exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	be24992411	DB: 2022-05-12 42 changes to exploits/shellcodes UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path TCQ - ITeCProteccioAppServer.exe - Unquoted Service Path Wondershare Dr.Fone 11.4.10 - Insecure File Permissions ExifTool 12.23 - Arbitrary Code Execution Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService) Wondershare Dr.Fone 12.0.7 - Privilege Escalation (InstallAssistService) Prime95 Version 30.7 build 9 - Remote Code Execution (RCE) Akka HTTP 10.1.14 - Denial of Service USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor Bookeen Notea - Directory Traversal SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE) ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure DLINK DIR850 - Insecure Access Control DLINK DIR850 - Open Redirect Apache CouchDB 3.2.1 - Remote Code Execution (RCE) Tenda HG6 v3.3.0 - Remote Command Injection Google Chrome 78.0.3904.70 - Remote Code Execution PyScript - Read Remote Python Source Code DLINK DAP-1620 A1 v1.01 - Directory Traversal Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated) ImpressCMS v1.4.4 - Unrestricted File Upload Microfinance Management System 1.0 - 'customer_number' SQLi WebTareas 2.4 - Blind SQLi (Authenticated) WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload (Authenticated) Magento eCommerce CE v2.3.5-p2 - Blind SQLi Bitrix24 - Remote Code Execution (RCE) (Authenticated) CSZ CMS 1.3.0 - 'Multiple' Blind SQLi Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS) Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS) e107 CMS v3.2.1 - Multiple Vulnerabilities Anuko Time Tracker - SQLi (Authenticated) TLR-2005KSH - Arbitrary File Upload Explore CMS 1.0 - SQL Injection Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated) PHProjekt PhpSimplyGest v1.3. - Stored Cross-Site Scripting (XSS) Beehive Forum - Account Takeover MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated) WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF) Joomla Plugin SexyPolling 2.1.7 - SQLi WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)	2022-05-12 05:01:39 +00:00
Offensive Security	093714dc70	DB: 2022-04-20 21 changes to exploits/shellcodes Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path 7-zip - Code Execution / Local Privilege Escalation PTPublisher v2.3.4 - Unquoted Service Path EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path Zyxel NWA-1100-NH - Command Injection ManageEngine ADSelfService Plus 6.1 - User Enumeration Verizon 4G LTE Network Extender - Weak Credentials Algorithm Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Request Forgery (CSRF) Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS) Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure Scriptcase 9.7 - Remote Code Execution (RCE) WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - SQL Injection Easy Appointments 1.4.2 - Information Disclosure WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS) WordPress Plugin Popup Maker 1.16.5 - Stored Cross-Site Scripting (Authenticated) REDCap 11.3.9 - Stored Cross Site Scripting PKP Open Journals System 3.3 - Cross-Site Scripting (XSS) WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated) Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)	2022-04-20 05:01:45 +00:00
Offensive Security	50cc2edafe	DB: 2022-04-08 9 changes to exploits/shellcodes Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path binutils 2.37 - Objdump Segmentation Fault Kramer VIAware - Remote Code Execution (RCE) (Root) Opmon 9.11 - Cross-site Scripting Zenario CMS 9.0.54156 - Remote Code Execution (RCE) (Authenticated) KLiK Social Media Website 1.0 - 'Multiple' SQLi minewebcms 1.15.2 - Cross-site Scripting (XSS) qdPM 9.2 - Cross-site Request Forgery (CSRF) ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion	2022-04-08 05:01:37 +00:00
Offensive Security	54b7907ae6	DB: 2022-03-31 11 changes to exploits/shellcodes PostgreSQL 9.3-11.7 - Remote Code Execution (RCE) (Authenticated) Kramer VIAware 2.5.0719.1034 - Remote Code Execution (RCE) ImpressCMS 1.4.2 - Remote Code Execution (RCE) Atom CMS 2.0 - Remote Code Execution (RCE) Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS) WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF) WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion WordPress Plugin admin-word-count-column 2.2 - Local File Read CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated) WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS	2022-03-31 05:01:38 +00:00
Offensive Security	e55394b7d4	DB: 2022-03-23 6 changes to exploits/shellcodes Sysax FTP Automation 6.9.0 - Privilege Escalation iRZ Mobile Router - CSRF to RCE Ivanti Endpoint Manager 4.6 - Remote Code Execution (RCE) ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting (XSS) ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Takeover	2022-03-23 05:01:38 +00:00
Offensive Security	62c4c0421c	DB: 2022-03-22 3 changes to exploits/shellcodes Hikvision IP Camera - Backdoor Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)	2022-03-22 05:01:37 +00:00
Offensive Security	12a90d7198	DB: 2022-03-17 5 changes to exploits/shellcodes Hikvision IP Camera - Backdoor Apache APISIX 2.12.1 - Remote Code Execution (RCE) Moodle 3.11.5 - SQLi (Authenticated) Pluck CMS 4.7.16 - Remote Code Execution (RCE) (Authenticated) Tiny File Manager 2.4.6 - Remote Code Execution (RCE)	2022-03-17 05:01:38 +00:00
Offensive Security	2ad6c86451	DB: 2022-03-15 4 changes to exploits/shellcodes VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path Siemens S7-1200 - Unauthenticated Start/Stop Command Baixar GLPI Project 9.4.6 - SQLi	2022-03-15 05:01:36 +00:00
