- [webapps] - WordPress Albo Pretorio Online 3.2 - Multiple Vulnerabilities
- [remote] - Endian Firewall < 3.0.0 - OS Command Injection (Metasploit Module)
- [remote] - Endian Firewall < 3.0.0 - OS Command Injection (Python PoC)
- [webapps] - Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Change Vulnerability
- [webapps] - Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Disclosure
- [dos] - Safari 8.0.X / OS X Yosemite 10.10.3 - Crash Proof Of Concept
- [dos] - McAfee SiteAdvisor 3.7.2 (firefox) Use After Free PoC
- [webapps] - D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities
- [webapps] - Polycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities
- [remote] - Adobe Flash Player Drawing Fill Shader Memory Corruption
- [webapps] - C2Box 4.0.0(r19171) - CSRF Vulnerability
- [webapps] - Fiyo CMS 2.0_1.9.1 - SQL Injection
- [webapps] - CollabNet Subversion Edge Management 4.0.11 - Local File Inclusion
- [webapps] - WedgeOS
- [webapps] - Novius 5.0.1 - Multiple Vulnerabilities
- [webapps] - Watchguard XCS
- [remote] - Havij - OLE Automation Array Remote Code Execution
- [shellcode] - encoded 64 bit execve shellcode
- [shellcode] - Linux 64 bit - Encoded execve shellcode
- [papers] - PoC || GTFO 0x08
- [webapps] - Koha
- [webapps] - Koha
- [webapps] - Koha
- [shellcode] - Linux/x86 - chmod('/etc/passwd',0777) shellcode (42 bytes)
- [shellcode] - Linux/x86 - chmod('/etc/gshadow') shellcode (37 bytes)
- [shellcode] - Linux/x86 chmod('/etc/shadow','0777') shellcode (42 bytes)
- [shellcode] - Linux/x86 - exec('/bin/dash') shellcode (45 bytes)
- [webapps] - Thycotic Secret Server 8.8.000004 - Stored XSS
- [webapps] - ManageEngine Asset Explorer 6.1 - Stored XSS
- [webapps] - Lively cart SQL Injection vulnerability
- [dos] - HansoPlayer 3.4.0 Memory Corruption PoC
- [dos] - WinylPlayer 3.0.3 Memory Corruption PoC
- [webapps] - ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability
- [webapps] - ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
- [shellcode] - Linux/x86 - execve /bin/sh shellcode (21 bytes) (2)
- [shellcode] - Linux/x86 - chmod() 777 /etc/shadow & exit() (33 bytes)
- [webapps] - BlackCat CMS 1.1.1 Arbitrary File Download
- [shellcode] - Linux/x86 - /etc/passwd Reader (58 bytes)
- [webapps] - Ektron CMS 9.10 SP1 (Build 9.1.0.184.1.114) - CSRF Vulnerability
- [local] - Ubuntu 12.04, 14.04, 14.10, 15.04 - overlayfs Local Root (Shadow File)
- [dos] - Cisco AnyConnect Secure Mobility 2.x, 3.x, 4.x - Client DoS PoC
- [local] - Ubuntu 12.04, 14.04, 14.10, 15.04 - overlayfs Local Root (Shell)
- [webapps] - E-Detective Lawful Interception System - Multiple Vulnerabilities
- [webapps] - TYPO3 Akronymmanager Extension 0.5.0 - SQL Injection
- [dos] - FinePlayer 2.20 (.mp4) - Crash PoC
- [dos] - XtMediaPlayer 0.93 (.wav) - Crash PoC
- [webapps] - Apexis IP CAM - Information Disclosure
- [dos] - Putty 0.64 - Denial of Service Vulnerability
- [webapps] - Milw0rm Clone Script 1.0 - (Auth Bypass) SQL Injection Vulnerability
- [dos] - Filezilla 3.11.0.2 - SFTP Module Denial of Service Vulnerability
- [dos] - GoldWave 6.1.2 Local Crash PoC
- [dos] - foobar2000 1.3.8 (.m3u) Local Crash PoC
