bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2831 commits 1 branch 0 tags 258 MiB
Commit graph

63 commits

Author SHA1 Message Date
Offensive Security
0579cde876 DB: 2018-04-30 
5 changes to exploits/shellcodes

ImageMagick 6.9.3-9/7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities

ImageMagick 6.9.3-9/7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit)
ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit)

Oracle WebLogic Server 10.3.6.0 - Java Deserialization
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution
Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution
Android Bluetooth - 'Blueborne' Information Leak (1)
Android Bluetooth - 'Blueborne' Information Leak (2)
Apache Struts 2.0.1 < 2.3.33 / 2.5 < 2.5.10 - Arbitrary Code Execution
 2018-04-30 05:01:48 +00:00
Offensive Security
4088e4151b DB: 2018-04-07 
6 changes to exploits/shellcodes

Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass
Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption

LineageOS 14.1 Blueborne - Remote Code Execution
FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass
DotNetNuke DNNarticle Module 11 - Directory Traversal
Cobub Razor 0.7.2 - Cross Site Request Forgery
 2018-04-07 05:01:44 +00:00
Offensive Security
e3fb91f1d7 DB: 2018-03-24 
14 changes to exploits/shellcodes

Android Bluetooth -  BNEP bnep_data_ind() Remote Heap Disclosure
Android Bluetooth -  BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read
Dell EMC NetWorker - Denial of Service
WM Recorder 16.8.1 - Denial of Service
Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service
Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow
Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve )
Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH)
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass
TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery
XenForo 2 - CSS Loader Denial of Service
MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting
Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion

Linux/x86 - EggHunter Shellcode (11 Bytes)
 2018-03-24 05:01:48 +00:00
Offensive Security
b0fc7bfd43 DB: 2018-03-17 
6 changes to exploits/shellcodes

Android DRM Services - Buffer Overflow
MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow
SAP NetWeaver AS JAVA CRM -  Log injection Remote Command Execution
Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution

Spring Data REST < 2.6.9 (Ingalls SR9)_ 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Contec Smart Home 4.15 - Unauthorized Password Reset
 2018-03-17 05:01:46 +00:00
Offensive Security
5947825a84 DB: 2018-03-10 
15 changes to exploits/shellcodes

uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service
μTorrent (uTorrent) / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service

uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)
μTorrent (uTorrent) 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)

uTorrent WebUI 0.370 - Authorisation Header Denial of Service
μTorrent (uTorrent) WebUI 0.370 - Authorisation Header Denial of Service

Memcached - 'memcrashed' Denial of Service
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (2)
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1)
Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API
Broadcom BCM43xx Wi-Fi  - 'BroadPWN' Denial of Service
WebLog Expert Enterprise 9.4 - Denial of Service

uTorrent 2.0.3 - 'plugin_dll.dll' DLL Hijacking
μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking

uTorrent 2.0.3 - DLL Hijacking
μTorrent (uTorrent) 2.0.3 - DLL Hijacking

iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow
Microsoft Office - 'Composite Moniker Remote Code Execution
Mozilla Firefox - Address Bar Spoofing
Tor (Firefox 41 < 50) - Code Execution
Chrome 35.0.1916.153 - Sandbox Escape / Command Execution
WebLog Expert Enterprise 9.4 - Authentication Bypass

uTorrent 1.6 build 474 - 'announce' Key Remote Heap Overflow
μTorrent (uTorrent) 1.6 build 474 - 'announce' Key Remote Heap Overflow

t. hauck jana WebServer 1.0/1.45/1.46 - Directory Traversal
T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal

Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution

Werkzeug - 'Debug Shell' Command Execution

TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal
TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal

toronja CMS - SQL Injection
Toronja CMS - SQL Injection

uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery
μTorrent (uTorrent) WebUI 0.310 Beta 2 - Cross-Site Request Forgery
tinybrowser - 'tinybrowser.php' Directory Listing
tinybrowser - 'edit.php' Directory Listing
TinyBrowser - 'tinybrowser.php' Directory Listing
TinyBrowser - 'edit.php' Directory Listing

