Exploitpacktable 2014

CVE

slang/shorthand

Product / type . < means that v. and below

Exploit Description

CVE-2006-0003 mdac

IE 6

Pack Release Date (SEE OLDER PACKS ON TAB 3 BELOW) or Analysis date MS IE _ MSHTML IE6 MS IE _ IE 5.01, 5.5, and 6 DHTML Method Heap Memory Corruption Vulnerability MS IE _MS06-014 for lE6/Microsoft Data Access Components (MDAC) Remote Code Execution

CVE-2007-5659 collab, collectEmaillnfo /2008-0655

PDF < 8.1.1

ADOBE PDF _Exploit -collab, collectEmaillnfo

CVE-2004-0549

IE 6

CVE-2005-0055

IE 5, 6

m_Cor_n / MS Off Snapshot IE

CVE-2008-2463 snapshot/ activexbundle CVE-2009- Mozilla FF 3.5 / font tags | FF escape retval 2477 CVE-2008-2992 util.printf Java JRE/Javad0/Javado/Java

CVE-2008-5353 Calendar/javaold/JavaSr0 CVE-2009IE7 MEMCOR MS09-002 0075/0076

CVE-2009-0927 PDF collab.getIcon / pdf-gi

IE- MSAccess

MS OFFICE _M508-041 - MS Access Snapshot Viewer

FF < 3.5.1

FIREFOX - Font tags | Firefox 3.5 escape() Return Value Memory Corruption

PDF < 8.1.2

ADOBE PDF _Exploit• util.printf

Java < 6u10

JAVA _Javad0—JRECalendar Java Deserialize

IE 7

MS IE _ MS09-002 - lE7 Memory Corruption

PDF < 9.1

ADOBE PDF _ Exploit- collab.getlcon

CVE-2009-1136 spreadsheet

IE - MSOffice

MS OFFICE _ MSO9-043 - lE OWC Spreadsheet ActiveX control Memory Corruption

CVE-2009-3867 JAVA GSB

Java < 6u17

JAVA _Runtime Env. getSoundBank Stack BOF

PDF < 9.3

ADOBE PDF Exploit - docmedianewPlayer

CVE-2009-4324

PDF mediaNewPlayer / pdfmp

CVE-2010-0188 PDF Libtiff / Lib

PDF < 9.3.1

ADOBE PDF Exploit - LibTiff Integer Overflow

CVE-2010-0094 javarmi

Java < 6u18

JAVA _ Runtime Environment component in Oracle Java SE

CVE-2010-0806 IEPeers msiemc

IE 7

CVE-2010-1297 PDF SWF

MS IE _ IEPeers Remote Code Execution IE7 Unitialized Memory Corruption JAVA _ Trusted Method Chaining - Java getValue Remote Code Execution JAVA 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 -via MIDI file with a crafted MixerSequencer object JAVA _ SMB / Java JDT 6 Upd 10-19 * Requires xtra components ADOBE PDF _ Open/Launch embedded exe via built in functionality, ability to change prompt text. Didier Stevens. SWF < 10.1.53.64 ADOBE FLASH - "PDF SWF"

CVE-2010-1423 javanew JWS

Java 6u10,19

CVE-2010-1885 hcp

WIN XP-2003

CVE-2010-0840

JAVA TC (?) javagetval OBE Java invoke / Java Trust

CVE-2010-0842 JAVA MIDI Java OBE

Java < 6u19

SWF < 10.2.152.26 SWF < 10.2.152.26 SWF < 10.2.154.27

ADOBE FLASH _ authplay.dll ActionScript AVM2 memory corruption Vulnerability – Adobe Reader < 9.4.0 – ALL Win JAVA _ Unspecified vulnerability in the New Java Plug-in – Java 6 < Update 22 – IE Only – ALL Windows ADOBE FLASH _ memory corruption and application crash via crafted SWF content October 2010. IE Use-after-free IE 6, 7, and 8 "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," JAVA _Sun Java Applet2ClassLoader Remote Code Execution Exploit JAVA _ www.metasploit. com/modules/exploit/multi/browser/java_signed_applet ADOBE FLASH _ Integer overflow in Adobe Flash Player before 10.2.152.26 ADOBE FLASH _ Denial of service (memory corruption) via crafted parameters ADOBE FLASH -Microsoft Office document with an embedded . swf file

