdevicelist) Memory Leak Denial of Service Microsoft Windows Server 2000 - UPNP 'getdevicelist' Memory Leak Denial of Service Winamp 5.21 - .Midi File Header Handling Buffer Overflow (PoC) Winamp 5.21 - '.Midi' File Header Handling Buffer Overflow (PoC) Apache (mod_rewrite) < 1.3.37/2.0.59/2.2.3 - Remote Overflow (PoC) Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow (PoC) ProFTPd 1.3.0a - 'mod_ctrls support' Local Buffer Overflow (PoC) ProFTPd 1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (PoC) Opera 9.10 - '.jpg' Image DHT Marker Heap Corruption Vulnerabilities Opera 9.10 - '.jpg' Image DHT Marker Heap Corruption ZOO - .ZOO File Decompression Infinite Loop Denial of Service (PoC) Versalsoft HTTP File Uploader - ActiveX 6.36 (AddFile) Remote Denial of Service ZOO - '.ZOO' Decompression Infinite Loop Denial of Service (PoC) Versalsoft HTTP File Uploader - ActiveX 6.36 AddFile Remote Denial of Service RhinoSoft Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service RhinoSoft Serv-U FTP Server 7.3 - Authenticated 'stou con:1' Denial of Service CUPS 1.3.7 - Cross-Site Request Forgery (add rss subscription) Remote Crash CUPS 1.3.7 - Cross-Site Request Forgery (Add RSS Subscription) Remote Crash Microsoft Office - Communicator (SIP) Remote Denial of Service Microsoft Office - Communicator 'SIP' Remote Denial of Service Apple Safari - 'ARGUMENTS' Array Integer Overflow (PoC) (Heap Spray) Apple Safari - 'ARGUMENTS' Array Integer Overflow HeapSpray (PoC) Amaya Web Editor 11.0 - XML / HTML Parser Vulnerabilities Amaya Web Editor 11.0 - XML / HTML Parser VideoLAN VLC Media Player 0.9.8a - Web UI (input) Remote Denial of Service VideoLAN VLC Media Player 0.9.8a - Web UI 'input' Remote Denial of Service Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities Real Helix DNA - 'RTSP' / 'SETUP' Request Handler BugHunter HTTP Server 1.6.2 - 'httpsv.exe' (GET 404) Remote Denial of Service BugHunter HTTP Server 1.6.2 - 'httpsv.exe' GET 404 Remote Denial of Service Apple Safari 3.2.3 (Windows x86) - JavaScript (eval) Remote Denial of Service Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service httpdx 1.4 - HTTP Server (Host Header) Remote Format String Denial of Service httpdx 1.4 - HTTP Server Host Header Remote Format String Denial of Service Multiple Media Player - HTTP DataHandler Overflow (iTunes & QuickTime etc) Multiple Media Players ((iTunes / QuickTime) - HTTP DataHandler Overflow Microsoft Internet Explorer 6/7/8 - Denial of Service (Shockwave Flash Object) Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service Adobe (Multiple Products) - XML External Entity / XML Injection Vulnerabilities Adobe (Multiple Products) - XML External Entity / XML Injection PHP (Multiple Functions) - Local Denial of Service Vulnerabilities PHP (Multiple Functions) - Local Denial of Service RPM Select/Elite 5.0 - '.xml config parsing' Unicode Buffer Overflow (PoC) RPM Select/Elite 5.0 - '.xml Configuration parsing' Unicode Buffer Overflow (PoC) Microsoft Windows - SMB2 Negotiate Protocol (0x72) Response Denial of Service Microsoft Windows - SMB2 Negotiate Protocol '0x72' Response Denial of Service Oreans Themida 2.1.8.0 - TMD File Handling Buffer Overflow Oreans Themida 2.1.8.0 - '.TMD' File Handling Buffer Overflow Play [EX] 2.1 - Playlist File (M3U/PLS/LST) Denial of Service Play [EX] 2.1 - '.M3U'/'.PLS'/'.LST' Playlist File Denial of Service Apple iTunes 10.6.1.7 - '.m3u' Playlist File Walking Heap Buffer Overflow Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service (Possible Buffer Overflow) Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow Vulnerabilities RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow Qualcomm qpopper 2.53/3.0 / RedHat imap 4.5 -4_ UoW imap 4.5 popd - Lock File Denial of Service Qualcomm qpopper 2.53/3.0 / RedHat imap 4.5 -4 / UoW imap 4.5 popd - Lock File Denial of Service Axent NetProwler 3.0 - Malformed IP Packets Denial of Service (1) Axent NetProwler 3.0 - Malformed IP Packets Denial of Service (2) Axent NetProwler 3.0 - IP Packets Denial of Service (1) Axent NetProwler 3.0 - IP Packets Denial of Service (2) WFTPD 2.4.1RC11 - REST Command Malformed File Write Denial of Service WFTPD 2.4.1RC11 - 'REST' Malformed File Write Denial of Service id Software Quake 3 Arena Server 1.29 - Possible Buffer Overflow id Software Quake 3 Arena Server 1.29 - Buffer Overflow BSDI 3.0/3.1 - Possible Local Kernel Denial of Service BSDI 3.0/3.1 - Local Kernel Denial of Service Cisco IOS 11/12 - Malformed SNMP Message Denial of Service Cisco IOS 11/12 - SNMP Message Denial of Service Apache 1.3.x + Tomcat 4.0.x/4.1.x (Mod_JK) - Chunked Encoding Denial of Service Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service BitchX 1.0 - Malformed RPL_NAMREPLY Denial of Service BitchX 1.0 - 'RPL_NAMREPLY' Denial of Service RealPlayer 15.0.6.14(.3g2) - WriteAV Crash (PoC) RealPlayer 15.0.6.14(.3g2) - 'WriteAV' Crash (PoC) Plug And Play Web Server 1.0 002c - FTP Service Command Handler Buffer Overflow Vulnerabilities Plug And Play Web Server 1.0 002c - FTP Service Command Handler Buffer Overflow ProFTPd 1.2.7/1.2.8 - ASCII File Transfer Buffer Overrun ProFTPd 1.2.7/1.2.8 - '.ASCII' File Transfer Buffer Overrun Avaya Argent Office - Malformed DNS Packet Denial of Service Avaya Argent Office - DNS Packet Denial of Service Cisco IOS 12 MSFC2 - Malformed Layer 2 Frame Denial of Service Cisco IOS 12 MSFC2 - Layer 2 Frame Denial of Service ClamAV Daemon 0.65 - Malformed UUEncoded Message Denial of Service Red-M Red-Alert 3.1 - Remote Vulnerabilities ClamAV Daemon 0.65 - UUEncoded Message Denial of Service Red-M Red-Alert 3.1 - Remote Exploit Neon WebDAV Client Library 0.2x - Format String Vulnerabilities Neon WebDAV Client Library 0.2x - Format String Linux Kernel 2.4.x/2.6.x - Local Denial of Service / Memory Disclosure Vulnerabilities Linux Kernel 2.4.x/2.6.x - Local Denial of Service / Memory Disclosure Adobe Acrobat / Acrobat Reader 6.0 - ETD File Parser Format String Adobe Acrobat / Acrobat Reader 6.0 - '.ETD' File Parser Format String Check Point VPN-1 SecureClient - Malformed IP Address Local Memory Access Check Point VPN-1 SecureClient - IP Address Local Memory Access CenterICQ 4.20/4.5 - Malformed Packet Handling Remote Denial of Service CenterICQ 4.20/4.5 - Packet Handling Remote Denial of Service Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption Vulnerabilities (MS06-012) Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption (MS06-012) Mozilla (Multiple Products) - iFrame JavaScript Execution Vulnerabilities Mozilla (Multiple Products) - iFrame JavaScript Execution Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow Vulnerabilities Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow Apple Mac OSX 10.x - LZWDecodeVector (.tiff) Overflow Apple Mac OSX 10.x - LZWDecodeVector '.tiff' Overflow SolarWinds Server and Application Monitor - ActiveX (Pepco32c) Buffer Overflow SolarWinds Server and Application Monitor - ActiveX 'Pepco32c' Buffer Overflow Computer Associates BrightStor ARCserve Backup 11.5 - mediasvr caloggerd Denial of Service Vulnerabilities Computer Associates BrightStor ARCserve Backup 11.5 - mediasvr caloggerd Denial of Service Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Microsoft Windows XP - GDI+ '.ICO' File Remote Denial of Service PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow Vulnerabilities PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow PC SOFT WinDEV 11 - WDP File Parsing Stack Buffer Overflow PC SOFT WinDEV 11 - '.WDP' File Parsing Stack Buffer Overflow Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow Vulnerabilities libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow Multiple Platform IPv6 Address Publication - Denial of Service Vulnerabilities Multiple Platform IPv6 Address Publication - Denial of Service Ruby 1.9 - WEBrick::HTTP::DefaultFileHandler Crafted HTTP Request Denial of Service Ruby 1.9 - 'WEBrick::HTTP::DefaultFileHandler' Crafted HTTP Request Denial of Service Apple Safari For Windows 3.2.1 - Malformed URI Remote Denial of Service Apple Safari For Windows 3.2.1 - URI Remote Denial of Service Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial of Service Apple Safari 4 - 'feeds:' URI Null Pointer Dereference Remote Denial of Service Microsoft Windows Media Player 11 - .AVI File Colorspace Conversion Remote Memory Corruption Microsoft Windows Media Player 11 - '.AVI' File Colorspace Conversion Remote Memory Corruption Apache 2.4.7 (mod_status) - Scoreboard Handling Race Condition Apache 2.4.7 mod_status - Scoreboard Handling Race Condition Battlefield 2/2142 - Malformed Packet Null Pointer Dereference Remote Denial of Service Battlefield 2/2142 - Packet Null Pointer Dereference Remote Denial of Service Foxit Products GIF Conversion - Memory Corruption (LZWMinimumCodeSize) Foxit Products GIF Conversion - Memory Corruption (DataSubBlock) Foxit Products GIF Conversion - 'LZWMinimumCodeSize' Memory Corruption Foxit Products GIF Conversion - 'DataSubBlock' Memory Corruption Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption Vulnerabilities (LZWMinimumCodeSize) Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize' Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated TTF File Embedded in SWF Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.TTF' File Embedded in SWF Adobe Flash - Heap Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free Vulnerabilities PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free Wireshark - file_read (wtap_read_bytes_or_eof/mp2t_find_next_pcr) Stack Based Buffer Overflow Wireshark - memcpy (get_value / dissect_btatt) SIGSEGV Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow Wireshark - memcpy 'get_value / dissect_btatt' SIGSEGV Wireshark - addresses_equal (dissect_rsvp_common) Use-After-Free Wireshark - addresses_equal 'dissect_rsvp_common' Use-After-Free pdfium - opj_jp2_apply_pclr (libopenjpeg) Heap Based Out-of-Bounds Read pdfium - opj_j2k_read_mcc (libopenjpeg) Heap Based Out-of-Bounds Read Wireshark - iseries_check_file_type Stack Based Out-of-Bounds Read pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read Wireshark - nettrace_3gpp_32_423_file_open Stack Based Out-of-Bounds Read Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read pdfium - opj_t2_read_packet_header (libopenjpeg) Heap Use-After-Free pdfium - opj_t2_read_packet_header 'libopenjpeg' Heap Use-After-Free Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption (MdConvertLine) Samsung Galaxy S6 - 'android.media.process' 'MdConvertLine' Face Recognition Memory Corruption Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor (treo_attach) Nullpointer Dereference Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor 'treo_attach' Nullpointer Dereference Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Netwrix Auditor 7.1.322.0 - ActiveX 'sourceFile' Stack Buffer Overflow Apple QuickTime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 1 Apple QuickTime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 2 Apple QuickTime < 7.7.79.80.95 - PSD File Parsing Memory Corruption Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption (1) Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption (2) Apple QuickTime < 7.7.79.80.95 - '.PSD' Parsing Memory Corruption Adobe Flash - Heap Overflow in ATF Processing (Image Reading) Adobe Flash - Heap Overflow in ATF Processing Image Reading Apache 2.4.23 (mod_http2) - Denial of Service Apache 2.4.23 mod_http2 - Denial of Service Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath' Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow' WhatsApp 2.17.52 - Memory Corruption ICQ Pro 2003a - Password Bypass Exploit (ca1-icq.asm) ICQ Pro 2003a - 'ca1-icq.asm' Password Bypass Exploit IBM DB2 - Universal Database 7.2 (db2licm) Local Exploit IBM DB2 - Universal Database 7.2 'db2licm' Local Exploit SuSE Linux 9.0 - YaST config Skribt Local Exploit SuSE Linux 9.0 - YaST Configuration Skribt Local Exploit Solaris locale - Format Strings (noexec stack) Exploit Solaris locale - Format Strings 'noexec stack' Exploit UUCP Exploit - File Creation/Overwriting (Symlinks) Exploit UUCP Exploit - File Creation/Overwriting Symlinks Exploit GnomeHack - Local Buffer Overflow (gid=games) Kwintv - Local Buffer Overflow (gid=video(33)) GnomeHack - Local Buffer Overflow Kwintv - Local Buffer Overflow RedHat 6.1 man - Local Exploit (egid 15) RedHat 6.1 man - 'egid 15' Local Exploit Solaris 2.5.1 lp / lpsched - Symlink Vulnerabilities Solaris 2.5.1 lp / lpsched - Symlink Exploit SGI IRIX - Multiple Buffer Overflows (LsD) SGI IRIX - 'LsD' Multiple Buffer Overflows Solaris 5.5.1 X11R6.3 - xterm (-xrm) Privilege Escalation Solaris 5.5.1 X11R6.3 - xterm '-xrm' Privilege Escalation ProFTPd - 'ftpdctl pr_ctrls_connect' Exploit ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit GlobalScape - CuteFTP macros (.mcr) Local GlobalScape - CuteFTP macros '.mcr' Local socat 1.4.0.2 - Local Format String (not setuid) Socat 1.4.0.2 - Not SETUID Local Format String TipxD 1.1.1 - Local Format String (not setuid) TipxD 1.1.1 - Not SETUID Local Format String GNU a2ps - 'Anything to PostScript' Local Exploit (Not SUID) VisualBoyAdvanced 1.7.x - Local Shell Exploit (non suid) GNU a2ps - 'Anything to PostScript' Not SUID Local Exploit VisualBoyAdvanced 1.7.x - Non SUID Local Shell Exploit eXeem 0.21 - Local Password Disclosure (asm) eXeem 0.21 - Local Password Disclosure (ASM) Microsoft Excel 2000/2003 - Hlink Local Buffer Overflow (French) Microsoft Excel 2003 - Hlink Local Buffer Overflow (Italian) WinRAR 3.60 Beta 6 - SFX Path Local Stack Overflow (French) Microsoft Excel 2000/2003 (French) - Hlink Local Buffer Overflow Microsoft Excel 2003 (Italian) - Hlink Local Buffer Overflow WinRAR 3.60 Beta 6 (French) - SFX Path Local Stack Overflow Microsoft PowerPoint 2003 SP2 - Local Code Execution (French) Microsoft PowerPoint 2003 SP2 (French) - Local Code Execution Xcode OpenBase 9.1.5 (OSX) - Privilege Escalation (Root File Create) Xcode OpenBase 9.1.5 (OSX) - Root File Create Privilege Escalation Apple Mac OSX 10.4.8 - DiskManagement BOM (cron) Privilege Escalation Apple Mac OSX 10.4.8 - DiskManagement BOM 'cron' Privilege Escalation ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (1) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (2) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (1) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (2) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' Local Overflow (exec-shield) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' exec-shield Local Overflow Send ICMP Nasty Garbage (sing) - Append File Logrotate Exploit Send ICMP Nasty Garbage (SING) - Append File Logrotate Exploit Oracle 10g R1 - xdb.xdb_pitrig_pkg PLSQL Injection (change sys Password) Oracle 10g R1 - xdb.xdb_pitrig_pkg PLSQL Injection (Change Sys Password) VUPlayer 2.49 - '.asx' (HREF) Universal Buffer Overflow VUPlayer 2.49 - '.asx' 'HREF' Universal Buffer Overflow VUPlayer 2.49 - '.asx' (Universal) Local Buffer Overflow VUPlayer 2.49 - '.asx' Universal Local Buffer Overflow Zinf Audio Player 2.2.1 - '.pls' Local Buffer Overflow (Universal) Zinf Audio Player 2.2.1 - '.pls' Universal Local Buffer Overflow Foxit Reader 3.0 (Build 1301) - PDF Buffer Overflow (Universal) Rosoft Media Player 4.2.1 - Local Buffer Overflow (multi target) Foxit Reader 3.0 (Build 1301) - PDF Universal Buffer Overflow Rosoft Media Player 4.2.1 - Local Buffer Overflow Adobe Acrobat Reader - JBIG2 Universal Exploit (Bind Shell Port 5500) Adobe Acrobat Reader - JBIG2 Universal Exploit Mini-stream Ripper 3.0.1.1 - '.asx' (HREF) Local Buffer Overflow Mini-stream Ripper 3.0.1.1 - '.asx' 'HREF' Local Buffer Overflow Millenium MP3 Studio 1.0 - '.mpf' Local Stack Overflow (update) Millenium MP3 Studio 1.0 - '.mpf' Local Stack Overflow (2) BSD (Multiple Distributions) - 'setusercontext()' Vulnerabilities BSD (Multiple Distributions) - 'setusercontext()' Exploit Audacity 1.2 - '.gro' Universal Buffer Overflow (egg hunter) Audacity 1.2 - '.gro' Universal Buffer Overflow (Egghunter) NetAccess IP3 - Authenticated (ping option) Command Injection NetAccess IP3 - Authenticated Ping Option Command Injection Adobe Illustrator CS4 14.0.0 - Encapsulated Postscript (.eps) Buffer Overflow Adobe Illustrator CS4 14.0.0 - Encapsulated Postscript '.eps' Buffer Overflow Jasc Paint Shop Pro 8 - Local Buffer Overflow (Universal) Jasc Paint Shop Pro 8 - Local Universal Buffer Overflow HTML Help Workshop 4.74 - hhp Buffer Overflow (Universal) HTML Help Workshop 4.74 - hhp Universal Buffer Overflow Audiotran 1.4.1 - Buffer Overflow (Direct RET) Audiotran 1.4.1 - Direct RET Buffer Overflow Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - User Mode to Ring Escalation (KiTrap0D) (MS10-015) Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - 'KiTrap0D' User Mode to Ring Escalation (MS10-015) feedDemon 3.1.0.9 - opml File Buffer Overflow feedDemon 3.1.0.9 - '.opml' File Buffer Overflow Winamp 5.572 - Local Buffer Overflow (EIP + SEH DEP Bypass) Winamp 5.572 - Local Buffer Overflow (EIP + SEH) (DEP Bypass) GSM SIM Utility 5.15 - sms file Local Buffer Overflow (SEH) GSM SIM Utility 5.15 - '.sms' File Local Buffer Overflow (SEH) GSM SIM Utility 5.15 - Local Exploit (Direct RET) GSM SIM Utility 5.15 - Direct RET Local Exploit Microsoft Windows - Automatic LNK Shortcut File Code Execution Microsoft Windows - Automatic .LNK Shortcut File Code Execution QQPlayer 2.3.696.400p1 - smi File Buffer Overflow QQPlayer 2.3.696.400p1 - '.smi' File Buffer Overflow Microsoft Excel - Malformed FEATHEADER Record Exploit (MS09-067) Microsoft Excel - FEATHEADER Record Exploit (MS09-067) SnackAmp 3.1.3B - SMP Buffer Overflow (SEH DEP Bypass) SnackAmp 3.1.3B - SMP Buffer Overflow (SEH) (DEP Bypass) MP3-Nator - Buffer Overflow (SEH DEP Bypass) MP3-Nator - Buffer Overflow (SEH) (DEP Bypass) VisiWave - VWR File Parsing Trusted Pointer (Metasploit) VisiWave - '.VWR' File Parsing Trusted Pointer (Metasploit) F-Secure (Multiple Products) - ActiveX Overwrite (SEH) (Heap Spray) F-Secure (Multiple Products) - ActiveX HeapSpray Overwrite (SEH) Blade API Monitor - Unicode Bypass (Serial Number) Buffer Overflow Blade API Monitor - Unicode Bypass Serial Number Buffer Overflow SGI IRIX 5.3/6.2 & SGI license_oeo 1.0 LicenseManager - NETLS_LICENSE_FILE Exploit SGI IRIX 6.4 & SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - LICENSEMGR_FILE_ROOT Exploit SGI IRIX 5.3/6.2 & SGI license_oeo 1.0 LicenseManager - 'NETLS_LICENSE_FILE' Exploit SGI IRIX 6.4 & SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - 'LICENSEMGR_FILE_ROOT' Exploit Slackware Linux 3.4 - liloconfig-color Temporary file Slackware Linux 3.4 - makebootdisk Temporary file Slackware Linux 3.4 - 'liloconfig-color' Temporary file Slackware Linux 3.4 - 'makebootdisk' Temporary file Slackware