[ home ] [ contents ] [ platforms ] [ shellcode ] [ search ] [ cracker ] [ links ] [ rss ] [ archive ]

Author: rgod <rgod [at] autistici.org> Homepage: http://retrogod.altervista.org [ exploits/shellcode ] -::DATE -::DESCRIPTION -::HITS -::AUTHOR 2008-02-26 D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5) BOF Exploit 6068 R D X rgod 2008-02-09 Microsoft DirectSpeechSynthesis Module Remote Buffer Overflow Exploit 7936 R D X rgod 2008-01-24 ImageShack Toolbar 4.5.7 FileUploader Class Insecure Method PoC 5310 R D X rgod 2008-01-20 Toshiba Surveillance (MeIpCamX.DLL 1.0.0.4) Remote BOF Exploit 2854 R D X rgod 2008-01-17 Digital Data Communications (RtspVaPgCtrl) Remote BOF Exploit 3344 R D X rgod 2008-01-16 RTS Sentry Digital Surveillance (CamPanel.dll 2.1.0.2) BOF Exploit 3111 R D X rgod 2008-01-13 NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) BoF Exploit 3304 R D X rgod 2008-01-11 Docebo <= 3.5.0.3 (lib.regset.php/non-blind) SQL Injection Exploit 2710 R D rgod 2007-12-18 RaidenHTTPD 2.0.19 (ulang) Remote Command Execution Exploit 3117 R D rgod 2007-12-18 SurgeMail v.38k4 webmail Host header Denial of Service Exploit 2043 R D rgod 2007-12-18 iMesh <= 7.1.0.x (IMWeb.dll 7.0.0.x) Remote Heap Overflow Exploit 4323 R D X rgod 2007-10-29 GOM Player 2.1.6.3499 (GomWeb3.dll 1.0.0.12) Remote Overflow Exploit 10458 R D X rgod 2007-10-01 CyberLink PowerDVD CreateNewFile Arbitrary Remote Rewrite DoS 4804 R D X rgod 2007-09-23 EasyMail MessagePrinter Object (emprint.DLL 6.0.1.0) BOF Exploit 3911 R D X rgod 2007-09-08 Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF 6001 R D X rgod 2007-09-03 Telecom Italy Alice Messenger Remote registry key manipulation Exploit 5788 R D X rgod 2007-08-30 Hexamail Server 3.0.0.001 (pop3) pre-auth Remote Overflow PoC 3269 R D rgod 2007-08-28 Postcast Server Pro 3.0.61 / Quiksoft EasyMail (emsmtp.dll 6.0.1) BoF 4198 R D X rgod 2007-08-21 eCentrex VOIP Client module (uacomx.ocx 2.0.1) Remote BOF Exploit 4265 R D X rgod 2007-06-28 AMX Corp. VNC ActiveX Control (AmxVnc.dll 1.0.13.0) BoF Exploit 7338 R D X rgod 2007-06-19 PHP 5.2.3 Tidy extension Local Buffer Overflow Exploit 12489 R D rgod 2007-06-13 Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4) 8704 R D X rgod 2007-06-13 Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2) 24102 R D X rgod 2007-06-02 IE6 / Provideo Camimage (ISSCamControl.dll 1.0.1.5) Remote BoF Exploit 7985 R D X rgod 2007-05-31 Vivotek Motion Jpeg Control (MjpegDecoder.dll 2.0.0.13) Remote Exploit 5207 R D X rgod 2007-05-26 IE 6 / Ademco, co., ltd. ATNBaseLoader100 Module Remote BoF Exploit 7915 R D X rgod 2007-05-25 Dart Communications PowerTCP ZIP Compression Remote BoF Exploit 3473 R D X rgod 2007-05-24 Dart Communications PowerTCP Service Control Remote BoF Exploit 3784 R D X rgod 2007-05-21 Pegasus ImagN ActiveX