- [webapps] - Restaurant Script (PizzaInn Project) - Stored XSS
- [webapps] - Glype 1.4.9 - Local Address Filter Bypass
- [webapps] - Glype 1.4.9 - Cookie Injection Path Traversal LFI
- [remote] - Advantech WebAccess dvs.ocx GetColor Buffer Overflow
- [remote] - EMC AlphaStor Device Manager Opcode 0x75 Command Injection
- [webapps] - M/Monit 3.3.2 - CSRF Vulnerability
- [webapps] - Joomla Mac Gallery 1.5 - Arbitrary File Download
- [webapps] - Joomla Face Gallery 1.0 - Multiple vulnerabilities
- [webapps] - Onlineon E-Ticaret Database Disclosure Exploit
- [dos] - WS10 Data Server SCADA Exploit Overflow PoC
- [webapps] - ZyXEL Prestig P-660HNU-T1 ISP Credentials Disclosure
- [webapps] - Joomla Spider Form Maker
- [dos] - Fast Image Resizer 098 - Local Crash Poc
- [webapps] - LittleSite 0.1 'file' Parameter Local File Include Vulnerability
- [dos] - Seafile-server
- [webapps] - ClassApps SelectSurvey.net - Multiple SQL Injection Vulnerabilities
- [webapps] - Livefyre LiveComments Plugin - Stored XSS
- [webapps] - Briefcase 4.0 iOS - Code Execution & File Include Vulnerability
- [webapps] - USB&WiFi Flash Drive 1.3 iOS - Code Execution Vulnerability
- [webapps] - CacheGuard-OS 5.7.7 - CSRF Vulnerability
- [remote] - SolarWinds Storage Manager Authentication Bypass
- [remote] - ManageEngine Eventlog Analyzer Arbitrary File Upload
- [remote] - Railo Remote File Include
- [remote] - Http File Server 2.3.x - Remote Command Execution
- [webapps] - ALCASAR
- [webapps] - ChatSecure IM 2.2.4 iOS - Persistent XSS Vulnerability
- [webapps] - Photorange 1.0 iOS - File Inclusion Vulnerability
- [webapps] - Joomla Spider Contacts 1.3.6 (index.php, contacts_id param) - SQL Injecti
- [webapps] - OroCRM - Stored XSS Vulnerability
- [webapps] - Wordpress WP Support Plus Responsive Ticket System 2.0 Plugin - Multiple
- [remote] - ALCASAR 2.8 Remote Root Code Execution Vulnerability
- [webapps] - Atmail Webmail 7.2 - Multiple Vulnerabilities
- [remote] - ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
- [shellcode] - Obfuscated Shellcode Linux x86 - chmod 777 (/etc/passwd + /etc/shadow)
- [papers] - Breaking the Sandbox
- [dos] - PHP Stock Management System 1.02 - Multiple Vulnerabilty
- [webapps] - TP-LINK Model No. TL-WR841N / TL-WR841ND - Multiple Vulnerabilities
- [webapps] - TP-LINK Model No. TL-WR340G / TL-WR340GD - Multiple Vulnerabilities
- [webapps] - osCommerce 2.3.4 - Multiple vulnerabilities
- [webapps] - Jenkins 1.578 - Multiple Vulnerabilities
- [webapps] - Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities
- [webapps] - WordPress Acento Theme (view-pdf.php, file param) - Arbitrary File Downlo
- [webapps] - Wordpress Bulk Delete Users by Email Plugin 1.0 - CSRF
- [webapps] - Joomla Spider Calendar
- [webapps] - PhpOnlineChat 3.0 - XSS
- [webapps] - Wordpress Like Dislike Counter 1.2.3 Plugin - SQL Injection Vulnerability
- [webapps] - LoadedCommerce7 - Systemic Query Factory Vulnerability
- [webapps] - IP Board 3.x - CSRF Token hjiacking
- [webapps] - Syslog LogAnalyzer 3.6.5 - Stored XSS (Python Exploit)
- [webapps] - PHP Stock Management System 1.02 - Multiple Persistent Cross Site Scripti
- [local] - HTML Help Workshop 1.4 - Local Buffer Overflow Exploit (SEH)
- [local] - BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit
- [webapps] - MyBB User Social Networks Plugin 1.2 - Stored XSS
- [webapps] - Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration A
- [webapps] - vBulletin 4.0.x - 4.1.2 (search.php, cat param) - SQL Injection Exploit
- [webapps] - Wordpress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection
- [webapps] - ManageEngine EventLog Analyzer Multiple Vulnerabilities
- [webapps] - ManageEngine Desktop Central - Arbitrary File Upload / RCE
- [remote] - Wing FTP Server Authenticated Command Execution
- [papers] - Outsmarted - Why Malware Works in face of Antivirus Software
- [papers] - [Spanish] Design and Implementation of a Voice Encryption System for Telep
- [webapps] - WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Vulnerability
