| "Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution |
| .NET Framework EncoderParameter Integer Overflow Vulnerability |
| .Net Framework Execute Native x86 Shellcode |
| .Net Framework Tilde Character DoS |
| .NET Remoting Services Remote Command Execution |
| .NET Runtime Optimization Service Privilege Escalation Exploit 0day |
| [Hebrew] Digital Whisper Security Magazine #39 |
| [Raspberry Pi] Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 30 bytes |
| [Raspberry Pi] Linux/ARM - chmod("/etc/shadow", 0777) - 41 bytes |
| [Raspberry Pi] Linux/ARM - reverse_shell(tcp,10.1.1.2,0x1337) |
| [Spanish] Hashcat Manual de Usuario |
| [Turkish] Pen-Tester's Guide for Metasploit Framework |
| 1 Click Audio Converter 2.3.6 - Activex Buffer Overflow |
| 1 Click Extract Audio 2.3.6 - Activex Buffer Overflow |
| 15 TOTOLINK Router Models - Multiple RCE Vulnerabilities |
| 2X ApplicationServer 10.1 TuxSystem Class ActiveX Control Remote File Overwrite Vulnerability |
| 2X Client for RDP 10.1.1204 ClientSystem Class ActiveX Control Download and Execute Vulnerability |
| 4 TOTOLINK Router Models - Backdoor Credentials |
| 4 TOTOLINK Router Models - CSRF and XSS Vulnerabilities |
| 4digits 1.1.4 - Local Buffer Overflow |
| 4Images 1.7.13 - SQL Injection |
| 4PSA VoipNow Professional 2.5.3 Multiple Vulnerabilities |
| 7-Technologies IGSS 9.00.00.11059 Multiple Vulnerabilities |
| 8 TOTOLINK Router Models - Backdoor and RCE |
| A Short Guide on ARM Exploitation |
| A10 Networks Loadbalancer - Directory Traversal |
| A10 Networks Loadbalancer - Directory Traversal |
| Aanval 7.1 build 70151 - Multiple Vulnerabilities |
| Aanval 7.1 build 70151 - Multiple Vulnerabilities |
| AB Banner Exchange (index.php page) Local File Inclusion |
| ABB MicroSCADA wserver.exe Remote Code Execution |
| ABB MicroSCADA wserver.exe Remote Code Execution |
| ABBS Audio Media Player 3.0 .lst Buffer Overflow Exploit (SEH) |
| ABBS Audio Media Player Buffer Overflow Exploit (M3U/LST) |
| ABBS Electronic Flash Cards 2.1 .fcd Buffer Overflow Exploit |
| Ability FTP Server 2.1.4 - Admin Panel AUTHCODE Command Remote DoS |
| Ability FTP Server 2.1.4 - afsmain.exe USER Command Remote DoS |
| Ability Mail Server 2013 - Password Reset CSRF from Stored XSS (Web UI) |
| Ability Mail Server 2013 - Password Reset CSRF from Stored XSS (Web UI) |
| ACal 2.2.6 (example.php, view param) - Local File Inclusion Vulneberality |
| ACal 2.2.6 (example.php, view param) - Local File Inclusion Vulneberality |
| Acal calendar 2.2.6 CSRF Vulnerability |
| Accellion File Transfer Appliance MPIPE2 Command Execution |
| Accellion FTA getStatus verify_oauth_token Command Execution |
| Acoustica Pianissimo 1.0 Build 12 (Registration ID) Buffer Overflow PoC |
| Acrobat Reader DC 15.008.20082.15957 - PDF Parsing Memory Corruption Vulnerability |
| ActFax 4.31 Local Privilege Escalation Exploit |
| ActFax 5.01 RAW Server Exploit |
| ActFax Server (LPD/LPR) Remote Buffer Overflow Exploit |
| ActFax Server FTP Remote BOF (post auth) |
| ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution |
| actiTIME 2015.2 - Multiple Vulnerabilities |
| ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC |
| ActualAnalyzer 'ant' Cookie Command Execution |
| ActualAnalyzer 'ant' Cookie Command Execution |
| ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution |
|
|
| Acunetix WP Security Plugin 3.0.3 - XSS |
| Acunetix WVS 10 - Local Privilege escalation |
| Acunetix WVS 10 - Local Privilege escalation |
| Acunetix WVS 10 - Remote Command Execution (System) |
| Ad Manager Pro Multiple Vulnerabilities |
| Ad Manager Pro v. 4 LFI |
| ADAN Neuronlabs (view.php ) SQL Injection Vulnerability |
| AdaptCMS 2.0.4 (config.php, question parameter) SQL Injection Vulnerability |
| AdaptCMS 3.0.3 - Multiple Vulnerabilities |
| Adem 0.5.1 - Local File Inclusion |
| ADH-Web Server IP-Cameras - Multiple Vulnerabilities |
| Admidio 2.3.5 Multiple Vulnerabilities |
| AdminStudio LaunchHelp.dll ActiveX Arbitrary Code Execution |
| Adobe Animate 15.2.1.95 - Memory Corruption |
| Adobe ColdFusion - Directory Traversal' |
| Adobe ColdFusion < 11 Update 10 - XML External Entity Injection |
| Adobe ColdFusion 9 - Administrative Login Bypass |
| Adobe ColdFusion 9 - Administrative Login Bypass |
| Adobe ColdFusion 9 Administrative Login Bypass |
| Adobe ColdFusion 9 Administrative Login Bypass |
| Adobe Connect 9.5.7 - Cross-Site Scripting |
| Adobe Digital Editions <= 4.5.0 - .pdf Critical Memory Corruption |
| Adobe Flash - addProperty Use-After-Free |
| Adobe Flash - BitmapData.copyPixels Use-After-Free |
| Adobe Flash - Color.setTransform Use-After-Free |
| Adobe Flash - Crash When Freeing Memory After AVC decoding |
| Adobe Flash - Heap Overflow in ATF Processing (Image Reading) |
| Adobe Flash - JXR Processing Out-of-Bounds Read |
| Adobe Flash - Method Calls Use-After-Free |
| Adobe Flash - MovieClip Transform Getter Use-After-Free |
| Adobe Flash - MovieClip.duplicateMovieClip Use-After-Free |
| Adobe Flash - MP4 File Stack Corruption |
| Adobe Flash - Object.unwatch Use-After-Free Exploit |
| Adobe Flash - Out-of-Bounds Read when Placing Object |
| Adobe Flash - Overflow in Processing Raw 565 Textures |
| Adobe Flash - Selection.setFocus Use-After-Free |
| Adobe Flash - SetNative Use-After-Free |
| Adobe Flash - Shape Rendering Crash |
| Adobe Flash - SimpleButton Creation Type Confusion |
| Adobe Flash - Sprite Creation Use-After-Free |
| Adobe Flash - Stage.align Setter Use-After-Free |
| Adobe Flash - TextField.maxChars Use-After-Free |
| Adobe Flash - Transform.colorTranform Getter Info Leak |
| Adobe Flash - Type Confusion in FileReference Constructor |
| Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix |
| Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix |
| Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix |
| Adobe Flash - URLStream.readObject Use-After-Free |
| Adobe Flash - Use-After-Free When Rendering Displays From Multiple Scripts |
| Adobe Flash - Use-After-Free When Returning Rectangle |
| Adobe Flash - Use-After-Free When Setting Stage |
| Adobe Flash - Video Decompression Memory Corruption |
| Adobe Flash - Zlib Codec Heap Overflow |
| Adobe Flash BlurFilter Processing - Out-of-Bounds Memset |
| Adobe Flash GradientFill - Use-After-Frees |
| Adobe Flash IExternalizable.writeExternal - Type Confusion |
| Adobe Flash MovieClip.lineStyle - Use-After-Frees |
| Adobe Flash opaqueBackground Use After Free |
| Adobe Flash Out-of-Bounds Memory Read While Parsing a Mutated SWF File |
| Adobe Flash Out-of-Bounds Memory Read While Parsing a Mutated SWF File (2) |
| Adobe Flash Out-of-Bounds Memory Read While Parsing a Mutated TTF File Embedded in SWF |
| Adobe Flash Player 11.3 Font Parsing Code Execution |
| Adobe Flash Player 23.0.0.162 - '.SWF' ConstantPool Critical Memory Corruption |
| Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption |
