bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2831 commits 1 branch 0 tags 258 MiB
Commit graph

35 commits

Author SHA1 Message Date
Exploit-DB
bfc4baf25a DB: 2023-05-14 
7 changes to exploits/shellcodes/ghdb

FLEX 1080 < 1085 Web 1.6.0 - Denial of Service

Epson Stylus SX510W Printer Remote Power Off - Denial of Service

Job Portal 1.0 - File Upload Restriction Bypass

Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)

RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS)

TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)
 2023-05-14 00:16:46 +00:00
Offensive Security
d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
 2022-11-10 16:39:50 +00:00
Offensive Security
c9a65a1f7b DB: 2021-09-03 
52 changes to exploits/shellcodes
 2021-09-03 21:04:54 +00:00
Offensive Security
b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
 2021-09-03 20:19:21 +00:00
Offensive Security
36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
 2021-09-03 13:39:06 +00:00
Offensive Security
135e56dda8 DB: 2021-06-25 
16 changes to exploits/shellcodes

BasicNote 1.1.9 - Denial of Service (PoC)
ColorNote 4.1.9 - Denial of Service (PoC)
Notepad notes 2.6.7 - Denial of Service (PoC)
Blacknote 2.2.1 - Denial of Service (PoC)
Inkpad Notepad & To do list 4.3.61 - Denial of Service (PoC)

GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)
VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated)
Adobe ColdFusion 8 - Remote Command Execution (RCE)
TP-Link TL-WR841N - Command Injection
Huawei dg8045 - Authentication Bypass
 2021-06-25 05:01:52 +00:00
Offensive Security
1dc98b3b8e DB: 2021-06-05 
6 changes to exploits/shellcodes

Inkpad Notepad & To do list 4.3.61 - Denial of Service (PoC)
Color Notes 1.4 - Denial of Service (PoC)
Macaron Notes great notebook 5.5 - Denial of Service (PoC)
My Notes Safe 5.3 - Denial of Service (PoC)
Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)
Gitlab 13.10.2 - Remote Code Execution (Authenticated)
 2021-06-05 05:01:54 +00:00
Offensive Security
a9fa314bbf DB: 2021-06-04 
14 changes to exploits/shellcodes

BasicNote 1.1.9 - Denial of Service (PoC)
ColorNote 4.1.9 - Denial of Service (PoC)
Notepad notes 2.6.7 - Denial of Service (PoC)
Blacknote 2.2.1 - Denial of Service (PoC)

CHIYU IoT Devices - 'Telnet' Authentication Bypass
PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution
Seo Panel 4.8.0 - 'from_time' Reflected XSS
CHIYU IoT Devices - Denial of Service (DoS)
FUDForum 3.1.0 - 'srch' Reflected XSS
FUDForum 3.1.0 - 'author' Reflected XSS
Gitlab 13.9.3 - Remote Code Execution (Authenticated)
4Images 1.8 - 'redirect' Reflected XSS
 2021-06-04 05:01:54 +00:00
Offensive Security
b73c74bb9d DB: 2020-01-15 
6 changes to exploits/shellcodes

Redir 3.3 - Denial of Service (PoC)
WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM
Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN

VPN unlimited 6.1 - Unquoted Service Path
IBM RICOH InfoPrint 6500 Printer - HTML Injection
IBM RICOH 6400 Printer - HTML Injection
 2020-01-15 05:01:57 +00:00
Offensive Security
4169f5d10e DB: 2019-07-16 
6 changes to exploits/shellcodes

Android 7 - 9 VideoPlayer - 'ihevcd_parse_pps' Out-of-Bounds Write
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)

Streamripper 2.6 - 'Song Pattern' Buffer Overflow
NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities
FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion
 2019-07-16 05:02:16 +00:00
Offensive Security
0a2b5fd16f DB: 2019-05-30 
7 changes to exploits/shellcodes

Free SMTP Server 2.5 - Denial of Service (PoC)
Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)

Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)

pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
 2019-05-30 05:01:56 +00:00
Offensive Security
a91c0acafc DB: 2019-05-18 
14 changes to exploits/shellcodes