Linux 3.4 - netconfig Temporary file Slackware Linux 3.4 - pkgtool Temporary file Slackware Linux 3.4 - 'netconfig' Temporary file Slackware Linux 3.4 - 'pkgtool' Temporary file IBM AIX eNetwork Firewall 3.2/3.3 - Insecure Temporary File Creation Vulnerabilities IBM AIX eNetwork Firewall 3.2/3.3 - Insecure Temporary File Creation IBM AIX 4.2.1 portmir - Buffer Overflow / Insecure Temporary File Creation Vulnerabilities IBM AIX 4.2.1 portmir - Buffer Overflow / Insecure Temporary File Creation GNU groff 1.11 a / HP-UX 10.0/11.0 / SGI IRIX 6.5.3 - Malicious Manpage Vulnerabilities GNU groff 1.11 a / HP-UX 10.0/11.0 / SGI IRIX 6.5.3 - Malicious Manpage Quinn - 'the Eskimo' and Peter N. Lewis Internet Config 1.0/2.0 Weak Password Encryption Quinn - 'the Eskimo' and Peter N. Lewis Internet Configuration 1.0/2.0 Weak Password Encryption MDAC 2.1.2.4202.3 / Microsoft Windows NT 4.0/SP1-6 JET/ODBC Patch and RDS Fix - Registry Key Vulnerabilities MDAC 2.1.2.4202.3 / Microsoft Windows NT 4.0/SP1-6 JET/ODBC Patch / RDS Fix - Registry Key Standard & Poors ComStock 4.2.4 - Machine Vulnerabilities Standard & Poors ComStock 4.2.4 - Exploit HP-UX 10.20/11.0 - SNMPD File Permission Vulnerabilities HP-UX 10.20/11.0 - '.SNMPD' File Permission CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (Large Shellcode) CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) Samba 2.0.x - Insecure TMP file Symbolic Link Samba 2.0.x - Insecure TMP File Symbolic Link SuSE 7.0 - KFM Insecure TMP File Creation SuSE 7.0 - KFM Insecure '.TMP' File Creation QNX RTOS 4.25 - CRTTrap File Disclosure QNX RTOS 4.25 - 'CRTTrap' File Disclosure Linux Kernel 2.4 - SUID execve() System Call Race Condition Executable File Read (PoC) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read (PoC) BlazeVideo HDTV Player 6.6 Professional - Exploit (Direct RETN) Aviosoft Digital TV Player Professional 1.x - '.PLF' Exploit (Direct Retn) BlazeVideo HDTV Player 6.6 Professional - Direct RETN Exploit Aviosoft Digital TV Player Professional 1.x - '.PLF' Direct Retn Exploit BlazeDVD 6.1 - '.PLF' File Exploit (DEP + ASLR Bypass) (Metasploit) BlazeDVD 6.1 - '.PLF' File Exploit (ASLR + DEP Bypass) (Metasploit) Cscope 13.0/15.x - Insecure Temporary File Creation Vulnerabilities (1) Cscope 13.0/15.x - Insecure Temporary File Creation Vulnerabilities (2) Cscope 13.0/15.x - Insecure Temporary File Creation (1) Cscope 13.0/15.x - Insecure Temporary File Creation (2) Sony Playstation 3 (PS3) 4.31 - Save Game Preview SFO File Handling Local Command Execution Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' File Handling Local Command Execution Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - Local Ring Exploit (EPATHOBJ) Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - 'EPATHOBJ' Local Ring Exploit PHP 5.0.5 - Safedir Restriction Bypass Vulnerabilities PHP 5.0.5 - Safedir Restriction Bypass AudioCoder 0.8.22 - '.m3u' Buffer Overflow (Direct Retn) AudioCoder 0.8.22 - '.m3u' Direct Retn Buffer Overflow AudioCoder 0.8.22 - '.lst' Buffer Overflow (Direct Retn) AudioCoder 0.8.22 - '.lst' Direct Retn Buffer Overflow KingView 6.53 - ActiveX Remote File Creation / Overwrite (KChartXY) KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct RET) BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities Linux Kernel 2.4.x/2.5.x/2.6.x - 'Sockaddr_In.Sin_Zero' Kernel Memory Disclosure KingView 6.53 - Insecure ActiveX Control (SuperGrid) KingView 6.53 - 'SuperGrid' Insecure ActiveX Control Steinberg MyMp3PRO 5.0 - Buffer Overflow (SEH) (DEP Bypass with ROP) Steinberg MyMp3PRO 5.0 - Buffer Overflow (SEH) (DEP Bypass + ROP) BlazeDVD Pro Player 7.0 - '.plf' Stack Based Buffer Overflow (Direct RET) BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RETBuffer Overflow Filemaker Pro 13.03 / Advanced 12.04 - Login Bypass / Privilege Escalation Filemaker Pro 13.03 / Advanced 12.04 - Authentication Bypass / Privilege Escalation Microsoft Windows Task Scheduler - DeleteExpiredTaskAfter File Deletion Privilege Escalation Microsoft Windows Task Scheduler - 'DeleteExpiredTaskAfter' File Deletion Privilege Escalation Linux 3.17 - noexec File Security Bypass (Python ctypes and memfd_create) Linux 3.17 - 'Python ctypes and memfd_create' noexec File Security Bypass FireEye - Malware Input Processor (uid=mip) Privilege Escalation FireEye - Malware Input Processor Privilege Escalation Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) Microsoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098) VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Config Host Root Privilege Escalation VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Buffer Overflow (SEH) Microsoft Windows XP/2000 - RPC Remote (Non Exec Memory) Exploit Microsoft Windows XP/2000 - RPC Remote Non Exec Memory Exploit ProFTPd 1.2.10 - Remote Users Enumeration Exploit ProFTPd 1.2.10 - Remote Users Enumeration Multiple Browsers - Tabbed Browsing Vulnerabilities Multiple Browsers - Tabbed Browsing Ability Server 2.34 - FTP STOR Buffer Overflow (Unix Exploit) Ability Server 2.34 (Unix) - FTP 'STOR' Buffer Overflow Webmin 1.5 - Web Brute Force (cgi-version) Webmin 1.5 - Web Brute Force (CGI) Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (French) (MS05-039) Battlefield (BFCC/BFVCC/BF2CC) - Login Bypass/Pass Stealer/Denial of Service Microsoft Windows Plug-and-Play Service (French) - Remote Universal Exploit (MS05-039) Battlefield (BFCC < 1.22_A /BFVCC < 2.14_B / BF2CC) - Authentication Bypass / Password Stealer / Denial of Service Lynx 2.8.6dev.13 - Remote Buffer Overflow (port bind) Lynx 2.8.6dev.13 - Remote Buffer Overflow Mercury Mail Transport System 4.01b - Remote Exploit (PH SERVER) Mercury Mail Transport System 4.01b - PH SERVER Remote Exploit SHOUTcast 1.9.4 - File Request Format String (Leaked) SHOUTcast 1.9.4 - File Request 'Leaked' Format String Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (extra) Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution MySQL 4.x/5.0 (Windows) - User-Defined Function (UDF) Command Execution MySQL 4.x/5.0 (Windows) - User-Defined Function Command Execution GNU Mailutils imap4d 0.6 - Remote Format String (exec-shield) GNU Mailutils imap4d 0.6 - exec-shield Remote Format String Fenice Oms server 1.10 - Remote Buffer Overflow (exec-shield) Fenice Oms server 1.10 - exec-shield Remote Buffer Overflow HP Tru64 - Remote Secure Shell User Enumeration Exploit HP Tru64 - Remote Secure Shell User Enumeration Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow 2 Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow (2) Program Checker - 'sasatl.dll 1.5.0.531' JavaScript Heap Spraying Exploit Program Checker - 'sasatl.dll 1.5.0.531' JavaScript HeapSpray Program Checker - 'sasatl.dll 1.5.0.531' DebugMsgLog Heap Spraying Exploit Program Checker - 'sasatl.dll 1.5.0.531' DebugMsgLog HeapSpray Data Dynamics ActiveBar - ActiveX (actbar3.ocx 3.1) Insecure Methods Data Dynamics ActiveBar - ActiveX 'actbar3.ocx 3.1' Insecure Methods Savant Web Server 3.1 - GET Remote Overflow (Universal) Savant Web Server 3.1 - GET Universal Remote Overflow ProFTPd 1.x - 'mod_tls module' Remote Buffer Overflow ProFTPd 1.x - 'mod_tls' Remote Buffer Overflow Apache Tomcat - WebDAV Remote File Disclosure (SSL) Apache Tomcat - WebDAV SSL Remote File Disclosure Linksys WRT54G Firmware 1.00.9 - Security Bypass Vulnerabilities (1) Linksys WRT54G Firmware 1.00.9 - Security Bypass (1) VideoLAN VLC Media Player 0.8.6d - httpd_FileCallBack Remote Format String VideoLAN VLC Media Player 0.8.6d - 'httpd_FileCallBack' Remote Format String Linksys WRT54G Firmware 1.00.9 - Security Bypass Vulnerabilities (2) Linksys WRT54G Firmware 1.00.9 - Security Bypass (2) BlazeDVD 5.0 - PLF Playlist File Remote Buffer Overflow BlazeDVD 5.0 - '.PLF' Playlist File Remote Buffer Overflow Microsoft Windows Server - Code Execution (MS08-067) (Universal) Microsoft Windows Server - Universal Code Execution (MS08-067) SpeedStream 5200 - Authentication Bypass Config Download SpeedStream 5200 - Authentication Bypass Configuration Download GeoVision LiveX 8200 - ActiveX (LIVEX_~1.OCX) File Corruption (PoC) GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption (PoC) Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow Amaya 11.1 - W3C Editor/Browser 'defer' Stack Overflow XBMC 8.10 - get tag from file name Remote Buffer Overflow XBMC 8.10 - Get Tag From File Name Remote Buffer Overflow FTPDMIN 0.96 - RNFR Remote Buffer Overflow (xp sp3/case study) FTPDMIN 0.96 (Windows XP SP3) - 'RNFR' Remote Buffer Overflow Roxio CinePlayer 3.2 - 'IAManager.dll' Remote Buffer Overflow (heap spray) Roxio CinePlayer 3.2 - 'IAManager.dll' Remote Buffer Overflow HeapSpray cPanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure cPanel - Authenticated 'lastvisit.html Domain' Arbitrary File Disclosure ARD-9808 DVR Card Security Camera - Arbitrary Config Disclosure ARD-9808 DVR Card Security Camera - Arbitrary Configuration Disclosure Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (1) Mozilla Firefox 3.5 - 'Font tags' Remote HeapSpray (1) Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (2) Microsoft Office Web Components Spreadsheet - ActiveX (OWC10/11) Exploit Mozilla Firefox 3.5 - 'Font tags' Remote HeapSpray (2) Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Exploit VideoLAN VLC Media Player 0.8.6f - 'smb://' URI Handling Remote Buffer Overflow (Universal) VideoLAN VLC Media Player 0.8.6f - 'smb://' URI Handling Remote Universal Buffer Overflow IBM Informix Client SDK 3.0 - nfx file integer Overflow IBM Informix Client SDK 3.0 - '.nfx' File Integer Overflow AOL 9.5 - ActiveX Exploit (Heap Spray) AOL 9.5 - ActiveX Heap Spray Exploit Wireshark 1.2.5 - LWRES getaddrbyname Buffer Overflow (calc.exe) Wireshark 1.2.5 - LWRES getaddrbyname Buffer Overflow Magneto Net Resource ActiveX 4.0.0.5 - NetFileClose Exploit (Universal) Magneto Net Resource ActiveX 4.0.0.5 - NetConnectionEnum Exploit (Universal) Magneto Net Resource ActiveX 4.0.0.5 - NetShareEnum Exploit (Universal) Magneto Net Resource ActiveX 4.0.0.5 - 'NetFileClose' Universal Exploit Magneto Net Resource ActiveX 4.0.0.5 - 'NetConnectionEnum' Universal Exploit Magneto Net Resource ActiveX 4.0.0.5 - 'NetShareEnum' Universal Exploit Barcodewiz Barcode ActiveX Control 3.29 - Remote Heap Spray Exploit (Internet Explorer 6/7) Barcodewiz Barcode ActiveX Control 3.29 - Remote HeapSpray Exploit (Internet Explorer 6/7) Advanced File Vault - 'eSellerateControl350.dll' ActiveX Heap Spray Advanced File Vault - 'eSellerateControl350.dll' ActiveX HeapSpray RSP MP3 Player - OCX ActiveX Buffer Overflow (heap spray) Easy FTP 1.7.0.11 - Buffer Overflow Vulnerabilities in NLST & NLST -al & APPE & RETR & SIZE & XCWD Commands RSP MP3 Player - OCX ActiveX Buffer Overflow HeapSpray Easy FTP 1.7.0.11 - 'NLST' / 'NLST -al' / 'APPE' / 'RETR' / 'SIZE' / 'XCWD' Buffer Overflow Oracle JRE - java.net.URLConnection class Same-of-Origin (SOP) Policy Bypass Oracle JRE - java.net.URLConnection class Same-of-Origin 'SOP' Policy Bypass Microsoft Windows - Common Control Library (Comctl32) Heap Overflow (MS10-081) Microsoft Windows - Common Control Library 'Comctl32' Heap Overflow (MS10-081) Majordomo2 - Directory Traversal (SMTP/HTTP) Majordomo2 - 'SMTP/HTTP' Directory Traversal Microsoft Outlook - ATTACH_BY_REF_RESOLVE File Execution (MS10-045) (Metasploit) Microsoft Outlook - ATTACH_BY_REF_ONLY File Execution (MS10-045) (Metasploit) Microsoft Outlook - 'ATTACH_BY_REF_RESOLVE' File Execution (MS10-045) (Metasploit) Microsoft Outlook - 'ATTACH_BY_REF_ONLY' File Execution (MS10-045) (Metasploit) Apache (mod_rewrite) - LDAP protocol Buffer Overflow (Metasploit) Apache mod_rewrite - LDAP protocol Buffer Overflow (Metasploit) Zend Java Bridge - Remote Code Execution (ZDI-11-113) Zend Java Bridge - Remote Code Execution 7-Technologies IGSS 9 - Data Server/Collector Packet Handling Vulnerabilities (Metasploit) 7-Technologies IGSS 9 - Data Server/Collector Packet Handling (Metasploit) TFTP Server 1.4 - ST (RRQ) Buffer Overflow WorldMail IMAPd 3.0 - Overflow (SEH) (Egg Hunter) TFTP Server 1.4 - ST 'RRQ' Buffer Overflow WorldMail IMAPd 3.0 - Overflow (SEH) (Egghunter) MailMax 4.6 - POP3 'USER' Remote Buffer Overflow (No Login Needed) MailMax 4.6 - POP3 'USER' Unauthenticated Remote Buffer Overflow AN-HTTPd 1.2b - CGI Vulnerabilities AN-HTTPd 1.2b - CGI Exploits Microsoft Internet Explorer 4.x/5 / Outlook 2000 0/98 0/Express 4.x - ActiveX CAB File Execution Microsoft Internet Explorer 4.x/5 / Outlook 2000 0/98 0/Express 4.x - ActiveX '.CAB' File Execution RedHat 