| Adobe Flash Player AVM Bytecode Verification |
| Adobe Flash Player AVM Verification Logic Array Indexing Code Execution |
| Adobe Flash Player Drawing Fill Shader Memory Corruption |
|
|
| Adobe Flash Player Regular Expression Heap Overflow |
|
| Adobe Flash Player ShaderJob Buffer Overflow |
| Adobe Flash TextField.antiAliasType Setter - Use-After-Free |
| Adobe Flash TextField.gridFitType Setter - Use-After-Free |
| Adobe Flash Type Confusion in IExternalizable.readExternal When Performing Local Serialization |
| Adobe Flash Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter |
| Adobe Flash Use-After-Free in XML.childNodes |
| Adobe Flash Use-After-Free When Setting Value |
| Adobe Flash Use-After-Free When Setting Variable |
| Adobe Illustrator CS5.5 Memory Corruption Exploit |
| Adobe Photoshop 12.1 Tiff Parsing Use-After-Free |
| Adobe Photoshop CC & Bridge CC IFF File Parsing Memory Corruption |
| Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption |
| Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2 |
| Adobe Photoshop CS5.1 U3D.8BI Collada Asset Elements Stack Overflow |
| Adobe Reader 10.1.4 Crash PoC |
|
| Adobe Reader for Android 11.1.3 - Arbitrary JavaScript Execution |
|
| Adobe Reader for Android addJavascriptInterface Exploit |
| AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass |
| AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow |
| Adult Webmaster PHP - Password Disclosure |
| Adult Webmaster PHP - Password Disclosure |
| Adult Webmaster Script Password Disclosure Vulnerability |
| Advance MLM Script - SQL Injection |
| Advanced Desktop Locker 6.0.0 - Lock Screen Bypass |
| Advanced Electron Forum 1.0.9 - CSRF Vulnerabilities |
| Advanced Electron Forum 1.0.9 - Persistent XSS Vulnerabilities |
| Advanced Electron Forum 1.0.9 - RFI / CSRF Vulnerability |
| Advantech EKI-6340 Command Injection |
| Advantech Switch Bash Environment Variable Code Injection (Shellshock) |
| Advantech WebAccess 8.0, 3.4.3 ActiveX - Multiple Vulnerabilities |
| Advantech WebAccess dvs.ocx GetColor Buffer Overflow |
| Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability |
| Advertise With Pleasure! (AWP) 6.6 - SQL Injection Vulnerability |
| AfterLogic Mailsuite Pro (VMware Appliance) 6.3 Stored XSS |
| AfterLogic Pro and Lite 7.1.1.1 - Stored XSS |
| AfterLogic Pro and Lite 7.1.1.1 - Stored XSS |
| Agnitum Outpost Internet Security Local Privilege Escalation |
| Agnitum Outpost Internet Security Local Privilege Escalation |
| Agnitum Outpost Security Suite 8.1 - Privilege Escalation |
| Agora-Project 2.12.11 Arbitrary File Upload Vulnerability |
| Achat v0.150 beta7 Buffer Overflow |
| Achievo 1.4.5 Multiple Vulnerabilities |
| AIOCP 1.4.001 CSRF Vulnerability |
| Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities |
| Air Drive Plus 2.4 - Arbitrary File Upload Vulnerability |
| Air Files v2.6 for iPhone / iPod touch, Directory Traversal |
| Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities |
| Airlive IP Cameras - Multiple Vulnerabilities |
| Airlock WAF 4.2.4 Overlong UTF-8 Sequence Bypass |
| Airmail 3.0.2 - Cross-Site Scripting |
| AirOS 6.x - Arbitrary File Upload |
| airVisionNVR 1.1.13 readfile() Disclosure and SQL Injection |
| AIX 7.1 - lquerylv Local Privilege Escalation |
| Ajaxel CMS 8.0 - Multiple Vulnerabilities |
| AjaXplorer 1.0 - Multiple Vulnerabilities |
| AjaXplorer 1.0 - Multiple Vulnerabilities |
| AjaXplorer checkInstall.php Remote Command Execution |
| AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection |
| Aladdin Knowledge System Ltd - PrivAgent.ocx ChooseFilePath BOF |
| Aladdin Knowledge System Ltd ChooseFilePath Buffer Overflow |
| Aladdin Knowledge Systems Ltd. PrivAgent ActiveX Control Overflow |
| Aladdin Knowledge Systems Ltd. PrivAgent ActiveX Control Overflow |
| ALCASAR <= 2.8.1 - Remote Root Code Execution Vulnerability |
| ALCASAR <= 2.8.1 - Remote Root Code Execution Vulnerability |
| ALCASAR 2.8 Remote Root Code Execution Vulnerability |
| Alcassoft's SOPHIA CMS SQL Injection Vulnerability |
| Alcatel Lucent Omnivista 8770 - Remote Code Execution |
| Alcatel-Lucent OmniSwitch - CSRF Vulnerability |
| AlegroCart 1.2.8 - LFI/RFI Vulnerability |
| AlegroCart 1.2.8 - Multiple SQL Injection Vulnerabilities |
| Alibaba Clone B2B Script - Admin Authentication Bypass |
| Alibaba Clone Tritanium Version (news_desc.html) - SQL Injection Vulnerability |
| Alibaba Clone Tritanium Version (news_desc.html) - SQL Injection Vulnerability |
| AlienVault 4.3.1 - Unauthenticated SQL Injection |
| AlienVault OSSIM 3.1 Reflected XSS and Blind SQL Injection |
| AlienVault OSSIM 4.1.2 - Multiple SQL Injection Vulnerabilities |
|
| AlienVault OSSIM av-centerd Command Injection |
| Alienvault OSSIM Open Source SIEM 4.1 Multiple SQL Vulnerabilities |
|
| Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting |
| Alienvault OSSIM/USM 5.3.1 - PHP Object Injection |
| Alienvault OSSIM/USM 5.3.1 - SQL Injection |
| All In One Wordpress Firewall 3.8.3 - Persistent XSS Vulnerability |
| All In One Wordpress Firewall 3.8.3 - Persistent XSS Vulnerability |
| All Windows Null-Free Shellcode - Functional Keylogger to File - 601 (0x0259) bytes |
| Allied Telesis AT-MCF2000M 3.0.2 Gaining Root Shell Access |
| Allied Telesyn TFTP Server 1.9 Long Filename Overflow |
| ALLMediaServer 0.8 Buffer Overflow |
| ALLPlayer 5.6.2 (.m3u) - Local Buffer Overflow (SEH/Unicode) |
| ALLPlayer 5.6.2 (.m3u) - Local Buffer Overflow (SEH/Unicode) |
| ALLPlayer 5.6.2 (.m3u) - Local Buffer Overflow PoC |
| ALLPlayer 5.6.2 (.m3u) - Local Buffer Overflow PoC |
| ALLPlayer 5.8.1 - (.m3u file) Buffer Overflow (SEH) |
| ALLPlayer 5.8.1 - (.m3u file) Buffer Overflow (SEH) |
| ALLPlayer M3U Buffer Overflow |
| ALLPlayer M3U Buffer Overflow |
|
| AllReader 1.0 iOS - Multiple Vulnerabilities |
| AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary File Upload |
| Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode |
| Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit) |
| Aloaha Credential Provider Monitor 5.0.226 Local Privilege Escalation Vulnerability |
| Aloaha PDF Crypter (3.5.0.1164) ActiveX Arbitrary File Overwrite |
| Alpha Networks ADSL2/2+ Wireless Router ASL-26555 Password Disclosure |
| Alreader 2.5 .fb2 - SEH Based Stack Overflow (ASLR and DEP bypass) |
| Alternate Pic View 2.150 - .pgm Crash PoC |
| Alt-N MDaemon Free 12.5.4 Stored XSS |
| Amanda <= 3.3.1 - amstar Command Injection Local Root |
| Amanda <= 3.3.1 - Local Root Exploit |
| Ametys CMS 3.5.2 - (lang parameter) XPath Injection Vulnerability |
| Ametys CMS 3.5.2 - (lang parameter) XPath Injection Vulnerability |
| Ammyy Admin 3.2 - Authentication Bypass |
| Ammyy Admin 3.2 - Authentication Bypass |
| aMSN 0.98.9 Web App - Multiple Vulnerabilities |
| Android - 'BadKernel' Remote Code Execution |
| Android - Binder Generic ASLR Leak |
| Android - get_user/put_user Exploit (Metasploit) |
