Exploits

日期	标题	类型	平台	作者
2012-02-25	Symantec Encryption Desktop 10 – Local Buffer Overflow / Local Privilege Escalation	local	windows	Nikita Tarakanov
2012-02-25	Tiny HTTP Server 1.1.9 – Remote Crash (PoC)	dos	windows	localh0t
2012-02-25	webgrind 1.0 – ‘file’ Local File Inclusion	webapps	php	LiquidWorm
2012-02-25	cPassMan 1.82 – Remote Command Execution	webapps	php	ls
2012-02-25	HP Data Protector 6.1 – EXEC_CMD Remote Code Execution (Metasploit)	remote	windows	Metasploit
2012-02-25	libpurple 2.8.10 – OTR Information Disclosure	remote	linux	Dimitris Glynos
2012-02-25	YVS Image Gallery – SQL Injection	webapps	php	CorryL
2012-02-24	Sun Java Web Start Plugin – Command Line Argument Injection (2012) (Metasploit)	remote	windows	Metasploit
2012-02-24	PHP Gift Registry 1.5.5 – SQL Injection	webapps	php	G13
2012-02-23	The Uploader 2.0.4 (English/Italian) – Arbitrary File Upload / Remote Code Execution (Metasploit)	webapps	php	Danny Moules
2012-02-23	Snom IP Phone – Privilege Escalation	webapps	hardware	Sense of Security
2012-02-23	phpDenora 1.4.6 – Multiple SQL Injections	webapps	php	Patrick de Brouwer
2012-02-23	Orbit Downloader – URL Unicode Conversion Overflow (Metasploit)	local	windows	Metasploit
2012-02-23	Trend Micro Control Manger 5.5 – ‘CmdProcessor.exe’ Remote Stack Buffer Overflow (Metasploit)	remote	windows	Metasploit
2012-02-23	Mobile Mp3 Search Script 2.0 – ‘dl.php’ HTTP Response Splitting	webapps	php	Corrado Liotta
2012-02-23	D-Link DCS – ‘security.cgi’ Cross-Site Request Forgery	remote	hardware	Rigan Iimrigan
2012-02-22	Chyrp 2.1.2 – ‘/includes/error.php?body’ Cross-Site Scripting	webapps	php	High-Tech Bridge SA
2012-02-22	LimeSurvey (PHPSurveyor 1.91+ stable) – Blind SQL Injection	webapps	php	TorTukiTu
2012-02-22	Chyrp 2.1.1 – ‘ajax.php’ HTML Injection	webapps	php	High-Tech Bridge SA
2012-02-22	DAMN Hash Calculator 1.5.1 – Local Heap Overflow (PoC)	dos	windows	Julien Ahrens
2012-02-22	Dolibarr ERP/CRM 3.2 Alpha – Multiple Directory Traversal Vulnerabilities	webapps	php	Benjamin Kunz Mejri
2012-02-22	Brim < 2.0.0 - SQL Injection	webapps	php	ifnull
2012-02-22	ContentLion Alpha 1.3 – ‘login.php’ Cross-Site Scripting	webapps	php	Stefan Schurtz
2012-02-22	Sagem F@ST 2604 ADSL Router – Cross-Site Request Forgery	webapps	hardware	KinG Of PiraTeS
2012-02-22	DFLabs PTK 1.0.5 – Steal Authentication Credentials	webapps	php	Ivano Binetti
2012-02-22	Unity 3D Web Player 3.2.0.61061 – Denial of Service	dos	windows	Luigi Auriemma
2012-02-22	D-Link DSL-2640B ADSL Router – Authentication Bypass	webapps	hardware	Ivano Binetti
2012-02-22	WebcamXP and webcam 7 – Directory Traversal	webapps	windows	Silent_Dream
2012-02-22	Oxwall 1.1.1 – ‘plugin’ Cross-Site Scripting	webapps	php	Ariko-Security
2012-02-22	D-Link DCS Series – Cross-Site Request Forgery (Change Admin Password)	webapps	hardware	rigan
2012-02-21	Dolphin 7.0.x – ‘explanation.php?explain’ Cross-Site Scripting	webapps	php	Aung Khant
2012-02-21	Dolphin 7.0.x – ‘viewFriends.php’ Multiple Cross-Site Scripting Vulnerabilities	webapps	php	Aung Khant
2012-02-21	Fork CMS 3.2.5 – Multiple Vulnerabilities	webapps	php	Ivano Binetti
2012-02-21	Cisco Linksys WAG54GS – Cross-Site Request Forgery (Change Admin Password)	webapps	hardware	Ivano Binetti
2012-02-21	Mercury MR804 Router – Multiple HTTP Header Fields Denial of Service Vulnerabilities	dos	hardware	demonalex
2012-02-21	CPG Dragonfly CMS 9.3.3.0 – Multiple Multiple Cross-Site Scripting Vulnerabilities	webapps	php	Ariko-Security
2012-02-21	Xavi 7968 ADSL Router – ‘/webconfig/wan/confirm.html/confirm?pvcName’ Cross-Site Scripting	remote	hardware	Busindre
2012-02-21	Xavi 7968 ADSL Router – ‘/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox’ Cross-Site Scripting	webapps	hardware	Busindre
2012-02-21	Xavi 7968 ADSL Router – Multiple Cross-Site Request Forgery Vulnerabilities	remote	hardware	Busindre
2012-02-20	TestLink – Multiple SQL Injections	webapps	php	Juan M. Natal
2012-02-20	F*EX 20100208/20111129-2 – Multiple Cross-Site Scripting Vulnerabilities	webapps	php	muuratsalo
2012-02-20	VOXTRONIC Voxlog Professional 3.7.x – ‘userlogdetail.php?idclient’ SQL Injection	webapps	php	J. Greil
2012-02-20	Plume CMS 1.2.4 – Cross-Site Request Forgery	webapps	php	Ivano Binetti
2012-02-20	VOXTRONIC Voxlog Professional 3.7.x – ‘get.php?v’ Arbitrary File Access	webapps	php	J. Greil
2012-02-20	DJ Studio Pro 5.1.6.5.2 – Local Overflow (SEH) (Metasploit)	local	windows	Death-Shadow-Dark
2012-02-20	Blade API Monitor – Unicode Bypass Serial Number Buffer Overflow	local	windows	b33f
2012-02-20	D-Link DSL-2640B ADSL Router – Cross-Site Request Forgery	webapps	hardware	Ivano Binetti
2012-02-20	Joomla! Component Machine – Multiple SQL Injections	webapps	php	the_cyber_nuxbie
2012-02-19	SyndeoCMS 3.0 – Cross-Site Request Forgery	webapps	php	Ivano Binetti
2012-02-19	4PSA CMS – SQL Injection	webapps	php	BHG Security Center