- [local] - Hexchat IRC Client 2.11.0 - Directory Traversal
- [dos] - Xion Audio Player
- [webapps] - WordPress Advanced Video Plugin 1.0 - Local File Inclusion (LFI)
- [dos] - PHP 5.5.33 - Invalid Memory Write
- [dos] - Adobe Flash - Color.setTransform Use-After-Free
- [dos] - Android - ih264d_process_intra_mb Memory Corruption
- [dos] - Adobe Flash - TextField.maxChars Use-After-Free
- [dos] - Adobe Flash - URLStream.readObject Use-After-Free
- [dos] - Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read
- [dos] - Windows Kernel - Bitmap Use-After-Free
- [remote] - PHP
- [dos] - Wireshark - dissect_pktc_rekey Heap-based Out-of-Bounds Read
- [remote] - Apache Jetspeed Arbitrary File Upload
- [webapps] - Apache OpenMeetings 1.9.x - 3.1.0 - ZIP File path Traversal
- [webapps] - MOBOTIX Video Security Cameras - CSRF Add Admin Exploit
- [remote] - Metaphor - Stagefright Exploit with ASLR Bypass
- [remote] - ATutor 2.2.1 Directory Traversal / Remote Code Execution
- [dos] - Kamailio 4.3.4 - Heap-Based Buffer Overflow
- [webapps] - CubeCart 6.0.10 - Multiple Vulnerabilities
- [dos] - Apple Quicktime < 7.7.79.80.95 - PSD File Parsing Memory Corruption
- [dos] - Apple Quicktime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 2
- [dos] - Apple Quicktime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 1
- [webapps] - WordPress Photocart Link Plugin 1.6 - Local File Inclusion
- [webapps] - Wordpress Plugin IMDb Profile Widget 1.0.8 - Local File Inclusion
- [remote] - LShell
- [remote] - Adobe Flash - Object.unwatch Use-After-Free Exploit
- [local] - Cogent Datahub
- [dos] - Android One mt_wifi IOCTL_GET_STRUCT Privilege Escalation
- [local] - FireEye - Privilege Escalation to root from Malware Input Processor (uid=mi
- [dos] - TallSoft SNMP TFTP Server 1.0.0 - Denial of Service
- [shellcode] - Linux/x86_x64 - execve(/bin/bash) - 33 bytes
- [shellcode] - Linux/x86_x64 - execve(/bin/sh) - 25 bytes
- [webapps] - Trend Micro Deep Discovery Inspector 3.8, 3.7 - CSRF Vulnerabilities
- [webapps] - Liferay Portal 5.1.2 - Persistent XSS
- [webapps] - Monstra CMS 3.0.3 - Multiple Vulnerabilities
- [shellcode] - Linux/x86_x64 - execve(/bin/sh) - 26 bytes
- [dos] - OS X Kernel Use-After-Free and Double Delete Due to Incorrect Locking in Inte
- [dos] - OS X Kernel - AppleKeyStore Use-After-Free
- [dos] - Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths Ua
- [dos] - Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix
- [dos] - Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcast
- [dos] - Adobe Flash - Sprite Creation Use-After-Free
- [dos] - Adobe Flash - Zlib Codec Heap Overflow
- [dos] - Adobe Flash - Shape Rendering Crash
- [dos] - OS X Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::
- [dos] - Wireshark - dissect_ber_integer Static Out-of-Bounds Write
- [dos] - Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents
- [dos] - Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks
- [dos] - Comodo - PackMan Unpacker Insufficient Parameter Validation
- [dos] - Avira - Heap Underflow Parsing PE Section Headers
- [remote] - Comodo Antivirus Forwards Emulated API Calls to the Real API During Scans
- [webapps] - MiCollab 7.0 - SQL Injection Vulnerability
- [remote] - Multiple CCTV-DVR Vendors - Remote Code Execution
- [local] - OS X / iOS Suid Binary Logic Error Kernel Code Execution
- [webapps] - WordPress Memphis Document Library Plugin 3.1.5 - Arbitrary File Download
- [webapps] - WordPress Dharma booking Plugin 2.38.3 - File Inclusion Vulnerability
- [webapps] - WordPress Brandfolder Plugin 3.0 - RFI / LFI Vulnerability
- [webapps] - Joomla Easy Youtube Gallery 1.0.2 - SQL Injection Vulnerability
- [webapps] - WordPress HB Audio Gallery Lite Plugin 1.0.0 - Arbitrary File Download
- [webapps] - ProjectSend r582 - Multiple XSS Vulnerabilities
- [webapps] - iTop 2.2.1 - CSRF Vulnerability
- [webapps] - Dating Pro Genie 2015.7 - CSRF Vulnerabilities
- [remote] - Sysax Multi Server 6.50 - HTTP File Share SEH Overflow RCE Exploit
