[ home ] [ contents ] [ platforms ] [ shellcode ] [ search ] [ cracker ] [ links ] [ rss ] [ archive ]

Author: rgod <rgod [at] autistici.org> Homepage: http://retrogod.altervista.org [ exploits/shellcode ] -::DATE -::DESCRIPTION -::HITS -::AUTHOR 2008-02-26 D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5) BOF Exploit 5395 R D X rgod 2008-02-09 Microsoft DirectSpeechSynthesis Module Remote Buffer Overflow Exploit 7351 R D X rgod 2008-01-24 ImageShack Toolbar 4.5.7 FileUploader Class Insecure Method PoC 4879 R D X rgod 2008-01-20 Toshiba Surveillance (MeIpCamX.DLL 1.0.0.4) Remote BOF Exploit 2603 R D X rgod 2008-01-17 Digital Data Communications (RtspVaPgCtrl) Remote BOF Exploit 3049 R D X rgod 2008-01-16 RTS Sentry Digital Surveillance (CamPanel.dll 2.1.0.2) BOF Exploit 2897 R D X rgod 2008-01-13 NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) BoF Exploit 3066 R D X rgod 2008-01-11 Docebo <= 3.5.0.3 (lib.regset.php/non-blind) SQL Injection Exploit 2455 R D rgod 2007-12-18 RaidenHTTPD 2.0.19 (ulang) Remote Command Execution Exploit 2922 R D rgod 2007-12-18 SurgeMail v.38k4 webmail Host header Denial of Service Exploit 1867 R D rgod 2007-12-18 iMesh <= 7.1.0.x (IMWeb.dll 7.0.0.x) Remote Heap Overflow Exploit 4125 R D X rgod 2007-10-29 GOM Player 2.1.6.3499 (GomWeb3.dll 1.0.0.12) Remote Overflow Exploit 10003 R D X rgod 2007-10-01 CyberLink PowerDVD CreateNewFile Arbitrary Remote Rewrite DoS 4603 R D X rgod 2007-09-23 EasyMail MessagePrinter Object (emprint.DLL 6.0.1.0) BOF Exploit 3747 R D X rgod 2007-09-08 Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF 5732 R D X rgod 2007-09-03 Telecom Italy Alice Messenger Remote registry key manipulation Exploit 5541 R D X rgod 2007-08-30 Hexamail Server 3.0.0.001 (pop3) pre-auth Remote Overflow PoC 3072 R D rgod 2007-08-28 Postcast Server Pro 3.0.61 / Quiksoft EasyMail (emsmtp.dll 6.0.1) BoF 3921 R D X rgod 2007-08-21 eCentrex VOIP Client module (uacomx.ocx 2.0.1) Remote BOF Exploit 4074 R D X rgod 2007-06-28 AMX Corp. VNC ActiveX Control (AmxVnc.dll 1.0.13.0) BoF Exploit 6942 R D X rgod 2007-06-19 PHP 5.2.3 Tidy extension Local Buffer Overflow Exploit 12099 R D rgod 2007-06-13 Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4) 8327 R D X rgod 2007-06-13 Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2) 23418 R D X rgod 2007-06-02 IE6 / Provideo Camimage (ISSCamControl.dll 1.0.1.5) Remote BoF Exploit 7714 R D X rgod 2007-05-31 Vivotek Motion Jpeg Control (MjpegDecoder.dll 2.0.0.13) Remote Exploit 4962 R D X rgod 2007-05-26 IE 6 / Ademco, co., ltd. ATNBaseLoader100 Module Remote BoF Exploit 7606 R D X rgod 2007-05-25 Dart Communications PowerTCP ZIP Compression Remote BoF Exploit 3291 R D X rgod 2007-05-24 Dart Communications PowerTCP Service Control Remote BoF Exploit 3596 R D X rgod 2007-05-21 Pegasus ImagN ActiveX