CVE-2011-1255 IE 6-8

IE 6-8

MS IE _Time Element Memory Corruption

CVE-2011-2110

SWF< 10.3.181.26 ADOBE FLASH _ Flash memory corruption June - 2011

SWF< 10.1.82.76

CVE-2010-3654 FlashPlayer Button

SWF < 10.1.102.64

CVE-2010-3962 IE CSS

IE 6, 7, 8

CVE-2010-4452 Java Codebase Trust

Java < 6u23

Signed Applet Signed Applet

JAVA SOCIAL

CVE: 20112371

FF Array.reduceRight() Exploit

SWF< 10.3.183.5

Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit

PDF < 10.1.1

ADOBE PDF _U3D onject memory corruption December 2011

CVE-2011-3106 Chrome websockets

CHROME < 19.0.1084.52

CHROME Websockets overflow

CVE-2011-3521

Java 6u27, 7

JAVA _Type confusion vulnerability in Oracle Java Update 27

TrueType Font - Duqu

CVE-2011-3544 Java Rhino CVE-2011-3659 Firefox 8/9 Firefox social FF Social

Java 6u27, 7

JAVA _ AtomicReferenceArray

2010-0188

MS WMP

CVE-2012-1889 IE XML memcor

XML IE

XML _ memory corruption

SAFARI < 6

SAFARI Webkit - memory corruption

Neutrino

Blackhole (last)*

10-'13

03-'13

10-'13

Blackhole 2.x Blackhole 2.0 Blackhole 1.2.5 Blackhole 1.2.3 09-'12

2006-0003

08-'12

12-'11

2006-0003

2007-5659 /2008-0655

Crime Boss 2013

Crime Boss 2012

Grandsoft / SofosFO/Stamp EK

09-'12

09-'13

09-'12

Crimeboss

10-'13

Private EK

Sakura

09-'13

2006-0003

Sakura 1.0

LightsOut

Glazunov

Rawin

Flimkit

Cool EK (Kore-sh)

08-'12

01-'12

9-'13

08-'13

8-'13

08-'13

09-'13

2006-0003

Sakura 1.1

Kore (formely Sibhost known as (Urausy/BestAV Sibhost) EK) 08-'13

04-'13

Cool/Styxy

Styx 4.0

Cool

07-'13

05-'13

Cool Jan 2013 ->

Cool

08-'12

2006-0003

Styx 2.0

Topic

Nice EK

KaiXin Nov '12

KaiXin Aug '12

12-'12

05-'13

03-'13

mid 2012

2007-5659 /2008-0655

Styx 2.x 2013

G01pack

SPL Pack

Serenity pack

Alpha Pack

2006-0003

10-'12

2006-0003

2010-0188

2008-2992

2009-0927

2010-0188

2009-0927

2010-0188

2010-0806

2010-0842

CritXPack

Whitehole

Red Dot

11-'12

01-'13

12-'12

Assoc AiD (unconfirmed) No Name 09-'12

09-'12

2011-2140

2008-2992

2009-0927

2010-0188

2011-2140

2011-3544

-

IE VML

IE <10

IE Use-after-free vulnerability in IE 6 -10 - via a crafted web site that triggers access to a deleted object

Silverlight

Silverlight < 5.1.20913.0

SILVERLIGHT 5, 5 Dev. Runtime, < 5.1.20125.0 Double Dereference Vulnerability and SL 5 < 5.1.20913.0

IE < 10

IE InformationCardSigninHelper VulnerabiliIty

IE <11

IE Use-after-free vuln. in the CDisplayPointer class in mshtml.dll in IE6 11 - (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler

SWF<11. 7.700.252,<11. 9.900.152

FLASH - Memory Corruption

Number of exploits included

2012-1723

2012-0507

2011-3544

2012-1723

2012-0507

2012-1723

2011-3544

2011-3544?