| Android - getpidcon Usage binder Service Replacement Race Condition |
| Android - 'gpsOneXtra' Data Files Denial of Service |
| Android - ih264d_process_intra_mb Memory Corruption |
| Android - IMemory Native Interface is Insecure for IPC Use |
| Android - Insufficient Binder Message Verification Pointer Leak |
| Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap |
| Android - IOMX getConfig/getParameter Information Disclosure |
| Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index |
| Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow |
| Android 1.x/2.x Local Root Exploit |
| Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit |
| Android 5.0 <= 5.1.1 - Stagefright .MP4 tx3g Integer Overflow (Metasploit) |
| Android ADB Debug Server Remote Payload Execution |
| Android Broadcom Wi-Fi Driver - Memory Corruption |
| Android Browser and WebView addJavascriptInterface Code Execution |
| Android Browser and WebView addJavascriptInterface Code Execution |
| Android FTPServer 1.9.0 Remote DoS |
| Android libstagefright - Integer Overflow Remote Code Execution |
| Android One mt_wifi IOCTL_GET_STRUCT Privilege Escalation |
| Android sensord Local Root Exploit |
| Android Shellcode Telnetd with Parameters |
| Android Stagefright - Remote Code Execution |
| Android WAPPushManager - SQL Injection |
| Android WAPPushManager - SQL Injection |
| Android WiFi-Direct Denial of Service |
| Android Zygote Socket Vulnerability Fork bomb Attack |
| Android Zygote Socket Vulnerability Fork bomb Attack |
| AneCMS v.2e2c583 LFI exploit |
| AnimaGallery 2.6 - Local File Inclusion |
| AnoBBS 1.0.1 - Remote File Inclusion |
| Another Wordpress Classifieds Plugin - SQL Injection |
| Ansible 2.1.4 / 2.2.1 - Command Execution |
| AnvSoft Any Video Converter 4.3.6 Stack Overflow Exploit |
| AnyDesk 2.5.0 - Unquoted Service Path Privilege Escalation |
| AoA Audio Extractor Basic 2.3.7 - ActiveX Exploit |
| AoA DVD Creator 2.6.2 - ActiveX Exploit |
| AoA DVD Creator V2.5 ActiveX Stack Overflow Exploit |
|
| AoA Mp4 converter v4.1.0 ActiveX Stack Overflow Exploit |
| AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution |
| Apache / PHP 5.x Remote Code Execution Exploit |
| Apache / PHP 5.x Remote Code Execution Exploit |
| Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner v2) |
| Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner v2) |
| Apache 2.4.7 mod_status Scoreboard Handling Race Condition |
| Apache 2.4.7 mod_status Scoreboard Handling Race Condition |
| Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution |
| Apache Commons FileUpload and Apache Tomcat Denial-of-Service |
| Apache CouchDB 2.0.0 - Local Privilege Escalation |
| Apache Jetspeed Arbitrary File Upload |
| Apache Mina 2.0.13 - Remote Command Execution |
| Apache mod_cgi - Remote Exploit (Shellshock) |
| Apache mod_cgi - Remote Exploit (Shellshock) |
| Apache mod_session_crypto - Padding Oracle |
| Apache OpenMeetings 1.9.x - 3.1.0 - ZIP File path Traversal |
| Apache Rave 0.11 - 0.20 - User Information Disclosure |
| Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure Vulnerability |
| Apache Struts <= 2.2.1.1 Remote Command Execution |
|
| Apache Struts Developer Mode OGNL Execution |
| Apache Struts Dynamic Method Invocation Remote Code Execution |
| Apache Struts includeParams Remote Code Execution |
| Apache suEXEC Privilege Elevation / Information Disclosure |
| Apache Tomcat 8/7/6 (Debian-Based Distros) - Privilege Escalation |
| Apache Tomcat 8/7/6 (RedHat-Based Distros) - Privilege Escalation |
| Apache Tomcat Manager Application Upload Authenticated Code Execution |
| Apache Tomcat Remote Exploit (PUT Request) and Account Scanner |
| Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE |
| Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE |
| Apexis IP CAM - Information Disclosure |
| AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting |
| ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author) |
| ApPHP MicroBlog 1.0.2 - Stored Cross Site Scripting |
| ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery |
| ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting |
| Apple iCloud Desktop Client 5.2.1.0 - Local Credentials Disclosure |
| Apple Intel HD 3000 Graphics driver 10.0.0 - Local Privilege Escalation |
| Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability |
| Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability |
| Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow |
| Apple iTunes 10 Extended M3U Stack Buffer Overflow |
|
| Apple Mac OS X Lion Kernel <= xnu-1699.32.7 except xnu-1699.24.8 NFS Mount - Privilege Escalation Exploit |
| Apple Motion 5.0.7 Integer Overflow Vulnerability |
| Apple Motion 5.0.7 Integer Overflow Vulnerability |
| Apple OS X Entitlements Rootpipe Privilege Escalation |
| Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free |
| Apple OS X/iOS - mach_ports_register Multiple Memory Safety Issues |
| Apple Patches iTunes, iCloud for Windows, Xcode Server |
| Apple qlmanage - SceneKit::daeElement::setElementName Heap Overflow |
| Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read |
| Apple Quicktime - MOV File Parsing Memory Corruption Vulnerability |
| Apple Quicktime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 1 |
| Apple Quicktime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 2 |
| Apple Quicktime < 7.7.79.80.95 - PSD File Parsing Memory Corruption |
| Apple Quicktime 7 Invalid Atom Length Buffer Overflow |
| Apple QuickTime 7.7.2 MIME Type Buffer Overflow |
| Apple QuickTime 7.7.2 Targa image Buffer Overflow |
| Apple QuickTime Player 7.7.2 Crash PoC |
| Apple QuickTime TeXML Stack Buffer Overflow |
| Apple Safari 6.0.1 for iOS 6.0 and OS X 10.7/8 - Heap Buffer Overflow |
| Apple Safari 6.0.1 for iOS 6.0 and OS X 10.7/8 - Heap Buffer Overflow |
| Apple watchOS 2 - Crash PoC |
| AppLocker Execution Prevention Bypass |
| Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution |
| appRain 3.0.2 - Blind SQL Injection Vulnerability |
| appRain 3.0.2 - Blind SQL Injection Vulnerability |
| appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Exploit |
| appRain CMF 3.0.2 - CSRF Add/Delete Admin Account |
| appRain CMF 3.0.2 - CSRF Add/Delete Admin Account |
| appRain CMF Arbitrary PHP File Upload Vulnerability |
| APT - Repository Signing Bypass via Memory Allocation Failure |
| Arab Portal 3 - SQL Injection Vulnerability |
| AraDown Blind SQL Injection |
| Arachni Web Application Scanner Web UI - Stored XSS Vulnerability |
|
| Arastta 1.1.5 - SQL Injection Vulnerabilities |
| ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege... |
| Arctic Torrent 1.2.3 Memory Corruption (DoS) |
| ARG-W4 ADSL Router - Multiple Vulnerabilities |
| Archin WordPress Theme 3.2 Unauthenticated Configuration Access |
| Arris TG1682G Modem - Stored XSS Vulnerability |
| ArrowChat 1.5.61 Multiple Vulnerabilities |
| ArticleFR 11.06.2014 (data.php) - Privilege Escalation |
