- [papers] - [Turkish] Introduction to ARM Exploitation
- [shellcode] - [Raspberry Pi] Linux/ARM - chmod("/etc/shadow", 0777) - 41 bytes
- [shellcode] - [Raspberry Pi] Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 30 bytes
- [dos] - Oracle VM VirtualBox 4.1 Local Denial of Service Vulnerability
- [webapps] - Joomla RokModule Component (index.php, module parameter) Blind SQLi
- [webapps] - VICIDIAL Call Center Suite
- [remote] - Openfiler v2.x NetworkCard Command Execution
- [remote] - WAN Emulator v2.3 Command Execution
- [papers] - Detecting and Exploiting XSS Vulnerabilities with Xenotix XSS Exploit Fram
- [dos] - WAP Proof 2008 Denial of Service
- [papers] - [Arabic] First Step To Find Vulnerabilities
- [webapps] - Pinterest Clone Script Multiple Vulnerabilities
- [remote] - HP SiteScope Remote Code Execution
- [local] - ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow
- [remote] - Sflog! CMS 1.0 Arbitrary File Upload Vulnerability
- [remote] - SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow
- [remote] - Symantec Messaging Gateway 9.5/9.5.1 SSH Default Password Security Bypass
- [webapps] - TestLink 1.9.3 CSRF Vulnerability
- [webapps] - Sitecom Home Storage Center Auth Bypass Vulnerability
- [webapps] - Clipster Video Persistent XSS Vulnerability
- [webapps] - Cannonbolt Portfolio Manager v1.0 Multiple Vulnerabilities
- [webapps] - MobileCartly 1.0 Arbitrary File Creation Vulnerability
- [papers] - How to Use PyDbg as a Powerful Multitasking Debugger
- [webapps] - Ektron CMS 8.5.0 Multiple Vulnerabilities
- [remote] - JBoss DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)
- [webapps] - ES Job Search Engine v3.0 SQL Injection Vulnerability
- [webapps] - Novell Sentinel Log Manager
- [webapps] - QNAP Turbo NAS TS-1279U-RP Multiple Path Injection
- [webapps] - Group Office Calendar (calendar/json.php) SQL Injection
- [webapps] - JIRA 4.4.3, GreenHopper < 5.9.8 Multiple Vulnerabilities
- [webapps] - Splunk
- [webapps] - Conceptronic Grab’n’Go Network Storage Directory Traversal
- [papers] - [Hebrew] Digital Whisper Security Magazine #35
- [webapps] - Sitecom Home Storage Center Directory Traversal
- [dos] - WarFTP Daemon 1.82 RC 11 Remote Format String Vulnerability
- [dos] - Internet Download Manager All Versions Memory Corruption Vulnerability
- [webapps] - AV Arcade Free Edition (add_rating.php, id parameter) Blind SQL Injection
- [papers] - Shellcoding in Linux
- [webapps] - Admidio 2.3.5 Multiple Vulnerabilities
- [webapps] - Joomla Spider Calendar Lite (com_spidercalendar) SQL Injection
- [webapps] - SugarCRM Community Edition 6.5.2 (Build 8410) Multiple Vulnerabilities
- [dos] - Adobe Photoshop CS6 PNG Parsing Heap Overflow
- [webapps] - OTRS Open Technology Real Services 3.1.8 and 3.1.9 XSS Vulnerability
- [webapps] - vBulletin Yet Another Awards System 4.0.2 SQL Injection
- [remote] - SAP NetWeaver HostControl Command Injection
- [webapps] - GigKalender v1.2 CSRF Vulnerability
- [webapps] - Booking System Pro CSRF Vulnerability
- [webapps] - IVAO Software Development CMS SQL Injection Vulnerability