Sandboxie 5.30 - 'Programs Alerts' Denial of Service (PoC)
CEWE Photoshow 6.4.3 - 'Password' Denial of Service (PoC)
CEWE Photo Importer 6.4.3 - '.jpg' Denial of Service (PoC)
WeChat for Android 7.0.4 - 'vcodec2_hls_filter' Denial of Service
ZOC Terminal 7.23.4 - 'Script' Denial of Service (PoC)
ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC)
ZOC Terminal v7.23.4 - 'Shell' Denial of Service (PoC)
Axessh 4.2 - 'Log file name' Denial of Service (PoC)
SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service
Iperius Backup 6.1.0 - Privilege Escalation
VMware Workstation 15.1.0 - DLL Hijacking
JetAudio jetCast Server 2.0 - 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow
DeepSound 1.0.4 - SQL Injection
Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution
 2019-05-18 05:02:00 +00:00
Offensive Security
880bbe402e DB: 2019-03-08 
14991 changes to exploits/shellcodes

HTC Touch - vCard over IP Denial of Service

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities

PeerBlock 1.1 - Blue Screen of Death

WS10 Data Server - SCADA Overflow (PoC)

Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

man-db 2.4.1 - 'open_cat_stream()' Local uid=man

CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

CCProxy 6.2 - 'ping' Remote Buffer Overflow

Savant Web Server 3.1 - Remote Buffer Overflow (2)

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3  - Remote Code Execution

Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
 2019-03-08 05:01:50 +00:00
Offensive Security
d5509de389 DB: 2019-03-07 
6 changes to exploits/shellcodes

Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
Android - binder Use-After-Free via racy Initialization of ->allow_user_free
Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass

Java Debug Wire Protocol (JDWP) - Remote Code Execution

Linux/x86 - XOR Encoder / Decoder execve() /bin/sh Shellcode (45 bytes)
Linux/x86 - XOR Encoder / Decoder execve(/bin/sh) Shellcode (45 bytes)
 2019-03-07 05:01:53 +00:00
Offensive Security
31edb35a91 DB: 2019-03-01 
9 changes to exploits/shellcodes

FTP Server 1.32 - Denial of Service
WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
TransMac 12.3 - Denial of Service (PoC)
Simple Online Hotel Reservation System  - SQL Injection
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Delete Admin)
Joomla! Component J2Store < 3.3.7 - SQL Injection
Usermin 1.750 - Remote Command Execution (Metasploit)
Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)
 2019-03-01 05:01:57 +00:00
Offensive Security
f7381cfe15 DB: 2019-02-22 
9 changes to exploits/shellcodes

Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)
Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)
ScreenStream 3.0.15 - Denial of Service
AirDrop 2.0 - Denial of Service (DoS)

RealTerm Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow (SEH)

Memu Play 6.0.7 - Privilege Escalation

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass

C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection

EI-Tube 3 - SQL Injection
 2019-02-22 05:01:55 +00:00
Offensive Security
26efc559c7 DB: 2019-02-21 
8 changes to exploits/shellcodes

FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)
WinRAR 5.61 - '.lng' Denial of Service
FaceTime - Texture Processing Memory Corruption
Android Kernel < 4.8 - ptrace seccomp Filter Bypass
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - File Permissions SYSTEM Privilege Escalation
MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation
Apple macOS 10.13.5 - Local Privilege Escalation

mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers
mIRC < 7.55 - 'Custom URI Protocol Handlers' Remote Command Execution
Belkin Wemo UPnP - Remote Code Execution (Metasploit)

HotelDruid 2.3 - Cross-Site Scripting
 2019-02-21 05:01:57 +00:00
Offensive Security
f3f1427938 DB: 2019-02-16 
9 changes to exploits/shellcodes

ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS)
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC)
AirMore 1.6.1 - Denial of Service (PoC)
Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC)
Navicat for Oracle 12.1.15 - _Password_ Denial of Service (PoC)
VSCO 1.1.1.0 - Denial of Service (PoC)
Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference

Webiness Inventory 2.3 - SQL Injection
Webiness Inventory 2.3 - 'order' SQL Injection
MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery
Jinja2 2.10 - 'from_string' Server Side Template Injection
qdPM 9.1 - 'search_by_extrafields[]' SQL Injection
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload
 2019-02-16 05:01:55 +00:00
Offensive Security
5f3f5c8f09 DB: 2019-02-15 
18 changes to exploits/shellcodes

Core FTP/SFTP Server 1.2 Build 589.42 - 'User domain' Denial of Service (PoC)
MediaMonkey 4.1.23 - '.mp3' URL Denial of Service (PoC)
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS)

runc < 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (1)
exacqVision ESM 5.12.2 - Privilege Escalation
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)

Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)
DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting
DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting
DomainMOD 4.11.01 - 'category.php CatagoryName_ StakeHolder' Cross-Site Scripting
DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting
DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting
WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection
LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)
 2019-02-15 05:01:54 +00:00
Offensive Security
a4b18dada5 DB: 2019-02-14 
11 changes to exploits/shellcodes

