Proof of concept exploit for a denial of service flaw in NetPanzer versions 0.8 and below.
5ff624cde9685495e6b6fc4bca2fc9d35587026706d74da6f828a005b3e418e2
PHPsFTPd suffers from an administrative password and login leak in versions 0.2 through 0.4.
4f45a148a31b04deef719772f639ea093c0d7246afcd668c9f81cb6994e9ce27
PHP Counter 7.2 is susceptible to a cross site scripting flaw.
ec9bc45f5335ff03bbf960c7eb269e2336ee2411eddca3d5198516c68bbe1552
Core Security Technologies Advisory ID: CORE-2005-0629 - A buffer overflow vulnerability was found in the status command of MailEnable version 1.54. Remote exploitation of this vulnerability could allow an attacker to execute arbitrary code with System privileges. The status command requires an authenticated session, so valid credentials are required. Proof of concept python exploit included.
a28f58f99a25cf46fe7632e45650d9b57f6a9b33048fde14068b89b01607e9d5
Pear XML-RPC Library 1.3.0 remote PHP code execution exploit. Written in Python.
5b00e2c1dec4d05c6fea96b4f2f0887c7238f88a3f83c7bdbce51ab86de341d8
SoftiaCom's wMailserver version 1.0 remote denial of service exploit.
7557765c5ef49c4ab55aadfbc153e91e9aff67989be5d12841a7ee97cfa367ca
Basic XMLRPC exploit written for Metasploit.
afd99ce56b043d9c761badf25d692314333c40bc7c231e8d363e0b0546cf891b
Nokia Affix Bluetooth btsrv/btobex makes poor use of system() allowing for remote command execution as root.
43a7a7e9ccef6513cee8d509624d337031032bd9abeef5a58831ab2c8a4e6ce6
DragonFly shopping cart allows for SQL injection attacks and price manipulation.
f3731ee7643b36fa0e65130b16541ef7e07f4dbac260d2b7479a4c697986b967
BlogTorrent versions 0.92 and below allow for direct access to the file storing users' password hashes and logins.
f16318de93bab383388f4c3616acf68cd72b4c6f8f36ecf5ef137730d472fc1b
Hosting Controller allows for unauthenticated session and user creation.
5c29c362c7dded2f739dd23b6b734d5204604a8bc9e120e4db8975962a1b20cd
ID Board 1.1.3 is susceptible to a SQL injection vulnerability. Exploitation details provided.
3de203c32c985882a4b30698c3e5c3492330124bd87ce0574ee498d383c4e994
SimplePHPBlog 0.4.0 suffers from a remote password hash disclosure vulnerability due to the password file for the system being downloaded and in the webroot.
016c4d9d240eea862bd808ef48b474ed8821e6fdc873c7d98a7fa1f9736e2147
The CGI script kaiseki.cgi is susceptible to a remote command execution vulnerability due to a lack of input validation. Details for exploitation provided.
bc0460db05bca845ee18911023e1cc039a125bbe78c2169b02db98b996cf8ce3
CartWIZ suffers from multiple SQL injection and cross site scripting flaws. Detailed exploitation provided.
6531c127e7e583ba7fefdb030bbf7e7e44a5aed7f43c14df6a7726419e8d427d
Comersus suffers from multiple SQL injection and cross site scripting flaws. Detailed exploitation provided.
89f868388a71db2a6fdff00ecf45c31ecece58bd6dc3b76f3807199f4d77ca1b
PhpAuction suffers from authentication bypass, SQL injection, cross site scripting, and file inclusion vulnerabilities. Detailed exploitation provided.
f2316d88cd2264a9859477b05fd94ba5e10a624685a7274f87766211ffeff407
Documentum eRoom 6.x suffers from problematic cookie handling and code execution vulnerabilities.
0ecd59218425650299eb6433cd10686e0281e8c5eeacf121d26f18a5aeaec0ff
GNATS, the GNU problem report management system, allows attackers to overwrite any files when installed setuid root. Versions 4.1.0 and 4.0 are confirmed vulnerable.
4031dc7bd80756c01de19fbd5c5b10ed61647fcf3d7a8d671efe64383ea17a13
The McAfee Intrushield IPS Management Console has been found susceptible to html and javascript injection, privilege escalation, and unauthenticated report deletion.
e44cf0de8c358ef924cc85051e0b96755dce09ff74b6909f706270ab2278f337
Phpwebsite suffers from multiple SQL injection flaws and a directory traversal vulnerability. Detailed exploitation provided.
72609023a954b0715a52542825a64ed43c292f8cc141424428a1038ad580c36a
Solaris has a bug in the use of SO_REUSEADDR in that the kernel favors any socket binding operation that is more specific than the general *.* wildcard bind(). Due to this, a malicious socket can bind to an already bound interface if a specific IP address is used. Exploit included.
9a57bfc1f13e75c3b857db7f9fa66b1d8bc8b6525ba1d8a4eed4fea59f468b53
probe.cgi allows for remote command execution due to a lack of a properly sanitized olddat variable.
ffed25e8dc8ac2349199fd07dad579584138cc7bbe6ddaa9a66256d1153cf09f
MyGuestbook version 0.6.1 suffers from a remote code execution vulnerability. Detailed exploitation provided.
f33d0e8a0b9bcc63132308251701b0eaef7668ccddf907e928162648d8fd6b77
A cross site scripting bug exists in phpBB 2.0.16.
df2d7e5c9a2e12f4c7d1163c9b83c906b93e8f7598c2b9a5923bbc30341a93d3