Proof of concept exploit for the Windows ANI File Parsing vulnerability that works against Microsoft Windows Server 2003, XP SP0/SP1, and all versions of Windows 2000.
91c664069aaf04eeb2fd8b56dc978ae1a85c97f8aebaa343b6a3a748475d770d
Golden FTP server exploit that binds a shell on port 4444 after making use of a buffer overflow using RNTO.
9724f97a1ecada3be15f4742b07636f26e97c99aca03c918c47480b86a0c9e10
This code calls a URL in the browser window but fails to update the address bar in Internet Explorer. It appears that the form submission is suspended with the interrupt of the 'window.alert' call.
5fa49406e32cc1f2292382225ac7d84a711606f41edf1a871c33e51865dd8cbc
MPM Guestbook Pro remote exploit that performs arbitrary command execution and local file upload.
8fa4ecc8f4bf22735a4a28510742a044cea289c4ca55a8b239f9e934bbb92f54
Proof of concept exploit for DivX player versions 2.6 and below that allow for arbitrary file overwriting via a flaw in handling skins.
528c24d73ee874822073440071c6461caba58ba67d803ce1718840bd7827fbff
Siteman version 1.0.x is susceptible to administrative account injection due to a lack of variable sanitization.
e5a5bf492a4c40f297327f5f1d1daa9de444247c8372eae725e2f1b6c19ca055
fkey version 0.0.2 local file accessibility exploit.
dfb6bbb2d3c62d255c655605b6d08045515378ba0ce5439df34cced8c6849b4a
STG Security Advisory: JSBoard versions 2.0.9 and below suffer from an input validation flaw that allows for arbitrary file reading.
04fa973bf4b6839924d1a72282fd12936c652ed1299fc3906090b148f9953989
STG Security Advisory: GForge versions 3.3 and below are susceptible to directory traversal attacks.
8dc2e1f4564aa448435f8b3771a3642f05fd3c4d9e6cbbf1dbd81ef08a7da42a
Mac OSX versions 10.3.x with a Darwin Kernel equal to or below 7.7.0 are susceptible to a denial of service flaw that may allow for possible privilege escalation.
237a3224700bab126e3d93c2630bea4ae47220dea9a8923e14614ec3c58c12e9
NodeManager Professional 2.00 buffer overflow exploit that binds a shell to port 2001.
d2760218e3f15342798e63cffabc4d5d0a5db7643df4ce807004ab02371da3e8
The Netegrity SiteMinder smpwservicescgi.exe is susceptible to a remote data inclusion vulnerability that allows for phishing attacks.
ba2e8bce8ac6c15f997f1dbeffe9a186f5050292a7ea62b8f9c7ae2dde132eee
Proof of concept local exploit for Exim version 4.41.
1a839bac6db247dda2ba272d3176761f8ca62bce03f16b97e11e0ac59b9bbd7c
Peer2Mail Encrypt passdumper exploit version 1.0. Versions 1.4 and below are affected. Tested on Win XP SP2.
9e68cf5568109ed38a372ad93eb6b342c953163593ce9cb057b493fc49efe43c
Flaws in Kazaa allow for arbitrary code execution and for remote execution of code.
54d24c88f2912b09d0b345f953c5e2770d0632927a44603c2da9fd28f2b664fc
Gallery 1.3.4 suffers from remote script inclusion and cross site scripting vulnerabilities.
36bc6482ca51b4b7350ffc8c1ee1e6a6bb416073b0a7a3a9c534cf7492035976
The Netgear FVS318 version 2.4 router is susceptible to filter bypass when the URL is hex encoded and it also have a cross site scripting flaw.
e0429ec6f905a58deb753259af332c31bbfdea50bc29d36fff67ce55cbe545dc
Direct access to administrative pages in SparkleBlog do not require any authentication. Additionally, is it susceptible to cross site scripting flaws.
40ed3e540124f66225b479f580198e60203fc9805df45f8f3044838e6f6f52b5
Apache mod_auth_radius denial of service exploit that makes use of an integer overflow. All versions up to 1.5.4/1.5.7 are affected.
f7ff7f47f7ce5c52334025dc09ef1c15014686b6928c566e2615a001bbaf8e23
Proof of concept exploit for iTunes 4.3.7 on OS X 10.3.7. Shellcode binds a shell to port 4444.
b05f72bd3493e1d0b8d1ee90794c20b56668c3916fe59f0c1ec9dedcf40e49fe
Apple iTunes Playlist buffer overflow download shellcoded exploit. Versions up to 4.7 are affected. Tested with iTunes v4.7 on WinXP SP2 EN.
980e29b173e8a41638fcc56d3e43c65e0fadd1fe21f3843fda8f99b6a5c8e1ce
Minis 0.2.1 suffers from a directory traversal flaw that allows for viewing of files outside of the webroot. If the server does not have access to the file, it enters into a loop causing a denial of service.
bc6ce20ca36bb68498535718c232cac09a37599b8dae319f5270eaad999cd7b2
phpGiftReq 1.4.0 suffers from multiple SQL injection flaws that allow for manipulation of the database.
ccab1b3b37dc00b2ce75e69c79399eccdef31a6d7916011f4463b9fbd94ccd62
A cross site scripting vulnerability in Froogle allows for theft of the Google GMail cookie.
0179530cd2417889ba6e45be56a4de62e152084a405eb4c88b5500db98b06304
Full version of the expand_stack SMP race proof of concept exploit that makes use of a locally exploitable flaw in the Linux page fault handler code.
145d1f9c198c773549d49a4c5ec104fe0cf2f1f1a0edb16986e3f10aa42ac5c6