Control Remote Buffer Overflow Exploit 3116 R D rgod 2007-05-21 Virtual CD 9.0.0.2 (vc9api.DLL) Remote Shell Commands Execution Exploit 5831 R D X rgod 2007-05-13 VImpX ActiveX (VImpX.ocx v. 4.7.3.0) Remote Buffer Overflow Exploit 3762 R D rgod 2007-05-09 GDivX Zenith Player AviFixer Class (fix.dll 1.0.0.1) Buffer Overflow PoC 2855 R D X rgod 2007-05-04 RunCms <= 1.5.2 (debug_show.php) Remote SQL Injection Exploit 4479 R D rgod 2007-04-29 TCExam <= 4.0.011 (SessionUserLang) Shell Injection Exploit 4115 R D rgod 2007-04-15 XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit 12954 R D rgod 2007-04-01 WinMail Server 4.4 build 1124 (WebMail) Remote Add Super User Exploit 2771 R D rgod 2007-03-25 PHP 5.2.1 with PECL phpDOC Local Buffer Overflow Exploit 5112 R D rgod 2007-03-17 Php-Stats <= 0.1.9.1b (php-stats-options.php) admin 2 exec() eExploit 3586 R D rgod 2007-03-16 Php-Stats <= 0.1.9.1b (PC-REMOTE-ADDR) SQL Injection Exploit 3588 R D rgod 2007-03-16 Php-Stats <= 0.1.9.1b (ip) Remote SQL Injection Exploit 3763 R D rgod 2007-03-15 PHP <= 4.4.6 ibase_connect() Local Buffer Overflow Exploit 4400 R D rgod 2007-03-09 PHP 4.4.6 snmpget() object id Local Buffer Overflow Exploit PoC 5257 R D rgod 2007-03-09 PHP 4.4.6 cpdf_open() Local Source Code Discslosure PoC 4495 R D rgod 2007-03-08 PHP 4.4.6 crack_opendict() Local Buffer Overflow Exploit PoC 5785 R D rgod 2007-03-05 PHP <= 4.4.6 mssql_[p]connect() Local Buffer Overflow Exploit 6306 R D rgod 2007-02-28 vBulletin <= 3.6.4 (inlinemod.php postids) Remote SQL Injection Exploit 55287 R D rgod 2007-02-03 Woltlab Burning Board Lite <= 1.0.2pl3e (pms.php) SQL Injection Exploit 11955 R D rgod 2007-01-29 GuppY <= 4.5.16 Remote Commands Execution Exploit 6339 R D rgod 2007-01-14 ThWboard <= 3.0b2.84-php5 SQL Injection / Code Execution Exploit 5575 R D rgod 2007-01-12 sNews <= 1.5.30 Remote Reset Admin Pass / Command Exec Exploit 7779 R D rgod 2007-01-10 Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit 22322 R D rgod 2006-12-30 Cacti 0.8.6i (copy_cacti_user.php) SQL Injection Create Admin Exploit 5091 R D rgod 2006-12-29 Durian Web Application Server 3.02 Remote Buffer Overflow Exploit 8140 R D rgod 2006-12-29 Durian Web Application Server 3.02 Denial of Service Exploit 3205 R D rgod 2006-12-27 Cacti <= 0.8.6i cmd.php popen() Remote Injection Exploit 9783 R D rgod 2006-12-26 PHP-Update <= 2.7 Multiple Remote Vulnerabilities Exploit 4825 R D rgod 2006-12-19 PHP-Update <= 2.7 extract() Auth Bypass / Shell Inject Exploit 6382 R D rgod 2006-12-15 Sambar FTP Server 6.4 (SIZE) Remote Denial of Service Exploit 3663 R D rgod 2006-12-11 Golden FTP server 1.92 (USER/PASS) Heap Overflow PoC 3438 R D rgod 2006-12-09 Filezilla FTP Server 0.9.20b/0.9.21 (STOR) Denial of Service Exploit 3824 R D rgod 2006-11-30 PHPGraphy 0.9.12 Privilege Escalation / Commands Execution Exploit 4472 R D rgod 2006-11-28 Discuz! 