Offensive Security	653f886e0b	DB: 2022-03-12 2 changes to exploits/shellcodes Seowon SLR-120 Router - Remote Code Execution (Unauthenticated) Tdarr 2.00.15 - Command Injection	2022-03-12 05:01:35 +00:00
Offensive Security	88a02fb8d8	DB: 2022-03-11 8 changes to exploits/shellcodes Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege BattlEye 0.9 - 'BEService' Unquoted Service Path WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path Siemens S7-1200 - Unauthenticated Start/Stop Command Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)	2022-03-11 05:01:39 +00:00
Offensive Security	bba496461e	DB: 2022-03-01 6 changes to exploits/shellcodes Cobian Reflector 0.9.93 RC1 - 'Password' Denial of Service (PoC) Cobian Backup 11 Gravity 11.2.0.582 - 'Password' Denial of Service (PoC) Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated) Casdoor 1.13.0 - SQL Injection (Unauthenticated)	2022-03-01 05:01:37 +00:00
Offensive Security	7755ac3af6	DB: 2022-02-24 9 changes to exploits/shellcodes Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE) ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 - Remote File CRUD Simple Real Estate Portal System 1.0 - 'id' SQLi Air Cargo Management System v1.0 - SQLi aaPanel 6.8.21 - Directory Traversal (Authenticated) Student Record System 1.0 - 'cid' SQLi (Authenticated) WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated) WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated) Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)	2022-02-24 05:01:36 +00:00
Offensive Security	a300bd948f	DB: 2022-02-17 8 changes to exploits/shellcodes TeamSpeak 3.5.6 - Insecure File Permissions Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path H3C SSL VPN - Username Enumeration Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass ServiceNow - Username Enumeration Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated) WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing (Authenticated)	2022-02-17 05:01:36 +00:00
Offensive Security	1472d8e723	DB: 2022-01-06 32 changes to exploits/shellcodes Siemens S7 Layer 2 - Denial of Service (DoS) TRIGONE Remote System Monitor 3.61 - Unquoted Service Path Automox Agent 32 - Local Privilege Escalation ConnectWise Control 19.2.24707 - Username Enumeration Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow (DoS) AWebServer GhostBuilding 18 - Denial of Service (DoS) TermTalk Server 3.24.0.2 - Arbitrary File Read (Unauthenticated) Dixell XWEB 500 - Arbitrary File Write Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated) CMSimple 5.4 - Cross Site Scripting (XSS) RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated) RiteCMS 3.1.0 - Arbitrary File Deletion (Authenticated) RiteCMS 3.1.0 - Remote Code Execution (RCE) (Authenticated) WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated) WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) (Unauthenticated) Movie Rating System 1.0 - SQLi to RCE (Unauthenticated) Online Admission System 1.0 - Remote Code Execution (RCE) (Unauthenticated) WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read (Unauthenticated) Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS) SAFARI Montage 8.5 - Reflected Cross Site Scripting (XSS) Nettmp NNT 5.1 - SQLi Authentication Bypass Hostel Management System 2.1 - Cross Site Scripting (XSS) Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated) BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated) Hospitals Patient Records Management System 1.0 - Account TakeOver Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection Terramaster TOS 4.2.15 - Remote Code Execution (RCE) (Unauthenticated) Vodafone H-500-s 3.5.10 - WiFi Password Disclosure openSIS Student Information System 8.0 - 'multiple' SQL Injection Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS) WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)	2022-01-06 05:01:54 +00:00
Offensive Security	0990eb4d38	DB: 2021-12-07 8 changes to exploits/shellcodes HCL Lotus Notes V12 - Unquoted Service Path Auerswald COMfortel 2.8F - Authentication Bypass Auerswald COMpact 8.0B - Privilege Escalation Auerswald COMpact 8.0B - Arbitrary File Disclosure Auerswald COMpact 8.0B - Multiple Backdoors Advanced Comment System 1.0 - Remote Command Execution (RCE) Croogo 3.0.2 - Remote Code Execution (Authenticated)	2021-12-07 05:02:00 +00:00
Offensive Security	27af25c8c3	DB: 2021-11-02 19 changes to exploits/shellcodes jQuery UI 1.12.1 - Denial of Service (DoS) Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC) Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3) Microsoft Exchange 2019 - Server-Side Request Forgery KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated) WordPress Plugin SuperForms 4.9 - Arbitrary File Upload Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated) Web Based Quiz System 1.0 - 'MCQ options' Persistent Cross-Site Scripting Online Ordering System 1.0 - Arbitrary File Upload Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated) CouchCMS 2.2.1 - Persistent Cross-Site Scripting Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC) MagpieRSS 0.72 - 'url' Command Injection CouchCMS 2.2.1 - Server-Side Request Forgery GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting Montiorr 1.7.6m - Persistent Cross-Site Scripting	2021-11-02 05:02:13 +00:00