| Artiphp CMS 5.5.0 Database Backup Disclosure Exploit |
| Artweaver 3.1.5 (.AWD) - Buffer Overflow Vulnerability |
| Aruba Mobility Controller 6.4.2.8 - Multiple vulnerabilities |
| ARYADAD Multiple Vulnerabilities |
| asaanCart XSS/LFI Vulnerabilities |
| Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities |
| aSc Timetables 2013 - Stack Buffer Overflow Vulnerability |
| ASLDRService ATK Hotkey 1.0.69.0 - Unquoted Service Path Privilege Escalation |
| Aspen 0.8 - Directory Traversal |
| ASP-Nuke 2.0.7 - 'gotourl.asp' Open Redirect Vulnerability |
| Asseco SEE iBank FX Client 2.0.9.3 - Local Privilege Escalation Vulnerability |
| Asseco SEE iBank FX Client 2.0.9.3 - Local Privilege Escalation Vulnerability |
| ASUS DSL-X11 ADSL Router - Unauthenticated DNS Change |
| ASUS Memory Mapping Driver (ASMMAP/ASMMAP64): Physical Memory Read/Write |
| ASUS Net4Switch ipswcom.dll ActiveX Stack Buffer Overflow |
| Asus RT56U 3.0.0.4.360 - Remote Command Injection |
| Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability |
| Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability |
| ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution |
| Asx to Mp3 2.7.5 - Stack Overflow |
| ATKGFNEXSrv ATKGFNEX 1.0.11.1 - Unquoted Service Path Privilege Escalation |
| Atlassian Confluence 4.3.5 - Multiple Vulnerabilities |
| Atlassian Confluence 5.2 / 5.8.14 / 5.8.15 - Multiple Vulnerabilities |
| Atlassian Confluence 5.9.12 - Persistent Cross-Site Scripting |
| Atlassian HipChat for Jira Plugin Velocity Template Injection |
| Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure |
| Atmail Webmail 7.2 - Multiple Vulnerabilities |
| Attackers Replacing Firmware on Cisco Routers |
| ATutor 1.2 Multiple Vulnerabilities |
| ATutor 2.2 - Multiple XSS Vulnerabilities |
| ATutor 2.2.1 Directory Traversal / Remote Code Execution |
| ATutor 2.2.1 SQL Injection / Remote Code Execution |
| ATutor LMS install_modules.php CSRF Remote Code Execution Vulnerability |
| Audacious 3.7 - ID3 Local Crash PoC |
| Audio Editor Master 5.4.1.217 Denial Of Service Vulnerability |
| AudioCoder .M3U Buffer Overflow |
| AudioCoder 0.8.22 - Direct Retn Buffer Overflow |
| AudioCoder 0.8.22 (.m3u) - SEH Buffer Overflow |
| AudioCoder 0.8.29 - Memory Corruption (SEH) |
| Audiotran PLS File Stack Buffer Overflow |
| Audiotran PLS File Stack Buffer Overflow |
| AuraCMS 2.3 - Multiple Vulnerabilities |
| AuraCMS 2.3 - Multiple Vulnerabilities |
| Auto Database System 1.0 Infusion Addon SQL injection Vulnerability |
| AutoCAD DWG and DXF To PDF Converter 2.2 - Buffer Overflow |
| Auto-Exchanger 5.1.0 - CSRF Vulnerability |
| Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution |
| AutoPlay v1.33 (autoplay.ini) Local Buffer Overflow Exploit (SEH) |
| AutoWeb 3.0 - (noticias.php id_cat) SQL Injection Exploit |
|
| Auxilium PetRatePro Multiple Vulnerabilities |
| Auxilium RateMyPet Arbitrary File Upload Vulnerability |
| AV Arcade Free Edition (add_rating.php, id parameter) Blind SQL Injection |
| Avast Antivirus X.509 Error Rendering Command Execution |
| Avast Heap Overflow Unpacking MoleBox Archives |
| Avast Integer Overflow Verifying numFonts in TTC Header |
| Avast JetDb::IsExploited4x - Performs Unbounded Search on Input |
| Avast OOB Write Decrypting PEncrypt Packed Executables |
| Avaya IP Office Manager 8.1 TFTP DOS |
| Avaya WinPDM UniteHostRouter <= 3.8.2 Remote Pre-Auth Command Execute |
| Avaya WinPMD UniteHostRouter Buffer Overflow |
| AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit |
| AVerCaster Pro RS3400 Web Server Directory Traversal |
| Aviosoft Digital TV Player Professional 1.x (Direct Retn) |
| AVIPreview 0.26 Alpha Denial of Service |
| Avira - Heap Underflow Parsing PE Section Headers |
| Avira 14.0.7.342 - (avguard.exe) Service Trusted Path Privilege Escalation |
| Avira AntVir QUA file in (avcenter.exe) Local Crash PoC |
| Avira Internet Security avipbb.sys Filter Bypass and Privilege Escalation |
| Avira Secure Backup 1.0.0.1 Build 3616 (.reg) - Buffer Overflow |
| Avira Secure Backup 1.0.0.1 Build 3616 (.reg) - Buffer Overflow |
| AVM FRITZ!Box < 6.30 - Buffer Overflow |
| AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities |
| AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities |
| AVTECH IP Camera, NVR, and DVR Devices - Multiple Vulnerabilities |
| AWCM v2.2 final Persistent Cross Site Script Vulnerability |
| AWS XMS 2.5 (importer.php, what param) - Directory Traversal Vulnerability |
| Axessh 4.2 - Denial Of Service |
| Axigen Mail Server 8.0.1 Stored XSS |
| AXIS Media Control 6.2.10.11 - Unsafe ActiveX Method |
| AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector |
| Axis Network Cameras - Multiple Vulnerabilities |
| Axous 1.1.1 Multiple Vulnerabilities (CSRF - Persistent XSS) |
| Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF |
| B2B Portal Script - Blind SQL Injection |
| b2ePMS 1.0 Authentication Bypass Vulnerability |
| b2ePMS 1.0 multiple SQLi Vulnerabilities |
| b2evolution 4.1.6 - Multiple Vulnerabilities |
| b374k Web Shell - CSRF Command Injection |
| BabyGekko 1.2.2e Multiple Vulnerabilities |
| Bacula-web 1.3.x - 5.0.3 Multiple Remote Vulnerabilities |
| Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing |
|
| Baidu Spark Browser v26.5.9999.3511 - Remote Stack Overflow Vulnerability (DoS) |
| BananaDance Wiki b2.2 Multiple Vulnerabilities |
| Barracuda Cloud CC v3.04.015 - Multiple Web Vulnerabilities |
| Barracuda CudaTel 2.6.02.040 - SQL Injection Vulnerability |
| Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities |
| Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities |
| Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities |
| Barracuda Message Archiver 650 - Persistent XSS Vulnerability |
| Barracuda Message Archiver 650 - Persistent XSS Vulnerability |
| Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Vulnerability |
| Barracuda Networks Cloud Series - Filter Bypass Vulnerability |
| Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit) |
| Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit) |
| Base64 Decoder 1.1.2 - SEH OverWrite PoC |
| Bash - CGI RCE (MSF) Shellshock Exploit |
|
| Bash Environment Variables Code Injection Exploit |
| Basilic 1.5.14 diff.php Arbitrary Command Execution |
| Bassmaster 1.5.1 - Batch Arbitrary JavaScript Injection Remote Code Execution... |
| Battle.Net 1.5.0.7963 - Insecure File Permissions Privilege Escalation |
| Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow Vulnerability |
| Beckhoff CX9020 CPU Module - Remote Code Execution Exploit |
| Beckhoff CX9020 CPU Module - Remote Code Execution Exploit |
| Bedita 3.5.1 - XSS Vulnerabilities |
| BEdita CMS 3.5.0 - Multiple Vulnerabilities |
| Beetel Connection Manager PCW_BTLINDV1.0.0B04 - SEH Buffer Overflow |
| Beetel Connection Manager PCW_BTLINDV1.0.0B04 - SEH Buffer Overflow |
| Belkin N150 Wireless Home Router F9K1009 v1 - Multiple Vulnerabilities |