- [webapps] - Disqus Blog Comments Blind SQL Injection Vulnerability
- [webapps] - Wordpress HD Webplayer 1.1 SQL Injection Vulnerability
- [dos] - Winlog Lite SCADA HMI system SEH 0verwrite Vulnerability
- [local] - ActFax 4.31 Local Privilege Escalation Exploit
- [papers] - DNS-Based Phishing Attack in Public Hotspots
- [webapps] - RV Shopping Cart CSRF Vulnerability
- [webapps] - RV Article Publisher CSRF Vulnerability
- [webapps] - CommPort 1.01
- [remote] - Simple Web Server 2.2-rc2 ASLR Bypass Exploit
- [webapps] - Conceptronic Grab’n’Go and Sitecom Storage Center Password Disclosure
- [dos] - Express Burn Plus v4.58 EBP Project File Handling Buffer Overflow PoC
- [webapps] - Wordpress Count per Day Plugin 3.2.3 XSS Vulnerability
- [local] - Microsoft Windows Kernel Intel x64 SYSRET PoC
- [webapps] - Elcom CMS 7.4.10 Community Manager Insecure File Upload
- [webapps] - xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerabili
- [webapps] - Aoop CMS 0.3.6 Multiple Vulnerabilities
- [remote] - Java 7 Applet Remote Code Execution
- [webapps] - XWiki 4.2-milestone-2 Multiple Stored XSS Vulnerabilities
- [remote] - Zabbix Server Arbitrary Command Execution
- [papers] - [Arabic] - Internet Explorer MSXML (MS12-043)
- [webapps] - vlinks 2.0.3 (site.php id parameter) SQL Injection
- [papers] - Sage 50 Payroll 2012 Password Bypass Local Software Exploit
- [webapps] - web@all CMS 2.0 Multiple Vulnerabilities
- [webapps] - Wiki Web Help 0.3.9 Multiple Stored XSS Vulnerabilities
- [dos] - WireShark 1.8.2 & 1.6.0 Buffer Overflow 0day PoC
- [webapps] - Ad Manager Pro Multiple Vulnerabilities
- [webapps] - BusinessWiki 2.5RC3 Stored XSS & Arbitrary File Upload
- [webapps] - Easy Banner Pro (index.php page) Local File Inclusion
- [webapps] - AB Banner Exchange (index.php page) Local File Inclusion
- [webapps] - Text Exchange Pro (index.php page) Local File Inclusion
- [webapps] - WebPA
- [webapps] - Ad Manager Pro v. 4 LFI
- [webapps] - op5 Monitoring v5.4.2 (VM Applicance) Multiple Vulnerabilities
- [webapps] - web@all CMS 2.0 (_order) SQL Injection Vulnerability
- [remote] - Vice City Multiplayer Server 0.3z R2 Remote Code Execution
- [webapps] - LetoDMS 3.3.6 Multiple Vulnerabilities
- [webapps] - E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
- [webapps] - XODA 0.4.5 Arbitrary PHP File Upload Vulnerability
- [webapps] - VamCart v0.9 CSRF Vulnerability
- [webapps] - OpenDocMan v1.2.6.1 Password Change CSRF
- [dos] - SAP Netweaver Dispatcher 7.0 EHP1/2 Multiple Vulnerabilities
- [remote] - Sysax Multi Server 5.64 Create Folder Buffer Overflow
- [webapps] - Clipbucket v2.5 Blind SQLi Vulnerability
- [webapps] - Symantec Web Gateway
- [webapps] - Symantec Web Gateway
- [webapps] - Clipbucket v2.5 Directory Traversal
- [webapps] - XODA Document Management System v0.4.5 XSS & Arbitrary File Upload
- [webapps] - ocPoral CMS 8.x CSRF Vulnerability
- [webapps] - SePortal 2.5 CSRF Vulnerability
- [webapps] - IOServer "Root Directory" Trailing Backslash Multiple Vulnerabilities
- [webapps] - PG Portal Pro CSRF Vulnerability
- [webapps] - Uebimiau Webmail 2.7.2 Stored XSS