Control Remote Buffer Overflow Exploit 2966 R D rgod 2007-05-21 Virtual CD 9.0.0.2 (vc9api.DLL) Remote Shell Commands Execution Exploit 5590 R D X rgod 2007-05-13 VImpX ActiveX (VImpX.ocx v. 4.7.3.0) Remote Buffer Overflow Exploit 3567 R D rgod 2007-05-09 GDivX Zenith Player AviFixer Class (fix.dll 1.0.0.1) Buffer Overflow PoC 2658 R D X rgod 2007-05-04 RunCms <= 1.5.2 (debug_show.php) Remote SQL Injection Exploit 4280 R D rgod 2007-04-29 TCExam <= 4.0.011 (SessionUserLang) Shell Injection Exploit 3939 R D rgod 2007-04-15 XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit 12260 R D rgod 2007-04-01 WinMail Server 4.4 build 1124 (WebMail) Remote Add Super User Exploit 2643 R D rgod 2007-03-25 PHP 5.2.1 with PECL phpDOC Local Buffer Overflow Exploit 4896 R D rgod 2007-03-17 Php-Stats <= 0.1.9.1b (php-stats-options.php) admin 2 exec() eExploit 3459 R D rgod 2007-03-16 Php-Stats <= 0.1.9.1b (PC-REMOTE-ADDR) SQL Injection Exploit 3424 R D rgod 2007-03-16 Php-Stats <= 0.1.9.1b (ip) Remote SQL Injection Exploit 3644 R D rgod 2007-03-15 PHP <= 4.4.6 ibase_connect() Local Buffer Overflow Exploit 4262 R D rgod 2007-03-09 PHP 4.4.6 snmpget() object id Local Buffer Overflow Exploit PoC 5046 R D rgod 2007-03-09 PHP 4.4.6 cpdf_open() Local Source Code Discslosure PoC 4303 R D rgod 2007-03-08 PHP 4.4.6 crack_opendict() Local Buffer Overflow Exploit PoC 5598 R D rgod 2007-03-05 PHP <= 4.4.6 mssql_[p]connect() Local Buffer Overflow Exploit 6157 R D rgod 2007-02-28 vBulletin <= 3.6.4 (inlinemod.php postids) Remote SQL Injection Exploit 51847 R D rgod 2007-02-03 Woltlab Burning Board Lite <= 1.0.2pl3e (pms.php) SQL Injection Exploit 11421 R D rgod 2007-01-29 GuppY <= 4.5.16 Remote Commands Execution Exploit 6069 R D rgod 2007-01-14 ThWboard <= 3.0b2.84-php5 SQL Injection / Code Execution Exploit 5330 R D rgod 2007-01-12 sNews <= 1.5.30 Remote Reset Admin Pass / Command Exec Exploit 7539 R D rgod 2007-01-10 Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit 21348 R D rgod 2006-12-30 Cacti 0.8.6i (copy_cacti_user.php) SQL Injection Create Admin Exploit 4925 R D rgod 2006-12-29 Durian Web Application Server 3.02 Remote Buffer Overflow Exploit 8037 R D rgod 2006-12-29 Durian Web Application Server 3.02 Denial of Service Exploit 3097 R D rgod 2006-12-27 Cacti <= 0.8.6i cmd.php popen() Remote Injection Exploit 9469 R D rgod 2006-12-26 PHP-Update <= 2.7 Multiple Remote Vulnerabilities Exploit 4718 R D rgod 2006-12-19 PHP-Update <= 2.7 extract() Auth Bypass / Shell Inject Exploit 6147 R D rgod 2006-12-15 Sambar FTP Server 6.4 (SIZE) Remote Denial of Service Exploit 3534 R D rgod 2006-12-11 Golden FTP server 1.92 (USER/PASS) Heap Overflow PoC 3326 R D rgod 2006-12-09 Filezilla FTP Server 0.9.20b/0.9.21 (STOR) Denial of Service Exploit 3627 R D rgod 2006-11-30 PHPGraphy 0.9.12 Privilege Escalation / Commands Execution Exploit 4381 R D rgod 2006-11-28 Discuz! 