6.1 / IRIX 6.5.18 - lpd Vulnerabilities RedHat 6.1 / IRIX 6.5.18 - 'lpd' Exploit Microsoft Windows Script Host 5.1/5.5 - GetObject() File Disclosure Microsoft Windows Script Host 5.1/5.5 - 'GetObject()' File Disclosure FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Vulnerabilities FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Apache 1.3 - Possible Directory Index Disclosure Apache 1.3 - Directory Index Disclosure Microsoft Outlook Express 6 - XML File Attachment Script Execution Microsoft Outlook Express 6 - '.XML' File Attachment Script Execution Microsoft Word 95/97/98/2000/2002 - INCLUDEPICTURE Document Sharing File Disclosure Microsoft Word 95/97/98/2000/2002 - 'INCLUDEPICTURE' Document Sharing File Disclosure Apache Tomcat 3/4 - DefaultServlet File Disclosure Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure Apache Tomcat 3.x - Null Byte Directory/File Disclosure Apache Tomcat 3.x - Null Byte Directory / File Disclosure Clearswift MAILsweeper 4.x - Malformed MIME Attachment Filter Bypass Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass Aladdin Knowledge System Ltd - ChooseFilePath Buffer Overflow (Metasploit) Aladdin Knowledge System Ltd - 'ChooseFilePath' Buffer Overflow (Metasploit) Mod_Gzip 1.3.x - Debug Mode Vulnerabilities Mod_Gzip 1.3.x - Debug Mode Ipswitch WS_FTP Server 3.4/4.0 - FTP Command Buffer Overrun Vulnerabilities Ipswitch WS_FTP Server 3.4/4.0 - FTP Command Buffer Overrun Microsoft Internet Explorer 6 - Script Execution Vulnerabilities Microsoft Internet Explorer 6 - Script Execution OpenSSL - ASN.1 Parsing Vulnerabilities OpenSSL - ASN.1 Parsing Microsoft Outlook Express 6.0 - MHTML Forced File Execution (1) Microsoft Outlook Express 6.0 - '.MHTML' Forced File Execution (1) Sun J2EE/RI 1.4 / Sun JDK 1.4.2 - JDBC Database Insecure Default Policy Vulnerabilities Sun J2EE/RI 1.4 / Sun JDK 1.4.2 - JDBC Database Insecure Default Policy Sun Java Virtual Machine 1.x - Font.createFont Method Insecure Temporary File Creation Sun Java Virtual Machine 1.x - 'Font.createFont' Method Insecure Temporary File Creation Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' (WzTitle) Remote Exploit Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Exploit abctab2ps 1.6.3 - Write_Heading Function ABC File Remote Buffer Overflow abctab2ps 1.6.3 - 'Write_Heading' '.ABC' Remote Buffer Overflow abctab2ps 1.6.3 - Trim_Title Function ABC File Remote Buffer Overflow abctab2ps 1.6.3 - 'Trim_Title' '.ABC' File Remote Buffer Overflow PCAL 4.x - Calendar File getline Buffer Overflow PCAL 4.x - Calendar File get_holiday Buffer Overflow PCAL 4.x - Calendar File 'getline' Buffer Overflow PCAL 4.x - Calendar File 'get_holiday' Buffer Overflow Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal Sun JavaMail 1.3.2 - 'MimeBodyPart.getFileName' Directory Traversal Finjan SurfinGate 7.0 - ASCII File Extension File Filter Circumvention Finjan SurfinGate 7.0 - '.ASCII' File Extension File Filter Circumvention Logic Print 2013 - Stack Overflow (vTable Overwrite) Logic Print 2013 - vTable Overwrite Stack Overflow EMC Navisphere Manager 6.x - Directory Traversal / Information Disclosure Vulnerabilities EMC Navisphere Manager 6.x - Directory Traversal / Information Disclosure Mitsubishi MC-WorkX 8.02 - ActiveX Control (IcoLaunch) File Execution Mitsubishi MC-WorkX 8.02 - ActiveX Control 'IcoLaunch' File Execution Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution + Scanner CA (Multiple Products) - Console Server / 'InoCore.dll' Remote Code Execution Vulnerabilities CA (Multiple Products) - Console Server / 'InoCore.dll' Remote Code Execution Ability Mail Server 2013 (3.1.1) - Persistent Cross-Site Scripting (Web UI) Ability Mail Server 2013 3.1.1 - Web UI Persistent Cross-Site Scripting Microsoft - Tagged Image File Format (TIFF) Integer Overflow (Metasploit) Microsoft - Tagged Image File Format '.TIFF' Integer Overflow (Metasploit) Sun Java Runtime Environment 1.6 - Web Start JNLP File Stack Buffer Overflow Sun Java Runtime Environment 1.6 - Web Start '.JNLP' File Stack Buffer Overflow Adobe Flash Player 8.0.24 - SWF File Handling Remote Code Execution Adobe Flash Player 8.0.24 - '.SWF' File Handling Remote Code Execution Multiple Browsers - URI Handlers Command Injection Vulnerabilities Multiple Browsers - URI Handlers Command Injection Daum Game 1.1.0.5 - ActiveX (IconCreate Method) Stack Buffer Overflow Daum Game 1.1.0.5 - ActiveX 'IconCreate Method' Stack Buffer Overflow LeadTools MultiMedia 15 - 'LTMM15.dll' ActiveX Control Arbitrary File Overwrite Vulnerabilities LeadTools MultiMedia 15 - 'LTMM15.dll' ActiveX Control Arbitrary File Overwrite Adobe Flash Player 8/9.0.x - SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Adobe Flash Player 8/9.0.x - '.SWF' File 'DeclareFunction2' ActionScript Tag Remote Code Execution Trillian 3.1.9 - DTD File XML Parser Buffer Overflow Trillian 3.1.9 - '.DTD' File XML Parser Buffer Overflow Belkin F5D8233-4 Wireless N Router (Multiple Scripts) - Authentication Bypass Vulnerabilities Belkin F5D8233-4 Wireless N Router (Multiple Scripts) - Authentication Bypass ProFTPd 1.3 - 'mod_sql Username' SQL Injection ProFTPd 1.3 - 'mod_sql' 'Username' SQL Injection Apple Safari for iPhone/iPod touch - Malformed 'Throw' Exception Remote Code Execution Apple Safari iPhone/iPod touch - Malformed Webpage Remote Code Execution Apple Safari for iPhone/iPod touch - 'Throw' Exception Remote Code Execution Apple Safari iPhone/iPod touch - Webpage Remote Code Execution PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection Vulnerabilities PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection Multiple Check Point Endpoint Security Products - Information Disclosure Vulnerabilities Multiple Check Point Endpoint Security Products - Information Disclosure Bsplayer 2.68 - HTTP Response Exploit (Universal) Bsplayer 2.68 - HTTP Response Universal Exploit Easy File Sharing Web Server 7.2 - Remote Buffer Overflow (SEH) (DEP Bypass with ROP) Easy File Sharing Web Server 7.2 - Remote Buffer Overflow (SEH) (DEP Bypass + ROP) Microsoft Internet Explorer 9/10/11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112) Microsoft Internet Explorer 9/10/11 - 'CDOMStringDataList::InitFromString' Out-of-Bounds Read (MS15-112) Acunetix WVS 10 - Remote