- [local] - Fedora abrt Race Condition Exploit
- [dos] - Samba < 3.6.2 x86 - PoC
- [local] - Mac OS X "Rootpipe" Privilege Escalation
- [remote] - Adobe Flash Player casi32 Integer Overflow
- [dos] - Linux Kernel splice() System Call - Local DoS
- [webapps] - Wordpress N-Media Website Contact Form with File Upload 1.3.4 - Shell Upl
- [webapps] - Traidnt Up 3.0 - SQL Injection
- [webapps] - Wordpress Duplicator
- [local] - Internet Download Manager 6.xx - DLL Hijacking
- [webapps] - Wordpress Plugin 'WP Mobile Edition' 2.7 - Remote File Disclosure Vulnera
- [shellcode] - Create 'my.txt' Working Directory (37 Bytes)
- [webapps] - u-Auctions - Multiple Vulnerabilities
- [webapps] - WordPress Work The Flow File Upload 2.5.2 - Arbitrary File Upload Vulnera
- [webapps] - JBoss AS versions 3, 4, 5, 6 - Remote Command Execution
- [remote] - Apache Spark Cluster 1.3.x - Arbitary Code Execution
- [local] - Elipse SCADA 2.29 b141 - DLL Hijacking
- [local] - Mac OS X rootpipe Local Privilege Escalation
- [remote] - Barracuda Firmware
- [webapps] - BOA Web Server 0.94.8.2 - Arbitrary File Access
- [webapps] - WordPress SP Project & Document Manager 2.5.3 - Blind SQL Injection
- [remote] - Solarwinds Firewall Security Manager 6.6.5 Client Session Handling
- [webapps] - ZENworks Configuration Management 11.3.1 - Remote Code Execution
- [webapps] - Wordpress Traffic Analyzer Plugin 3.4.2 - Blind SQL Injection
- [webapps] - Balero CMS 0.7.2 Multiple JS/HTML Injection Vulnerabilities
- [webapps] - Balero CMS 0.7.2 Multiple Blind SQL Injection Vulnerabilities
- [webapps] - Shareaholic 7.6.0.3 Persistent XSS
- [shellcode] - Shellcode: Linux x86 Typewriter Shellcode Generator
- [shellcode] - Shellcode: Linux x86 Egg-hunter (20 bytes)
- [webapps] - WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerabi
- [remote] - JBoss Seam 2 File Upload and Execute
- [remote] - w3tw0rk / Pitbull Perl IRC Bot Remote Code Execution PoC Exploit
- [papers] - [Hebrew] Digital Whisper Security Magazine #60
- [webapps] - Wordpress WP Easy Slideshow Plugin 1.0.3 - Multiple Vulnerabilities
- [webapps] - Wordpress Video Gallery Plugin 2.8 - Multiple CSRF Vulnerabilities
- [webapps] - Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal
- [webapps] - VideoWhisper Video Conference Integration 4.91.8 - Remote File Upload
- [webapps] - WordPress VideoWhisper Video Presentation 3.31.17 - Remote File Upload
- [webapps] - phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection
- [webapps] - Wordpress Simple Ads Manager - Information Disclosure
- [webapps] - Wordpress Simple Ads Manager 2.5.94 - Arbitrary File Upload
- [webapps] - Wordpress Simple Ads Manager Plugin - Multiple SQL Injection
- [webapps] - Kemp Load Master 7.1.16 - Multiple Vulnerabilities
- [remote] - WebGate eDVR Manager 2.6.4 Connect Method Stack Buffer Overflow
- [remote] - WebGate eDVR Manager 2.6.4 SiteChannel Property Stack Buffer Overflow
- [remote] - WebGate eDVR Manager AudioOnlySiteChannel Stack Buffer Overflow
- [remote] - Webgate WESP SDK 1.2 ChangePassword Stack Overflow
- [webapps] - Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
- [webapps] - Palo Alto Traps Server 3.1.2.1546 - Persistent XSS Vulnerability
- [remote] - Adobe Flash Player ByteArray With Workers Use After Free
- [local] - Fedora21 setroubleshootd Local Root PoC