4.x SQL Injection / Admin Credentials Disclosure Exploit 5261 R D rgod 2006-11-24 Woltlab Burning Board Lite 1.0.2 decode_cookie() SQL Injection Exploit 11735 R D rgod 2006-11-23 Woltlab Burning Board Lite 1.0.2 Blind SQL Injection Exploit 8178 R D rgod 2006-11-12 PHPWind <= 5.0.1 (AdminUser) Remote Blind SQL Injection Exploit 5710 R D rgod 2006-10-25 Discuz! 5.0.0 GBK SQL Injection / Admin Credentials Disclosure Exploit 7244 R D rgod 2006-10-10 Flatnuke <= 2.5.8 file() Priv Escalation / Code Execution Exploit 4202 R D rgod 2006-10-10 Flatnuke 2.5.8 (userlang) Local Inclusion / Delete All Users Exploit 4002 R D rgod 2006-09-22 exV2 <= 2.0.4.3 extract() Remote Command Execution Exploit 5118 R D rgod 2006-09-21 exV2 <= 2.0.4.3 (sort) Remote SQL Injection Exploit 4825 R D rgod 2006-09-19 Exponent CMS <= 0.96.3 (view) Remote Command Execution Exploit 5398 R D rgod 2006-09-15 Limbo CMS <= 1.0.4.2L (com_contact) Remote Code Execution Exploit 6852 R D rgod 2006-09-08 RaidenHTTPD 1.1.49 (SoftParserFileXml) Remote Code Execution Exploit 8613 R D rgod 2006-09-07 DokuWiki <= 2006-03-09b (dwpage.php) Remote Code Execution Exploit 7351 R D rgod 2006-09-07 DokuWiki <= 2006-03-09b (dwpage.php) System Disclosure Exploit 3919 R D rgod 2006-09-03 PmWiki <= 2.1.19 (Zend_Hash_Del_Key_Or_Index) Remote Exploit 5230 R D rgod 2006-09-02 TikiWiki <= 1.9 Sirius (jhot.php) Remote Command Execution Exploit 7238 R D rgod 2006-08-28 e107 <= 0.75 (GLOBALS Overwrite) Remote Code Execution Exploit 7708 R D rgod 2006-08-23 MercuryBoard <= 1.1.4 (User-Agent) Remote SQL Injection Exploit 7989 R D rgod 2006-08-22 Simple Machines Forum <= 1.1 rc2 Lock Topics Remote Exploit 14226 R D rgod 2006-08-20 Simple Machines Forum <= 1.1 rc2 (lngfile) Remote Exploit (windows) 13896 R D rgod 2006-08-17 CubeCart <= 3.0.11 (oid) Remote Blind SQL Injection Exploit 7809 R D rgod 2006-08-13 XMB <= 1.9.6 Final basename() Remote Command Execution Exploit 10855 R D rgod 2006-08-07 myBloggie <= 2.1.4 (trackback.php) Multiple SQL Injections Exploit 6962 R D rgod 2006-08-03 SendCard <= 3.4.0 Unauthorized Administrative Access Exploit 8290 R D rgod 2006-08-01 XMB <= 1.9.6 (u2uid) Remote SQL Injection Exploit (mq=off) 6797 R D rgod 2006-07-30 ATutor <= 1.5.3.1 (links) Remote Blind SQL Injection Exploit 5212 R D rgod 2006-07-25 Etomite CMS <= 0.6.1 (username) SQL Injection Exploit (mq = off) 6136 R D rgod 2006-07-25 Etomite CMS <= 0.6.1 (rfiles.php) Remote Command Execution Exploit 6159 R D rgod 2006-07-24 X7 Chat <= 2.0.4 (old_prefix) Remote Blind SQL Injection Exploit 6237 R D rgod 2006-07-21 LoudBlog <= 0.5 (id) SQL Injection / Admin Credentials Disclosure 4684 R D rgod 2006-07-18 toendaCMS <= 1.0.0 (FCKeditor) Remote File Upload Exploit 5937 R D rgod 2006-07-15 MyBulletinBoard (MyBB) <= 1.1.5 (CLIENT-IP) SQL Injection Exploit 10139 R D rgod 2006-07-13 phpBB 3 (memberlist.php) Remote SQL Injection Exploit 30947 R D rgod 2006-07-13 Phorum 5 (pm.php) Arbitrary Local Inclusion Exploit 8590 R D rgod 2006-07-07 Pivot <= 1.30 RC2 Privileges Escalation/Remote Code Execution Exploit 5252 R D rgod 2006-07-07 PAPOO <= 3_RC3 SQL Injection/Admin Credentials Disclosure Exploit 4469 R D rgod 2006-06-29 GeekLog <= 1.4.0sr3 f(u)ckeditor Remote Code Execution Exploit 8923 R D rgod 2006-06-28 BLOG:CMS <= 4.0.0k Remote SQL Injection Exploit 4588 R D rgod 2006-06-23 Jaws <= 0.6.2 (Search gadget) Remote SQL Injection Exploit 5064 R D rgod 2006-06-22 Mambo <= 4.6rc1 (Weblinks) Remote Blind SQL Injection Exploit (2) 8737 R D rgod 2006-06-17 Mambo <= 4.6rc1 (Weblinks) Blind SQL Injection Exploit 10526 R D rgod 2006-06-17 Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit 29465 R D rgod 2006-06-15 bitweaver <= 1.3 (tmpImagePath) Attachment mod_mime Exploit 6898 R D rgod 2006-06-12 blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit 4708 R D rgod 2006-06-05 Claroline <= 1.7.6 (includePath) Remote Code Execution Exploit 6810 R D rgod 2006-06-03 Pixelpost <= 1-5rc1-2 Remote Privilege Escalation Exploit 5391 R D rgod 2006-06-03 DotClear <= 1.2.4 (prepend.php) Arbitrary Remote Inclusion Exploit 5003 R D rgod 2006-06-03 LifeType <= 1.0.4 SQL Injection / Admin Credentials Disclosure Exploit 3513 R D rgod 2006-05-31 pppBlog <= 0.3.8 (randompic.php) System Disclosure Exploit 4837 R D rgod 2006-05-25 WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit 18761 R D rgod 2006-05-24 Drupal <= 4.7 (attachment mod_mime) Remote Exploit 7409 R D rgod 2006-05-23 Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary Remote Inclusion Exploit 5951 R D rgod 2006-05-21 XOOPS <= 2.0.13.2 xoopsOption[nocommon] Remote Exploit 10082 R D rgod 2006-05-16 PHP-Fusion <= 6.00.306 (srch_where) SQL Injection Exploit 14500 R D rgod 2006-05-16 DeluxeBB <= 1.06 (Attachment mod_mime) Remote Exploit 5425 R D rgod 2006-05-14 Sugar Suite Open Source <= 4.2 (OptimisticLock) Remote Exploit 5522 R D rgod 2006-05-13 phpBB <= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit 50158 R D rgod 2006-05-11 Unclassified NewsBoard <= 1.6.1 patch 1 Arbitrary Local Inclusion Exploit 5050 R D rgod 2006-05-07 PHP-Fusion <= 6.00.306 Multiple Vulnerabilities Exploit 13583 R D rgod 2006-05-02 X7 Chat <= 2.0 (help_file) Remote Commands Execution Exploit 6462 R D rgod 2006-04-20 PHPSurveyor <= 0.995 (surveyid) Remote Command Execution Exploit 5113 R D rgod 2006-04-19 PCPIN Chat <= 5.0.4 (login/language) Remote Code Execution Exploit 4516 R D rgod 2006-04-15 PHP Album <= 0.3.2.3 Remote Command Execution Exploit 5645 R D rgod 2006-04-14 phpWebSite <= 0.10.2 (hub_dir) Remote Commands Execution Exploit 6717 R D rgod 2006-04-14 