Ранливости

На оваа страница се прикажани ранливости, безбедносни предупредувања, експлоатациски кодови и кодови со доказ на концепт (PoC) пронајдени од тимот на Zero Science Lab.

- 2013 -

[14.05.2013] Wordpress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability

[11.05.2013] Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability

[10.05.2013] Securimage 3.5 URI-based Cross-Site Scripting Vulnerability

[14.04.2013] CMSLogik 1.2.1 (upload_file_ajax()) Shell Upload Exploit

[14.04.2013] CMSLogik 1.2.1 (user param) User Enumeration Weakness

[14.04.2013] CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities

[21.03.2013] TP-Link TL-WR740N Wireless Router Remote Denial Of Service Exploit

[06.03.2013] Qool CMS v2.0 RC2 XSRF Add Root Exploit

[06.03.2013] Qool CMS v2.0 RC2 Multiple HTML And JavaScript Injection Vulnerabilities

[25.02.2013] MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities

[25.02.2013] MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities

[25.02.2013] MTP Image Gallery 1.0 (title) Remote Script Insertion Vulnerability

[21.02.2013] OpenEMR 4.1.1 (site param) Remote XSS Vulnerability

[19.02.2013] Squirrelcart v3.5.4 (table) Remote Cross-Site Scripting Vulnerability

[18.02.2013] Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability

[13.02.2013] OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability

[13.02.2013] AbanteCart 1.1.3 (index.php) Multiple Reflected XSS Vulnerabilities

[20.01.2013] Aloaha Credential Provider Monitor 5.0.226 Local Privilege Escalation Vulnerability

[13.01.2013] phlyLabs phlyMail Lite 4.03.04 (go param) Open Redirect Vulnerability

[13.01.2013] phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities

[08.01.2013] Joomla Incapsula Component <= 1.4.6_b Reflected Cross-Site Scripting Vulnerability

- 2012 -

[20.12.2012] Sony PC Companion 2.1 (Admin_RemoveDirectory()) Stack-based Unicode Buffer Overload

[20.12.2012] Sony PC Companion 2.1 (CheckCompatibility()) Stack-based Unicode Buffer Overload

[20.12.2012] Sony PC Companion 2.1 (Load()) Stack-based Unicode Buffer Overload SEH

[20.12.2012] Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overload SEH

[06.12.2012] NVIDIA Install Application 2.1002.85.551 (NVI2.dll) Unicode Buffer Overflow PoC

[30.11.2012] Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities

[28.11.2012] Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities

[26.11.2012] PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability

[26.10.2012] NASA Tri-Agency Climate Education (TrACE) v1.0 SQL Injection Vulnerability

[26.10.2012] NASA Tri-Agency Climate Education (TrACE) v1.0 Multiple XSS Vulnerabilities

[04.10.2012] Oracle Identity Management 10g (username) XSS POST Injection Vulnerability

[25.09.2012] ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability

[25.09.2012] ViArt Shop Enterprise 4.1 (post-auth) Multiple Stored XSS Vulnerabilities

[17.09.2012] Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities

[11.09.2012] Subrion CMS 2.2.1 CSRF Add Admin Exploit

[11.09.2012] Subrion CMS 2.2.1 Multiple Remote XSS POST Injection Vulnerabilities

[06.09.2012] Cannonbolt Portfolio Manager v1.0 Stored XSS and SQL Injection Vulnerabilities

[28.08.2012] Express Burn Plus v4.58 EBP Project File Handling Buffer Overflow PoC

[23.08.2012] xt:Commerce v4.0.15 (products_name_de) Script Insertion Vulnerability

[23.08.2012] Monstra 1.2.1 Multiple HTML Injection Vulnerabilities

[23.08.2012] KindEditor 4.1.2 (name parameter) Reflected XSS Vulnerability

[23.08.2012] web@all CMS 2.0 (_order) SQL Injection Vulnerability

[23.08.2012] web@all CMS 2.0 Multiple Remote XSS Vulnerabilities

[23.08.2012] SiNG cms 2.9.0 (email) Remote XSS POST Injection Vulnerability

[06.08.2012] Zoho BugTracker Multiple Stored XSS Vulnerabilities

[05.08.2012] PolarisCMS (blog.aspx) Remote URI Based Cross-Site Scripting Vulnerability