2012-0507

2012-1723

2011-3544

2012-0754

2009-0927

2009-3867 2009-4324 2010-0188

2010-0188

2010-0806 2010-0840

2010-0806

2010-0188

2010-0806

2010-0840

2010-0806 2010-0840

2010-0842

2010-0842 2010-0886

2010-1297

2010-1885

2010-1297

2010-1885

2010-3552

SOCIAL

2011-0559 2011-0611 2011-1255

2011-2140

2011-1255

2011-0611

2011-1255 2011-2110

2011-2140

? flash-mp

2011-2110

2011-2140

2011-2110

2011-3402

2011-3544

2011-3402

2011-2140

2012-0507

2012-0775

Removed

2012-1723

2011-3544

2012-0507

Removed

2012-0507

Removed

2012-0754

2012-1723

2011-3544

2012-0003

2012-0507

2012-1723

2012-0507

2012-0754 2012-0775

2012-0507

2012-0779 Unknown CVE 2012-1535 2012-1723

2012-1723

2012-1876

2012-4681

2012-5076

2012-4681

2012-5076

2012-1889

2012-4681

2012-1889

2012-4681

2012-5076

2012-4681

2012-4792

2012-1876

2012-1889

2012-4681

2012-1889

2012-4681

2012-4969

2012-4681

2012-4792

2012-5076

2012-4681

2012-4792

2012-4969

2012-5076

2013-0422

2012-0775 2012-1876 2012-1889 2013-0422

2013-0422

2013-0422 2013-0431

2013-0431

2013-0634

2013-0431

2013-0422

2013-0431

2013-0634

2013-0431

2013-0422

2013-0431

2013-0422

2013-0431

2013-0634 2013-1347

2013-0422

2013-0431

2013-0634

2013-1347

20131488 2013-1493

2013-1493

2013-2423

2013-1493

2013-1690 2013-2423

2013-2423

2013-2460

2013-2423

SOCIAL 2013-2460

2013-2460

2013-2463 2013-2465

2013-2465

2013-2463

2013-2465

2013-2471

2013-2471 ??

2013-2465 2013-2471

2013-2463

2013-2465

2013-2471

2013-2460

2013-2463

2013-2465 2013-2471

2013-2471

2013-2471 2013-2472

replaced by CVE2013-3918

2013-2551

2013-0074/3896

20130074/3896

2013-2551

2013-2551 CVE-20130074/3896

2013-3918 2013-3897

2013-3897 2013-5329

Nuclear 3.x

6

Nuclear 3.x

5

3

$1,500

Nuclear 2.2 - Nuclear 2.1 >

2

10

13

4

1

5?

7

Gong Da / GonDad

Redkit 2.2

Goon (found to be Redkit 2.1)

Redkit

Redkit (former Puerto?)

$1,500 Nuclear 2.0

5

2?

3

5?

2?

Fiesta (formerly Neosploit)

Neo Sploit

DotkaChef

Angler

FlashPack (child of SafePack / CritXPack/ Vintage Pack)

Safe Pack

CVE-2010-0188

CVE-2012-4681

CVE-2012-1723 CVE-2012-1723 CVE-2011-3402

CVE-2012-0507

CVE-2011-3544

CVE-2013-2471

CVE-2012-1723 CVE-2012-0507

CVE-2013-0074/3896

CVE-2012-1723

CVE-2012-4681 CVE-2011-3544

CVE-2012-1723

CVE-2012-0003

CVE-2013-1493

CVE-2013-0422 CVE-2012-1723

CVE-2013-0431

CVE-2013-2423 CVE-2013-2423

CVE-2012-5076

CVE-2012-1889

CVE-2012-0507

CVE-2013-2460

CVE-2013-1493 CVE-2012-4681

CVE-2013-0634

CVE-2013-2460 CVE-2013-2460

CVE-2013-0422

CVE-2013-3918 CVE-2013-2551

CVE-2012-1723 CVE-2012-1723 CVE-2013-0422 CVE-2013-0422

CVE-2011-3544

CVE-2012-4681 CVE-2012-5076

CVE-2011-2140

CVE-2013-2551

CVE-2012-0507

CVE-2010-0188 CVE-2010-0188

x2o (Redkit Light)

Exploits in ths pack - listing

CVE-2010-0188 CVE-2010-0188

CVE-2010-0188 CVE-2010-0188 CVE-2010-0188

?

3?

6

4

?

traff

Exploits in ths pack - listing

CVE-2012-1723 CVE-2012-4681

CVE-2013-2423 CVE-2012-5076 CVE-2013-0422 CVE-2013-2423

CVE-2013-2465

CVE-2013-2551

CVE-2012-5692

CVE-20130074/3896

CVE-2013-1493 CVE-2013-0634 CVE-2013-2423 CVE-2013-2551 CVE-2013-5329 CVE-2013-2471 ??

CVE-20130074/3896

CVE-2012-1723

CVE-2013-2551

CVE-2013-2423

9?

6?

2700

3?

6

8

6

4?

5

$450-$1350 /mo

$450/mo

Author Paunch arrested in 10-'13

Neutrino

Blackhole (last)

5

Korean language NB Exploiter Version 2.8.4.6

6?

