Code Exploits Timeline
Page 1 of 40750 exploits
 |
Title | Author | Platform | Source | Description | Date |
|---|---|---|---|---|---|---|
|
Matterdaddy Market 1.4.2 Cross Site Request Forgery / Arbitrary File Upload | KedAns-Dz | na | market.matterdaddy.com | Matterdaddy Market version 1.4.2 and below suffers from cross site request forgery and arbitrary file upload vulnerabilities. | yesterday |
|
|
<strong>Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow</strong> | Greg MacManus | na | hal | This Metasploit module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read into a stack buffer, thus the overflow becomes possible. | Thursday |
|
|
vBulletin 5b SQL Injection | stealth | na | UberLame | This is an SQL Injection proof of concept that will display information about the vBulletin software and the admin details from the database. It can be adjusted to read any part of the database. | Thursday |
|
|
AVE.CMS 2.09 Blind SQL Injection | mr.pr0n | na | overdoze.ru | AVE.CMS versions less than 2.09 suffer from a remote blind SQL injection vulnerability in the "module" parameter. This is a proof of concept exploit. This issue is addressed in later versions. | Thursday |
|
|
AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass | Felipe Andres Manzano | na | juan vazquez | This Metasploit module exploits a vulnerability on Adobe Reader X Sandbox. The vulnerability is due to a sandbox rule allowing a Low Integrity AcroRd32.exe process to write register values which can be used to trigger a buffer overflow on the AdobeCollabSync component, allowing to achieve Medium Integrity Level privileges from a Low Integrity AcroRd32.exe process. This Metasploit module has been tested successfully on Adobe Reader X 10.1.4 over Windows 7 SP1. | Thursday |
|
|
Weyal CMS SQL Injection | XroGuE | na | Att4ck3r.ir | Weyal CMS suffers from a remote SQL injection vulnerability. Note that this finding has site-specific information. | Thursday |
|
|
Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow | Greg MacManus | na | hal | This Metasploit module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read into a stack buffer, thus the overflow becomes possible. | Thursday |
|
|
Spider Event Calendar 1.3.0 Cross Site Scripting / Path Disclosure / SQL Injection | Janek Vind aka waraxe | na | waraxe.us | Spider Event Calendar version 1.3.0 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities. | Wednesday |
|
|
Spider Catalog 1.4.6 Cross Site Scripting / Path Disclosure / SQL Injection | Janek Vind aka waraxe | na | waraxe.us | Spider Catalog version 1.4.6 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities. | Wednesday |
|
|
Wordpress Flagallery-Skins SQL Injection | Ashiyane Digital Security Team | na | packetstormsecurity.org | Wordpress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information. | Wednesday |
|
|
WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection | Ashiyane Digital . | php | exploit-db.com | Exploit Title : WordPress ProPlayer Plugin SQL Injection Exploit Author : Ashiyane Digital Security Team Plugin Link : http://wordpress.org/plugins/proplayer/ Home : www.ashiyane.org Security Risk : High Version : 4.7.9.1 Dork : inurl:wp-content | Tuesday |
|
|
Ophcrack 3.50 Buffer Overflow / Code Execution | xis_one | na | ophcrack.sourceforge.net | Ophcrack version 3.5.0 suffers from stack based buffer overflow vulnerability that leads to local code execution. | Tuesday |
|
|
Kimai 0.9.2.1306-3 SQL Injection | drone | na | kimai.org | Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability. | Tuesday |
|
|
win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase | Tavis Ormandy | windows | exploit-db.com | I'm quite proud of this list cycle trick, here's how to turn it into an arbitrary write. First, we create a watchdog thread that will patch the list atomically when we're ready. This is needed because we can't exploit the bug while HeavyAllocPool is failing, because of the early exit in pprFla | Tuesday |
|
|
Kimai 0.9.2.1306-3 - SQL Injection Vulnerability | drone | php | exploit-db.com | Exploit Title: Kimai 0.9.2.1306-3 SQLi Date: 05/20/2013 Exploit Author: drone (@dronesec) Vendor Homepage: http://www.kimai.org/ Software Link: https://downloads.sourceforge.net/project/kimai/0.9.x/kimai.0.9.2.1306-3.zip Version: 0.9.2.1306-3 Fixed in: source repositories (https | Tuesday |