4.x SQL Injection / Admin Credentials Disclosure Exploit 5501 R D rgod 2006-11-24 Woltlab Burning Board Lite 1.0.2 decode_cookie() SQL Injection Exploit 12247 R D rgod 2006-11-23 Woltlab Burning Board Lite 1.0.2 Blind SQL Injection Exploit 8666 R D rgod 2006-11-12 PHPWind <= 5.0.1 (AdminUser) Remote Blind SQL Injection Exploit 5860 R D rgod 2006-10-25 Discuz! 5.0.0 GBK SQL Injection / Admin Credentials Disclosure Exploit 7539 R D rgod 2006-10-10 Flatnuke <= 2.5.8 file() Priv Escalation / Code Execution Exploit 4293 R D rgod 2006-10-10 Flatnuke 2.5.8 (userlang) Local Inclusion / Delete All Users Exploit 4105 R D rgod 2006-09-22 exV2 <= 2.0.4.3 extract() Remote Command Execution Exploit 5207 R D rgod 2006-09-21 exV2 <= 2.0.4.3 (sort) Remote SQL Injection Exploit 4958 R D rgod 2006-09-19 Exponent CMS <= 0.96.3 (view) Remote Command Execution Exploit 5523 R D rgod 2006-09-15 Limbo CMS <= 1.0.4.2L (com_contact) Remote Code Execution Exploit 7313 R D rgod 2006-09-08 RaidenHTTPD 1.1.49 (SoftParserFileXml) Remote Code Execution Exploit 8796 R D rgod 2006-09-07 DokuWiki <= 2006-03-09b (dwpage.php) Remote Code Execution Exploit 7511 R D rgod 2006-09-07 DokuWiki <= 2006-03-09b (dwpage.php) System Disclosure Exploit 4057 R D rgod 2006-09-03 PmWiki <= 2.1.19 (Zend_Hash_Del_Key_Or_Index) Remote Exploit 5375 R D rgod 2006-09-02 TikiWiki <= 1.9 Sirius (jhot.php) Remote Command Execution Exploit 7478 R D rgod 2006-08-28 e107 <= 0.75 (GLOBALS Overwrite) Remote Code Execution Exploit 7935 R D rgod 2006-08-23 MercuryBoard <= 1.1.4 (User-Agent) Remote SQL Injection Exploit 8177 R D rgod 2006-08-22 Simple Machines Forum <= 1.1 rc2 Lock Topics Remote Exploit 14468 R D rgod 2006-08-20 Simple Machines Forum <= 1.1 rc2 (lngfile) Remote Exploit (windows) 14106 R D rgod 2006-08-17 CubeCart <= 3.0.11 (oid) Remote Blind SQL Injection Exploit 8060 R D rgod 2006-08-13 XMB <= 1.9.6 Final basename() Remote Command Execution Exploit 11070 R D rgod 2006-08-07 myBloggie <= 2.1.4 (trackback.php) Multiple SQL Injections Exploit 7141 R D rgod 2006-08-03 SendCard <= 3.4.0 Unauthorized Administrative Access Exploit 8404 R D rgod 2006-08-01 XMB <= 1.9.6 (u2uid) Remote SQL Injection Exploit (mq=off) 6987 R D rgod 2006-07-30 ATutor <= 1.5.3.1 (links) Remote Blind SQL Injection Exploit 5372 R D rgod 2006-07-25 Etomite CMS <= 0.6.1 (username) SQL Injection Exploit (mq = off) 6233 R D rgod 2006-07-25 Etomite CMS <= 0.6.1 (rfiles.php) Remote Command Execution Exploit 6367 R D rgod 2006-07-24 X7 Chat <= 2.0.4 (old_prefix) Remote Blind SQL Injection Exploit 6362 R D rgod 2006-07-21 LoudBlog <= 0.5 (id) SQL Injection / Admin Credentials Disclosure 4769 R D rgod 2006-07-18 toendaCMS <= 1.0.0 (FCKeditor) Remote File Upload Exploit 6143 R D rgod 2006-07-15 MyBulletinBoard (MyBB) <= 1.1.5 (CLIENT-IP) SQL Injection Exploit 10421 R D rgod 2006-07-13 phpBB 3 (memberlist.php) Remote SQL Injection Exploit 32855 R D rgod 2006-07-13 Phorum 5 (pm.php) Arbitrary Local Inclusion Exploit 8760 R D rgod 2006-07-07 Pivot <= 1.30 RC2 Privileges Escalation/Remote Code Execution Exploit 5352 R D rgod 2006-07-07 PAPOO <= 3_RC3 SQL Injection/Admin Credentials Disclosure Exploit 4561 R D rgod 2006-06-29 GeekLog <= 1.4.0sr3 f(u)ckeditor Remote Code Execution Exploit 9114 R D rgod 2006-06-28 BLOG:CMS <= 4.0.0k Remote SQL Injection Exploit 4667 R D rgod 2006-06-23 Jaws <= 0.6.2 (Search gadget) Remote SQL Injection Exploit 5141 R D rgod 2006-06-22 Mambo <= 4.6rc1 (Weblinks) Remote Blind SQL Injection Exploit (2) 8953 R D rgod 2006-06-17 Mambo <= 4.6rc1 (Weblinks) Blind SQL Injection Exploit 10813 R D rgod 2006-06-17 Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit 30355 R D rgod 2006-06-15 bitweaver <= 1.3 (tmpImagePath) Attachment mod_mime Exploit 7021 R D rgod 2006-06-12 blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit 4789 R D rgod 2006-06-05 Claroline <= 1.7.6 (includePath) Remote Code Execution Exploit 6949 R D rgod 2006-06-03 Pixelpost <= 1-5rc1-2 Remote Privilege Escalation Exploit 5506 R D rgod 2006-06-03 DotClear <= 1.2.4 (prepend.php) Arbitrary Remote Inclusion Exploit 5138 R D rgod 2006-06-03 LifeType <= 1.0.4 SQL Injection / Admin Credentials Disclosure Exploit 3604 R D rgod 2006-05-31 pppBlog <= 0.3.8 (randompic.php) System Disclosure Exploit 4951 R D rgod 2006-05-25 WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit 19390 R D rgod 2006-05-24 Drupal <= 4.7 (attachment mod_mime) Remote Exploit 7716 R D rgod 2006-05-23 Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary Remote Inclusion Exploit 6082 R D rgod 2006-05-21 XOOPS <= 2.0.13.2 xoopsOption[nocommon] Remote Exploit 10340 R D rgod 2006-05-16 PHP-Fusion <= 6.00.306 (srch_where) SQL Injection Exploit 14980 R D rgod 2006-05-16 DeluxeBB <= 1.06 (Attachment mod_mime) Remote Exploit 5523 R D rgod 2006-05-14 Sugar Suite Open Source <= 4.2 (OptimisticLock) Remote Exploit 5603 R D rgod 2006-05-13 phpBB <= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit 51159 R D rgod 2006-05-11 Unclassified NewsBoard <= 1.6.1 patch 1 Arbitrary Local Inclusion Exploit 5139 R D rgod 2006-05-07 PHP-Fusion <= 6.00.306 Multiple Vulnerabilities Exploit 13971 R D rgod 2006-05-02 X7 Chat <= 2.0 (help_file) Remote Commands Execution Exploit 6579 R D rgod 2006-04-20 PHPSurveyor <= 0.995 (surveyid) Remote Command Execution Exploit 5187 R D rgod 2006-04-19 PCPIN Chat <= 5.0.4 (login/language) Remote Code Execution Exploit 4598 R D rgod 2006-04-15 PHP Album <= 0.3.2.3 Remote Command Execution Exploit 5767 R D rgod 2006-04-14 phpWebSite <= 0.10.2 (hub_dir) Remote Commands Execution Exploit 6886 R D rgod 2006-04-14 