- [papers] - Escaping VMware Workstation through COM1
- [webapps] - WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upl
- [webapps] - WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
- [papers] - Privilege Escalation via Client Management Software - Part II
- [webapps] - ZCMS 1.1 - Multiple Vulnerabilities
- [webapps] - Opsview
- [webapps] - Nakid CMS - Multiple Vulnerabilities
- [webapps] - ClickHeat
- [shellcode] - Linux/x86 - execve /bin/sh shellcode (21 bytes)
- [local] - OSSEC 2.7
- [webapps] - AnimaGallery 2.6 - Local File Inclusion
- [remote] - ProFTPD 1.3.5 Mod_Copy Command Execution
- [webapps] - Alcatel-Lucent OmniSwitch - CSRF Vulnerability
- [webapps] - Bonita BPM 6.5.1 - Multiple Vulnerabilities
- [webapps] - ISPConfig 3.0.5.4p6 - Multiple Vulnerabilities
- [webapps] - GeoVision (GeoHttpServer) Webcams Remote File Disclosure Exploit
- [webapps] - WordPress Encrypted Contact Form Plugin 1.0.4 - CSRF Vulnerability
- [webapps] - FiverrScript CSRF Vulnerability (Add New Admin)
- [webapps] - Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability
- [webapps] - HP WebInspect
- [dos] - Libmimedir VCF Memory Corruption PoC
- [webapps] - Wordpress RobotCPA Plugin V5 - Local File Inclusion
- [webapps] - Wordpress History Collection
- [webapps] - Pasworld detail.php - Blind Sql Injection Vulnerability
- [webapps] - Wordpress Plugin 'WP Mobile Edition' - LFI Vulnerability
- [dos] - Microsoft Internet Explorer 11 - Crash PoC
- [webapps] - SV: Milw0rm Clone Script v1.0 - (time based) SQLi
- [webapps] - D-Link DSL-526B ADSL2+ AU_2.01 - Unauthenticated Remote DNS Change
- [webapps] - D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change
- [webapps] - TP-Link ADSL2+ TD-W8950ND - Unauthenticated Remote DNS Change
- [webapps] - D-Link DSL-2780B DLink_1.01.14 - Unauthenticated Remote DNS Change
- [webapps] - Broadlight Residential Gateway DI3124 - Unauthenticated Remote DNS Change
- [webapps] - WiFi HD 8.1 - Directory Traversal and Denial of Service
- [local] - 1 Click Extract Audio 2.3.6 - Activex Buffer Overflow
- [local] - 1 Click Audio Converter 2.3.6 - Activex Buffer Overflow
- [webapps] - Wordpress Really Simple Guest Post
- [webapps] - WordPress zM Ajax Login & Register Plugin 1.0.9 Local File Inclusion
- [dos] - ZTE AC 3633R USB Modem Multiple Vulnerabilities
- [webapps] - JDownloader 2 Beta Directory Traversal Vulnerability
- [webapps] - Seagate Central 2014.0410.0026-F Remote Facebook Access Token Exploit
- [remote] - Seagate Central 2014.0410.0026-F Remote Root Exploit
- [local] - Jildi FTP Client 1.5.6 (SEH) BOF
- [dos] - WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability
- [dos] - Jildi FTP Client Buffer Overflow Poc
- [webapps] - vfront-0.99.2 CSRF & Persistent XSS
- [local] - PonyOS
- [webapps] - WordPress LeagueManager 3.9.11 Plugin - SQLi
- [webapps] - Wordpress N-Media Website Contact Form with File Upload 1.5 - Local File
- [webapps] - Aruba ClearPass Policy Manager Stored XSS
- [remote] - D-Link Devices HNAP SOAPAction-Header Command Execution
- [remote] - Airties login-cgi Buffer Overflow
- [local] - PonyOS
- [local] - PonyOS