11

1500

10

Magnitude / Death Touch White Lotus (formerly known as Popads)

Popads

CVE-2011-3544 CVE-2011-3402

CVE-20130431

CVE-20132423

CVE-2013-2465 CVE-2012-0507

Social Eng

CVE-20132471

CVE-2012-1723 CVE-2010-0188 CVE-2010-0188 CVE-2010-0188

CVE-2012-1889

CVE-2011-2140 CVE-2011-0611 CVE-2010-3962

CVE-2011-3544 CVE-2013-2460

CVE-2013-0431

CVE-2013-2460

CVE-20132551

CVE-2012-5076 CVE-2011-3544 CVE-2011-3544 CVE-2011-3544

CVE-2012-4681

CVE-2011-3544 CVE-2011-2140 CVE-2011-1255

CVE-2013-0634 CVE-2013-2463*

CVE-2013-1493

CVE-2013-2471

CVE-2007-5659 CVE-2010-0188 CVE-2010-0188 CVE-2007-5659 /2008-0655 /2008-0655 CVE-2012-0507 CVE-2012-0507 CVE-2008-2992 CVE-2008-2992

CVE-2013-0431 CVE-2012-0507 CVE-2012-0507

CVE-20124792*

CVE-2012-0754 CVE-2011-3544 CVE-2011-0611

CVE-2013-2465 CVE-2013-2465*

CVE-2013-2423

and + all or some

CVE-2012-1723 CVE-2012-1723 CVE-2009-0927 CVE-2009-0927

CVE-2013-2551 CVE-2013-0634 CVE-2013-2460 CVE-2013-2471 CVE-2013-2551

Sweet Orange

Sweet Orange Sweet Sweet Sweet Orange 1.? Orange 1.? Orange 1.1 1.0 CVE-2010-0188 CVE-2006-0003 CVE-2006-0003 CVE-2006-0003

CVE-2012-1723 CVE-2012-1723 CVE-2012-4681 CVE-2012-4681

CK (child of Netboom Exploiter) CVE-2011-3544

CK (child of Netboom Exploiter)

CVE-2011-0611 CVE-2010-0806 CVE- 2010-0806

CVE-2013-0422 CVE-2012-1535 CVE-2012-0003 CVE-2013-0634

Net Boom NB Exploiter

CVE-2011-2110

CVE-2012-1889 CVE-2012-0754 CVE-2011-2140

HiMan (High Load)

CVE-2010-0188 CVE-2013-0431

CVE-2013-2551 CVE-2013-2551

CVE-2012-1723

CVE-2013-0422

exploits

CVE-20130074/3896

from the previous version

Blackhole 2.x Blackhole 2.0 Blackhole 1.2.5 Blackhole 1.2.3 CVE-2006-0003 CVE-2006-0003 CVE-2006-0003 CVE-2006-0003

CVE-2012-4681 CVE-2012-4681 CVE-2010-0188 CVE-2010-0188 CVE-2012-5076 CVE-2012-5076 CVE-2010-1885 CVE-2010-0842

Exploits in ths pack - listing

CVE-2013-0422

CVE-2012-4792

CVE-2012-5076

CVE-2013-3897

CVE-2012-4681

* switch 2463*<>2465*

CVE-2013-0422

CVE-2011-0559 CVE-2010-1885

Exploits in ths pack - listing

CVE-2013-0634

CVE-2012-4969

CVE-2013-0431

* removed

CVE-2012-4969

Possibly + exploits

CVE-2013-0431

CVE-2011-2110 CVE-2011-0559

Exploits in ths pack - listing

CVE-2013-2465

CVE-2012-5076

CVE-2013-2423

from the previous

CVE-2011-3402

CVE-2012-1723 CVE-2011-3544

Exploits in ths pack - listing

CVE-2013-3897

CVE-2012-1889

Exploits in ths pack - listing

CVE-2013-0422 CVE-2013-0634

Exploits in ths pack - listing

CVE-2013-1493

version

5

3

Crime Boss 2013

Crime Boss 2012

?

Crimeboss

CVE- CVE-20112013- 3544 1488 and + CVE-2012all or 4681 some CVE-2013exploits 0422 from CVE-2013the 2423 previous version SOCIAL

5

3

10k/hour = 900$ / 3500$ mo - and more for higher traff

3-5K/mo

Grandsoft

CVE-2011-3544 CVE-2010-0188 CVE-2010-0188

7

CVE-2006-0003

4

Sakura 1.0

4?

2+?

3?

3

2+?

4

3?

5

11

5+

19?

8

9?

7?

?