- [webapps] - Arachni Web Application Scanner Web UI - Stored XSS Vulnerability
- [webapps] - Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Do
- [remote] - NRPE 2.15 - Remote Code Execution Vulnerability
- [remote] - F5 Big-IP - Unauthenticated rsync Access
- [local] - HTML Help Workshop 1.4 - (SEH) Buffer Overflow
- [dos] - Internet Explorer MS14-029 Memory Corruption PoC
- [webapps] - Plogger 1.0-RC1 - Authenticated Arbitrary File Upload
- [remote] - Firefox WebIDL Privileged Javascript Injection
- [webapps] - ManageEngine DeviceExpert 5.9 - User Credential Disclosure
- [webapps] - ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution
- [webapps] - PhpWiki - Remote Command Execution
- [webapps] - XRMS - Blind SQL Injection and Command Execution
- [webapps] - WordPress ShortCode Plugin 1.1 - Local File Inclusion Vulnerability
- [webapps] - WooCommerce Store Exporter 1.7.5 - SXSS and RXSS
- [local] - glibc Off-by-One NUL Byte gconv_translit_find Exploit
- [webapps] - ntopng 1.2.0 - XSS Injection
- [webapps] - VTLS Virtua InfoStation.cgi - SQL Injection
- [webapps] - ManageEngine Password Manager MetadataServlet.dat SQL Injection
- [webapps] - Innovaphone PBX Admin-GUI - CSRF Vulnerability
- [remote] - Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities
- [local] - BlazeDVD Pro 7.0 (.plf) - Buffer Overflow (SEH)
- [remote] - HybridAuth install.php PHP Code Execution
- [webapps] - MyBB 1.8 Beta 3 - Multiple Vulnerabilities
- [remote] - Gitlab-shell Code Execution
- [remote] - Firefox toString console.time Privileged Javascript Injection
- [webapps] - Feng Office - Stored XSS
- [webapps] - Tenda A5s Router 3.02.05_CN - Authentication Bypass Vulnerability
- [remote] - VirtualBox 3D Acceleration Virtual Machine Escape
- [remote] - VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution
- [webapps] - Disqus for Wordpress 2.7.5 Admin Stored CSRF and XSS
- [local] - VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation
- [webapps] - HybridAuth 2.2.2 - Remote Code Execution
- [local] - BlazeDVD Pro 7.0 - (.plf) Stack Based Buffer Overflow (Direct RET)
- [webapps] - TomatoCart 1.x - SQL Injection Vulnerability
- [dos] - Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm
- [dos] - SHARP MX Series - Denial of Service
- [webapps] - Easy FTP Pro 4.2 iOS - Command Injection Vulnerabilities
- [papers] - [Romanian] Stack Based Buffer Overflow
- [webapps] - PhotoSync Wifi & Bluetooth 1.0 - File Include Vulnerability
- [webapps] - Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities
- [shellcode] - Shellcode Linux x86 - chmod (777 /etc/passwd & /etc/shadow), Add New Ro
- [webapps] - Video WiFi Transfer 1.01 - Directory Traversal Vulnerability
- [webapps] - FreeDisk v1.01 iOS - Multiple Vulnerabilities
- [webapps] - TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Co
- [webapps] - ArticleFR 11.06.2014 (data.php) - Privilege Escalation
- [webapps] - Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability
- [webapps] - ISPConfig 3.0.54p1 - Authenticated Admin Local root Vulnerability
- [webapps] - TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities
- [webapps] - Status2k Server Monitoring Software - Multiple Vulnerabilities
- [webapps] - Sphider Search Engine - Multiple Vulnerabilities
- [webapps] - D-Link AP 3200 Multiple Vulnerabilities
- [webapps] - SkaDate Lite 2.0 - Remote Code Execution Exploit
- [webapps] - SkaDate Lite 2.0 - Multiple CSRF And Persistent XSS Vulnerabilities
- [webapps] - Sphider 1.3.6 - Multiple Vulnerabilities
- [webapps] - Dlink DWR-113 Rev. Ax - CSRF Denial of Service
- [webapps] - WiFi HD v7.3.0 iOS - Multiple Vulnerabilities
- [papers] - [Turkish] SQLMap CSRF Bypass
- [remote] - Oxwall 1.7.0 - Remote Code Execution Exploit
- [webapps] - Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities
- [webapps] - Ubiquiti UbiFi / mFi / AirVision - CSRF Vulnerability
- [webapps] - DirPHP 1.0 - LFI Vulnerability
- [webapps] - Sagem Fast 3304-V1 - Denial Of Service Vulnerability