- [local] - Internet Download Manager 6.25 Build 14 - 'Find file' Unicode SEH Exploit
- [webapps] - WordPress Image Export Plugin 1.1.0 - Arbitrary File Disclosure
- [webapps] - Xoops 2.5.7.2 - Directory Traversal Bypass
- [webapps] - Xoops 2.5.7.2 - Arbitrary User Deletions CSRF
- [webapps] - D-Link DWR-932 Firmware 4.00 - Authentication Bypass
- [webapps] - Disc ORGanizer - DORG - Multiple Vulnerabilities
- [webapps] - WordPress Abtest Plugin - Local File Inclusion
- [webapps] - WordPress Import CSV Plugin 1.0 - Directory Traversal
- [webapps] - WordPress eBook Download Plugin 1.1 - Directory Traversal
- [local] - Windows - Secondary Logon Standard Handles Missing Sanitization Privilege E
- [webapps] - Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restrict
- [webapps] - PivotX 2.3.11 - Directory Traversal
- [webapps] - Zenphoto 1.4.11 - Remote File Inclusion
- [dos] - FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
- [remote] - OpenSSH
- [remote] - Cisco UCS Manager 2.1(1b) - Shellshock Exploit
- [dos] - Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow
- [webapps] - AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection
- [webapps] - Kaltura Community Edition
- [dos] - Internet Explorer - Read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPage
- [dos] - Windows Kernel ATMFD.DLL OTF Font Processing Stack Corruption (MS16-026)
- [dos] - Windows Kernel ATMFD.DLL OTF Font Processing Pool-Based Buffer Overflow (MS16
- [webapps] - TeamPass 2.1.24 - Multiple Vulnerabilities
- [webapps] - Wordpress Site Import Plugin 1.0.1 - Local and Remote File Inclusion
- [dos] - Zortam Mp3 Media Studio 20.15 - SEH Overflow DoS
- [dos] - RHEL 7.1 Kernel - iowarrior driver Crash PoC
- [dos] - RHEL 7.1 Kernel - snd-usb-audio Crash PoC
- [remote] - PHP Utility Belt Remote Code Execution
- [webapps] - WordPress DZS Videogallery Plugin
- [webapps] - Wordpress Beauty & Clean Theme 1.0.8 - Arbitrary File Upload Vulnerabilit
- [dos] - Putty pscp
- [dos] - libotr
- [local] - Exim < 4.86.2 - Local Root Privilege Escalation
- [webapps] - WordPress WP Advanced Comment Plugin 0.10 - Persistent XSS
- [webapps] - WordPress Best Web Soft Captcha Plugin
- [dos] - Nitro Pro
- [dos] - Linux - netfilter IPT_SO_SET_REPLACE Memory Corruption
- [webapps] - WordPress SiteMile Project Theme 2.0.9.5 - Multiple Vulnerabilities
- [local] - exim
- [local] - McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass
- [papers] - Metaphor - A (real) real-*life Stagefright exploit
- [local] - Microsoft Windows - AFD.SYS Privilege Escalation (MS14-040) Win7x64
- [webapps] - ATutor LMS install_modules.php CSRF Remote Code Execution Vulnerability
- [local] - AppLocker Execution Prevention Bypass
- [remote] - Schneider Electric SBO / AS - Multiple Vulnerabilities
- [webapps] - WordPress Bulk Delete Plugin 5.5.3 - Privilege Escalation
- [dos] - PictureTrails Photo Editor GE.exe 2.0.0 - .bmp Crash PoC
- [local] - Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
- [shellcode] - x86 Windows Null-Free Download & Run via WebDAV Shellcode (96 bytes)
- [dos] - Freeproxy Internet Suite 4.10 - Denial of Service
- [dos] - Quick Tftp Server Pro 2.3 - Read Mode Denial of Service
- [remote] - NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
- [remote] - ATutor 2.2.1 SQL Injection / Remote Code Execution
- [webapps] - WordPress CP Polls Plugin 1.0.8 - Multiple Vulnerabilities
- [dos] - Viscomsoft Calendar Active-X 2.0 - Multiple Crash PoCs
- [papers] - [Hebrew] Digital Whisper Security Magazine #70
- [local] - Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions
- [dos] - Crouzet em4 soft 1.1.04 - .pm4 Integer Division By Zero
- [local] - Comodo Anti-Virus SHFolder.DLL - Local Privilege Elevation Exploit
- [webapps] - WordPress More Fields
- [dos] - GpicView 0.2.5 - Crash PoC
- [webapps] - JSN PowerAdmin Joomla! Extension 2.3.0 - Multiple Vulnerabilities
- [dos] - Linux io_submit L2TP sendmsg - Integer Overflow
- [dos] - Qualcomm Adreno GPU MSM Driver perfcounter Query Heap Overflow