Cool

Styx 2.x 2013

Styx 2.0

Topic

CVE-2006-0003 CVE-2006-0003

Rawin

Flimkit

Cool EK (Kore-sh)

Sibhost Kore (formely (Urausy/BestAV Cool/Styxy Sibhost) EK)

CVE-2012-5076

CVE-2013-2460 CVE-2013-2423

CVE-2013-1347 cve-2013-2471

CVE-2013-1493 CVE-2013-2423

CVE-2013-2463 CVE-2013-2460

CVE-2013-1493

CVE-2011-3402* CVE-2011-3402 CVE-2012-1876

CVE-2010-0188 CVE-2010-0188 CVE-2011-3544 CVE-2011-3544

CVE-2013-1690

CVE-2013-2423 CVE-2013-2471

CVE-2013-2463

CVE-2013-2423

CVE-2013-0431

CVE-2012-1723 CVE-2013-0634

CVE-2011-3402 CVE-2011-3402 CVE-2012-0507 CVE-2012-0507

CVE-2011-3544 CVE-2011-3544

CVE-2013-2465

CVE-2013-1493

CVE-2013-0422 CVE-2013-2465

CVE-2012-0507 CVE-2012-0507 CVE-2012-1723 CVE-2012-1723

version

CVE-2013-2471

CVE-2013-2423

CVE-2010-0188 CVE-2012-0755

CVE-2007-5659 CVE-2006-0003 CVE-2006-0003 CVE-2007-5659 /2008-0655 /2008-0655

CVE-2012-1723 CVE-2013-2463 CVE-2012-0507 CVE-2012-1723

CVE-2010-0806 CVE-2010-0806 CVE-2010-0842 CVE-2010-0842

exploits from the previous

CVE-2012-4681 CVE-2012-5076

CVE-2010-0188

Styx 4.0

CVE-2013-2460

cve-2013-2471

Glazunov

and + all or some

CVE-2010-0188 CVE-2011-3544

4

5

6?

2?

5

G01pack

SPL Pack

Serenity Pack

13

4?

Alpha Pack

Impact

CVE-2013-1493 cve-2013-2471 CVE-2013-2423

and + all or some

CVE-2013-0422

CVE-2013-2460 exploits

CVE-2013-2423

CVE-2013-2463

from the previous

CVE-2013-2472 version

CVE-2012-1889 CVE-2012-0507

CVE-2013-2551

CVE-2012-4681

Social Eng

CVE-2012-0775 CVE-2012-0775 CVE-2012-4681 CVE-2012-4681 Unknown CVE CVE-2012-1723 CVE-2012-4969 CVE-2012-4969

CVE-20132423

Nice EK

CVE-2012-1723

KaiXin Nov '12

KaiXin Aug '12

8

7

3?

- $1,800 rent $400/wk $200rent

$150/wk $250/mo

LightsOut

CVE-2013-1493

CVE-2011-3544 CVE-2013-0422

?

1-2K /mo rent

CVE-2013-2423

CVE-2011-3544 CVE-2013-0422

CVE-2013-2463

7

Sakura 1.1

CVE-2013-1347

CVE-2012-4681 SOCIAL

CVE-2013-2423

9-

Sakura 1.x

$1100 / mo rent

Private EK

CritXPack

Whitehole

5

3 2-5K

Red Dot

Assoc AiD no (info from Private name Ad only)

CVE-2010CVE-2011-1255 CVE-2011-1255 CVE-2006-0003 CVE-2012-1723 CVE-2006-0003 CVE-2011-2140 CVE-2007-5659 CVE-2006-0003 CVE-2011-3544 CVE-2012-0507 CVE-2011/2008-0655 3106 0188 CVE-2012CVE-2011-3544 CVE-2011-3544 CVE-2009-0927 CVE-2013-0422 CVE-2010-0188 CVE-2006-0003 CVE-2010-0188 CVE-2010-0188 CVE-2012-1723 CVE-2012-5076 CVE-20121876 1723 CVE-2012CVE-2012-1723 CVE-2012-0507 CVE-2010-1423 CVE-2012-0507 CVE-2008-2992 CVE-2012-1723 CVE-2011-2110 CVE-2012-4681 CVE-2013-0422 CVE-20121880 4681 CVE-2012CVE-2012-1889 CVE-2012-0754 CVE-2010-1885 CVE-2012-4681 CVE-2009-0927 CVE-2012-5076 CVE-2011-3544 CVE-2012-5076 3683 CVE-2012-1723 CVE-2012-1723 CVE-2012-4969 CVE-2009-2477 CVE-2013-0422 CVE-2012-0507 CVE-2013-0422 Unknown CVE CVE-2012-1889 CVE-2013-0422 CVE-2010-0188 CVE-2012-1723 CVE-2013-1493