- [webapps] - ZeroCMS 1.0 - Persistent Cross-Site Scripting Vulnerability
- [webapps] - Moodle 2.7 - Persistent XSS
- [webapps] - Pligg 2.0.1 - Multiple Vulnerabilities
- [local] - MQAC.sys Arbitrary Write Privilege Escalation
- [webapps] - Zenoss Monitoring System 4.2.5-2108 64bit - Stored XSS
- [dos] - Make 3.81 - Heap Overflow PoC
- [webapps] - Lian Li NAS - Multiple Vulnerabilities
- [dos] - BulletProof FTP Client 2010 - Buffer Overflow (SEH)
- [remote] - Omeka 2.2.1 - Remote Code Execution Exploit
- [webapps] - Wordpress Video Gallery Plugin 2.5 - Multiple Vulnerabilities
- [webapps] - NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure vulnerability
- [webapps] - Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persisten
- [local] - Microsoft XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation
- [shellcode] - Socket Re-use Shellcode for Linux x86 (50 bytes)
- [remote] - Kolibri WebServer 2.0 - GET Request SEH Exploit
- [webapps] - Aerohive HiveOS 5.1r5 - 6.1r5 - XSS & LFI Vulnerability
- [local] - Microsoft XP SP3 MQAC.sys - Arbitrary Write Privilege Escalation
- [shellcode] - Windows All Versions - Add Admin User Shellcode (194 bytes)
- [dos] - DjVuLibre
- [webapps] - Wordpress WP BackupPlus - Database And Files Backup Download (0day)
- [local] - Linux Kernel ptrace/sysret - Local Privilege Escalation
- [dos] - Apache 2.4.7 mod_status Scoreboard Handling Race Condition
- [remote] - IBM GCM16/32 1.20.0.22575 - Multiple Vulnerabilities
- [dos] - World Of Warcraft 3.3.5a (macros-cache.txt) - Stack Overflow
- [webapps] - Raritan PowerIQ 4.1.0 - SQL Injection Vulnerability
- [remote] - OpenVAS Manager 4.0 - Authentication Bypass Vulnerability PoC
- [webapps] - MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities
- [webapps] - Bilboplanet 2.0 - Multiple XSS Vulnerabilities
- [webapps] - Barracuda Networks Message Archiver 650 - Persistent XSS Vulnerability
- [dos] - ACME micro_httpd - Denial of Service
- [webapps] - Omeka 2.2 - CSRF And Stored XSS Vulnerability
- [webapps] - Bitdefender GravityZone 5.1.5.386 - Multiple Vulnerabilities
- [webapps] - Joomla Youtube Gallery Component - SQL Injection Vulnerability
- [remote] - Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability
- [dos] - Node Browserify 4.2.0 - Remote Code Execution Vulnerability
- [remote] - D-Link info.cgi POST Request Buffer Overflow
- [local] - OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Pr
- [webapps] - Shopizer 1.1.5 - Multiple Vulnerabilities
- [remote] - HP Data protector manager 8.10 remote command execution
- [remote] - D-Link Unauthenticated UPnP M-SEARCH Multicast Command Injection
- [remote] - D-Link HNAP Request Remote Buffer Overflow
- [remote] - D-Link info.cgi POST Request Buffer Overflow
- [webapps] - Infoblox 6.8.2.11 - OS Command Injection
- [webapps] - C99.php Shell - Authentication Bypass
- [webapps] - Frog CMS 0.9.5 - Arbitrary File Upload
- [remote] - Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow
- [webapps] - Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities
- [webapps] - Photo Org WonderApplications 8.3 iOS - File Include Vulnerability
- [remote] - Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload
- [remote] - Gitlist Unauthenticated Remote Command Execution
- [remote] - Oracle Event Processing FileUploadServlet Arbitrary File Upload
- [webapps] - FireEye Malware Analysis System (MAS) 6.4.1 - Multiple Vulnerabilities
- [webapps] - Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability
- [local] - Ubisoft Uplay 4.6 - Insecure File Permissions Local Privilege Escalation
- [dos] - Baidu Spark Browser v26.5.9999.3511 - Remote Stack Overflow Vulnerability (Do
- [papers] - [Hebrew] Digital Whisper Security Magazine #52
- [webapps] - Kerio Control 8.3.1 - Blind SQL Injection
- [webapps] - Zurmo CRM - Persistent XSS Vulnerability
- [remote] - Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 4.1.X Bypass
- [dos] - Flussonic Media Server 4.1.25 - 4.3.3 - Aribtrary File Disclosure