[20.06.2012] IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities

[12.06.2012] Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow

[04.06.2012] PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability

[16.05.2012] Artiphp CMS 5.5.0 Database Backup Disclosure Exploit

[16.05.2012] Artiphp CMS v5.5.0 Multiple XSS POST Injection Vulnerabilities

[16.05.2012] backupDB() v1.2.7a (onlyDB) Remote XSS Vulnerability

[16.05.2012] phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability

[09.05.2012] Andromeda Streaming MP3 Server v1.9.3.6 (s param) Remote XSS Vulnerability

[02.05.2012] Baby Gekko CMS v1.1.5c Multiple Stored Cross-Site Scripting Vulnerabilities

[20.04.2012] Anchor CMS v0.6 Multiple Persistent XSS Vulnerabilities

[11.04.2012] BGS CMS v2.2.1 Multiple Stored Cross-Site Scripting Vulnerabilities

[03.04.2012] Zend Optimizer 3.3.3 (Windows) Insecure Permissions

[23.03.2012] Spotify 0.8.2.610 (search func) Memory Exhaustion Exploit

[21.03.2012] phpList 2.10.17 Remote SQL Injection and XSS Vulnerability

[20.03.2012] Oreans WinLicense v2.1.8.0 XML File Handling Unspecified Memory Corruption

[20.03.2012] Oreans Themida v2.1.8.0 TMD File Handling Buffer Overflow Vulnerability

[10.03.2012] Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities

[07.03.2012] Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities

[06.03.2012] Fork CMS 3.2.7 Multiple HTML Code Injection Vulnerabilities

[25.02.2012] webgrind 1.0 (file param) Local File Inclusion Vulnerability

[17.02.2012] SQL Buddy 1.3.3 (GET/POST) Multiple Remote Cross-Site Scripting Vulnerabilities

[17.02.2012] webgrind 1.0 (dataFile) Remote Reflected XSS Vulnerability

[17.02.2012] WampServer <= 2.2c (lang) Remote Cross-Site Scripting Vulnerability

[08.02.2012] SciTools Understand 2.6 (wintab32.dll) DLL Loading Arbitrary Code Execution

[07.02.2012] ManageEngine ADManager Plus 5.2 Multiple XSS Vulnerabilities

[31.01.2012] EdrawSoft Office Viewer Component ActiveX 5.6 (officeviewermme.ocx) BoF PoC

[31.01.2012] Mindjet MindManager 2012 v10.0.493 Multiple Remote Vulnerabilities

[29.01.2012] Tracker Software pdfSaver ActiveX 3.60 (pdfxctrl.dll) Stack Buffer Overflow (SEH)

[04.01.2012] Limny 3.0.1 (login.php) Remote URI Based Cross-Site Scripting Vulnerability

- 2011 -

[21.12.2011] Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability

[21.12.2011] Infoproject Biznis Heroj (XSS/SQLi) Multiple Remote Vulnerabilities

[05.12.2011] SopCast 3.4.7 sop:// URI Handling Remote Stack Buffer Overflow PoC

[05.12.2011] SopCast 3.4.7 (Diagnose.exe) Improper Permissions

[01.12.2011] Hero Framework 3.69 Remote Reflected Cross-Site Scripting Vulnerability

[28.11.2011] Manx cms.xml 1.0.1 (simplexml_load_file()) Directory Traversal Vulnerability

[28.11.2011] Manx cms.xml 1.0.1 Multiple HTTP Response Splitting Vulnerabilities

[28.11.2011] Manx cms.xml 1.0.1 (ajax_get_file_listing.php) Multiple XSS Vulnerabilities

[13.11.2011] Hotaru CMS 1.4.2 SITE_NAME Parameter Stored XSS Vulnerability

[10.11.2011] Soda PDF Professional 1.2.155 PDF/WWF File Handling Restriction of Service (RoS)

[08.11.2011] 11in1 CMS v1.0.1 (do.php) CRLF Injection Vulnerability

[07.11.2011] XAMPP 1.7.7 Multiple URI Based Cross-Site Scripting Vulnerabilities

[02.11.2011] SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability

[26.10.2011] vtiger CRM 5.2.1 Multiple Remote Cross-Site Scripting Vulnerabilities