- [webapps] - WordPress dzs-zoomsounds Plugins
- [remote] - WebDrive 12.2 (Build # 4172) - Buffer OverFlow PoC
- [remote] - IBM Security AppScan Standard
- [local] - Microsoft Windows - Local Privilege Escalation (MS15-010)
- [webapps] - Chronosite 5.12 - SQL Injection
- [dos] - Private Shell SSH Client 3.3 - Crash PoC
- [webapps] - ESC 8832 Data Controller Multiple Vulnerabilities
- [webapps] - TCPDF Library 5.9 Arbitrary File Deletion
- [local] - Apport/Ubuntu - Local Root Race Condition
- [webapps] - JSPMyAdmin 1.1 Multiple Vulnerabilities
- [webapps] - WordPress Plugin Free Counter 1.1 Stored XSS
- [dos] - Acoustica Pianissimo 1.0 Build 12 (Registration ID) Buffer Overflow PoC
- [webapps] - Clickheat 1.13+ Remote Command Execution
- [webapps] - Sendio ESP Information Disclosure Vulnerability
- [webapps] - Wordpess Simple Photo Gallery 1.7.8 Blind SQL Injection
- [webapps] - Wordpress church_admin Plugin 0.800 Stored XSS
- [webapps] - Wordpress MailChimp Subscribe Forms 1.1 Remote Code Execution
- [webapps] - Apache Jackrabbit WebDAV XXE Exploit
- [webapps] - WordPress GigPress Plugin 2.3.8 - SQL Injection
- [webapps] - WordPress Landing Pages Plugin 1.8.4 Multiple Vulnerabilities
- [webapps] - WordPress NewStatPress Plugin 0.9.8 Multiple Vulnerabilities
- [webapps] - Wordpress Video Gallery Plugin 2.8 Arbitrary Mail Relay
- [remote] - FTP Media Server 3.0 - Authentication Bypass and Denial of Service
- [local] - Fuse - Local Privilege Escalation
- [webapps] - WordPress WP Symposium Plugin 15.1 SQL Injection Vulnerability
- [webapps] - Forma LMS 1.3 Multiple SQL Injection Vulnerabilities
- [webapps] - WordPress WP Membership Plugin 1.2.3 - Multiple Vulnerabilities
- [webapps] - ElasticSearch < 1.4.5 / < 1.5.2 - Path Transversal
- [dos] - QEMU - Floppy Disk Controller (FDC) PoC
- [local] - Windows - CNG.SYS Kernel Security Feature Bypass PoC (MS15-052)
- [dos] - OpenLitespeed 1.3.9 - Use After Free (DoS)
- [local] - Microsoft Windows - Local Privilege Escalation (MS15-051)
- [webapps] - IPLINK IP-DL-801RT-B - (Url Filter Configuration Panel) Stored XSS
- [shellcode] - Linux/x86 execve "/bin/sh" - shellcode 26 bytes
- [dos] - ZOC SSH Client Buffer Overflow Vulnerability (SEH)
- [webapps] - WordPress FeedWordPress Plugin 2015.0426 - SQL Injection
- [remote] - Phoenix Contact ILC 150 ETH PLC Remote Control Script
- [local] - Comodo GeekBuddy < 4.18.121 - Local Privilege Escalation
- [local] - Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation (MS14-058)
- [dos] - Internet Explorer 11 - Crash PoC
- [webapps] - ManageEngine EventLog Analyzer 10.0 Build 10001 CSRF Vulnerability
- [webapps] - OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities
- [webapps] - Wireless Photo Transfer 3.0 iOS - File Inclusion Vulnerability
- [local] - BulletProof FTP Client 2010 - Buffer Overflow (DEP Bypass)
- [webapps] - Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities
- [dos] - iFTP 2.21 Buffer OverFlow Crash PoC
- [webapps] - PHPCollab 2.5 - SQL Injection
- [webapps] - WordPress Booking Calendar Contact Form 1.0.2 - Multiple vulnerabilities