- [webapps] - YourArcadeScript 2.4 (index.php id parameter) SQL Injection
- [webapps] - Hivemail Webmail Multiple Stored XSS Vulnerabilities
- [remote] - Sysax Multi-Server 5.64 Create Folder Buffer Overflow
- [webapps] - Alpha Networks ADSL2/2+ Wireless Router ASL-26555 Password Disclosure
- [webapps] - ClipBucket 2.5 CSRF Vulnerability
- [webapps] - T-dah Webmail CSRF & Stored XSS
- [webapps] - GWebmail 0.7.3 XSS & LFI RCE Vulnerabilities
- [webapps] - Hupa Webmail 0.0.2 Stored XSS
- [webapps] - IlohaMail Webmail Stored XSS
- [remote] - Apple Quicktime plugin - Windows 4.1.2 (Japanese) Remote Overflow Vulnerab
- [webapps] - Jaow CMS v2.3 Blind SQLi Vulnerability
- [webapps] - Inferno vBShout
- [webapps] - WeBid
- [webapps] - Social Engine v4.2.5 Multiple Vulnerabilities
- [webapps] - Jaow CMS v2.3 CSRF Vulnerability
- [webapps] - T-dah Webmail Multiple Stored XSS
- [webapps] - Hastymail2 Webmail 1.1 RC2 Stored XSS
- [webapps] - Elastix 2.2.0 LFI Exploit
- [webapps] - ManageEngine OpStor v7.4 Multiple Vulnerabilities
- [remote] - IE Time Element Memory Corruption Exploit (MS11-050)
- [webapps] - Roundcube Webmail Version 0.8.0 Stored XSS
- [webapps] - ProQuiz v2.0.2 CSRF Vulnerability
- [remote] - E-Mail Security Virtual Appliance (ESVA) Remote Execution
- [webapps] - sphpforum 0.4 Multiple Vulnerabilities
- [webapps] - Cyclope Employee Surveillance Solution v6.0 Multiple Vulnerabilities
- [webapps] - xt:Commerce
- [local] - globalSCAPE CuteZIP Stack Buffer Overflow
- [webapps] - MobileCartly 1.0 Remote File Upload Vulnerability
- [local] - Windows Service Trusted Path Privilege Escalation
- [remote] - Cyclope Employee Surveillance Solution v6 SQL Injection
- [webapps] - WordPress RSVPMaker v2.5.4 Persistent XSS
- [remote] - TestLink v1.9.3 Arbitrary File Upload Vulnerability
- [remote] - Novell ZENworks Asset Management Remote Execution
- [webapps] - MaxForum v1.0.0 Local File Inclusion
- [local] - OS X Local Root Exploit for Viscosity OpenVPN Client
- [webapps] - IBM WebSphere MQ File Transfer Edition Web Gateway Insufficient Access Co
- [webapps] - IBM WebSphere MQ File Transfer Edition Web Gateway CSRF Vulnerability
- [webapps] - Hotel Booking Portal v0.1 Multiple Vulnerabilities
- [dos] - Spytech NetVizor v6.1 (services.exe) DoS
- [webapps] - WordPress Mz-jajak plugin
- [webapps] - PHP ProQuiz V2 Remote File Inclusion
- [local] - Tunnelblick Local Root Exploit #2
- [webapps] - Flynax General Classifieds v4.0 CMS Multiple Vulnerabilities
- [local] - Solaris 10 Patch 137097-01 Symlink Attack Privilege Escalation
- [webapps] - MobileCartly 1.0 Arbitrary File Write Vulnerability
- [papers] - Whitepaper: Bypassing Antivirus with a Sharp Syringe
- [local] - Tunnelblick Local Root Exploit
- [webapps] - MobileCartly 1.0 Remote Code Execution
- [webapps] - MobileCartly 1.0 Arbitrary File Deletion Vulnerability
- [remote] - NetDecision 4.2 TFTP Writable Directory Traversal Execution
- [webapps] - Cyclope Employee Surveillance Solution v6.0 SQL Injection
- [webapps] - Kamads classifieds V2 Multiple Vulnerabilities
- [webapps] - Joomla FireBoard Component (com_fireboard) SQL Injection Vulnerability