[10.10.2011] Cotonti CMS v0.9.4 Multiple Remote Vulnerabilities

[04.10.2011] Ashampoo Burning Studio Elements 10.0.9 (.ashprj) Heap Overflow Vulnerability

[01.10.2011] Adobe Photoshop Elements 8.0 Multiple Arbitrary Code Execution Vulnerabilities

[19.09.2011] Toko Lite CMS 1.5.2 (edit.php) HTTP Response Splitting Vulnerability

[19.09.2011] Toko Lite CMS 1.5.2 (EditNavBar.php) Multiple Parameters XSS POST Injection

[17.09.2011] iGallery Plugin v1.0.0 (dir) Remote Cross-Site Scripting Vulnerability

[17.09.2011] iManager Plugin v1.2.8 (dir) Remote Cross-Site Scripting Vulnerability

[17.09.2011] iBrowser Plugin v1.4.1 (dir) Remote Cross-Site Scripting Vulnerability

[16.09.2011] iManager Plugin v1.2.8 (d) Remote Arbitrary File Deletion Vulnerability

[16.09.2011] iManager Plugin v1.2.8 (lang) Local File Inclusion Vulnerability

[16.09.2011] iBrowser Plugin v1.4.1 (lang) Local File Inclusion Vulnerability

[28.08.2011] Mini FTP Server 1.1 Buffer Corruption Remote Denial Of Service Exploit

[23.08.2011] ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities

[14.08.2011] F-Secure BlackLight 2.2.1092 Local Privilege Escalation Vulnerability

[06.08.2011] ATutor 2.0.2 (lang) HTTP Response Splitting Vulnerability

[06.08.2011] ATutor 2.0.2 Multiple Remote Vulnerabilities (SQLi/XSS/PD)

[06.08.2011] AChecker 1.2 Multiple Remote XSS/PD vulnerabilities

[06.08.2011] AChecker 1.2 Multiple Error-Based SQL Injection Vulnerabilities

[06.08.2011] AContent 1.1 (category_name) Remote Script Insertion Vulnerability

[06.08.2011] AContent 1.1 Multiple Cross-Site Scripting Vulnerabilities

[06.08.2011] AContent 1.1 Multiple SQL Injection Vulnerabilities

[31.07.2011] Digital Scribe 1.5 (register_form()) Multiple POST XSS Vulnerabilities

[25.07.2011] Online Grades 3.2.5 Multiple XSS Vulnerabilites

[14.07.2011] PG eLMS Pro vDEC_2007_01 Multiple Blind SQL Injection Vulnerabilities

[14.07.2011] PG eLMS Pro vDEC_2007_01 (contact_us.php) Multiple POST XSS Vulnerabilities

[13.07.2011] TCExam <=11.2.011 Multiple SQL Injection Vulnerabilities

[13.07.2011] TCExam <=11.2.011 Multiple Cross-Site Scripting Vulnerabilities

[10.07.2011] Tugux CMS 1.2 (pid) Remote Arbitrary File Deletion Vulnerability

[06.07.2011] ESTsoft ALPlayer 2.0 ASX Playlist File Handling Buffer Overflow Vulnerability

[29.06.2011] Valve Steam Client Application v1559/1559 Local Privilege Escalation

[23.06.2011] NetServe Web Server v1.0.58 Multiple Remote Vulnerabilities

[21.06.2011] Sitemagic CMS 2010.04.17 (SMExt) Remote Cross-Site Scripting Vulnerability

[10.06.2011] Pacer Edition CMS 2.1 (l param) Local File Inclusion Vulnerability

[09.06.2011] Pacer Edition CMS 2.1 Remote XSS POST Injection Vulnerability

[09.06.2011] Pacer Edition CMS 2.1 (rm) Remote Arbitrary File Deletion Exploit

[02.06.2011] Ushahidi 2.0.1 (range param) SQL Injection Vulnerability (post-auth)

[31.05.2011] Kentico CMS <=5.5R2.23 Cross-Site Scripting POST Injection Vulnerability

[22.05.2011] Tugux CMS 1.2 Multiple Remote Vulnerabilities

[13.05.2011] DreamBox DM500(+) Arbitrary File Download Vulnerability

[12.05.2011] Adobe Audition 3.0 (build 7283) Session File Handling Buffer Overflow PoC