| Belkin n750 jump login Parameter Buffer Overflow |
| Belkin n750 jump login Parameter Buffer Overflow |
| Belkin Router N150 1.00.08, 1.00.09 - Path Traversal Vulnerability |
| beSTORM 3.5.6 ActiveX (WinGraphviz.dll) Remote Heap Overflow |
| Betsy v4.0 (ress.php) Local File Include Vulnerability |
| BigAnt Server 2 SCH And DUPF Buffer Overflow |
| BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit (ASLR + DEP bypass) |
| BigAnt Server DUPF Command Arbitrary File Upload |
| BigPond 3G21WB Multiple Vulnerabilities |
| Bigware Shop 2.3.01 - Multiple Local File Inclusion Vulnerabilities |
| Billion Router 7700NR4 - Remote Command Execution |
| Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash |
| Binatone DT 850W Wireless Router - Multiple CSRF Vulnerabilities |
| BirdBlog 1.4.0 - (Add New Post) Cross-Site Request Forgery |
| BisonWare BisonFTP Server 3.5 - Directory Traversal Vulnerability |
| Bitbot C2 Panel gate2.php - Multiple Vulnerabilities |
| Bitbot C2 Panel gate2.php - Multiple Vulnerabilities |
| Bitdefender GravityZone 5.1.5.386 - Multiple Vulnerabilities |
| Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion |
| Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal |
| Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability |
| Bitweaver 2.8.1 Multiple Vulnerabilities |
| Bitweaver 2.8.1 Persistant XSS Vulnerability |
| Bitweaver v2.81 Local File Inclusion Vulnerability |
| BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities |
| Blackberry Z10 Research Primer - Dissecting Blackberry 10 - An Initial Analysis |
| Blackboard LMS 9.1 SP14 - Cross-Site Scripting |
| BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution |
| Blade API Monitor Unicode Bypass (Serial Number BOF) |
| Blat.exe 2.7.6 SMTP / NNTP Mailer - Buffer Overflow |
| BlazeDVD 6.2 (.plf) - Buffer Overflow (SEH) |
| BlazeDVD Pro 7.0 - (.plf) Stack Based Buffer Overflow (Direct RET) |
| BlazeDVD Pro 7.0 (.plf) - Buffer Overflow (SEH) |
|
| BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP |
| BlazeVideo HDTV Player 6.6 Professional (Direct Retn) |
| BlazeVideo HDTV Player 6.6 Professional SEH&DEP&ASLR |
| Blog Mod <= 0.1.9 (index.php, month parameter) SQL Injection |
| bloofox CMS 0.5.0 - Multiple Vulnerabilities |
| BLUE COM Router 5360/52018 - Password Reset Exploit |
| BLUE COM Router 5360/52018 - Password Reset Exploit |
| BlueStacks 2.5.55 - Unquoted Service Path Privilege Escalation |
| Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities |
| Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities |
| Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities |
|
| Bluetooth Photo-File Share 2.1 iOS - Multiple Vulnerabilities |
|
| Bluetooth Text Chat 1.0 iOS - Code Execution Vulnerability |
| BMC Service Desk Express 10.2.1.95 - Multiple Vulnerabilities |
| BMC Track-It! - Multiple Vulnerabilities |
| BMForum Myna 6.0 SQL Injection Vulnerability |
| boastMachine v3.1 <= CSRF Add Admin Vulnerability |
| Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability |
| Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability |
| Boilsoft RM TO MP3 Converter 1.72 - Crash POC (.wav) |
| Boilsoft RM TO MP3 Converter 1.72 - Crash POC (.wav) |
| BolinTech DreamFTP 1.02 - 'RETR' Command Remote Buffer Overflow |
|
| Bonefire v.0.7.1 - Reinstall Admin Account Exploit |
| Bonita BPM 6.5.1 - Multiple Vulnerabilities |
| Booking Calendar - Multiple Vulnerabilities |
| Booking System Pro CSRF Vulnerability |
| Boonex Dolphin 7.3.2 - Authentication Bypass |
| Bosch Security Systems Dinion NBN-498 Web Interface - XML Injection |
| Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities |
| BoutikOne (description.php) SQL Injection Vulnerability |
| BoxBilling 3.6.11 (mod_notification) Stored Cross-Site Scripting Vulnerability |
| Boxoft Wav 1.0 - Buffer Overflow |
| Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing |
| Brickcom Corporation Network Cameras - Multiple Vulnerabilities |
| Broadcom DoS on BCM4325 and BCM4329 Devices |
| Browser Navigation Download Trick |
| BrowserModifier:Win32/Smudplu |
| BSIGN 0.4.5 - Buffer Overflow |
| bsnes v0.87 Local Denial Of Service |
| Buffalo TeraStation TS-Series - Multiple Vulnerabilities |
| Buffalo WZR-HP-G300NH2 - CSRF Vulnerability |
| BulletProof FTP Client 2010 - Buffer Overflow (SEH) |
| BulletProof FTP Client 2010 - Buffer Overflow (SEH) |
| BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit |
| BulletProof FTP Client BPS Buffer Overflow |
| BusinessWiki 2.5RC3 Stored XSS & Arbitrary File Upload |
| BuyClassifiedScript PHP Code Injection Vulnerability |
| BWMeter v5.4.0 (.csv) Denial of Service Vulnerability |
| C/C++ Offline Compiler and C For OS - Persistent XSS |
| C2Box 4.0.0(r19171) - CSRF Vulnerability |
| C2S DVR Management IRDOME-II-C2S, IRBOX-II-C2S, DVR - Credentials Disclosure / Authentication Bypass |
| C99.php Shell - Authentication Bypass |
| CA 2E Web Option 8.1.2 - Authentication Bypass |
| CA BrightStor ARCserve Tape Engine 0x8A Buffer Overflow |
| CA BrightStor ARCserve Tape Engine 0x8A Buffer Overflow |
| Cacti Superlinks Plugin 1.4-2 RCE(LFI) via SQL Injection Exploit |
| CacheGuard-OS 5.7.7 - CSRF Vulnerability |
| CacheGuard-OS 5.7.7 - CSRF Vulnerability |
| CakePHP 2.x-2.2.0-RC2 XXE Injection |
| CakePHP Framework 3.2.4 - IP Spoofing |
| Calavera UpLoader 3.5 - SEH Buffer Overflow |
| CAM UnZip 5.1 - Archive Path Traversal |
| Cam2pc 4.6.2 - BMP Image Processing Integer Overflow Vulnerability |
| Cambium ePMP 1000 - Multiple Vulnerabilities |
| Cannonbolt Portfolio Manager v1.0 Multiple Vulnerabilities |
| Cart Engine 3.0 - Multiple Vulnerabilities |
| Cartweaver 3 Local File Inclusion Vulnerability |
| Categorizator 0.3.1 - SQL Injection |
| Catia V5-6R2013 "CATV5_AllApplications" - Stack Buffer Overflow |
| Catia V5-6R2013 "CATV5_AllApplications" - Stack Buffer Overflow |
| Catia V5-6R2013 "CATV5_Backbone_Bus" - Stack Buffer Overflow |
| Catia V5-6R2013 "CATV5_Backbone_Bus" - Stack Buffer Overflow |
| CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities |
| CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities |
| CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities |
| CCProxy 7.3 - Integer Overflow Exploit |
| CDex Genre 1.79 - Stack Buffer Overflow |
| Cells Blog 3.3 - XSS Reflected & Blind SQLite Injection |
| Cells Blog 3.3 - XSS Reflected & Blind SQLite Injection |
| Cells Blog CMS v1.1 Multiple Web Vulnerabilites |
| Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout) |
| Centos 7.1/Fedora 22 - abrt Local Root |
| Centreon <= 2.5.3 - Remote Command Execution |
| Centreon 2.5.3 - Web Useralias Command Execution (Metasploit) |
| Centreon 2.6.1 - Multiple Vulnerabilities |
| Cerb 7.0.3 - CSRF Vulnerability |
| Certec EDV atvise SCADA Server 2.5.9 - Privilege Escalation |
| CF Image Host 1.65 - CSRF Vulnerability |
| CF Image Host 1.65 - PHP Command Injection |
|