- [webapps] - Joomla Gallery WD - SQL Injection Vulnerability
- [webapps] - Joomla Contact Form Maker 1.0.1 Component - SQL injection vulnerability
- [webapps] - Joomla Gallery WD Component - SQL Injection Vulnerability
- [webapps] - Wordpress aspose-doc-exporter Plugin 1.0 - Arbitrary File Download Vulner
- [local] - UltraISO 9.6.2.3059 - DLL Hijacking
- [local] - HTTrack Website Copier 3.48-21 - DLL Hijacking
- [local] - ZIP Password Recovery Professional 7.1 - DLL Hijacking
- [local] - BZR Player 1.03 - DLL Hijacking
- [webapps] - Wordpress Plugin Slider Revolution
- [webapps] - JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution
- [webapps] - Berta CMS File Upload Bypass
- [remote] - WebGate eDVR Manager 2.6.4 SiteName Stack Overflow
- [remote] - WebGate Control Center 4.8.7 GetThumbnail Stack Overflow
- [remote] - WebGate WinRDS 2.0.8 StopSiteAllChannel Stack Overflow
- [remote] - Acunetix OLE Automation Array Remote Code Execution
- [remote] - WebGate eDVR Manager Stack Buffer Overflow
- [remote] - QNAP Web Server Remote Code Execution via Bash Environment Variable Code I
- [remote] - QNAP admin shell via Bash Environment Variable Code Injection
- [local] - RM Downloader 2.7.5.400 Local Buffer Overflow
- [local] - Mini-stream Ripper v2.7.7.100 Local Buffer Overflow
- [webapps] - pfSense 2.2 - Multiple Vulnerabilities
- [remote] - Adobe Flash Player Arbitrary Code Execution
- [webapps] - WP Marketplace 2.4.0 - Remote Code Execution (Add WP Admin)
- [remote] - Firefox Proxy Prototype Privileged Javascript Injection
- [webapps] - WordPress Plugin InBoundio Marketing 1.0 - Shell Upload Vulnerability
- [remote] - Bsplayer 2.68 - HTTP Response Exploit (Universal)
- [webapps] - Wordpress Marketplace 2.4.0 - Arbitrary File Download
- [local] - Free MP3 CD Ripper 2.6 - Local Buffer Overflow
- [webapps] - Joomla Spider FAQ Component - SQL Injection Vulnerability
- [webapps] - Telescope
- [papers] - PoC || GTFO 0x07
- [local] - Windows 8.1 - Local WebDAV NTLM Reflection Elevation of Privilege
- [webapps] - Citrix NITRO SDK - Command Injection Vulnerability
- [webapps] - Citrix Command Center - Credential Disclosure
- [webapps] - EMC M&R (Watch4net) - Directory Traversal
- [webapps] - Joomla ECommerce-WD Plugin 1.2.5 - SQL Injection Vulnerabilities
- [remote] - TWiki Debugenableplugins Remote Code Execution
- [local] - Publish-It PUI Buffer Overflow (SEH)
- [webapps] - EMC M&R (Watch4net) - Credential Disclosure
- [webapps] - Chamilo LMS 1.9.10 - Multiple Vulnerabilities
- [dos] - FastStone Image Viewer 5.3 .tga Crash PoC
- [webapps] - Websense Appliance Manager Command Injection Vulnerability
- [dos] - Fortinet Single Sign On Stack Overflow
- [remote] - Exim GHOST (glibc gethostbyname) Buffer Overflow
- [remote] - Adobe Flash Player PCRE Regex Vulnerability
- [webapps] - Metasploit Project < 4.11.1 Initial User Creation CSRF
- [webapps] - Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting
- [local] - Spybot Search & Destroy 1.6.2 Security Center Service - Privilege Escalatio
- [remote] - ElasticSearch Search Groovy Sandbox Bypass
- [webapps] - WordPress WPML - Multiple Vulnerabilities
- [dos] - WordPress SEO by Yoast 1.7.3.3 - Blind SQL Injection
- [remote] - IPass Control Pipe Remote Command Execution