- [webapps] - Wordpress N-Media Website Contact Form with File Upload 1.3.4 - File Uplo
- [webapps] - Pluck 4.7 - Directory Traversal
- [remote] - SixApart MovableType Storable Perl Code Execution
- [webapps] - SQLBuddy 1.3.3 - Path Traversal Vulnerability
- [webapps] - Wing FTP Server Admin
- [webapps] - eFront 3.6.15 - PHP Object Injection Vulnerability
- [webapps] - eFront 3.6.15 - Path Traversal Vulnerability
- [webapps] - eFront 3.6.15 - Multiple SQL Injection Vulnerabilities
- [webapps] - D-Link DSL-500B Gen 2 - (URL Filter Configuration Panel) Stored XSS
- [webapps] - D-Link DSL-500B Gen 2 - (Parental Control Configuration Panel) Stored XSS
- [remote] - i.FTP 2.21 - Time Field SEH Exploit
- [local] - VideoCharge Vanilla 3.16.4.06 - BOF Exploit
- [local] - VideoCharge Professional + Express Vanilla 3.18.4.04 - BOF Exploit
- [webapps] - WordPress Yet Another Related Posts Plugin
- [remote] - Novell ZENworks Configuration Management Arbitrary File Upload
- [webapps] - Alienvault OSSIM/USM 4.14, 4.15, and 5.0 - Multiple Vulnerabilities
- [remote] - Adobe Flash Player NetConnection Type Confusion
- [webapps] - Wordpress Ad Inserter Plugin 1.5.2 - CSRF Vulnerability
- [webapps] - Manage Engine Asset Explorer 6.1.0 Build: 6110 - CSRF Vulnerability
- [webapps] - WordPress ClickBank Ads Plugin 1.7 - CSRF Vulnerability
- [webapps] - WordPress Ultimate Profile Builder Plugin 2.3.3 - CSRF Vulnerability
- [remote] - Wordpress RevSlider File Upload and Execute Vulnerability
- [remote] - Adobe Flash Player domainMemory ByteArray Use After Free
- [remote] - MacKeeper URL Handler Remote Code Execution
- [webapps] - Album Streamer 2.0 iOS - Directory Traversal Vulnerability
- [webapps] - WordPress Freshmail Plugin
- [webapps] - IBM WebSphere Portal Stored Cross-Site Scripting Vulnerability
- [webapps] - Dell SonicWALL Secure Remote Access (SRA) Appliance Cross-Site Request Fo
- [webapps] - Wordpress Freshmail Unauthenticated SQL Injection
- [webapps] - vPhoto-Album 4.2 iOS - File Include Web Vulnerability
- [shellcode] - Linux x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode (58 Bytes)
- [local] - Mediacoder 0.8.34.5716 - Buffer Overflow SEH Exploit (.m3u)
- [shellcode] - linux/x86 - exit(0) (6 bytes)
- [webapps] - Wordpress Ultimate Product Catalogue 3.1.2 - Multiple Persistent XSS & CS
- [dos] - Apache Xerces-C XML Parser < 3.1.2 - DoS POC
- [webapps] - PhotoWebsite 3.1 iOS - File Include Web Vulnerability
- [webapps] - Grindr 2.1.1 iOS - Denial of Service
- [local] - RM Downloader 2.7.5.400 - Local Buffer Overflow (MSF)
- [local] - iTunes 10.6.1.7 - '.PLS' Title Buffer Overflow
- [dos] - TestDisk 6.14 Check_OS2MB Stack Buffer Overflow
- [remote] - Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
- [local] - Wireshark
- [papers] - Privilege Escalation via Client Management Software
- [webapps] - OS Solution OSProperty 2.8.0 - SQL Injection
- [webapps] - Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities
- [webapps] - WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities
- [local] - Foxit Reader PDF
- [shellcode] - Linux x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes)