AirDroid 4.2.1.6 - Denial of Service

NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)
runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
Ubuntu snapd < 2.37.1 - Local Privilege Escalation
runc < 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)
snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2)

Netatalk < 3.1.12 - Authentication Bypass
Netatalk 3.1.12 - Authentication Bypass
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)
Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting
PilusCart 1.4.1 - 'send' SQL Injection
 2019-02-14 05:01:54 +00:00
Offensive Security
1982f33252 DB: 2019-02-13 
16 changes to exploits/shellcodes

AirDroid 4.2.1.6 - Denial of Service

River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
Android - binder Use-After-Free via fdget() Optimization
Android - binder Use-After-Free of VMA via race Between reclaim and munmap
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow
River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
Ubuntu snapd < 2.37.1 - Local Privilege Escalation
IPFire 2.21 - Cross-Site Scripting
MyBB Bans List 1.0 - Cross-Site Scripting
IPFire 2.21 - Cross-Site Scripting
MyBB Bans List 1.0 - Cross-Site Scripting

Webiness Inventory 2.3 - 'email' SQL Injection
OPNsense < 19.1.1 - Cross-Site Scripting
Jenkins 2.150.2 -  Remote Command Execution (Metasploit)
BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution
LayerBB 1.1.2 - Cross-Site Scripting
 2019-02-13 05:01:49 +00:00
Offensive Security
d622832ea0 DB: 2019-02-12 
21 changes to exploits/shellcodes

KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflows (PoC) (SEH)

Jzip - Buffer Overflow (Denial of Service) (SEH Unicode)
Jzip -  Buffer Overflow (PoC) (SEH Unicode)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC)
Mediacoder 0.8.33 build 5680 - '.m3u'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst'  Buffer Overflow (PoC) (SEH Overwrite)

STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC)
STIMS Buffer 1.1.20 - Buffer Overflow (PoC) (SEH Overwrite)

Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service)
Zortam Mp3 Media Studio 20.15 - Overflow (PoC) (SEH)

Netatalk 3.1.12 - Authentication Bypass (PoC)
IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)
Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)
IP-Tools 2.50 - Local Buffer Overflow (PoC)
Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite)

FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC)
FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite)

Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC)
Remote Process Explorer 1.0.0.16 - Buffer Overflow (PoC) (SEH Overwrite)
AirDroid 4.2.1.6 - Denial of Service
FutureDj Pro 1.7.2.0 - Denial of Service
NordVPN 6.19.6 - Denial of Service (PoC)
River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH)
Evince - CBT File Command Injection (Metasploit)
Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure

Netatalk - Bypass Authentication
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit)
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
Smoothwall Express 3.1-SP4 - Cross-Site Scripting
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
IPFire 2.21 - Cross-Site Scripting
MyBB Bans List 1.0 - Cross-Site Scripting
VA MAX 8.3.4 - Authenticated Remote Code Execution
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting
Webiness Inventory 2.3 - 'email' SQL Injection
 2019-02-12 05:01:49 +00:00
Offensive Security
bb44caca27 DB: 2019-01-16 
4 changes to exploits/shellcodes

1Password < 7.0 - Denial of Service

Microsoft Windows VCF - Remote Code Execution

ownDMS 4.7 - SQL Injection

Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes)
 2019-01-16 05:01:50 +00:00
Offensive Security
038ac7b860 DB: 2018-10-11 
4 changes to exploits/shellcodes

FileZilla 3.33 - Buffer Overflow (PoC)

WhatsApp - RTP Processing Heap Corruption

MicroTik RouterOS < 6.43rc3 - Remote Root

Ektron CMS 9.20 SP2 - Improper Access Restrictions
 2018-10-11 05:01:43 +00:00
Offensive Security
b311000a22 DB: 2018-10-09 
16 changes to exploits/shellcodes

net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)
net-snmp 5.7.3 - Authenticated Denial of Service (PoC)
Linux - Kernel Pointer Leak via BPF
Android - sdcardfs Changes current->fs Without Proper Locking
360 3.5.0.1033 - Sandbox Escape
Git Submodule - Arbitrary Code Execution
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)
Cisco Prime Infrastructure - Unauthenticated Remote Code Execution
Unitrends UEB - HTTP API Remote Code Execution (Metasploit)
Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
Imperva SecureSphere 13 - Remote Command Execution