| cFos Personal Net 3.09 - Remote Heap Memory Corruption Denial of Service |
| Cgiemail 1.6 - Source Code Disclosure |
| CCH Wolters Kluwer PFX Engagement <= 7.1 - Local Privilege Escalation |
| cChatBox for vBulletin 3.6.8 and 3.7.x SQL Injection Vulnerability |
| CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution |
| CIScan 1.00 - Hostname/IP Field Crash PoC |
| CIScan 1.00 - Hostname/IP Field SEH Overwrite PoC |
| Cisco AnyConnect 3.1.08009 - Privilege Escalation via DMG Install Script |
| Cisco AnyConnect Secure Mobility 2.x, 3.x, 4.x - Client DoS PoC |
| Cisco AnyConnect Secure Mobility Client 3.1.08009 - Privilege Escalation |
| Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes) |
| Cisco ASA / PIX - Privilege Escalation (EPICBANANA) |
| Cisco ASA < 8.4.4.6|8.2.5.32 Ethernet Information Leak |
| Cisco ASA 8.x - Authentication Bypass (EXTRABACON) |
| Cisco ASA 9.2(3) - Authentication Bypass (EXTRABACON Module) |
| Cisco ASA 9.2(3) - 'EXTRABACON' Authentication Bypass |
| Cisco ASA Software 8.x / 9.x - IKEv1 and IKEv2 Buffer Overflow |
| Cisco DPC2100 Denial of Service |
| Cisco EPC 3925 - Multiple Vulnerabilities |
| Cisco Firepower Management Console 6.0 - Post Authentication UserAdd |
| Cisco Linksys E4200 Firmware - Multiple Vulnerabilities |
| Cisco Linksys PlayerPT ActiveX Control Buffer Overflow |
| Cisco Linksys WAG54GS CSRF Change Admin Password |
| Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability |
| Cisco Patches Critical Vulnerability in Facility Events Response System |
| Cisco Prime Data Center Network Manager Arbitrary File Upload |
| Cisco Prime Data Center Network Manager Arbitrary File Upload |
| Cisco Sourcefire User Agent 2.2 - Insecure File Permissions |
| Cisco UCS Manager 2.1(1b) - Shellshock Exploit |
| Cisco Unified Communications Manager - Multiple Vulnerabilities |
| Cisco Unified Communications Manager 7/8/9 - Directory Traversal |
| Cisco Unity Express Multiple Vulnerabilities |
| Cisco Video Surveillance Operations Manager 6.3.2 - Multiple vulnerabilities |
| Cisco Webex Player T29.10 - '.ARF' Out-of-Bounds Memory Corruption |
| Cisco Webex Player T29.10 - '.WRF' Use-After-Free Memory Corruption |
| Citrix Access Gateway Command Execution |
| Citrix NetScaler SOAP Handler Remote Code Execution |
| Citrix NetScaler SOAP Handler Remote Code Execution |
| Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow |
| Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow |
| Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020004 Buffer Overflow |
| Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020006 Buffer Overflow |
| Citrix Receiver/Receiver Desktop Lock 4.5 - Authentication Bypass |
| CKEditor < 4.1 Drupal 6.x & 7.x - Persistent XSS Vulnerability |
| CKEditor 4.0.1 - Multiple Vulnerabilities |
| Clansphere 2010_3 Stored XSS Vulnerability |
| ClanSuite 2.9 Arbitrary File Upload Vulnerability |
| ClassApps SelectSurvey.net - Multiple SQL Injection Vulnerabilities |
| ClassApps SelectSurvey.net - Multiple SQL Injection Vulnerabilities |
| ClearSCADA - Remote Authentication Bypass Exploit |
| ClearSCADA - Remote Authentication Bypass Exploit |
| ClickDesk Multiple HTML Injection Vulnerabilities |
| ClickHeat <= 1.14 Change Admin Password CSRF |
|
| ClipBucket 2.5 CSRF Vulnerability |
| Clipbucket 2.7 RC3 0.9 - Blind SQL Injection |
| Clipbucket v2.5 Blind SQLi Vulnerability |
| Clipbucket v2.5 Directory Traversal |
| ClipperCMS 1.3.0 - Code Execution Vulnerability |
| ClipperCMS 1.3.0 - Multiple SQL Injection Vulnerabilities |
| ClipShare 4.1.1 - Multiples Vulnerabilites |
| ClipShare 4.1.1 (gmembers.php, gid param) - Blind SQL Injection Vulnerability |
| ClipShare 4.1.4 - Multiple Vulnerabilities |
| ClipSharePro <= 4.1 - Local File Inclusion |
| ClipSharePro <= 4.1 - Local File Inclusion |
| Clipster Video Persistent XSS Vulnerability |
| CLscript CMS v3.0 Multiple Vulnerabilities |
| CMS Formulasi 2.07 - Multiple Vulnerabilities |
| CMS Formulasi 2.07 - Multiple Vulnerabilities |
| CMS Made Simple < 2.1.3 & < 1.12.1 - Web Server Cache Poisoning |
| CMS Made Simple 2.1.5 - Cross-Site Scripting |
| CMS Papoo 6.0.0 Rev. 4701 - Stored XSS |
| CMS phpshop 2.0 SQL Injection Vulnerability |
| CMS snews SQL Injection Vulnerability |
|
| CMSQLITE v1.3.2 Multiple Vulnerabiltiies |
| cnzz CMS SQLi (company.php) |
| cnzz CMS SQLi (company.php) |
| CodeBlocks 12.11 (Mac OS X) - Crash POC |
| CodeBlocks v8.02 (cbp) Buffer Overflow Exploit |
| CodeMeter 4.50.906.503 - Service Trusted Path Privilege Escalation |
| CodoForum 3.2.1 - SQL Injection |
| Cogent Datahub <= 7.3.9 Gamma Script Elevation of Privilege |
|
| Cogent DataHub Command Injection |
| Cogent DataHub HTTP Server Buffer Overflow |
| Cogent DataHub HTTP Server Buffer Overflow |
| ColdFusion 9-10 - Credential Disclosure Exploit |
| Collabtive 1.0 (manageuser.php, task param) - SQL Injection Vulnerability |
| Colloquy 1.3.5 and 1.3.6 Denial of Service Vulnerability |
| ColoradoFTP 1.3 Prime Edition (Build 8) - Directory Traversal |
| Colorful Blog - Cross-Site Request Forgery (Change Admin Password) |
| Colorful Blog - Stored Cross Site Scripting |
| Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities |
| Cometchat - Multiple Vulnerabilities |
| Cometchat Application - Multiple Vulnerabilities |
| Comment Rating 2.9.23 Wordpress Plugin Multiple Vulnerabilities |
| Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation |
| Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents |
| Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks |
| Comodo - PackMan Unpacker Insufficient Parameter Validation |
| Comodo Antivirus - Heap Overflow in LZX Decompression |
| Comodo Antivirus Forwards Emulated API Calls to the Real API During Scans |
| Comodo Backup 4.4.0.0 - NULL Pointer Dereference EOP |
| Comodo Dragon Browser - Unquoted Service Path Privilege Escalation |
| Comodo Chromodo Browser - Unquoted Service Path Privilege Escalation |
| Comodo Internet Security - HIPS/Sandbox Escape PoC |
| CompuSource Systems - Real Time Home Banking - Local Privilege Escalation |
| ComSndFTP Server 1.3.7 Beta Remote Format String Overflow |
| ComSndFTP v1.3.7 Beta USER Buffer Overflow |
| Comtrend ADSL Router CT-5367 C01_R12 Remote Root |
| COMTREND ADSL Router CT-5367 C01_R12, CT-5624 C01_R03 - Unauthenticated DNS Change |
| Conceptronic Grab’n’Go Network Storage Directory Traversal |
| Concrete5 5.6.2.1 (index.php, cID param) - SQL Injection |
| Concrete5 5.6.2.1 (index.php, cID param) - SQL Injection |
| concrete5 CMS 5.6.1.2 - Multiple Vulnerabilities |
| ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow |
| Constructr CMS 3.03 Miltiple Remote Vulnerabilities |
| ContaoCMS (fka TYPOlight) <= 2.11 CSRF (Delete Admin- Delete Article) |
| Cool PDF Reader 3.0.2.256 Buffer Overflow |
| CoolPlayer Portable 2.19.2 Buffer Overflow ASLR bypass |
| CoolPlayer+ Portable 2.19.2 Buffer Overflow ASLR Bypass (Large Shellcode) |
| CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter+ASLR bypass) |
| CoolZip 2.0 zip Buffer Overflow Exploit |
| Coppermine Photo Gallery 1.5.x Remote Command Execution |
| Core FTP LE 2.2 - 'SSH/SFTP' Remote Buffer Overflow (PoC) |
| Core FTP Server 1.2 - Buffer Overflow PoC |
| CORE Multimedia Suite 2011 CORE Player 2.4 Buffer Overflow (.m3u) |
| Corel PDF Fusion Stack Buffer Overflow |
| CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability |
| Counter-Strike 1.6 'GameInfo' Query Reflection DoS PoC |
| couponPHP CMS 1.0 - Multiple Stored XSS and SQL Injection Vulnerabilities |
| couponPHP CMS 1.0 - Multiple Stored XSS and SQL Injection Vulnerabilities |
| Course Registration Management System 2.1 Multiple Vulnerabilities |
| cPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS |
| cPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS |
| cPassMan v1.82 Remote Command Execution Exploit |
| crea8social 1.3 - Stored XSS Vulnerability |
| Crea8Social 2.0 - XSS Change Interface |
| CreateVision CMS Database injection. |
| Creative Contact Form - Arbitrary File Upload |
| Creative Contact Form (Wordpress 0.9.7 and Joomla 2.0.0) - Shell Upload Vulnerability |
| Crestron AM-100 - Multiple Vulnerabilities |
| CRLF injection / HTTP response Splitting |
| Croogo 2.0.0 - Arbitrary PHP Code Execution Exploit |
| Croogo 2.0.0 - Multiple Stored XSS Vulnerabilities |
| Crouzet em4 soft 1.1.04 - .pm4 Integer Division By Zero |
| Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions |
| Cryptocat Arbitrary Script Injection Vulnerability |
| Cryptocat Arbitrary Script Injection Vulnerability |
| Csound hetro File Handling Stack Buffer Overflow |
| CTERA 3.2.29.0 and 3.2.42.0 - Stored XSS |
| CTERA 3.2.29.0 and 3.2.42.0 - Stored XSS |
| CubeCart 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability |
| CubeCart 5.2.8 - Session Fixation |
| CubeCart 6.0.10 - Multiple Vulnerabilities |
| CUDA Cracking |
| CumulusClips 2.4.1 - Multiple Vulnerabilities |
| Cuppa CMS (alertConfigField.php, urlConfig param) - Remote/Local File Inclusion |
| CUPS Filter Bash Environment Variable Code Injection |
| cURL Buffer Overflow Vulnerability |
| CuteZip 2.1 Buffer Overflow Exploit |
| CVE-2012-1535: Adobe Flash Player Integer Overflow Vulnerability Analysis |
| CVE-2012-4969 Technical Analysis Report |
| CyberCop Scanner Smbgrind 5.5 - Buffer Overflow |
| CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow |
| CyberLink Power2Go name attribute (p2g) Stack Buffer Overflow Exploit |
| Cyberoam Firewall CR500iNG-XP - 10.6.2 MR-1 - Blind SQL Injection Vulnerability |
| Cyclope Employee Surveillance <= v8.6.1- Insecure File Permissions |
| Cyclope Employee Surveillance Solution v6 SQL Injection |
| Cyclope Employee Surveillance Solution v6.0 SQL Injection |
| Cydia Repo Manager CSRF Vulnerability |
| Cyme ChartFX Client Server ActiveX Control Array Indexing Vulnerability |
| Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass |
| Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass |
| DaloRadius - Multiple Vulnerabilities |
| DATAC RealWin Multiple Vulnerabilities |
| DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability |
| Daum Game 1.1.0.5 ActiveX (IconCreate Method) - Stack Buffer Overflow |
| Daum Game 1.1.0.5 ActiveX (IconCreate Method) - Stack Buffer Overflow |
| davfs2 1.4.6/1.4.7 - Local Privilege Escalation Exploit |
| davfs2 1.4.6/1.4.7 - Local Privilege Escalation Exploit |
| Davolink DV-2051 - Multiple Vulnerabilities |
|
| dbus-glib pam_fprintd - Local Root Exploit |
| DCMTK 3.6.0 storescp - Stack Buffer Overflow |
| DecisionTools SharpGrid ActiveX Control RCE |
| Deepin Linux 15 - lastore-daemon Privilege Escalation |
| DeepOfix SMTP Server 3.3 - Authentication Bypass |
| DeepOfix SMTP Server 3.3 - Authentication Bypass |
| DeleGate 9.9.13 - Local Root Vulnerability |
| Dell EqualLogic Storage - Directory Traversal |
| Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities |
| Dell Kace 1000 SMA v5.4.70402 - Persistent XSS Vulnerabilities |
| Dell KACE K1000 File Upload |
| Dell Netvault Backup 10.0.1.24 - Denial of Service |
| Dell PacketTrap MSP RMM 6.6.x - Multiple XSS Vulnerabilities |
| Dell PacketTrap PSA 7.1 - Multiple XSS Vulnerabilities |
| Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection |
| Dell SonicWall GMS 7.2.x - Code Injection |
| Dell SonicWall Scrutinizer <= 11.0.1 - setUserSkin/deleteTab SQL Injection Remote Code Execution |
| Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection |
| Dell SonicWALL Scrutinizer 9.0.1 (statusFilter.php q parameter) SQL Injection |
| Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site... |
| Dell Webcam CrazyTalk ActiveX BackImage Vulnerability |
| Dell Webcam Software Bundled ActiveX Remote Buffer Overflow Vulnerability |
| Delta Industrial Automation DCISoft 1.12.09 - Stack Buffer Overflow Exploit |
| Denial of Service in FoxPlayer version 2.6.0 |
|
| Depot WiFi 1.0.0 iOS - Multiple Vulnerabilities |
| DESlock+ <= 4.1.10 vdlptokn.sys Local Kernel ring0 SYSTEM Exploit |
| Detecting System Intrusions |
| deV!L`z Clanportal Witze Addon Versions 0.9 SQL Injection Vulnerability |
|
| DevExpress ASPxFileManager 10.2 to 13.2.8 - Directory Traversal |
| Device42 WAN Emulator 2.3 Ping Command Injection |
| Device42 WAN Emulator 2.3 Ping Command Injection |
| Device42 WAN Emulator 2.3 Traceroute Command Injection |
| Device42 WAN Emulator 2.3 Traceroute Command Injection |
| DeWeS 0.4.2 - Directory Traversal Vulnerability |
| DeWeS 0.4.2 - Directory Traversal Vulnerability |
| Dew-NewPHPLinks v.2.1b (index.php) SQL Injection Vulnerability |
| Dexs PM System Wordpress Plugin - Authenticated Persistent XSS (0day) |
| Dexs PM System Wordpress Plugin - Authenticated Persistent XSS (0day) |
| Dexter (CasinoLoader) Panel - SQL Injection |
| Dexter (CasinoLoader) Panel - SQL Injection |
| Dexter (CasinoLoader) SQL Injection |
| Dexter (CasinoLoader) SQL Injection |
| DFLabs PTK <= 1.0.5 Multiple Vulnerabilities (Steal Authentication Credentials) |
| DirectAdmin 1.491 - CSRF Vulnerability |
| DirectAdmin 1.50.1 - Denial of Service |
| DirectAdmin ADD Sub Domain CSRF Exploit |
| DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities |
| DirectShow Arbitrary Memory Overwrite Vulnerability (MS13-056) |
| DirPHP 1.0 - LFI Vulnerability |
| Disc ORGanizer - DORG - Multiple Vulnerabilities |
| Disconnect.me Mac OS X Client <= 2.0 - Local Privilege Escalation |
| Disk Pulse Enterprise 9.0.34 - Buffer Overflow Exploit |
| Disk Pulse Enterprise 9.1.16 - Buffer Overflow |
| Disk Savvy Enterprise 9.1.14 - Buffer Overflow |
| Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow |
| Disk Sorter Enterprise 9.1.12 - Buffer Overflow |
| DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow |
| DiskBoss Enterprise 7.5.12 - 'POST' Buffer Overflow (SEH) |
| Disqus Blog Comments Blind SQL Injection Vulnerability |
| Disqus for Wordpress 2.7.5 Admin Stored CSRF and XSS |