11

2

1-1.5K

1500

Phoenix 3.1.15

NucSoft

5

9

14

13

4

8

10

Zhi Zhu

Incognito v.2

Phoenix 3.1

Eleonore 1.8.91

"Yang Pack"

Techno XPack

Siberia Private

Hierarchy

CVE: 2010-0248 CVE-20100188 CVE-2010-0842 CVE-20120507 CVE-2011-2110

CVE-2010-0806 CVE-2004-0549

CVE-2006-0003 CVE-2006-0003 CVE-2010-0806 CVE-2008-2992 CVE-2005-0055 CVE-2006-0003

CVE-2011-1255 CVE-2007-5659 /2008-0655 CVE-2011-2110 CVE-2008-2992

CVE-2011-2140

CVE-2011-2140 CVE-2009-0927

CVE-2007-5659 CVE-2008-2463 CVE-2011-2110 CVE-2010-0188 CVE-2006-0003 CVE-2009-0927 /2008-0655 CVE-2008-2992 CVE-2010-0188 CVE-2011-2140 CVE-2010-0842 CVE-2007-5659 CVE-2010-0094 /2008-0655 CVE-2008-5353 CVE-2010-0806 CVE-2011-3544 CVE-2010-1297 CVE-2008-2463 CVE-2010-0188

CVE: 2011-2371 CVE-2011-3544

CVE-2012-0003 CVE-2009-4324 CVE-2010-0842

CVE-2009-0927 CVE-2010-0840 CVE-2009-3867 CVE-2010-1885

CVE-2012-1876 CVE-2012-1889 CVE-2013-0431 CVE-2013-0431

CVE-2010-0806

CVE-2012-4681 CVE-2013-2423

CVE-2011-3659

CVE-2010-0886

CVE-2009-4324 CVE-2010-4452

CVE-2010-2884 CVE-2008-2992 CVE-2010-0806 CVE-2010-3552 CVE-2009CVE-2010-0840 0075/0076 CVE-2010-3654 CVE-2009-0927 CVE-2010-1297

CVE-2012-1889 CVE-2012-4681 Social Eng

CVE-2010-0840

CVE-2012-4792

CVE-2012-0500

CVE-2010-1885

CVE-2010-0188 CVE-2011-0558

SOCIAL

CVE-2012-4681

CVE-2010-2883

CVE-2013-2423

CVE-2012-0507

CVE-2010-0840 CVE-2011-0559

CVE-2009-4324 CVE-2011-0611

CVE-2010-0886 CVE-2011-0611

CVE-2010-0806

CVE-2012-4792

CVE-2010-3552

CVE-2012-5076 CVE-2012-1876

CVE-2012-1723 CVE-2012-1889

CVE-2010-1240 CVE-2011-2462 CVE-2010-1297 CVE-2011-3521

CVE-2012-1889

CVE-2012-4681

CVE-2011-3544 CVE-2011-3544

CVE-2013-0422

Exploits in ths pack - listing

CVE-2013-0431 CVE-2013-0437 CVE-2013-1347 CVE-2013-1690

Exploits in ths pack - listing

Social Eng

Exploits in ths pack - listing

2009-0927

2009-4324

2011-0559

2012-1876

Exploits in ths pack - listing

2008-2992

2012-3683

Exploits in ths pack - listing

2008-2992

2009-0927

2012-5692

Exploits in ths pack - listing

01-'12

2008-2463

2008-2992

2010-0806

2012-0003

2012-0507

2012-4969

Last Update date:

Exploits in ths pack - listing

Hierarchy

2006-0003

2012-1880

By Mila Jan 21, 2014

Exploits in ths pack - listing

01-'12

2006-0003 2007-5659 /2008-0655

SOCIAL

6

Exploits in ths pack - listing

Siberia Private

2012-0500

Notes

Product / type . < means that v. and Exploit Description (CLICK ON CELLS 2 SEE TEXT) below

01-'12

2011-3659

JAVA Memory Corruption Vulnerability

CVE-2013-5329 on Flash 11.9.900.117

Techno XPack

01-'12

2010-0188

2010-0842

2011-3402

2012-0003

2012-0507

JAVA < 7 Update 21, < 6 Update 45, and < 5.0 Update 45, and OpenJDK 7 - Incorrect IntegerComponentRaster size checks JAVA < SE 7 Update 21, < 6 Update 45, < 5.0 Update 45, and OpenJDK 7 Incorrect ShortBandedRaster size checks in 2D

CVE-2013-3918

"Yang Pack"

03-'12

2006-0003

2007-5659 /2008-0655

2011-3521

Self-Generated fake cert Social Eng

CVE-2013-3897

Eleonore 1.8.91

03-'12

2006-0003

Phoenix 3.1

2011-2462

JAVA The color mgmnt (CMM) functionality in the 2D - an outof-bounds read or memory corruption in the JVM

Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7 "insufficient access checks" in the tracing component. JAVA < Update 21 6 Update 45 and earlier, and< 5.0 Update 45, and OpenJDK 7 -Incorrect image attribute verification in 2D.