- [shellcode] - Shellcode - Linux/x86 - TCP Bind Shell (96 bytes)
- [shellcode] - Shellcode - Linux/x86 - Reverse TCP Shell (72 bytes)
- [shellcode] - Shellcode - linux/x86 - Obfuscated execve("/bin/sh") (40 bytes)
- [shellcode] - Shellcode - linux/x86 - Obfuscated - map google.com to 127.1.1.1 (98 by
- [shellcode] - Shellcode - Linux/x86 - chmod 0777 /etc/shadow obfuscated (84 bytes)
- [dos] - Intel Network Adapter Diagnostic Driver - IOCTL Handling Vulnerability
- [shellcode] - Shellcode - linux/x86 - ROT13 encoded execve("/bin/sh") (68 bytes)
- [local] - Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege
- [local] - Brasero CD/DVD Burner 3.4.1 - 'm3u' Buffer Overflow Crash PoC
- [webapps] - Smart PHP Poll - Auth Bypass Vulnerability
- [remote] - Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
- [webapps] - PHP Betoffice (Betster) 1.0.4 - Authentication Bypass And SQL Injection
- [webapps] - Elastix 2.x - Blind SQL Injection Vulnerability
- [dos] - Sagem F@st 3304-V2 - Telnet Crash PoC
- [remote] - ElasticSearch Unauthenticated Remote Code Execution
- [dos] - Microsoft Windows Text Services Memory Corruption (MS15-020)
- [dos] - Foxit Products GIF Conversion Memory Corruption (DataSubBlock)
- [dos] - Foxit Products GIF Conversion Memory Corruption (LZWMinimumCodeSize)
- [webapps] - GeniXCMS 0.0.1 - Multiple Vulnerabilities
- [webapps] - Codoforum 2.5.1 - Arbitrary File Download
- [local] - Rowhammer: NaCl Sandbox Escape PoC
- [local] - Rowhammer: Linux Kernel Privilege Escalation PoC
- [papers] - [Hebrew] Digital Whisper Security Magazine #59
- [webapps] - WordPress Download Manager 2.7.2 - Privilege Escalation
- [webapps] - ProjectSend r561 - SQL Injection Vulnerability
- [remote] - HP Data Protector 8.10 Remote Command Execution
- [webapps] - Sagem F@st 3304-V2 - LFI
- [webapps] - Calculated Fields Form Wordpress Plugin
- [local] - VFU 4.10-1.1 - Move Entry Buffer Overflow
- [dos] - Linux Kernel Associative Array Garbage Collection - Crash PoC
- [dos] - Linux Kernel PPP-over-L2TP Socket Level Handling - Crash PoC
- [dos] - Linux Kernel IRET Instruction #SS Fault Handling - Crash PoC
- [webapps] - BEdita CMS 3.5.0 - Multiple Vulnerabilities
- [remote] - Seagate Business NAS Unauthenticated Remote Command Execution
- [papers] - [TURKISH] Penetration and Security Testing on Microsoft SQL Server
- [remote] - Symantec Web Gateway 5 restore.php Post Authentication Command Injection
- [webapps] - Solarwinds Orion Service - SQL Injection Vulnerabilities
- [webapps] - PHPMoAdmin Unauthorized Remote Code Execution (0-Day)
- [dos] - SQLite3 3.8.6 - Controlled Memory Corruption PoC
- [webapps] - vBulletin vBSEO 4.x.x 'visitormessage.php' Remote Code Injection Vulnerab
- [webapps] - Seagate Business NAS
- [remote] - Persistent Systems Client Automation Command Injection RCE
- [local] - Ubisoft Uplay 5.0 - Insecure File Permissions Local Privilege Escalation
- [local] - Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnera
- [remote] - HP Client Automation Command Injection
- [webapps] - Beehive Forum 1.4.4 - Stored XSS Vulnerability
- [webapps] - WonderPlugin Audio Player 2.0 - Blind SQL Injection and XSS
- [remote] - PCMan FTP Server 2.0.7 - Buffer Overflow - MKD Command
- [local] - Realtek 11n Wireless LAN utility - Privilege Escalation
- [webapps] - WordPress Webdorado Spider Event Calendar 1.4.9 - SQL Injection