osCommerce <= 2.2 (extras) Source Code Disclosure Vulnerability 14019 R D rgod 2006-04-14 SysInfo 1.21 (sysinfo.cgi) Remote Command Execution Exploit 6457 R D rgod 2006-04-12 Sphider <= 1.3 (configset.php) Arbitrary Remote Inclusion Exploit 7033 R D rgod 2006-04-12 PHP121 Instant Messenger <= 1.4 Remote Code Execution Exploit 5020 R D rgod 2006-04-11 Simplog <= 0.9.2 (s) Remote Commands Execution Exploit 6568 R D rgod 2006-04-10 PHPList <= 2.10.2 GLOBALS[] Remote Code Execution Exploit 6239 R D rgod 2006-04-09 ADODB < 4.70 (tmssql.php) Denial of Service Vulnerability 4105 R D rgod 2006-04-09 ADODB < 4.70 (PhpOpenChat 3.0.x) Server.php SQL Injection Exploit 4140 R D rgod 2006-04-06 phpMyChat 0.15.0dev (SYS enter) Remote Code Execution Exploit 6073 R D rgod 2006-04-05 phpMyChat <= 0.14.5 (SYS enter) Remote Code Execution Exploit 7414 R D rgod 2006-04-02 ReloadCMS <= 1.2.5 Cross Site Scripting / Remote Code Execution Exploit 5812 R D rgod 2006-03-30 Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit 6128 R D rgod 2006-03-28 PHPCollab 2.x / NetOffice 2.x (sendpassword.php) SQL Injection Exploit 6513 R D rgod 2006-03-28 Plogger <= Beta 2.1 Administrative Credentials Disclosure Exploit 4354 R D rgod 2006-03-25 WebAlbum <= 2.02pl COOKIE[skin2] Remote Code Execution Exploit 5787 R D rgod 2006-03-22 XHP CMS <= 0.5 (upload) Remote Command Execution Exploit 5731 R D rgod 2006-03-20 gCards <= 1.45 Multiple Vulnerabilities All-In-One Exploit 6603 R D rgod 2006-03-18 Nodez <= 4.6.1.1 Mercury Multiple Remote Vulnerabilities 4965 R D rgod 2006-03-15 php iCalendar <= 2.21 (Cookie) Remote Code Execution Exploit 6501 R D rgod 2006-03-15 php iCalendar <= 2.21 (publish.ical.php) Remote Code Execution Exploit 5992 R D rgod 2006-03-13 Simple PHP Blog <= 0.4.7.1 Remote Command Execution Exploit 8283 R M D rgod 2006-03-11 GuestBook Script <= 1.7 (include_files) Remote Code Execution Exploit 9525 R D rgod 2006-03-08 Gallery <= 2.0.3 stepOrder[] Remote Commands Execution Exploit 8354 R D rgod 2006-03-07 OWL Intranet Engine 0.82 (xrms_file_root) Code Execution Exploit 6147 R D rgod 2006-03-04 PHP-Stats <= 0.1.9.1 Remote Commands Execution Exploit 5371 R D rgod 2006-02-26 4Images <= 1.7.1 (Local Inclusion) Remote Code Execution Exploit 22396 R D rgod 2006-02-25 iGENUS WebMail <= 2.0.2 (config_inc.php) Remote Code Execution Exploit 5089 R D rgod 2006-02-23 NOCC Webmail <= 1.0 (Local Inclusion) Remote Code Execution Exploit 5242 R D rgod 2006-02-20 GeekLog 1.* (error.log) Remote Commands Execution Exploit (gpc = Off) 5612 R D rgod 2006-02-19 Admbook <= 1.2.2 (X-Forwarded-For) Remote Command Execution Exploit 7886 R D rgod 2006-02-17 Coppermine Photo Gallery <= 1.4.3 Remote Commands Execution Exploit 12112 R D rgod 2006-02-16 PHPKIT <= 1.6.1R2 (filecheck) Remote Commands Execution Exploit 14727 R D rgod 2006-02-13