- [dos] - Wireshark - print_hex_data_buffer / print_packet Use-After-Free
- [webapps] - Centreon
- [webapps] - Zimbra 8.0.9 GA - CSRF Vulnerability
- [remote] - Proxmox VE 3/4 Insecure Hostname Checking Remote Root Exploit
- [webapps] - WordPress Ocim MP3 Plugin - SQL Injection Vulnerability
- [webapps] - Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities
- [shellcode] - Linux/ARM - Connect back to {ip:port} with /bin/sh - 95 bytes
- [webapps] - Dell OpenManage Server Administrator 8.2 - Authenticated Directory Traver
- [webapps] - IBM Lotus Domino
- [dos] - libxml2 - htmlCurrentChar Heap-Based Buffer Overread
- [dos] - libxml2 - xmlParserPrintFileContextInternal Heap-Based Buffer Overread
- [dos] - libxml2 - xmlParseEndTag2 Heap-Based Buffer Overread
- [dos] - libxml2 - xmlDictAddString Heap-Based Buffer Overread
- [dos] - Wireshark - vwr_read_s2_s3_W_rec Heap-Based Buffer Overflow
- [webapps] - WordPress Extra User Details Plugin 0.4.2 - Privilege Escalation
- [webapps] - Ubiquiti Networks UniFi 3.2.10 - CSRF Vulnerability
- [dos] - libquicktime 1.2.4 - Integer Overflow
- [webapps] - Thru Managed File Transfer Portal 9.0.2 - SQL Injection
- [dos] - Wireshark - dissect_ber_set Static Out-of-Bounds Read
- [dos] - Wireshark - add_ff_vht_compressed_beamforming_report Static Out-of-Bounds Rea
- [dos] - Wireshark - dissect_oml_attrs Static Out-of-Bounds Read
- [webapps] - BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vuln
- [local] - Core FTP Server 1.2 - Buffer Overflow PoC
- [webapps] - InstantCoder 1.0 iOS - Multiple Vulnerabilities
- [webapps] - SOLIDserver
- [webapps] - ManageEngine Firewall Analyzer 8.5 - Multiple Vulnerabilities
- [dos] - Adobe Flash - SimpleButton Creation Type Confusion
- [dos] - QuickHeal 16.00 - webssx.sys Driver DoS Vulnerability
- [webapps] - Chamilo LMS - Persistent Cross Site Scripting Vulnerability
- [webapps] - Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability
- [dos] - STIMS Cutter - Buffer Overflow DoS
- [dos] - STIMS Buffer - Buffer Overflow SEH - DoS
- [dos] - XM Easy Personal FTP Server 5.8 - (HELP) Remote DoS Vulnerability
- [dos] - Adobe Flash - BitmapData.drawWithQuality Heap Overflow
- [webapps] - DirectAdmin 1.491 - CSRF Vulnerability
- [webapps] - Vesta Control Panel
- [remote] - Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers
- [webapps] - Redaxo CMS 5.0.0 - Multiple Vulnerabilities
- [webapps] - JMX2 Email Tester - (save_email.php) Web Shell Upload
- [dos] - glibc - getaddrinfo Stack-Based Buffer Overflow
- [dos] - phpMyBackupPro 2.5 - Remote Command Execution / CSRF
- [dos] - CyberCop Scanner Smbgrind 5.5 - Buffer Overflow
- [webapps] - WordPress ALO EasyMail Newsletter Plugin 2.6.01 - CSRF Vulnerability
- [webapps] - ManageEngine Network Configuration Management Build 11000 - Privilege Esc
- [webapps] - ManageEngine OPutils 8.0 - Multiple Vulnerabilities
- [webapps] - Tiny Tiny RSS - Blind SQL Injection
- [dos] - Network Scanner Version 4.0.0.0 - SEH Crash POC
- [dos] - Ntpd
- [dos] - Alternate Pic View 2.150 - .pgm Crash PoC
- [local] - Delta Industrial Automation DCISoft 1.12.09 - Stack Buffer Overflow Exploit
- [local] - Windows Kerberos Security Feature Bypass (MS16-014)
- [webapps] - Solr 3.5.0 - Arbitrary Data Deletion
- [webapps] - Oracle GlassFish Server
- [papers] - NDI5aster - Privilege Escalation through NDIS 5.x Filter Intermediate Driv
- [remote] - File Replication Pro
- [local] - Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder
- [remote] - D-Link DCS-930L Authenticated Remote Command Execution
- [webapps] - Yeager CMS 1.2.1 - Multiple Vulnerabilities
- [webapps] - Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure Vulnera
- [papers] - The Most Forgotten Web Vulnerabilities
- [local] - Deepin Linux 15 - lastore-daemon Privilege Escalation
- [dos] - Microsoft Windows WebDAV BSoD PoC (MS-016)
- [dos] - PotPlayer 1.6.5x - .mp3 Crash PoC
- [dos] - Adobe Photoshop CC & Bridge CC IFF File Parsing Memory Corruption