- [webapps] - IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities
- [papers] - The Ultimate XSS Protection Cheat Sheet for Developers
- [papers] - Asterisk Phreaking How-To
- [papers] - Back To The Future: Unix Wildcards Gone Wild
- [remote] - Gitlist
- [local] - check_dhcp 2.0.2 (Nagios Plugins) - Arbitrary Option File Read Race Conditi
- [webapps] - Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities
- [local] - chkrootkit 0.49 - Local Root Vulnerability
- [papers] - PoC || GTFO 0x04
- [webapps] - Endeca Latitude 2.2.2 - CSRF Vulnerability
- [webapps] - Wordpress Simple Share Buttons Adder Plugin 4.4 - Multiple Vulnerabilitie
- [webapps] - Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities
- [webapps] - Python CGIHTTPServer Encoded Path Traversal
- [local] - MS13-097 Registry Symlink IE Sandbox Escape
- [local] - MS14-009 .NET Deployment Service IE Sandbox Escape
- [remote] - HP AutoPass License Server File Upload
- [webapps] - Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit
- [remote] - Cogent DataHub Command Injection
- [remote] - AlienVault OSSIM < 4.7.0 - av-centerd 'get_log_line()' Remote Code Executi
- [webapps] - Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution (0-day)
- [papers] - Hacking Blind
- [dos] - Internet Explorer 8, 9 & 10 - CInput Use-After-Free (MS14-035) - Crash PoC
- [webapps] - Thomson TWG87OUIR - POST Password CSRF
- [remote] - AlienVault OSSIM av-centerd Command Injection
- [papers] - Android KeyStore Stack Buffer Overflow
- [remote] - D-Link hedwig.cgi Buffer Overflow in Cookie Header
- [remote] - D-Link authentication.cgi Buffer Overflow
- [papers] - Searching SHODAN For Fun And Profit
- [webapps] - ZeroCMS 1.0 - (zero_transact_article.php article_id POST parameter) SQL I
- [webapps] - Lunar CMS 3.3 - CSRF And Stored XSS Vulnerability
- [webapps] - Wordpress 3.9.1 - Page Persistent XSS
- [local] - Linux Kernel
- [webapps] - Wordpress 3.9.1 - CSRF vulnerabilities
- [webapps] - D-link DSL-2760U-E1 - Persistent XSS
- [webapps] - Cacti Superlinks Plugin 1.4-2 - SQL Injection
- [dos] - Kojoney 0.0.4.1 - 'urllib.urlopen()' Remote Denial of Service Vulnerability
- [webapps] - web2Project 3.1 - Multiple Vulnerabilities
- [remote] - Ericom AccessNow Server Buffer Overflow
- [local] - docker 0.11 VMM-container Breakout
- [remote] - Rocket Servergraph Admin Center fileRequestor Remote Code Execution
- [remote] - Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow Vulnerabi
- [webapps] - ZTE WXV10 W300 - Multiple Vulnerabilities
- [webapps] - Motorola SBG901 Wireless Modem - CSRF Vulnerability
- [local] - Adobe Reader for Android addJavascriptInterface Exploit
- [remote] - Easy File Management Web Server Stack Buffer Overflow
- [remote] - Java Debug Wire Protocol Remote Code Execution
- [papers] - [Persian] Oracle SID Detection Techniques - Part 4
- [papers] - [Persian] Oracle SID Detection Techniques - Part 3
- [papers] - [Persian] Oracle SID Detection Techniques - Part 2
- [papers] - [Persian] Oracle SID Detection Techniques - Part 1
- [webapps] - ZeroCMS 1.0 - zero_transact_user.php, Handling Privilege Escalation
- [remote] - Yealink VoIP Phone SIP-T38G - Privileges Escalation
- [remote] - Yealink VoIP Phone SIP-T38G - Remote Command Execution
- [remote] - Yealink VoIP Phone SIP-T38G - Local File Inclusion
- [remote] - Yealink VoIP Phone SIP-T38G - Default Credentials
- [remote] - ZTE and TP-Link RomPager - DoS Exploit
- [webapps] - Plesk 10.4.4/11.0.9 - SSO XXE/XSS Injection Exploit
- [dos] - PostgreSQL
- [local] - IBM AIX 6.1.8 libodm - Arbitrary File Write
- [webapps] - SHOUTcast DNAS 2.2.1 - Stored XSS
- [dos] - Core FTP LE 2.2 - Heap Overflow PoC
- [webapps] - ZeroCMS 1.0 (zero_view_article.php, article_id param) - SQL Injection Vul
- [webapps] - DevExpress ASPxFileManager 10.2 to 13.2.8 - Directory Traversal
- [webapps] - WebTitan 4.01 (Build 68) - Multiple Vulnerabilities
- [papers] - 64 bits Linux Stack Based Buffer Overflow
- [webapps] - eFront 3.6.14.4 (surname param) - Persistent XSS Vulnerability