- [webapps] - IBM Proventia Network Mail Security System 2.5 POST File Read
- [webapps] - Xeams Email Server 4.4 Build 5720 Stored XSS
- [webapps] - SurgeMail 6.0a4 Stored XSS
- [webapps] - SmarterMail Free 9.2 Stored XSS
- [webapps] - Wordpress SimpleMail Plugin 1.0.6 Stored XSS
- [webapps] - Wordpress Postie Plugin 1.4.3 Stored XSS
- [webapps] - T-dah Webmail Client 3.2.0-2.3 Stored XSS
- [webapps] - WinWebMail Server 3.8.1.6 Stored XSS
- [webapps] - Wordpress ThreeWP Email Reflector Plugin 1.13 Stored XSS
- [remote] - PHP IRC Bot pbot eval() Remote Code Execution
- [remote] - Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
- [webapps] - Alt-N MDaemon Free 12.5.4 Stored XSS
- [webapps] - ManageEngine Service Desk Plus 8.1 Stored XSS
- [webapps] - Wordpress Mini Mail Dashboard Widget 1.42 Stored XSS
- [webapps] - OTRS Open Technology Real Services 3.1.4 Stored XSS
- [webapps] - Axigen Mail Server 8.0.1 Stored XSS
- [webapps] - EmailArchitect Enterprise Email Server 10.0 Stored XSS
- [webapps] - ESCON SupportPortal Pro 3.0 Stored XSS
- [webapps] - MailTraq 2.17.3.3150 Stored XSS
- [webapps] - MailEnable Enterprise 6.5 Stored XSS
- [webapps] - AfterLogic Mailsuite Pro (VMware Appliance) 6.3 Stored XSS
- [webapps] - Openconstructor CMS 3.12.0 \'id\' Parameter Multiple SQL Injection
- [webapps] - Inout Mobile Webmail APP Persistent XSS Vulnerability
- [webapps] - iAuto Mobile Application 2012 Multiple Vulnerabilities
- [webapps] - AraDown Blind SQL Injection
- [remote] - Ubisoft uplay 2.0.3 Active X Control Arbitrary Code Execution
- [webapps] - Joomla En Masse Component 1.2.0.4 SQL Injection
- [webapps] - WespaJuris
- [webapps] - Zoho BugTracker Multiple Stored XSS Vulnerabilities
- [remote] - Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelServic
- [remote] - Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelServic
- [remote] - Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
- [local] - CoolPlayer+ Portable 2.19.2 Buffer Overflow ASLR Bypass (Large Shellcode)
- [dos] - AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution
- [webapps] - WP Effective Lead Management v3.0.0 Persistent XSS
- [webapps] - Tickets CAD 2.20G Multiple Vulnerabilities
- [local] - CoolPlayer Portable 2.19.2 Buffer Overflow ASLR bypass
- [webapps] - Islamnt Islam Forum Script 1.2 Blind SQL Injection Exploit
- [webapps] - am4ss 1.2
- [webapps] - am4ss Support System 1.2 PHP Code Injection Exploit
- [remote] - Dell SonicWALL Scrutinizer 9 SQL Injection
- [remote] - Cisco Linksys PlayerPT ActiveX Control SetSource sURL argument Buffer Over
- [remote] - Zenoss 3 showDaemonXMLConfig Command Execution
- [dos] - FreeBSD Kernel SCTP Remote NULL Ptr Dereference DoS
- [local] - Nvidia Linux Driver Privilege Escalation
- [webapps] - Joomla joomgalaxy 1.2.0.4 Multiple Vulnerabilities
- [shellcode] - Linux x86 chmod 666 /etc/passwd & /etc/shadow - 57 bytes
- [remote] - Microsoft Internet Explorer Fixed Table Col Span Heap Overflow
- [webapps] - WebPageTest Arbitrary PHP File Upload
- [shellcode] - Linux x86 ASLR deactivation - 83 bytes