[21.04.2011] Gesytec ElonFmt ActiveX 1.1.14 (ElonFmt.ocx) pid Item Buffer Overflow (SEH)

[20.04.2011] docuFORM Mercury WebApp 6.16a/5.20 Multiple Cross-Site Scripting Vulnerabilities

[14.04.2011] Help & Manual Professional Edition 5.5.1 (ijl15.dll) DLL Hijacking Exploit

[06.04.2011] Anfibia Reactor 2.1.1 (login.do) Remote XSS POST Injection Vulnerability

[05.04.2011] TutorialMS v1.4 (show) Remote SQL Injection Vulnerability

[03.04.2011] DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities

[03.04.2011] Antamedia Internet Cafe Software 7.1 Insecure Permissions/DLL Loading

[25.03.2011] Family Connections CMS 2.3.2 (POST) Stored XSS And XML Injection

[16.03.2011] Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions

[16.03.2011] Pointter PHP Content Management System 1.2 Multiple Vulnerabilities

[11.03.2011] Constructr CMS 3.03 Multiple Remote Vulnerabilities (XSS/SQLi)

[26.02.2011] eXPert PDF Reader 4.0 NULL Pointer Dereference and Heap Corruption Denial Of Service

[26.02.2011] Nitro PDF Reader 1.4.0 Remote Heap Memory Corruption / DoS PoC

[24.02.2011] Elecard MPEG Player 5.7 Local Buffer Overflow PoC (SEH)

[22.02.2011] WinMerge v2.12.4 Project File Handling Stack Overflow Vulnerability

[18.02.2011] phpBugTracker 1.0.5 Multiple Reflected XSS Vulnerabilities

[17.02.2011] GAzie 5.10 (Login parameter) Multiple Remote Vulnerabilities

[15.02.2011] AutoPlay v1.33 (autoplay.ini) Local Buffer Overflow Exploit (SEH)

[12.02.2011] MG2 0.5.1 Multiple XSS Vulnerabilities

[11.02.2011] Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability

[11.02.2011] Pixelpost 1.7.3 Multiple Persistent Cross-Site Scripting Vulnerabilities

[11.02.2011] TaskFreak! v0.6.4 Multiple Cross-Site Scripting Vulnerabilities

[11.02.2011] Oracle MySQL Eventum 2.3 Remote Script Insertion Vulnerabilities

[22.01.2011] CultBooking 2.0.4 (lang) Local File Inclusion Vulnerability

[22.01.2011] CultBooking 2.0.4 (cultbooking.php) Multiple XSS/PD Vulnerabilities

[10.01.2011] Macro Express Pro 4.2.2.1 MXE File Syntactic Analysis Buffer Overflow PoC

- 2010 -

[23.12.2010] Embedthis Appweb Web Server 3.2.2-1 (Ejscript) Remote XSS Vulnerability

[15.12.2010] MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability

[15.12.2010] MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability

[06.12.2010] MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability

[20.11.2010] Native Instruments Service Center 2.2.5 Local Privilege Escalation Vulnerability

[20.11.2010] Native Instruments Massive 1.1.4 KSD File Handling Use-After-Free Vulnerability

[20.11.2010] Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC

[20.11.2010] Native Instruments Reaktor 5 Player v5.5.1 Heap Memory Corruption Vulnerability

[20.11.2010] Native Instruments Traktor Pro 1.2.6 Stack-based Buffer Overflow Vulnerability

[20.11.2010] Native Instruments Kontakt 4 Player v4.1.3 Insecure Library Loading Vulnerability

[20.11.2010] Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability

[20.11.2010] Native Instruments Reaktor 5 Player v5.5.1 Insecure Library Loading Vulnerability

[20.11.2010] Native Instruments Guitar Rig 4 Player v4.1.1 Insecure Library Loading Vulnerability

[08.11.2010] Nevercenter Silo 2.1.1 Insecure Library Loading Vulnerability

[22.10.2010] Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability

[15.10.2010] eXV² Content Management System 2.10 Remote XSS Vulnerability

[14.10.2010] Exponent CMS v0.97 Multiple Vulnerabilities

[06.10.2010] TomatoCart 1.0.1 (json.php) Remote Cross-Site Scripting Vulnerability