osCommerce <= 2.2 (extras) Source Code Disclosure Vulnerability 13255 R D rgod 2006-04-14 SysInfo 1.21 (sysinfo.cgi) Remote Command Execution Exploit 6295 R D rgod 2006-04-12 Sphider <= 1.3 (configset.php) Arbitrary Remote Inclusion Exploit 6853 R D rgod 2006-04-12 PHP121 Instant Messenger <= 1.4 Remote Code Execution Exploit 4937 R D rgod 2006-04-11 Simplog <= 0.9.2 (s) Remote Commands Execution Exploit 6356 R D rgod 2006-04-10 PHPList <= 2.10.2 GLOBALS[] Remote Code Execution Exploit 6104 R D rgod 2006-04-09 ADODB < 4.70 (tmssql.php) Denial of Service Vulnerability 4007 R D rgod 2006-04-09 ADODB < 4.70 (PhpOpenChat 3.0.x) Server.php SQL Injection Exploit 4046 R D rgod 2006-04-06 phpMyChat 0.15.0dev (SYS enter) Remote Code Execution Exploit 5941 R D rgod 2006-04-05 phpMyChat <= 0.14.5 (SYS enter) Remote Code Execution Exploit 7277 R D rgod 2006-04-02 ReloadCMS <= 1.2.5 Cross Site Scripting / Remote Code Execution Exploit 5696 R D rgod 2006-03-30 Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit 5937 R D rgod 2006-03-28 PHPCollab 2.x / NetOffice 2.x (sendpassword.php) SQL Injection Exploit 6342 R D rgod 2006-03-28 Plogger <= Beta 2.1 Administrative Credentials Disclosure Exploit 4251 R D rgod 2006-03-25 WebAlbum <= 2.02pl COOKIE[skin2] Remote Code Execution Exploit 5674 R D rgod 2006-03-22 XHP CMS <= 0.5 (upload) Remote Command Execution Exploit 5586 R D rgod 2006-03-20 gCards <= 1.45 Multiple Vulnerabilities All-In-One Exploit 6467 R D rgod 2006-03-18 Nodez <= 4.6.1.1 Mercury Multiple Remote Vulnerabilities 4866 R D rgod 2006-03-15 php iCalendar <= 2.21 (Cookie) Remote Code Execution Exploit 6337 R D rgod 2006-03-15 php iCalendar <= 2.21 (publish.ical.php) Remote Code Execution Exploit 5874 R D rgod 2006-03-13 Simple PHP Blog <= 0.4.7.1 Remote Command Execution Exploit 8141 R M D rgod 2006-03-11 GuestBook Script <= 1.7 (include_files) Remote Code Execution Exploit 9403 R D rgod 2006-03-08 Gallery <= 2.0.3 stepOrder[] Remote Commands Execution Exploit 8160 R D rgod 2006-03-07 OWL Intranet Engine 0.82 (xrms_file_root) Code Execution Exploit 6002 R D rgod 2006-03-04 PHP-Stats <= 0.1.9.1 Remote Commands Execution Exploit 5289 R D rgod 2006-02-26 4Images <= 1.7.1 (Local Inclusion) Remote Code Execution Exploit 21430 R D rgod 2006-02-25 iGENUS WebMail <= 2.0.2 (config_inc.php) Remote Code Execution Exploit 4996 R D rgod 2006-02-23 NOCC Webmail <= 1.0 (Local Inclusion) Remote Code Execution Exploit 5150 R D rgod 2006-02-20 GeekLog 1.* (error.log) Remote Commands Execution Exploit (gpc = Off) 5507 R D rgod 2006-02-19 Admbook <= 1.2.2 (X-Forwarded-For) Remote Command Execution Exploit 7644 R D rgod 2006-02-17 Coppermine Photo Gallery <= 1.4.3 Remote Commands Execution Exploit 11697 R D rgod 2006-02-16 PHPKIT <= 1.6.1R2 (filecheck) Remote Commands Execution Exploit 14304 R D rgod 2006-02-13