- [webapps] - WordPress Easy Social Icons Plugin 1.2.2 - CSRF Vulnerability
- [webapps] - phpBugTracker 1.6.0 - Multiple Vulnerabilities
- [webapps] - Zeuscart v.4 - Multiple Vulnerabilities
- [dos] - PHP DateTime Use After Free Vulnerability
- [webapps] - Zabbix 2.0.5 - Cleartext ldap_bind_password Password Disclosure (MSF)
- [webapps] - Clipbucket 2.7 RC3 0.9 - Blind SQL Injection
- [webapps] - WeBid 1.1.1 Unrestricted File Upload Exploit
- [dos] - Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigVal
- [webapps] - Piwigo 2.7.3 - Multiple Vulnerabilities
- [webapps] - CrushFTP 7.2.0 - Multiple Vulnerabilities
- [remote] - jQuery jui_filter_rules PHP Code Execution
- [webapps] - Piwigo 2.7.3 - SQL Injection
- [webapps] - D-Link DSL-2640B - Unauthenticated Remote DNS Change Exploit
- [webapps] - Duplicator 0.5.8 Privilege Escalation
- [remote] - Java JMX Server Insecure Configuration Java Code Execution
- [remote] - X360 VideoPlayer ActiveX Control Buffer Overflow
- [webapps] - GuppY CMS 5.0.9 & 5.00.10 Multiple CSRF Vulnerabilities
- [webapps] - Guppy CMS 5.0.9 & 5.00.10 Authentication Bypass/Change Email
- [webapps] - eTouch SamePage 4.4.0.0.239 - Multiple Vulnerabilities
- [papers] - [Hebrew] Digital Whisper Security Magazine #58
- [webapps] - Exponent CMS 2.3.1 - Multiple XSS Vulnerabilities
- [webapps] - Wordpress Video Gallery 2.7.0 - SQL Injection Vulnerability
- [remote] - Achat v0.150 beta7 Buffer Overflow
- [webapps] - Pandora FMS 5.1 SP1 - SQL Injection Vulnerability
- [webapps] - Wordpress Survey and Poll Plugin 1.1 - Blind SQL Injection
- [local] - MooPlayer 1.3.0 'm3u' SEH Buffer Overflow
- [local] - SoftSphere DefenseWall FW/IPS 3.24 - Privilege Escalation
- [remote] - WordPress WP EasyCart Unrestricted File Upload
- [webapps] - LG DVR LE6016D - Remote File Disclosure Vulnerability
- [webapps] - Wordpress Theme Divi Arbitrary File Download Vulnerability
- [webapps] - StaMPi - Local File Inclusion
- [papers] - Exploit-Sources (Part One)
- [webapps] - u5CMS 3.9.3 - Multiple Stored And Reflected XSS Vulnerabilities
- [webapps] - u5CMS 3.9.3 - (thumb.php) Local File Inclusion Vulnerability
- [webapps] - u5CMS 3.9.3 - Multiple SQL Injection Vulnerabilities
- [webapps] - u5CMS 3.9.3 - (deletefile.php) Arbitrary File Deletion Vulnerability
- [webapps] - u5CMS 3.9.3 - Multiple Open Redirect Vulnerabilities
- [dos] - Chemtool 1.6.14 - Memory Corruption Vulnerability
- [webapps] - Redaxscript CMS 2.2.0 - SQL Injection Vulnerability
- [dos] - MooPlayer 1.3.0 - 'm3u' SEH Buffer Overflow PoC
- [remote] - Shuttle Tech ADSL Modem-Router 915 WM - Unauthenticated Remote DNS Change
- [webapps] - Pragyan CMS 3.0 - SQL Injection
- [local] - K7 Computing Multiple Products Arbitrary Write Privilege Escalation
- [local] - BullGuard Multiple Products Arbitrary Write Privilege Escalation
- [local] - AVG Internet Security 2015 Arbitrary Write Privilege Escalation
- [dos] - Exim ESMTP 4.80 glibc gethostbyname - Denial of Service
- [local] - MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape
- [webapps] - Hewlett-Packard UCMDB - JMX-Console Authentication Bypass
- [local] - Symantec Altiris Agent 6.9 (Build 648) - Privilege Escalation
- [local] - Trend Micro Multiple Products 8.0.1133 - Privilege Escalation