[01.10.2010] Zen Cart v1.3.9f (typefilter) Local File Inclusion Vulnerability

[01.10.2010] Zen Cart v1.3.9f Multiple Remote Vulnerabilities

[21.09.2010] Softek Barcode Reader Toolkit ActiveX 7.1.4.14 (SoftekATL.dll) Buffer Overflow PoC

[17.09.2010] Netautor Professional 5.5.0 (goback) XSS Vulnerability

[08.09.2010] Textpattern 4.2.0 (txplib_db) Null Termination Cross-Site Scripting Vulnerability

[06.09.2010] MySource Matrix 3.28.3 (height) Remote Reflected XSS Vulnerability

[01.09.2010] LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities

[28.08.2010] LEADTOOLS ActiveX Raster Twain v16.5 (LtocxTwainu.dll) Remote Buffer Overflow PoC

[26.08.2010] Microsoft Visio 2010 v14.0.4514.1004 (dwmapi.dll) DLL Hijacking Exploit

[26.08.2010] Nullsoft Winamp 5.581 (wnaspi32.dll) DLL Hijacking Exploit

[26.08.2010] Microsoft Office PowerPoint 2007 v12.0.4518 (pp4x322.dll) DLL Hijacking Exploit

[26.08.2010] Media Player Classic 6.4.9.1 (iacenc.dll) DLL Hijacking Exploit

[26.08.2010] Google Earth v5.1.3535.3218 (quserex.dll) DLL Hijacking Exploit

[26.08.2010] Corel PHOTO-PAINT X3 v13.0.0.576 (crlrib.dll) DLL Hijacking Exploit

[26.08.2010] CorelDRAW X3 v13.0.0.576 (crlrib.dll) DLL Hijacking Exploit

[26.08.2010] Adobe ExtendedScript Toolkit CS5 v3.5.0.52 (dwmapi.dll) DLL Hijacking Exploit

[26.08.2010] Adobe Extension Manager CS5 v5.0.298 (dwmapi.dll) DLL Hijacking Exploit

[26.08.2010] Adobe Device Central CS5 v3.0.1.0 (dwmapi.dll) DLL Hijacking Exploit

[14.08.2010] Sports Accelerator Suite v2.0 (news_id) Remote SQL Injection Vulnerability

[13.08.2010] SmartCode ServerX VNC Server ActiveX 1.1.5.0 (scvncsrvx.dll) DoS Exploit

[04.08.2010] Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability

[12.07.2010] Corel Presentations X5 15.0.0.357 (shw) Remote Buffer Preoccupation PoC

[12.07.2010] Corel WordPerfect Office X5 15.0.0.357 (wpd) Remote Buffer Preoccupation PoC

[02.07.2010] Xplico 0.5.7 (add.ctp) Remote XSS Vulnerability

[29.06.2010] Adobe Reader 9.3.2 (CoolType.dll) Remote Memory Corruption / DoS Vulnerability

[19.06.2010] UK One Media CMS (id) Error Based SQL Injection Vulnerability

[04.06.2010] Adobe InDesign CS3 INDD File Handling Buffer Overflow Vulnerability

[26.05.2010] Adobe Photoshop CS4 Extended 11.0 ABR File Handling Remote Buffer Overflow PoC

[26.05.2010] Adobe Photoshop CS4 Extended 11.0 GRD File Handling Remote Buffer Overflow PoC

[26.05.2010] Adobe Photoshop CS4 Extended 11.0 ASL File Handling Remote Buffer Overflow PoC

[11.05.2010] Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities

[22.04.2010] EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE)

[22.04.2010] EDraw Flowchart ActiveX Control 2.3 (.edd parsing) Remote Buffer Overflow PoC

[19.04.2010] AVTECH Software (AVC781Viewer.dll) ActiveX Multiple Remote Vulnerabilities

[11.04.2010] Aladdin eToken PKI Client v4.5 Virtual File Handling Unspecified Memory Corruption PoC

[05.03.2010] BS.Player v2.51 build 1022 (Media Library) Remote Buffer Overflow Vulnerability

[05.03.2010] VLC media player 1.0.5 Goldeneye (bookmarks) Remote Buffer Overflow PoC