- [shellcode] - Linux x86 - Execve /bin/sh Shellcode Via Push (21 bytes)
- [local] - Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Con
- [dos] - i.FTP 2.21 SEH Overflow Crash PoC
- [webapps] - WordPress 4.2 - Stored XSS
- [webapps] - OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS)
- [local] - UniPDF Version 1.2 - 'xml' Buffer Overflow Crash PoC
- [remote] - MiniUPnPd 1.0 - Stack Overflow RCE for AirTies RT Series (MIPS)
- [remote] - Legend Perl IRC Bot - Remote Code Execution PoC
- [webapps] - Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi #2
- [webapps] - Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi
- [local] - Free MP3 CD Ripper 2.6 2.8 (.wav) - SEH Based Buffer Overflow (W7 - DEP Byp
- [webapps] - WebUI 1.5b6 - Remote Code Execution Vulnerability
- [local] - Quick Search 1.1.0.189 - 'search textbox' Unicode SEH egghunter Buffer Over
- [local] - Free MP3 CD Ripper 2.6 2.8 (.wav) - SEH Based Buffer Overflow
- [dos] - ZYXEL P-660HN-T1H_IPv6 Remote Configuration Editor / Web Server DoS
- [local] - Ubuntu usb-creator 0.2.x - Local Privilege Escalation
- [local] - MooPlayer 1.3.0 'm3u' SEH Buffer Overflow
- [webapps] - Wolf CMS 0.8.2 Arbitrary File Upload Exploit
- [webapps] - Open-Letters Remote PHP Code Injection Vulnerability
- [webapps] - BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File Retrieval/Deletio
- [dos] - Mac OS X Local Denial of Service
- [local] - ADB Backup Archive Path Traversal File Overwrite
- [remote] - Wordpress Work The Flow Upload Vulnerability
- [remote] - Wordpress Creative Contact Form Upload Vulnerability
- [remote] - Wordpress N-Media Website Contact Form Upload Vulnerability
- [remote] - Wordpress Reflex Gallery Upload Vulnerability
- [remote] - Adobe Flash Player copyPixelsToByteArray Integer Overflow
- [webapps] - WordPress Community Events Plugin 1.3.5 - SQL Injection Vulnerability
- [webapps] - MediaSuite CMS - Artibary File Disclosure Exploit
- [remote] - ProFTPd 1.3.5 - Remote Command Execution
- [webapps] - WordPress Tune Library Plugin 1.5.4 - SQL Injection Vulnerability
- [webapps] - WordPress MiwoFTP Plugin
- [webapps] - Wordpress NEX-Forms < 3.0 - SQL Injection Vulnerability
- [local] - OpenBSD
- [webapps] - Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability
- [webapps] - Mobile Drive HD 1.8 - File Include Web Vulnerability
- [webapps] - Photo Manager Pro 4.4.0 iOS - File Include Vulnerability
- [dos] - Oracle Outside-In DOCX File Parsing Memory Corruption
- [dos] - Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash PoC
- [webapps] - Wordpress Ajax Store Locator 1.2 SQL Injection Vulnerability
- [dos] - MS Windows (HTTP.sys) HTTP Request Parsing DoS (MS15-034)
- [dos] - Microsoft Window - HTTP.sys PoC (MS15-034)
- [webapps] - WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit (RCE)
- [webapps] - WordPress MiwoFTP Plugin 1.0.5 Multiple CSRF XSS Vulnerabilities
- [webapps] - WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit
- [remote] - Samsung iPOLiS ReadConfigValue Remote Code Execution
- [webapps] - Wordpress Video Gallery 2.8 SQL Injection
- [remote] - ProFTPd 1.3.5 - File Copy
- [local] - Apport/Abrt Local Root Exploit