Xoops 2.5.7.2 - Directory Traversal Bypass
XOOPS 2.5.7.2 - Directory Traversal Bypass

SAP BusinessObjects launch pad - Server-Side Request Forgery

antMan < 0.9.1a - Authentication Bypass

Bacula-Web < 8.0.0-rc2 - SQL Injection
 2018-03-10 05:01:50 +00:00
Offensive Security
6a017b10c8 DB: 2018-03-06 
12 changes to exploits/shellcodes

Suricata < 4.0.4 - IDS Detection Bypass
ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions
Xion 1.0.125 - '.m3u' Local SEH-Based Unicode Venetian Exploit
Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow
Sophos UTM 9.410 - 'loginuser' 'confd' Service Privilege Escalation
Papenmeier WiFi Baby Monitor Free & Lite < 2.02.2 - Remote Audio Record
NETGEAR - 'TelnetEnable' Magic Packet (Metasploit)

Joomla! Component Joomanager 2.0.0 - Arbitrary File Download
Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download (PoC)

Parallels Remote Application Server 15.5 - Path Traversal
ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection
Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download
 2018-03-06 05:01:50 +00:00
Offensive Security
2c4b08963a DB: 2018-02-08 
25 changes to exploits/shellcodes

QNAP NAS Devices - Heap Overflow

QNAP NVR/NAS - Buffer Overflow (PoC)
QNAP NVR/NAS Devices - Buffer Overflow (PoC)
Cisco ASA - Crash PoC
Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption
Android - 'getpidcon' Permission Bypass in KeyStore Service
Multiple OEM - 'nsd' Remote Stack Format String (PoC)

HP-UX 11.0 - pppd Stack Buffer Overflow
HP-UX 11.0 - 'pppd' Local Stack Buffer Overflow

SGI IRIX - 'LsD' Multiple Buffer Overflows
SGI IRIX - 'LsD' Multiple Local Buffer Overflows

PostScript Utilities - 'psnup' Argument Buffer Overflow
PostScript Utilities - 'psnup' Local Buffer Overflow

Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflows
Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Local Buffer Overflows

MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation
Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access
Geovision Inc. IP Camera & Video - Remote Command Execution
Axis SSI - Remote Command Execution / Read Files
Axis Communications MPQT/PACS - Heap Overflow / Information Leakage
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
Herospeed - 'TelnetSwitch' Remote Stack Overflow / Overwrite Password / Enable TelnetD
Uniview - Remote Command Execution / Export Config (PoC)
Vitek - Remote Command Execution / Information Disclosure (PoC)
Vivotek IP Cameras - Remote Stack Overflow (PoC)
Dahua Generation 2/3 - Backdoor Access
HiSilicon DVR Devices - Remote Code Execution

JiRos Banner Experience 1.0 - Unauthorised Create Admin
JiRos Banner Experience 1.0 - Unauthorized Create Admin
Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting
Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting
Naukri Clone Script - Persistent Cross-Site Scripting
Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting
Online Test Script 2.0.7 - 'cid' SQL Injection
Entrepreneur Dating Script 2.0.2 - Authentication Bypass
 2018-02-08 05:01:53 +00:00
Offensive Security
81d6f781ab DB: 2018-01-12 
31 changes to exploits/shellcodes

MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service
Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon
Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass
Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation
Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege Escalation
macOS - 'process_policy' Stack Leak Through Uninitialized Field
Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read

Jungo Windriver 12.5.1 - Privilege Escalation
Jungo Windriver 12.5.1 - Local Privilege Escalation
Parity Browser < 1.6.10 - Bypass Same Origin Policy
Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping

VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution
VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' Man In The Middle Remote Code Execution

Granding MA300 - Traffic Sniffing MitM Fingerprint PIN Disclosure
Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure
LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit)
phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit)

eVestigator Forensic PenTester - MITM Remote Code Execution
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution

BestSafe Browser - MITM Remote Code Execution
BestSafe Browser - Man In The Middle Remote Code Execution
SKILLS.com.au Industry App - MITM Remote Code Execution
Virtual Postage (VPA) - MITM Remote Code Execution
SKILLS.com.au Industry App - Man In The Middle Remote Code Execution
Virtual Postage (VPA) - Man In The Middle Remote Code Execution

Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution
Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution
SAP NetWeaver J2EE Engine 7.40 - SQL Injection
D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution

FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes)
BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes)

FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes)
FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes)
Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode
HPUX - execve /bin/sh Shellcode (58 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode
HP-UX - execve /bin/sh Shellcode (58 bytes)

OpenBSD/x86 - execve /bin/sh Shellcode (23 Bytes)
OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes)
ARM - Bind TCP Shell (0x1337/TCP) Shellcode
ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
ARM - ifconfig eth0 192.168.0.2 up Shellcode
Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode
Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode

FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes)

Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 Bytes)
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes)

Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes)

Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes)

Linux/x86 - exceve /bin/sh Encoded Shellcode (44 Bytes)
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)
FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes)
FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes)
FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)
FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes)
FreeBSD - reboot() Shellcode (15 Bytes)
IRIX - execve(/bin/sh -c) Shellcode (72 bytes)
IRIX - execve(/bin/sh) Shellcode (43 bytes)
IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes)
IRIX - execve(/bin/sh) Shellcode (68 bytes)
IRIX - stdin-read Shellcode (40 bytes)
Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)

Linux/x86 - Read /etc/passwd Shellcode (54 Bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (21 Bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
 2018-01-12 05:02:17 +00:00
Offensive Security
ffa8e63e25 DB: 2018-01-10 
10 changes to exploits/shellcodes

Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined JavaScript Functions
Microsoft Edge Chakra JIT - BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert Branches
Microsoft Edge Chakra - 'asm.js' Out-of-Bounds Read

Microsoft Windows - 'nt!NtQuerySystemInformation (information class 138_ QueryMemoryTopologyInformation)' Kernel Pool Memory Disclosure

Android - Inter-Process munmap due to Race Condition in ashmem

Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76_ QueryProcessEnergyValues)' Kernel Stack Memory Disclosure

Microsoft Edge Chakra JIT - Escape Analysis Bug

Microsoft Windows - Local XPS Print Spooler Sandbox Escape

Commvault Communications Service (cvd) - Command Injection (Metasploit)

osCommerce 2.2 - SQL Injection
 2018-01-10 05:02:14 +00:00
Offensive Security
307f5f46af DB: 2017-12-21 
4 changes to exploits/shellcodes

Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' Double-Write Ring-0 Address Leak

Samsung Internet Browser - SOP Bypass (Metasploit)
Ability Mail Server 3.3.2 - Cross-Site Scripting
BEIMS ContractorWeb 5.18.0.0 - SQL Injection
 2017-12-21 05:02:15 +00:00
Offensive Security
f76fbb1072 DB: 2017-12-19 
19 changes to exploits/shellcodes

CDex 1.96 - Buffer Overflow
Zoom Linux Client 2.0.106600.0904 - Command Injection
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow

Firejail - Local Privilege Escalation

Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape

Linux kernel < 4.10.15 - Race Condition Privilege Escalation
Outlook for Android - Attachment Download Directory Traversal
Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit)
GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution

Joomla! Component Guru Pro - SQL Injection
Joomla! Component Guru Pro - 'Itemid' SQL Injection
Joomla! Component User Bench 1.0 - 'userid' SQL Injection
Joomla! Component My Projects 2.0 - SQL Injection
vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution
vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion
Linksys WVBR0 - 'User-Agent' Remote Command Injection
Joomla! Component JB Visa 1.0 - 'visatype' SQL Injection
Joomla! Component Guru Pro - 'promocode' SQL Injection

Monstra CMS 3.0.4 - Arbitrary File Upload / Remote Code Execution
 2017-12-19 05:02:17 +00:00
Offensive Security
cc349de5d3 DB: 2017-11-29 
4 changes to exploits/shellcodes

Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)

YaBB 1 Gold - SP 1 YaBB.pl Cross-Site Scripting
YaBB 1 Gold SP 1 - 'YaBB.pl' Cross-Site Scripting

NetPilot/Soho Blue Router 6.1.15 - Privilege Escalation

Synology StorageManager 5.2 - Remote Root Command Execution
 2017-11-29 10:22:56 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00