Command Execution (System) Acunetix WVS 10 - Remote Command Execution Axis Communications MPQT/PACS 5.20.x - Server-Side Include (SSI) Daemon Remote Format String Axis Communications MPQT/PACS 5.20.x - Server-Side Include Daemon Remote Format String Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039) Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution ZyXEL PK5001Z Modem - Backdoor Account PHP-Nuke - SQL Injection Edit/Save Message(s) PHP-Nuke - SQL Injection Edit/Save Messages phpBB - highlight Arbitrary File Upload (Santy.A) phpBB - highlight Arbitrary File Upload 'Santy.A' phpBB 2.0.10 - Bot Install (Altavista) (ssh.D.Worm) phpBB 2.0.10 - Bot Install Altavista 'ssh.D.Worm' Invision Power Board 2.0.3 - 'login.php' SQL Injection (tutorial) Invision Power Board 2.0.3 - 'login.php' SQL Injection phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (cookie grabber) phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber) vBulletin 3.0.8 - Accessible Database Backup Searcher (update 3) vBulletin 3.0.8 - Accessible Database Backup Searcher (3) ibProArcade 2.x - module (vBulletin/IPB) SQL Injection ibProArcade 2.x - module 'vBulletin/IPB' SQL Injection Website Baker 2.6.0 - Login Bypass / Remote Code Execution Website Baker 2.6.0 - Authentication Bypass / Remote Code Execution WebWiz Products 1.0/3.06 - Login Bypass (SQL Injection) WebWiz Products 1.0/3.06 - Authentication Bypass / SQL Injection Woltlab Burning Board 2.x - Datenbank MOD (fileid) SQL Injection Woltlab Burning Board 2.x - Datenbank MOD 'fileid' SQL Injection phpCommunityCalendar 4.0.3 - Multiple (Cross-Site Scripting / SQL Injection) Vulnerabilities phpCommunityCalendar 4.0.3 - Cross-Site Scripting / SQL Injection BASE 1.2.4 - melissa (Snort Frontend) Remote File Inclusion BASE 1.2.4 - melissa Snort Frontend Remote File Inclusion E Annu 1.0 - Login Bypass (SQL Injection) E Annu 1.0 - Authentication Bypass / SQL Injection ASP Smiley 1.0 - 'default.asp' Login Bypass 'SQL Injection' ASP Smiley 1.0 - 'default.asp' Authentication Bypass / SQL Injection paFileDB 3.5.2/3.5.3 - Remote Login Bypass (SQL Injection) paFileDB 3.5.2/3.5.3 - Remote Authentication Bypass / SQL Injection e107 0.7.8 - 'mailout.php' Access Escalation Exploit (Admin needed) e107 0.7.8 - 'mailout.php' Authenticated Access Escalation Exploit TaskDriver 1.2 - Login Bypass / SQL Injection TaskDriver 1.2 - Authentication Bypass / SQL Injection IBM Rational ClearQuest - Web Login Bypass (SQL Injection) IBM Rational ClearQuest - Web Authentication Bypass / SQL Injection Joomla! Component JoomlaXplorer 1.6.2 - Remote Vulnerabilities Joomla! Component JoomlaXplorer 1.6.2 - Remote Exploits Xomol CMS 1.2 - Login Bypass / Local File Inclusion Xomol CMS 1.2 - Authentication Bypass / Local File Inclusion cPanel 11.x - 'Fantastico' Local File Inclusion (sec Bypass) cPanel 11.x - 'Fantastico' Local File Inclusion mxCamArchive 2.2 - Bypass Config Download mxCamArchive 2.2 - Bypass Configuration Download All Club CMS 0.0.2 - Remote Database Config Retrieve Exploit All Club CMS 0.0.2 - Remote Database Configuration Retrieve Exploit OraMon 2.0.1 - Remote Config File Disclosure OraMon 2.0.1 - Remote Configuration File Disclosure Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP code writing Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP Code Writing phpScribe 0.9 - 'user.cfg' Remote Config Disclosure phpScribe 0.9 - 'user.cfg' Remote Configuration Disclosure BlogHelper - Remote Config File Disclosure PollHelper - Remote Config File Disclosure BlogHelper - Remote Configuration File Disclosure PollHelper - Remote Configuration File Disclosure QuoteBook - Remote Config File Disclosure QuoteBook - Remote Configuration File Disclosure Free Joke Script 1.0 - Authentication Bypass / SQL Injection Free Joke Script 1.0 - Authentication Bypass Grestul 1.x - Authentication Bypass (Cookie SQL Injection) Grestul 1.x - Cookie Authentication Bypass S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete Vulnerabilities S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete smNews 1.0 - Authentication Bypass/Column Truncation Vulnerabilities smNews 1.0 - Authentication Bypass / Column Truncation Free Arcade Script 1.0 - Authentication Bypass (SQL Injection) / Arbitrary File Upload Free Arcade Script 1.0 - Authentication Bypass / Arbitrary File Upload phpAdBoard - 'conf.inc' Remote Config File Disclosure phpAdBoard - 'conf.inc' Remote Configuration File Disclosure W2B Restaurant 1.2 - 'conf.inc' Config File Disclosure phpAdBoardPro - 'config.inc' Config File Disclosure W2B Restaurant 1.2 - 'conf.inc' Configuration File Disclosure phpAdBoardPro - 'config.inc' Configuration File Disclosure Job2C - 'conf.inc' Config File Disclosure Job2C - 'conf.inc' Configuration File Disclosure chCounter 3.1.3 - (Authentication Bypass) SQL Injection chCounter 3.1.3 - Authentication Bypass The Recipe Script 5 - (Authentication Bypass) SQL Injection / Database Backup The Recipe Script 5 - Authentication Bypass / Database Backup Mlffat 2.1 - (Authentication Bypass / Cookie) SQL Injection Mlffat 2.1 - Cookie Authentication Bypass my-colex 1.4.2 - Authentication Bypass / Cross-Site Scripting / SQL Injection my-colex 1.4.2 - Authentication Bypass / SQL Injection / Cross-Site Scripting Flash Image Gallery 1.1 - Arbitrary Config File Disclosure Flash Image Gallery 1.1 - Arbitrary Configuration File Disclosure Traidnt Up 2.0 - (Authentication Bypass / Cookie) SQL Injection Traidnt Up 2.0 - Cookie Authentication Bypass LightNEasy sql/no-db 2.2.x - System Config Disclosure LightNEasy sql/no-db 2.2.x - System Configuration Disclosure MD-Pro 1.083.x - Survey Module (pollID) Blind SQL Injection MD-Pro 1.083.x - Survey Module 'pollID' Blind SQL Injection WHOISCART - (Authentication Bypass) Information Disclosure WHOISCART - Authentication Bypass / Information Disclosure ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Information Disclosure Vulnerabilities ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition / Information Disclosure mobilelib gold 3.0 - Authentication Bypass / SQL Injection Mobilelib Gold 3.0 - Authentication Bypass / SQL Injection Arab Portal 2.2 - (Authentication Bypass) Blind SQL Injection Arab Portal 2.2 - Blind Cookie Authentication Bypass Joomla! Component