2010-0188

2010-1885

FF < 22.0, FF ESR 17.x before 17.0.7, TBird < 17.0.7, and TBird ESR 17.x< 17.0.7 do not properly handle onreadystatechange events with page reloading,

JAVA SE 7 Update 17 and earlier allows remote attackers to

-

2012

2007-5659 /2008-0655

2011-2371

2013-0634

-

Incognito v.2

2011-3106

2013-0422

-

02-'12

2008-2992

2011-2110

2011-3402

2012-1889

Java

Zhi Zhu

2012

2011-0611

IE Microsoft Internet Explorer 8 improper object handling in memory JAVA via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager

Java < Java7u17 affect integrity via unknown vectors related to HotSpot.

NucSoft

05-'12

2011-0558

2013-0634

Java < 7u15 6u41 FF < 22, Tbird < 17.0.7

Phoenix 3.1.15

2006-0003

2010-4452

2013-0422

IE 8 Java <7u17, 6, 7

Java < 7u21 6u45 Java < 7u21 6u45 Java < 7u21 6u45 Java < 7u21 6u45 Java < 7u21 6u45

11-'12

2010-0806

2010-1885

SOCIAL

2011-0559 2011-0611

2011-2110

JAVA: abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox JAVA Unspecified vulnerability in the Java Runtime Environment (JRE) via unknown vectors related to 2D.

Java 7u11

SWF<10.3.183.51 FLASH Buffer overflow in Adobe Flash Player via crafted SWF content, as exploited in the wild in February 2013. (win)

Social Fake Cert

Impact

2007-5659 /2008-0655

2011-1255

2012-1889

< Java 7u11 Java 7u11

CVE-2013-1347 IE UAF CVE-2013-1488

the newer kits/versions

Neutrino

10-'13

2011-0611

JAVA: JMB/MBEAN and Reflection API allow a crafted applet to bypass SecurityManager restrictions 2013-0422 2013-0422 2013-0422

WIN XP-7, Srv2003-2008

CVE-2013-0437

Legend:

HiMan (High Load)

2010-2011

2010-3654

JAVA Arbitrary Code Execution

CVE-2013-0634

Grey Column Old(er) kit [versions] for header Text in reference and comparison with Italic

2010-0188

PHP vuln. in admin/sources/base/core.php in Invision Power Board IPB or IP.Board) 3.1.x- 3.3.x JAVA The JavaScript implementation in Adobe Reader and Acrobat 9.x < 9.5.1 and 10.x < 10.1.3 - (memory corruption) IE aka "Col Element Remote Code Execution Vulnerability," by VUPEN - Pwn2Own competition at CanSecWest 2012. WIN: - Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 memory corruption via a crafted web site.

CVE-2013-0422

slang/shorthand (CLICK ON CELLS 2 SEE TEXT)

2010-0188

<Java 7u8

CVE-2013-0431

CVE

2010-0188

IP.Board) 3.1.x through 3.3.x PDF < 9.51 and < 10.1.3 IE 6-9, 10

w Click2play bypass

Net Boom NB Exploiter

04-'12

2010-3962

IE Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll

CVE-20132551 CVE-20130074/3896

CK (child of Netboom Exploiter)

03-'13

2010-2884

JAVA _crafted applet that bypasses SecurityManager restrictions

CVE-2013-2472

CK (child of Netboom Exploiter)

11-'13

2010-3552

Use-after-free vulnerability,inCDwnBindInfo object, and exploited in the wild in December 2012.