- [remote] - HP Data Protector 8.x - Remote Command Execution
- [webapps] - NPDS CMS Revolution-13 - SQL Injection Vulnerability
- [remote] - Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injecti
- [remote] - X360 VideoPlayer ActiveX Control 2.6 - Full ASLR & DEP Bypass
- [webapps] - Wordpress Photo Gallery Plugin 1.2.5 - Unrestricted File Upload
- [webapps] - ManageEngine Desktop Central 9 Build 90087 - CSRF Vulnerability
- [dos] - IceCream Ebook Reader 1.41 - Crash PoC
- [webapps] - Wordpress Cforms Plugin 14.7 - Remote Code Execution
- [webapps] - Sefrengo CMS 1.6.1 - Multiple SQL Injection Vulnerabilities
- [papers] - Ghost Vulnerability CVE-2015-0235 White Paper
- [dos] - FreeBSD Kernel Multiple Vulnerabilities
- [papers] - Analysis of CVE-2014-4113 (Windows Privilege Escalation Vulnerability)
- [local] - Microsoft Windows Server 2003 SP2 - Privilege Escalation
- [local] - UniPDF 1.1 - Crash PoC (SEH overwritten)
- [local] - OS X < 10.10.x - Gatekeeper bypass Vulnerability
- [webapps] - ManageEngine Firewall Analyzer 8.0 - Directory Traversal/XSS Vulnerabilit
- [remote] - VSAT Sailor 900 - Remote Exploit
- [remote] - ClearSCADA - Remote Authentication Bypass Exploit
- [remote] - D-Link DSL-2740R - Unauthenticated Remote DNS Change Exploit
- [webapps] - Symantec Data Center Security - Multiple Vulnerabilities
- [webapps] - ferretCMS 1.0.4-alpha - Multiple Vulnerabilities
- [dos] - Android WiFi-Direct Denial of Service
- [webapps] - jclassifiedsmanager - Multiple Vulnerabilities
- [webapps] - ManageEngine EventLog Analyzer 9.0 - Directory Traversal / XSS Vulnerabil
- [webapps] - SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability
- [webapps] - PHP Webquest 2.6 - SQL Injection
- [webapps] - ManageEngine ServiceDesk Plus 9.0 (< Build 9031) - User Privileges Manag
- [local] - VLC Player 2.1.5 - Write Access Violation Vulnerability
- [local] - VLC Player 2.1.5 - DEP Access Violation Vulnerability
- [webapps] - Barracuda Networks Cloud Series - Filter Bypass Vulnerability
- [webapps] - Mangallam CMS - SQL Injection Web Vulnerability
- [dos] - Crystal Player 1.99 - Memory Corruption Vulnerability
- [local] - Windows < 8.1 (32/64 bit) - Privilege Escalation (User Profile Service) (MS
- [dos] - Exif Pilot 4.7.2 - SEH Based Buffer Overflow
- [local] - OS X networkd "effective_audit_token" XPC Type Confusion Sandbox Escape
- [webapps] - WordPress Pixarbay Images Plugin 2.3 - Multiple Vulnerabilities
- [remote] - ManageEngine Multiple Products Authenticated File Upload
- [dos] - MalwareBytes Anti-Exploit 1.03.1.1220, 1.04.1.1012 Out-of-bounds Read DoS
- [remote] - Bsplayer 2.68 - HTTP Response Buffer Overflow
- [webapps] - RedaxScript 2.1.0 - Privilege Escalation
- [local] - Sim Editor 6.6 - Stack Based Buffer Overflow
- [remote] - Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution
- [webapps] - D-Link DSL-2730B Modem - XSS Injection Stored Exploit Lancfg2get.cgi
- [webapps] - D-Link DSL-2730B Modem - XSS Injection Stored Exploit DnsProxy.cmd
- [local] - Palringo 2.8.1 - Stack Buffer Overflow (PoC)
- [webapps] - vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion, SQL Injection & X
- [shellcode] - Obfuscated Shellcode Windows x64 - [1218 Bytes] Add Administrator User/
- [shellcode] - Obfuscated Shellcode Windows x86 - [1218 Bytes] Add Administrator User/