com_surveymanager 1.5.0 - SQL Injection (stype) Joomla! Component com_surveymanager 1.5.0 - 'stype' SQL Injection Joomla! Component com_virtuemart 1.0 - SQL Injection (Product_ID) Joomla! Component com_virtuemart 1.0 - 'Product_ID' SQL Injection Pre Job Board 1.0 - SQL Authentication Bypass Pre Job Board 1.0 - Authentication Bypass Pre Jobo .NET - SQL Authentication Bypass Pre Jobo .NET - Authentication Bypass SoftCab Sound Converter - ActiveX Insecure Method Exploit (sndConverter.ocx) SoftCab Sound Converter - 'sndConverter.ocx' ActiveX Insecure Method Exploit WSC CMS - (Authentication Bypass) SQL Injection WSC CMS - Authentication Bypass Joomla! Component dcsFlashGames 2.0RC1 - SQL Injection (catid) Joomla! Component dcsFlashGames 2.0RC1 - 'catid' SQL Injection 3Com* iMC (Intelligent Management Center) - Unauthenticated File Retrieval (Traversal) 3Com* iMC (Intelligent Management Center) - Unauthenticated Traversal File Retrieval Yamamah Photo Gallery 1.00 - SQL Injection (calbums) Yamamah Photo Gallery 1.00 - 'calbums' SQL Injection Elite Gaming Ladders 3.5 - SQL Injection (ladder[id]) Elite Gaming Ladders 3.5 - 'ladder[id]' SQL Injection Harris Stratex StarMAX 2100 WIMAX Subscriber Station - Running Config Cross-Site Request Forgery Harris Stratex StarMAX 2100 WIMAX Subscriber Station - Running Configuration Cross-Site Request Forgery AV Arcade 3 - Cookie SQL Injection / Authentication Bypass AV Arcade 3 - Cookie Authentication Bypass MODx REvolution CMS 2.0.4-pl2 - Cross-Site Scripting (POST Injection) MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting appRain Quick Start Edition Core Edition Multiple 0.1.4-Alpha - Cross-Site Scripting Vulnerabilities appRain Quick Start Edition Core Edition Multiple 0.1.4-Alpha - Cross-Site Scripting ExtCalendar2 - (Authentication Bypass / Cookie) SQL Injection ExtCalendar2 - Cookie Authentication Bypass / Backdoor Upload Seotoaster - SQL Injection Admin Login Bypass Seotoaster - SQL Injection BBS E-Market Professional bf_130 (1.3.0) - Multiple File Disclosure Vulnerabilities BBS E-Market Professional bf_130 1.3.0 - Multiple File Disclosure Vulnerabilities phpBB 1.x/2.0.x - '(Knowledge Base Module) 'KB.php' SQL Injection phpBB 1.x/2.0.x - Knowledge Base Module 'KB.php' SQL Injection PhpTax 0.8 - File Manipulation (newvalue) / Remote Code Execution PhpTax 0.8 - File Manipulation 'newvalue' / Remote Code Execution Spid 1.3 - lang_path File Inclusion Spid 1.3 - 'lang_path' File Inclusion NETGEAR WPN824v3 - Unauthorized Config Download NETGEAR WPN824v3 - Unauthorized Configuration Download TWiki 4.0.x - Viewfile Directory Traversal TWiki 4.0.x - 'Viewfile' Directory Traversal ZonPHP 2.25 - Remote Code Execution (Remote Code Execution) ZonPHP 2.25 - Remote Code Execution pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting Web Vulnerabilities pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting LedgerSMB1.0/1.1 / SQL-Ledger 2.6.x - 'Login' Local File Inclusion / Authentication Bypass Vulnerabilities LedgerSMB1.0/1.1 / SQL-Ledger 2.6.x - 'Login' Local File Inclusion / Authentication Bypass geoBlog MOD_1.0 - 'deletecomment.php?id' Arbitrary Comment Deletion geoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion GeoBlog MOD_1.0 - 'deletecomment.php?id' Arbitrary Comment Deletion GeoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion LevelOne WBR3404TX Broadband Router - 'RC' Cross-Site Scripting Vulnerabilities LevelOne WBR3404TX Broadband Router - 'RC' Cross-Site Scripting Ability Mail Server 2013 - Cross-Site Request Forgery (via Persistent Cross-Site Scripting) (Password Reset) Ability Mail Server 2013 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Password Reset) WiFiles HD 1.3 iOS - Locla File Inclusion WiFiles HD 1.3 iOS - Local File Inclusion IBM Maximo 4.1/5.2 - '/debug.jsp' HTML Injection / Information Disclosure Vulnerabilities IBM Maximo 4.1/5.2 - '/debug.jsp' HTML Injection / Information Disclosure H2O-CMS 3.4 - PHP Code Injection / Cookie Authentication Bypass Vulnerabilities H2O-CMS 3.4 - PHP Code Injection / Cookie Authentication Bypass IBM Tivoli Netcool Service Quality Manager - Cross-Site Scripting / HTML Injection Vulnerabilities IBM Tivoli Netcool Service Quality Manager - Cross-Site Scripting / HTML Injection Joomla! Component MS Comment 0.8.0b - Security Bypass / Cross-Site Scripting Vulnerabilities Joomla! Component MS Comment 0.8.0b - Security Bypass / Cross-Site Scripting Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python Exploit) Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python) vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion / SQL Injection / Cross-Site Scripting vBulletin MicroCART 1.1.4 - Arbitrary Files Deletion / SQL Injection / Cross-Site Scripting ZTE F660 - Remote Config Download ZTE F660 - Remote Configuration Download Tango DropBox 3.1.5 + PRO - Activex Heap Spray Tango FTP 1.0 (Build 136) - Activex Heap Spray Tango DropBox 3.1.5 + PRO - Activex HeapSpray Tango FTP 1.0 (Build 136) - Activex HeapSpray Pinterestclones - Security Bypass / HTML Injection Vulnerabilities Pinterestclones - Security Bypass / HTML Injection Privoxy Proxy - Authentication Information Disclosure Vulnerabilities Privoxy Proxy - Authentication Information Disclosure ZTE ZXHN H108N Router - Unauthenticated Config Disclosure ZTE ZXHN H108N Router - Unauthenticated Configuration Disclosure Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection (XXE) Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection Kodi 15 - Arbitrary File Access (Web Interface) Kodi 15 - Web Interface Arbitrary File Access ( OpenMRS 2.3 (1.11.4) - XML External Entity (XXE) Processing Exploit OpenMRS 2.3 (1.11.4) - XML External Entity Processing Exploit OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery Ingenious School Management System 2.3.0 - 'friend_index' SQL injection |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | win_x86/local/40564.c
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) | windows/dos/18755.c
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86-64/local/39525.py
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86/local/39446.py
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | windows/local/18176.py
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).