Java Type

CK (child of Netboom Exploiter)

2010-2883

IE 6-9

Java Raster

05-'12

2006-0003

2010-0248

<Java 7u6

w click2play bypass

09-'12

2006-0003

2010-1885

IE 6-8

w click2play bypass

09-'12

2006-0003

2010-1297

CVE-2012-4969 IE 6-9

CVE-2013-2465

03-'13

2010-1423

CVE-2012-4681 Java Gondvv / Gondzz

CVE-2013-2471

Sweet Sweet Sweet Orange Sweet Orange Orange 1.? Orange 1.1 1.0

2010-0094

CVE-2012-4792 IE 6-8

CVE-2013-2463

11-'13

SWF<10.3.183.15, FLASH Player allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 11.1.102.62 PDF < 10.1.3, < ADOBE PDF JavaScript implementation allows arbitrary code execution 9.5.1 SWF<10.3.183.19, ADOBE FLASH (via IE?)- object type confusion 11.2.202.235 SWF<10.3.183.23, Claims to have some private flash exploit 11.4.402.265 SWF < Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux -SWF content in a Word document. 11.3.300.271

CVE-2012-3683 Safari Webkit

CVE-2013-2460

Sweet Orange

02-'13

2010-1240

IE _ insertRow Remote Code Execution Vulnerability

CVE-2013-1690

Popads

11-'13

2010-0886

IE 6-9

CVE-2013-2423

Magnitude / Death Touch (formerly known as Popads)

11-'13

2010-0840

CVE-2012-1880 IE InsertRow

CVE-2013-1493 Java CMM

White Lotus

04-'13

2010-0842

JAVA Remote Code Execution

XML

Safe Pack

12-'13

2010-0806

IE _ from VUPEN's Pwn2Own demo at CanSecWest 2012. Col Element Remote Code Execution Vulnerability

2012-1889

FlashPack (child of SafePack / CritXPack/ Vintage Pack)

12-'13

2009-4324 2010-0188

Java 6u32, 7u4

CVE-2012-0775 PDF 9. 10

Angler

12-'13

20090075/0076

IE 6-10

CVE-2012-1876 IE 6-9, 10

DotkaChef

09-'12

2009-3867

CVE-2012-1723 Java Byte / verifier

CVE-2012-5076 JAX-WS

Neo Sploit

01-'14

2008-5353

CVE-2012-1876 IE 6-10

CVE-2012-5692

Fiesta (formerly Neosploit)

2008-2463

FIREFOX 8/9_ AttributeChildRemoved() Use-After-Free.

MS MEDIA PLAYER _vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) JAVA _Sun Java Web Start Plugin Command Line Argument Injection (2012)

Unknown CVE

08-'13

2009-2477

FIREFOX Bootstrapped Addon Social Engineering Code Execution

Java 6u30, 7u2

CVE-2012-1535 Flash SWF in Word

x2o (Redkit Light)

before 04-'13

JAVA _Vulnerability in the Rhino Script Engine

Java 6u30, 7u2

CVE-2012-0779 Flash

Redkit

05-'13

2005-0055

FF <3.6.26 ,4.9

WMP MIDI

CVE-2012-0754 MP4 Overflow

Redkit

11-'13

2004-0549

FF < 4

CVE-2012-0507 Java Atomic

CVE-2012-0775

Goon (found to be Redkit 2.1)

12-'13

WIN XP-2008 via WINDOWS XP, 2003, 2008 TrueType Font Parsing Vulnerability IE

CVE-2012-0500 Web Start Plugin

CVE-2012-0003

Redkit 2.x

03-'13

ADOBE FLASH _ Flash memory corruption August-2011 MP4 SequenceParameterSetNALUnit Buffer Overflow

FF < 4.0.1

CVE-2011-2462 PDF U3D

CVE-2011-3402

Gong Da / GonDad

12-'13

PDF Exploit Adobe Reader Stack-based buffer overflow in CoolType.dll

PDF < 9.4

Java < 6u21

CVE-2011-2140 MP4 sequence

Gong Da / GonDad

03-'12

MS HCP _ Help Center URL Validation Vulnerability

CVE-2010-2884 authplay.dll

CVE-2011-0559 Flash 10 by exm

Nuclear 2.0

03-'12

IE MS10-002 Internet Explorer Object Memory Use-After-Free

CVE-2010-3552 JAVA SKYLINE / docbase

CVE-2011-0611 Flash 10

Nuclear 2.1

03-'12

Java Deployment Toolkit Remote Argument Injection Vulnerability (Taviso)

IE Object Memory Use-AfterIE 6, 7, 8 Free

CVE-2011-0558 Flash <10.2

Nuclear 2.2

11-'13

Java < 6u18

PDF < 9.3.3

CVE-2010-2883 PDF FONT / Cooltype

Nuclear 3.x

01-'14

Java < 6u18

CVE-2010-0886 JAVA SMB / JAVA JDT CVE-2010-1240 PDFOPEN

CVE: 20100248

Nuclear 3.x

CVE-2012-0779

CVE-2012-0507

CVE-2009-3867 CVE-2010-1885

Turn static files into dynamic content formats.

Create a flipbook