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
 2018-10-09 05:01:44 +00:00
Offensive Security
ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
 2018-09-25 05:01:51 +00:00
Offensive Security
54b5ed8407 DB: 2018-05-24 
31 changes to exploits/shellcodes

WordPress Core -  'load-scripts.php' Denial of Service
WordPress Core - 'load-scripts.php' Denial of Service

Broadcom BCM43xx Wi-Fi  - 'BroadPWN' Denial of Service
Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service
Android Bluetooth -  BNEP bnep_data_ind() Remote Heap Disclosure
Android Bluetooth -  BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read
Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure
Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read

Linux Kernel  < 4.17-rc1 - 'AF_LLC' Double Free
Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free
FTPShell Server 6.80 - Denial of Service
Siemens SCALANCE S613 - Remote Denial of Service
Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing

Photodex ProShow Gold 4 (Windows  XP SP3) - '.psh' Universal Buffer Overflow (SEH)
Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH)

WebKitGTK 2.1.2  (Ubuntu 14.04) - Heap based Buffer Overflow
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) -  'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) -  'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Brave Browser < 0.13.0 -  'long alert() argument' Denial of Service
Brave Browser < 0.13.0 -  'window.close(self)' Denial of Service
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service

FTPShell Server 6.80 - Buffer Overflow (SEH)

SAP NetWeaver AS JAVA CRM -  Log injection Remote Command Execution
SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution

Moxa AWK-3131A 1.4 < 1.7  - 'Username' OS Command Injection
Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection

Buddypress Xprofile Custom Fields Type 2.6.3  - Remote Code Execution
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
Joomla Convert Forms version 2.0.3 -  Formula Injection (CSV Injection)
Drupal  < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)

Drupal  < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution

Wchat PHP AJAX Chat Script  1.5 - Cross-Site Scripting
Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting
EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting
EasyService Billing 1.0 - 'p1' SQL Injection
MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting
MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting
MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection
PHP Dashboards 4.5 - 'email' SQL Injection
Mobile Card Selling Platform 1 - Cross-Site Request Forgery
PHP Dashboards 4.5 - SQL Injection
Online Store System CMS 1.0 - SQL Injection
Gigs 2.0 - 'username' SQL Injection
GPSTracker 1.0 - 'id' SQL Injection
Shipping System CMS 1.0 - SQL Injection
Wecodex Store Paypal 1.0 - SQL Injection
SAT CFDI 3.3 - SQL Injection
School Management System CMS 1.0 - 'username' SQL Injection
Library CMS 1.0 - SQL Injection
Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection
Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection
eWallet Online Payment Gateway 2 - Cross-Site Request Forgery
Mcard Mobile Card Selling Platform 1 - SQL Injection
Honeywell Scada System - Information Disclosure
NewsBee CMS 1.4 - Cross-Site Request Forgery
SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change
WordPress Plugin Peugeot Music - Arbitrary File Upload

BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes)
BSD - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes)

BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes)
BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes)
BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes)
BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes)
BSD/x86 - Bind (31337/TCP) Shell Shellcode (83 bytes)
BSD/x86 - Bind (Random TCP Port) Shell Shellcode (143 bytes)

BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes)
BSD/x86 - Reverse (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes)

BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes)
BSD/x86 - Reverse (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes)

FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)
FreeBSD/x86 - Reverse (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)

FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes)
FreeBSD/x86 - Reverse (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes)

FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes)
FreeBSD/x86 - Bind (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes)

FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes)
FreeBSD/x86 - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes)
Linux/x86 - Bind TCP Shell Shellcode (Generator)
Windows (XP SP1) - Bind TCP Shell Shellcode (Generator)
Linux/x86 - Bind (/TCP) Shell Shellcode (Generator)
Windows (XP SP1) - Bind (/TCP) Shell Shellcode (Generator)

Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator)
Windows - Reverse (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator)
Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes)
Linux/x64 - Reverse (/TCP) Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes)

Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes)
Linux/PPC - Reverse (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes)
Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes)
Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes)
Linux/SPARC - Reverse (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes)
Linux/SPARC - Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes)

Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)
Linux/x86 - Bind (/TCP) Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)

Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes)
Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes)
Linux/x86 - Bind (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind (8000/TCP) Shell + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes)

Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Reverse (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes)

Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)

Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes)
Linux/x86 - Reverse (8192/TCP) cat /etc/shadow Shellcode (155 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)
Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes)
Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)
Linux/x86 - Bind (2707/TCP) Shell Shellcode (84 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes)
Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator)
Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes)
Linux/x86 - Reverse (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator)

Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes)
Linux/x86 - Reverse (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes)
Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes)
Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes)
Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes)
Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes)
Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes)

Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes)
Linux/x86 - Reverse (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes)

Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Linux/x86 - Reverse (/TCP) Shell Shellcode (90 bytes) (Generator)

Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Bind (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes)
Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes)
Linux/x86 - Reverse (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes)
Linux/x86 - Reverse (/TCP) Shell (/bin/sh) Shellcode (120 bytes)
Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes)
Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes)
Linux/x86 - Bind (5074/TCP) Shell Shellcode (92 bytes)
Linux/x86 - Bind (5074/TCP) Shell + fork() Shellcode (130 bytes)

Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)
Linux/x64 - Bind (4444/TCP) Shell Shellcode (132 bytes)

NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes)
NetBSD/x86 - Reverse (6666/TCP) Shell Shellcode (83 bytes)

OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes)
OpenBSD/x86 - Bind (6969/TCP) Shell Shellcode (148 bytes)

Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator)
Solaris/MIPS - Reverse (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator)

Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes)
Solaris/SPARC - Bind (6666/TCP) Shell Shellcode (240 bytes)
Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)
Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shell Shellcode (Generator)
Solaris/SPARC - Bind (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)
Solaris/SPARC - Reverse (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)
Solaris/SPARC - Bind (/TCP) Shell Shellcode (240 bytes)
Solaris/x86 - Bind (/TCP) Shell Shellcode (Generator)

Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode
Windows/x86 (5.0 < 7.0) - Bind (28876/TCP) Shell + Null-Free Shellcode

Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode
Windows/x86 - Reverse (/TCP) + Download File + Save + Execute Shellcode

Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)
Windows (XP/2000/2003) - Reverse (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)

Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes)
Windows (XP SP1) - Bind (58821/TCP) Shell Shellcode (116 bytes)

FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes)
FreeBSD/x86 - Bind (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes)

Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode
Linux/x86 - Bind (13377/TCP) Netcat Shell Shellcode

Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes)
Linux/x86 - Reverse (8080/TCP) Netcat Shell Shellcode (76 bytes)

Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes)
Linux/x86 - Bind (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes)

Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes)
Linux/x86 - Bind (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes)
Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)
Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)

Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes)
Linux/x86 - Bind (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes)

BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes)
BSD/x86 - Bind (2525/TCP) Shell Shellcode (167 bytes)
Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode
Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode
Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode
Linux/ARM - Bind (0x1337/TCP) Shell Shellcode
Linux/ARM - Bind (68/UDP) Listener + Reverse (192.168.0.1:67/TCP) Shell Shellcode
Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode
FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator)
FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes)
FreeBSD/x86 - Reverse (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator)
FreeBSD/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x64 - Reverse (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)

Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)
Linux/x86 - Reverse (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)

OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode
OSX/x64 - Universal ROP + Reverse (/TCP) Shell Shellcode

Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes)
Linux/MIPS - Reverse (0x7a69/TCP) Shell Shellcode (168 bytes)

Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - Reverse (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes)

Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)
Windows/x86 - Bind (/TCP) Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)

Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)
Windows/x64 - Bind (4444/TCP) Shell Shellcode (508 bytes)

Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes)
Linux/x86 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes)

Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode
Windows/ARM (RT) - Bind (4444/TCP) Shell Shellcode
Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode
Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)
Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode
Windows/x86 - Reverse (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)
Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes)
Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)
Linux/MIPS (Little Endian) - Reverse (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes)
Windows/x86 (7) - Bind (4444/TCP) Shell Shellcode (357 bytes)

Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x64 - Reverse (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes)
Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes)
Linux/x86 - Reverse (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes)
Linux/x86 - Bind (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes)

Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes)
Linux/x86 - Bind (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes)

Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes)
Linux/x86 - Bind (5555/TCP) Netcat Shell Shellcode (60 bytes)

Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes)
Mainframe/System Z - Bind (12345/TCP) Shell + Null-Free Shellcode (2488 bytes)

OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
OSX/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)

Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes)
Google Android - Bind (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes)

Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x64 - Bind (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)

Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)
Linux x86/x64 - Reverse (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x64 - Bind (4444/TCP) Shell Shellcode (251 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)

Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes)
Linux/ARM - Reverse (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes)

Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x64 - Reverse (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)

Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)
Linux/x64 - Bind (5600/TCP) Shell Shellcode (81 bytes)

Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)
Linux/x64 - Bind (5600/TCP) Shell Shellcode (86 bytes)
Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes)
Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes)
Linux/x64 - Bind TCP Shell Shellcode (Generator)
Linux/x86 - Reverse (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes)
Linux/x86 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes)
Linux/x64 - Bind (/TCP) Shell Shellcode (Generator)
Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)
Linux/x64 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x64 - Reverse (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)

Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator)
Linux/x86 - Bind (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator)

Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes)

Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes)
Linux/x86 - Bind (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes)
Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes)
Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes)
Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes)
Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)
Linux/x64 - Reverse (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x64 - Bind (/TCP) Netcat Shell + Null-Free Shellcode (64 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes)
Linux/x64 - Bind (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes)
Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x86 - Reverse (127.1.1.1:10/TCP) Xterm Shell Shellcode (68 bytes)
Linux/x64 - Bind (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 Axis Communication - Reverse (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)

Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)
Linux/x64 - Reverse (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)
Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes)
Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes)
Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes)
Linux/x86 - Bind (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes)
Linux/x86 - Bind (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes)
Linux/x86 - Reverse (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes)

Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x64 - Bind (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x64 - Reverse (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x64 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x64 - Bind (31337/TCP) Shell Shellcode (150 bytes)
Linux/x64 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x64 - Bind (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x64 - Reverse (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)

OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode
OSX/PPC - Reverse (/TCP) Shell (/bin/csh) Shellcode

OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes)
OSX/PPC - Bind (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes)
BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind (2222/TCP) Shell Shellcode (133 bytes)
BSD/x86 - Bind (2222/TCP) Shell Shellcode (100 bytes)
Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode
Solaris/SPARC - Bind TCP Shell Shellcode
Solaris/SPARC - Bind (2001/TCP) Shell (/bin/sh) Shellcode
Solaris/SPARC - Bind (/TCP) Shell Shellcode

Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)
Linux/x86 - Bind (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)

Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes)
Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes)
Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)
Linux/x86 - Reverse (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)

Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind (31337/TCP) Shell + Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x86 - Bind (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes)
Linux/x86 - Reverse (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes)
Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (65 bytes)
Linux/x86 - Bind (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes)
Linux/x86 - Bind (1111/TCP) Shell + Null-Free Shellcode (73 bytes)
Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)

Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes)
Linux/x86 - Bind (31337/TCP) Shell Shellcode (108 bytes)
Linux/x86 - Bind TCP Shell Shellcode (112 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes)
Linux/x86 - Bind (/TCP) Shell Shellcode (112 bytes)
Linux/x86 - Reverse (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes)
Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes)
Linux/x86 - Bind (1337/TCP) Shell Shellcode (89 bytes)
Linux/x86 - Reverse (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes)
Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes)
Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes)
Windows/x86 (NT/XP/2000/2003) - Bind (8721/TCP) Shell Shellcode (356 bytes)
Windows/x86 (2000) - Reverse (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes)

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)
Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)
Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes)
Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Windows/x86 - Reverse (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes)
Windows/x64 - Reverse (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)

Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - Reverse (/TCP) Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)

Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x64 - Bind (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)

Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)
Linux/x64 - Bind (5600/TCP) Shell Shellcode (87 bytes)
Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator)
Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes)
Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes)
Linux - Reverse (/TCP) Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes)
Linux - Bind (/TCP) Shell + Dual/Multi Mode Shellcode (156 bytes)

Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)
Linux/x64 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x64 - Reverse (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Windows/x86 - Reverse (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)

Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)
Linux/x86 - Reverse (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)

Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes)
Linux/ARM (Raspberry Pi) - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes)

FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
FreeBSD/x64 - Bind (/TCP) Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)

FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes)
FreeBSD/x86 - Bind (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes)

IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes)
IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes)

Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes)
Android/ARM - Reverse (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes)

Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes)
Linux/StrongARM - Bind (/TCP) Shell (/bin/sh) Shellcode (203 bytes)

Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes)
Linux/SuperH (sh4) - Bind (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes)

Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x64 - Bind (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)

Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes)
Linux/x86 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes)
Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes)
Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes)
Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh)  + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes)
Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes)
Linux/x86 - Reverse (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes)

Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Linux/x64 - Reverse (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes)
Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes)
Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x86 - Reverse (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes)
Linux/x64 - Reverse (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)

Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/x64 - Reverse (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)
Linux/ARM (Raspberry Pi) - Bind (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes)
Linux/ARM (Raspberry Pi) - Reverse (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)

Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)
Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)

Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)
Linux/x86 - Reverse (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)

Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)
Linux/x86 - Bind (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)

Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (113 bytes)
 2018-05-24 05:01:50 +00:00
Offensive Security
e3fb91f1d7 DB: 2018-03-24 
14 changes to exploits/shellcodes

Android Bluetooth -  BNEP bnep_data_ind() Remote Heap Disclosure
Android Bluetooth -  BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read
Dell EMC NetWorker - Denial of Service
WM Recorder 16.8.1 - Denial of Service
Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service
Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow
Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve )
Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH)
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass
TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery
XenForo 2 - CSS Loader Denial of Service
MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting
Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion

Linux/x86 - EggHunter Shellcode (11 Bytes)
 2018-03-24 05:01:48 +00:00
Offensive Security
b0fc7bfd43 DB: 2018-03-17 
6 changes to exploits/shellcodes

Android DRM Services - Buffer Overflow
MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow
SAP NetWeaver AS JAVA CRM -  Log injection Remote Command Execution
Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution

Spring Data REST < 2.6.9 (Ingalls SR9)_ 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Contec Smart Home 4.15 - Unauthorized Password Reset
 2018-03-17 05:01:46 +00:00
Offensive Security
5947825a84 DB: 2018-03-10 
15 changes to exploits/shellcodes

uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service
μTorrent (uTorrent) / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service

uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)
μTorrent (uTorrent) 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)

uTorrent WebUI 0.370 - Authorisation Header Denial of Service
μTorrent (uTorrent) WebUI 0.370 - Authorisation Header Denial of Service

Memcached - 'memcrashed' Denial of Service
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (2)
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1)
Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API
Broadcom BCM43xx Wi-Fi  - 'BroadPWN' Denial of Service
WebLog Expert Enterprise 9.4 - Denial of Service

uTorrent 2.0.3 - 'plugin_dll.dll' DLL Hijacking
μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking

uTorrent 2.0.3 - DLL Hijacking
μTorrent (uTorrent) 2.0.3 - DLL Hijacking

iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow
Microsoft Office - 'Composite Moniker Remote Code Execution
Mozilla Firefox - Address Bar Spoofing
Tor (Firefox 41 < 50) - Code Execution
Chrome 35.0.1916.153 - Sandbox Escape / Command Execution
WebLog Expert Enterprise 9.4 - Authentication Bypass

uTorrent 1.6 build 474 - 'announce' Key Remote Heap Overflow
μTorrent (uTorrent) 1.6 build 474 - 'announce' Key Remote Heap Overflow

t. hauck jana WebServer 1.0/1.45/1.46 - Directory Traversal
T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal

Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution

Werkzeug - 'Debug Shell' Command Execution

TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal
TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal

toronja CMS - SQL Injection
Toronja CMS - SQL Injection

uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery
μTorrent (uTorrent) WebUI 0.310 Beta 2 - Cross-Site Request Forgery
tinybrowser - 'tinybrowser.php' Directory Listing
tinybrowser - 'edit.php' Directory Listing
TinyBrowser - 'tinybrowser.php' Directory Listing
TinyBrowser - 'edit.php' Directory Listing

Xoops 2.5.7.2 - Directory Traversal Bypass
XOOPS 2.5.7.2 - Directory Traversal Bypass

SAP BusinessObjects launch pad - Server-Side Request Forgery

antMan < 0.9.1a - Authentication Bypass

Bacula-Web < 8.0.0-rc2 - SQL Injection
 2018-03-10 05:01:50 +00:00
Offensive Security
2c4b08963a DB: 2018-02-08 
25 changes to exploits/shellcodes

QNAP NAS Devices - Heap Overflow

QNAP NVR/NAS - Buffer Overflow (PoC)
QNAP NVR/NAS Devices - Buffer Overflow (PoC)
Cisco ASA - Crash PoC
Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption
Android - 'getpidcon' Permission Bypass in KeyStore Service
Multiple OEM - 'nsd' Remote Stack Format String (PoC)

HP-UX 11.0 - pppd Stack Buffer Overflow
HP-UX 11.0 - 'pppd' Local Stack Buffer Overflow

SGI IRIX - 'LsD' Multiple Buffer Overflows
SGI IRIX - 'LsD' Multiple Local Buffer Overflows

PostScript Utilities - 'psnup' Argument Buffer Overflow
PostScript Utilities - 'psnup' Local Buffer Overflow

Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflows
Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Local Buffer Overflows

MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation
Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access
Geovision Inc. IP Camera & Video - Remote Command Execution
Axis SSI - Remote Command Execution / Read Files
Axis Communications MPQT/PACS - Heap Overflow / Information Leakage
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
Herospeed - 'TelnetSwitch' Remote Stack Overflow / Overwrite Password / Enable TelnetD
Uniview - Remote Command Execution / Export Config (PoC)
Vitek - Remote Command Execution / Information Disclosure (PoC)
Vivotek IP Cameras - Remote Stack Overflow (PoC)
Dahua Generation 2/3 - Backdoor Access
HiSilicon DVR Devices - Remote Code Execution

JiRos Banner Experience 1.0 - Unauthorised Create Admin
JiRos Banner Experience 1.0 - Unauthorized Create Admin
Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting
Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting
Naukri Clone Script - Persistent Cross-Site Scripting
Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting
Online Test Script 2.0.7 - 'cid' SQL Injection
Entrepreneur Dating Script 2.0.2 - Authentication Bypass
 2018-02-08 05:01:53 +00:00
Offensive Security
81d6f781ab DB: 2018-01-12 
31 changes to exploits/shellcodes

MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service
Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon
Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass
Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation
Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege Escalation
macOS - 'process_policy' Stack Leak Through Uninitialized Field
Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read

Jungo Windriver 12.5.1 - Privilege Escalation
Jungo Windriver 12.5.1 - Local Privilege Escalation
Parity Browser < 1.6.10 - Bypass Same Origin Policy
Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping

VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution
VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' Man In The Middle Remote Code Execution

Granding MA300 - Traffic Sniffing MitM Fingerprint PIN Disclosure
Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure
LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit)
phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit)

eVestigator Forensic PenTester - MITM Remote Code Execution
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution

BestSafe Browser - MITM Remote Code Execution
BestSafe Browser - Man In The Middle Remote Code Execution
SKILLS.com.au Industry App - MITM Remote Code Execution
Virtual Postage (VPA) - MITM Remote Code Execution
SKILLS.com.au Industry App - Man In The Middle Remote Code Execution
Virtual Postage (VPA) - Man In The Middle Remote Code Execution

Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution
Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution
SAP NetWeaver J2EE Engine 7.40 - SQL Injection
D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution

FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes)
BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes)

FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes)
FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes)
Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode
HPUX - execve /bin/sh Shellcode (58 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode
HP-UX - execve /bin/sh Shellcode (58 bytes)

OpenBSD/x86 - execve /bin/sh Shellcode (23 Bytes)
OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes)
ARM - Bind TCP Shell (0x1337/TCP) Shellcode
ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
ARM - ifconfig eth0 192.168.0.2 up Shellcode
Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode
Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode

FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes)

Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 Bytes)
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes)

Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes)

Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes)

Linux/x86 - exceve /bin/sh Encoded Shellcode (44 Bytes)
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)
FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes)
FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes)
FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)
FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes)
FreeBSD - reboot() Shellcode (15 Bytes)
IRIX - execve(/bin/sh -c) Shellcode (72 bytes)
IRIX - execve(/bin/sh) Shellcode (43 bytes)
IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes)
IRIX - execve(/bin/sh) Shellcode (68 bytes)
IRIX - stdin-read Shellcode (40 bytes)
Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)

Linux/x86 - Read /etc/passwd Shellcode (54 Bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (21 Bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
 2018-01-12 05:02:17 +00:00
Offensive Security
ffa8e63e25 DB: 2018-01-10 
10 changes to exploits/shellcodes

Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined JavaScript Functions
Microsoft Edge Chakra JIT - BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert Branches
Microsoft Edge Chakra - 'asm.js' Out-of-Bounds Read

Microsoft Windows - 'nt!NtQuerySystemInformation (information class 138_ QueryMemoryTopologyInformation)' Kernel Pool Memory Disclosure

Android - Inter-Process munmap due to Race Condition in ashmem

Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76_ QueryProcessEnergyValues)' Kernel Stack Memory Disclosure

Microsoft Edge Chakra JIT - Escape Analysis Bug

Microsoft Windows - Local XPS Print Spooler Sandbox Escape

Commvault Communications Service (cvd) - Command Injection (Metasploit)

osCommerce 2.2 - SQL Injection
 2018-01-10 05:02:14 +00:00
Offensive Security
cc349de5d3 DB: 2017-11-29 
4 changes to exploits/shellcodes

Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)

YaBB 1 Gold - SP 1 YaBB.pl Cross-Site Scripting
YaBB 1 Gold SP 1 - 'YaBB.pl' Cross-Site Scripting

NetPilot/Soho Blue Router 6.1.15 - Privilege Escalation

Synology StorageManager 5.2 - Remote Root Command Execution
 2017-11-29 10:22:56 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00