| Distributed Ruby send syscall vulnerability |
| DIY Web CMS Multiple Vulnerabilities |
| DJ Studio Pro 5.1 .pls Stack Buffer Overflow |
| DJ Studio Pro 5.1.6.5.2 SEH Exploit MSF |
| DjVuLibre <= 3.5.25.3 - Out of Bounds Access Violation |
| DjVuLibre <= 3.5.25.3 - Out of Bounds Access Violation |
| D-Link AP 3200 Multiple Vulnerabilities |
| D-Link AP 3200 Multiple Vulnerabilities |
|
| D-Link authentication.cgi Buffer Overflow |
| D-Link Cookie Command Execution |
| D-Link DCS Cameras - Multiple Vulnerabilities |
| Dlink DCS series CSRF Change Admin Password |
| D-Link DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability |
| D-Link DCS-930L Authenticated Remote Command Execution |
| D-Link DCS-931L File Upload |
| D-Link Devices HNAP SOAPAction-Header Command Execution |
| D-Link Devices Unauthenticated Remote Command Execution |
| D-Link Devices UPnP SOAP Command Execution |
| D-Link Devices UPnP SOAP Telnetd Command Execution |
| D-Link Devices UPnP SOAP Telnetd Command Execution |
| D-Link DGL5500 - HNAP Buffer Overflow Vulnerability |
| Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) |
| D-Link DIR-100 - Multiple Vulnerabilities |
| D-Link DIR-505 1.06 - Multiple Vulnerabilities |
| D-Link DIR-505 1.06 - Multiple Vulnerabilities |
| D-Link DIR-600 and DIR-300 (rev B) Multiple Vulnerabilities |
| D-Link DIR-601 - Command Injection Vulnerability |
| D-Link DIR-605 CSRF Vulnerability |
| D-Link DIR-605L Captcha Handling Buffer Overflow |
| D-Link DIR-605L Captcha Handling Buffer Overflow |
| D-Link DIR-615 - Multiple Buffer Overflow Vulnerabilities |
| Dlink DIR-615 Hardware vE4 Firmware v5.10 - CSRF Vulnerability |
| Dlink DIR-615 Hardware vE4 Firmware v5.10 - CSRF Vulnerability |
| D-Link DIR-615 rev H - Multiple Vulnerabilities |
| D-Link DIR615h OS Command Injection |
| D-Link DIR-635 - Multiple Vulnerabilities |
| D-Link DIR-645 - Multiple UPNP Vulnerabilities |
| D-Link DIR-815 - Multiple Vulnerabilities |
| D-Link DIR-815, DIR-850L - SSDP Command Injection |
| D-Link DIR-817LW - Multiple Vulnerabilities |
| D-Link DIR-818W - Multiple Vulnerabilities |
| D-Link DIR-825 (vC) - Multiple Vulnerabilities |
| D-Link DIR-866L - Multiple Buffer Overflow Vulnerabilities |
| D-Link DIR-880L - Multiple Buffer Overflow Vulnerabilities |
| D-Link DIR-890L/R - Multiple Buffer Overflow Vulnerabilities |
| D-Link DNS-323 - Multiple Vulnerabilities |
| D-Link DSL-2640B (ADSL Router) CSRF Vulnerability |
| D-Link DSL-2640B Authentication Bypass |
| D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change |
| D-Link DSL-2740B - Multiple CSRF Vulnerabilities |
| D-Link DSL-2740B - Multiple CSRF Vulnerabilities |
| D-Link DSL-2740R - Unauthenticated Remote DNS Change Exploit |
| D-Link DSL-2750B ADSL Router - CSRF Vulnerability |
| D-Link DSL-2750B ADSL Router - CSRF Vulnerability |
|
| D-link DSL-2760U-E1 - Persistent XSS |
| D-Link DSL-2780B DLink_1.01.14 - Unauthenticated Remote DNS Change |
| D-Link DSL-320B - Multiple Vulnerabilities |
| D-Link DSL-526B ADSL2+ AU_2.01 - Unauthenticated Remote DNS Change |
| D-Link DSR Series Router - Remote Shell Root Exploit |
| DLink DVGN5402SP - Multiple Vulnerabilities |
| Dlink DWR-113 Rev. Ax - CSRF Denial of Service |
| Dlink DWR-113 Rev. Ax - CSRF Denial of Service |
| D-Link DWR-932 Firmware 4.00 - Authentication Bypass |
|
| D-Link hedwig.cgi Buffer Overflow in Cookie Header |
| D-Link HNAP Request Remote Buffer Overflow |
| D-Link HNAP Request Remote Buffer Overflow |
| D-Link info.cgi POST Request Buffer Overflow |
| D-Link info.cgi POST Request Buffer Overflow |
| D-Link IP Cameras Multiple Vulnerabilities |
|
| D-Link Routers - Multiple Vulnerabilities |
| D-Link Unauthenticated UPnP M-SEARCH Multicast Command Injection |
| D-Link Unauthenticated UPnP M-SEARCH Multicast Command Injection |
| D-link Wireless Router DIR-816L – CSRF Vulnerability |
|
| docker 0.11 VMM-container Breakout |
| Docker Daemon - Privilege Escalation (Metasploit) |
| DO-CMS Multiple SQL Injection Vulnerabilities |
| Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities |
| Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities |
| Dolibarr ERP & CRM 3 Post-Auth OS Command Injection |
| Dolibarr ERP & CRM OS Command Injection |
| Dolibarr ERP/CMS 3.4.0 (exportcsv.php, sondage param) - SQL Injection |
| Dolibarr ERP/CMS 3.4.0 (exportcsv.php, sondage param) - SQL Injection |
| dompdf 0.6.0 (dompdf.php, read param) - Arbitrary File Read |
| DomPHP <= v0.83 - Local Directory Traversal Vulnerability |
| DOMSDAY - Analyzing a Dom-Based XSS in Yahoo! |
| DomsHttpd <= 1.0 Remote Denial Of Service Exploit |
| Doodle4Gift - Multiple Vulnerabilities |
| Doodle4Gift - Multiple Vulnerabilities |
| doorGets CMS 5.2 - SQL Injection Vulnerability |
| doorGets CMS 5.2 - SQL Injection Vulnerability |
| Dotclear 2.4.2 Arbitrary File Upload Vulnerability |
| dotDefender Firewall 5.00.12865 / 5.13-13282 - CSRF Vulnerability |
| DotNetNuke 07.04.00 - Administration Authentication Bypass |
| DotNetNuke DNNArticle Module 10.0 - SQL Injection Vulnerability |
| DotNetNuke DNNArticle Module 10.0 - SQL Injection Vulnerability |
| DotNetNuke DNNspot Store 3.0.0 Arbitary File Upload |
| dotProject <= 2.1.6 Remote File Inclusion Vulnerability |
| dotProject 2.1.5 CSRF Vulnerability |
| Dotproject 2.1.5 Multiple Vulnerabilities |
| Douran 3.9.7.8 File Download/Source Code Disclosure Vulnerability |
| Dovecot with Exim sender_address Parameter - Remote Command Execution |
| Dovecot with Exim sender_address Parameter - Remote Command Execution |
| Dr. Web Control Center 6.00.3.201111300 XSS Vulnerability |
| Draytek Vigor 3900 1.06 - Privilege Escalation |
| DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities |
| Dropbox < 3.3.x - OSX FinderLoadBundle Local Root Exploit |
| Dropbox Desktop Client 9.4.49 (64bit) - Local Credentials Disclosure |
| Drupal < 7.32 Pre Auth SQL Injection |
| Drupal < 7.34 - Denial of Service |
| Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities |
| Drupal CODER Module 2.5 - Remote Command Execution (Metasploit) |
| Drupal Core <= 7.32 - SQL Injection (#1) |
| Drupal Core <= 7.32 - SQL Injection (#2) |
| Drupal Core <= 7.32 - SQL Injection (PHP) |
| DS3 Authentication Server - Multiple Vulnerabilities |
| Dual DHCP DNS Server 7.29 - Denial of Service |
| DukaPress 2.5.2 - Path Traversal |
| Dup Scout Enterprise 9.1.14 - Buffer Overflow |
| Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH) |
| DVD-Lab Studio 1.25 DAL File Open Crash |
| DWebPro 8.4.2 - Multiple Vulnerabilities |
| Dyn DDoS Could Have Topped 1 Tbps |
| E SMS Script Multiple SQL Injection Vulnerabilities |
| EastFTP ActiveX Control 0Day |
| Easy Address Book Web Server 1.6 - Stack Buffer Overflow |
| Easy Address Book Web Server 1.6 - USERID Remote Buffer Overflow |
| Easy Banner Pro (index.php page) Local File Inclusion |
| Easy CD-DA Recorder Buffer Overflow Exploit (SEH) |