- [webapps] - ManageEngine Mobile Application Manager v10 SQL Injection
- [webapps] - ManageEngine Application Manager 10 Multiple Vulnerabilities
- [webapps] - Joomla Movm Extension (com_movm) SQL Injection
- [papers] - [Hebrew] Digital Whisper Security Magazine #34
- [remote] - pBot Remote Code Execution
- [dos] - eGlibc Signedness Code Execution Vulnerability
- [webapps] - Joomla com_niceajaxpoll
- [webapps] - Dr. Web Control Center 6.00.3.201111300 XSS Vulnerability
- [webapps] - Symantec Web Gateway 5.0.3.18 (deptUploads_data.php groupid parameter) Bl
- [remote] - Sysax Multi-Server 5.64 Create Folder Buffer Overflow
- [remote] - httpdx
- [papers] - Transferable State Attack on Iterated Hashing Functions
- [local] - Photodex ProShow Producer 5.0.3256 load File Handling Buffer Overflow
- [papers] - [Hebrew] Digital Whisper Security Magazine #33
- [remote] - Cisco Linksys PlayerPT ActiveX Control Buffer Overflow
- [webapps] - CuteFlow v2.11.2 Arbitrary File Upload Vulnerability
- [remote] - Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection
- [papers] - Bypassing Spam Filters Using Homographs
- [local] - Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 Buffer Overflow (ASLR and D
- [remote] - Symantec Web Gateway 5.0.3.18 pbcontrol.php ROOT RCE Exploit
- [webapps] - Zabbix 2.0.1 and Earlier Session Extractor 0day
- [papers] - 2012-1889 Technical Analysis Report
- [webapps] - WordPress Front End Upload v0.5.4.4 Arbitrary PHP File Upload
- [webapps] - Symantec Web Gateway 5.0.3.18 LFI Remote ROOT RCE Exploit
- [webapps] - SpiceWorks 5.3.75941 Stored XSS and Post-Auth SQL Injection
- [webapps] - AlienVault OSSIM 3.1 Reflected XSS and Blind SQL Injection
- [webapps] - Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers
- [papers] - CVE-2012-1889: Security Update Analysis
- [webapps] - MySQL Squid Access Report 2.1.4 HTML Injection
- [local] - MyMp3 Player Stack .m3u DEP Bypass Exploit
- [webapps] - Symantec Web Gateway 5.0.2 (blocked.php id parameter) Blind SQL Injection
- [webapps] - Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure
- [local] - Photodex ProShow Producer v5.0.3256 Local Buffer Overflow Exploit
- [webapps] - EGallery PHP File Upload Vulnerability
- [remote] - Simple Web Server Connection Header Buffer Overflow
- [webapps] - Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE
- [webapps] - Dell SonicWALL Scrutinizer 9.0.1 (statusFilter.php q parameter) SQL Injec
- [webapps] - SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilit
- [webapps] - X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability
- [remote] - Atmail Email Server Appliance 6.4 XSS - CSRF - RCE
- [dos] - httpdx 1.5.4 Remote HTTP Server Denial of Service
- [dos] - ptunnel
- [dos] - Oxide Webserver 2.0.4 Denial of Service Vulnerability
- [webapps] - NetArt Media iBoutique 4.0 (index.php key parameter) SQL Injection Vulner
- [dos] - PHP 6.0 openssl_verify() Local Buffer Overflow PoC
- [webapps] - PHP-Nuke module(SPChat) SQL Injection Vulnerability
- [remote] - Novell ZENworks Configuration Management Preboot Service 0x4c Buffer Overf