[04.03.2010] J. River Media Jukebox 12 MP3 File Handling Remote Heap Overflow PoC

[03.03.2010] Deimos Kasa <= 2.58 (table) Local Integer Overflow Vulnerability

[27.02.2010] ExtCalendar 2.0 Beta 2 (upgrade.php) Remote XSS Vulnerability

[22.02.2010] Nero Burning ROM 9 (iso compilation) Local Buffer Invasion Proof Of Concept

[22.02.2010] WampServer 2.0i (index.php) Remote Cross Site Scripting Vulnerability

[22.02.2010] CableTEL's Triple Play v1.0 (login.php) Remote Login Bypass SQL Injection Vuln

- 2009 -

[01.08.2009] Google SketchUp Pro 7.0 (.skp file) Remote Stack Overflow PoC

[30.07.2009] Epiri Professional Web Browser 3.0 Remote Crash Exploit

[16.07.2009] Music Tag Editor 1.61 build 212 Remote Buffer Overflow PoC

[16.07.2009] Zortam MP3 Player 1.50 (m3u) Integer Division by Zero Exploit

[16.07.2009] Zortam MP3 Media Studio 9.40 Multiple Memory Corruption Vulnerabilities

[16.07.2009] Zortam ID3 Tag Editor 5.0 Remote Stack Overflow Vulnerability

[16.07.2009] Audio Editor Pro 2.91 Remote Memory Corruption PoC

[10.07.2009] eEye Retina WiFi Security Scanner 1.0 (.rws Parsing) Buffer Overflow PoC

[16.06.2009] Carom3D 5.06 Unicode Buffer Overrun/DoS Vulnerability

[01.06.2009] Mp3 Tag Assistant Pro 2.92 (tag metadata) Remote Stack Overflow PoC

[29.05.2009] AIMP 2.51 build 330 (ID3v1/ID3v2 Tag) Remote Stack Buffer Overflow PoC (SEH)

[08.05.2009] ViPlay3 <= 3.00 (.vpl) Local Stack Overflow PoC

[06.04.2009] Unsniff Network Analyzer 1.0 (usnf) Local Heap Overflow PoC

[01.04.2009] QtWeb Internet Browser 2.0 (build 043) Remote Denial of Service Exploit (smile)

[29.03.2009] PowerCHM 5.7 (hhp) Local Buffer Overflow Exploit

[17.03.2009] Talkative IRC 0.4.4.16 Remote Stack Overflow Exploit (SEH)

[12.03.2009] JDKChat v1.5 Remote Integer Overflow PoC

[20.02.2009] Got All Media 7.0.0.3 (t00t) Remote Denial of Service Exploit

[04.02.2009] BlazeVideo HDTV Player <= 3.5 PLF Playlist File Remote Buffer Overflow Exploit

[30.01.2009] Amaya Web Editor 11 Remote SEH Overwrite Exploit

[26.01.2009] WFTPD Pro Server 3.30.0.1 (pre auth) Multiple Remote Denial of Service Vulnerabilities

[22.01.2009] FTPShell Server 4.3 (licence key) Remote Buffer Overflow PoC

- 2008 -

[24.11.2008] Nero ShowTime 5.0.15.0 m3u Playlist File Remote Buffer Overflow PoC

[24.10.2008] KVIrc 3.4.0 Virgo Remote Format String Exploit PoC

[14.10.2008] Eserv 3.x FTP Server (ABOR) Remote Stack Overflow PoC

[03.10.2008] VBA32 Personal Antivirus 3.12.8.x (malformed archive) DoS Exploit

[17.09.2008] Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC

[11.09.2008] Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC

[08.09.2008] SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC

[06.09.2008] Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit

[04.09.2008] Google Chrome Browser 0.2.149.27 Denial of Service Exploit

[18.08.2008] Linux/x86 setuid(0) . setgid(0) . aslr_off 79 Bytes Shellcode

[18.08.2008] VUPlayer 2.49 M3U Playlist File Remote Buffer Overflow Exploit

[10.08.2008] BlazeDVD 5.0 PLF Playlist File Remote Buffer Overflow Exploit

[02.07.2008] CyberLink PowerDVD <= 8.0 Crafted PLS/M3U Playlist File BoF Vulnerability