- [dos] - Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2
- [dos] - Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption
- [webapps] - Employee Timeclock Software 0.99 - SQL Injection Vulnerabilities
- [webapps] - WordPress Booking Calendar Contact Form Plugin
- [webapps] - WordPress WP User Frontend Plugin < 2.3.11 - Unrestricted File Upload
- [webapps] - WordPress WooCommerce Store Toolkit Plugin 1.5.5 - Privilege Escalation
- [webapps] - WordPress User Meta Manager Plugin 3.4.6 - Information Disclosure
- [webapps] - dotDefender Firewall 5.00.12865 / 5.13-13282 - CSRF Vulnerability
- [local] - FTPShell Client 5.24 - (Create NewFolder) Local Buffer Overflow
- [webapps] - Symphony CMS 2.6.3 – Multiple SQL Injection Vulnerabilities
- [webapps] - ATutor 2.2 - Multiple XSS Vulnerabilities
- [webapps] - OpenDocMan 1.3.4 - CSRF Vulnerability
- [webapps] - UliCMS
- [webapps] - NETGEAR ProSafe Network Management System NMS300 - Multiple Vulnerabiliti
- [webapps] - WordPress User Meta Manager Plugin 3.4.6 - Privilege Escalation
- [webapps] - WordPress User Meta Manager Plugin 3.4.6 - Blind SQL Injection
- [webapps] - DLink DVG*N5402SP - Multiple Vulnerabilities
- [webapps] - GE Industrial Solutions UPS SNMP Adapter < 4.8 - Multiple Vulnerabilities
- [webapps] - Viprinet Multichannel VPN Router 300 - Stored XSS Vulnerabilities
- [dos] - yTree 1.94-1.1 - Local Buffer Overflow
- [webapps] - Jive Forums
- [webapps] - Timeclock Software 0.995 - Multiple SQL Iinjection Vulnerabilities
- [dos] - Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow Vulnerability
- [dos] - Advanced Encryption Package Buffer Overflow - DoS
- [webapps] - eClinicalWorks (CCMR) - Multiple Vulnerabilities
- [dos] - pdfium - opj_t2_read_packet_header (libopenjpeg) Heap Use-After-Free
- [dos] - Toshiba Viewer v2 p3console - Local Denial of Service
- [webapps] - Manage Engine Network Configuration Manager Build 11000 - CSRF
- [webapps] - ManageEngine EventLog Analyzer 4.0 - 10 - Privilege Escalation
- [dos] - WPS Office < 2016 - .xls Heap Memory Corruption
- [dos] - WPS Office < 2016 - .ppt drawingContainer Memory Corruption
- [dos] - WPS Office < 2016 - .doc OneTableDocumentStream Memory Corruption
- [dos] - WPS Office < 2016 - .ppt Heap Memory Corruption
- [dos] - Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution
- [papers] - [Hebrew] Digital Whisper Security Magazine #69
- [webapps] - Hippo CMS 10.1 - Multiple Vulnerabilities
- [shellcode] - x86_64 Linux Polymorphic Execve-Stack - 47 bytes
- [shellcode] - Linux x86 Download & Execute Shellcode
- [shellcode] - x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version v2
- [webapps] - iScripts EasyCreate 3.0 - Remote Code Execution Exploit
- [webapps] - iScripts EasyCreate 3.0 - Multiple Vulnerabilities
- [webapps] - ProjectSend r582 - Multiple Vulnerabilities
- [shellcode] - x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version
- [webapps] - SAP HANA 1.00.095 - hdbindexserver Memory Corruption
- [dos] - iOS and OS X Kernel - Double-Delete IOHIDEventQueue::start Code Execution
- [dos] - OS X - IOHDIXControllerUserClient::convertClientBuffer Integer Overflow
- [dos] - OS X - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient Exploi
- [dos] - iOS and OS X - NECP System Control Socket Packet Parsing Kernel Code Executio
- [dos] - OS X and iOS Unsandboxable Kernel Use-After-Free in Mach Vouchers
- [dos] - OS X - IOSCSIPeripheralDeviceType00 Userclient Type 12 Exploitable Kernel NUL
- [dos] - OS X Kernel - Hypervisor Driver Use-After-Free
- [dos] - OS X - IntelAccelerator::gstqConfigure Exploitable Kernel NULL Dereference
- [dos] - OS X - gst_configure Kernel Buffer Overflow
- [dos] - OSX - io_service_close Use-After-Free
- [dos] - OS X and iOS Kernel - iokit Registry Iterator Manipulation Double Free
- [webapps] - WordPress Booking Calendar Contact Form
- [webapps] - WordPress Booking Calendar Contact Form
- [dos] - Android sensord Local Root Exploit
- [webapps] - BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities