CVE-2008-3938 (OpenDb) Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.
CVE-2008-3942 (full_php_emlak_script) SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3531 (FreeBSD) Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a...
CVE-2008-3944 (acg_ptp) SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
CVE-2008-3530 (FreeBSD) sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1 does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which...
CVE-2008-3940 (OpenVMS) Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in...
CVE-2008-2436 (iPrint Client) Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to...
CVE-2008-3936 (DM500C) The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI.
CVE-2008-1197 (wn802t, 88w8361w-bem1) The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information...
CVE-2008-3943 (living_local) SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter.
CVE-2008-1144 (wn802t, 88w8361w-bem1) The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which...
CVE-2008-3941 (bizdirectory) Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a...
CVE-2007-5474 (WRT350N, ar5416-ac1e_chipset) The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information...
CVE-2008-3939 (pager_enterprise) Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in...
CVE-2008-3945 (words_tag_script) SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.
CVE-2008-3937 (OpenDb) Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1)...
Latest Exploits
wpsimple-xss.txt WordPress Simple Tagging Widget suffers from a cross site scripting vulnerability.
googlechrome-pwn.tgz Google Chrome Browser version 0.2.149.27 suffers from a SaveAs-related buffer overflow and another denial of service vulnerability. Exploits for both are included in the tarball....
devalcms-xssexec.txt devalcms version 1.4a cross site scripting and remote code execution exploit.
microtik-poc.txt MicroTik RouterOS versions 3.13 and below SNMP write proof of concept exploit.
awstats-exec2.txt Remote code execution exploit with an interactive shell for AWStats Totals versions 1.0 through 1.14. Version 2 of this exploit. It now works with magic...
wordpress-xss.txt Wordpress Forum version 1.7.4 suffers from a cross site scripting vulnerability.
geocar-sql.txt Geocar CMS suffers from a remote SQL injection vulnerability.
zencart138a-sql.txt Zen Cart versions 1.3.8a and below suffer from a remote SQL injection vulnerability.
qwicsitepro-sqlxss.txt Qwicsite Pro suffers from remote SQL injection and cross site scripting vulnerabilities.
awstats-exec.txt Remote code execution exploit with an interactive shell for AWStats Totals versions 1.0 through 1.14.
rs_pocfix.sh PoC for Postfix local root vuln - CVE-2008-2936
invisionex.php [Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities
Grendel-Scan
WebShag v.1.00
OWSA Assistant
Zodiac 0.4.9
PuttyHijack 1.0
WPA Attack (3)