Offensive Security	f33a724e0b	DB: 2021-10-29 58 changes to exploits/shellcodes Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial of Service (PoC) Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) ProFTPD 1.3.7a - Remote Denial of Service glFTPd 2.11a - Remote Denial of Service Hasura GraphQL 1.3.3 - Denial of Service Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) NBMonitor 1.6.8 - Denial of Service (PoC) Nsauditor 3.2.3 - Denial of Service (PoC) Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC) Post-it 5.0.1 - Denial of Service (PoC) Notex the best notes 6.4 - Denial of Service (PoC) SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service (PoC) Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial of Service (PoC) GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC) GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC) GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC) Backup Key Recovery 2.2.7 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path Cyberfox Web Browser 52.9.1 - Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access vsftpd 3.0.3 - Remote Denial of Service Dlink DSL2750U - 'Reboot' Command Injection PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) Netsia SEBA+ 0.16.1 - Add Root User (Metasploit) Arteco Web Client DVR/NVR - 'SessionId' Brute Force Resumes Management and Job Application Website 1.0 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) 'customhs_js_content' - 'customhs_js_content' Cross-Site Request Forgery Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Mini Mouse 9.3.0 - Local File inclusion rconfig 3.9.6 - Arbitrary File Upload Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS) Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated) OpenEMR 5.0.1.3 - Authentication Bypass VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated) WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS) Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection Budget and Expense Tracker System 1.0 - Authenticated Bypass Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF) WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) Blood Bank System 1.0 - Authentication Bypass Lodging Reservation Management System 1.0 - Authentication Bypass Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read Linux/x64 - /sbin/halt -p Shellcode (51 bytes) Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2) Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded) Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)	2021-10-29 05:02:12 +00:00
Offensive Security	679a62755b	DB: 2021-10-14 28 changes to exploits/shellcodes Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root (Telnet/SSH) Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated) Simple Payroll System 1.0 - SQLi Authentication Bypass Dolibarr ERP/CRM 14.0.1 - Privilege Escalation Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution (RCE) Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated) Budget and Expense Tracker System 1.0 - Arbitrary File Upload FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated) Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated) Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE) Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF) Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass Simple Issue Tracker System 1.0 - SQLi Authentication Bypass Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS) Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS) Sonicwall SonicOS 7.0 - Host Header Injection Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)	2021-10-14 05:02:11 +00:00
Offensive Security	1cf7d7364a	DB: 2021-10-13 176 changes to exploits/shellcodes Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC) Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC) Sandboxie 5.49.7 - Denial of Service (PoC) WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) iDailyDiary 4.30 - Denial of Service (PoC) RarmaRadio 2.72.8 - Denial of Service (PoC) DupTerminator 1.4.5639.37199 - Denial of Service (PoC) Color Notes 1.4 - Denial of Service (PoC) Macaron Notes great notebook 5.5 - Denial of Service (PoC) My Notes Safe 5.3 - Denial of Service (PoC) Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) NBMonitor 1.6.8 - Denial of Service (PoC) Nsauditor 3.2.3 - Denial of Service (PoC) Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) n+otes 1.6.2 - Denial of Service (PoC) Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC) Post-it 5.0.1 - Denial of Service (PoC) Notex the best notes 6.4 - Denial of Service (PoC) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3) MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution Visual Studio Code 1.47.1 - Denial of Service (PoC) DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE) Backup Key Recovery 2.2.7 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Dlink DSL2750U - 'Reboot' Command Injection E-Learning System 1.0 - Authentication Bypass & RCE POC Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit) ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation GetSimple CMS 3.3.16 - Reflected XSS to RCE House Rental and Property Listing 1.0 - Multiple Stored XSS Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection) EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC) Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated) Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated) CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated) WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC) Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE) Montiorr 1.7.6m - File Upload to XSS GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated) Markdown Explorer 0.1.1 - XSS to RCE Xmind 2020 - XSS to RCE Tagstoo 2.0.1 - Stored XSS to RCE SnipCommand 0.1.0 - XSS to RCE Moeditor 0.2.0 - XSS to RCE Marky 0.0.1 - XSS to RCE StudyMD 0.3.2 - XSS to RCE Freeter 1.2.1 - XSS to RCE Markright 1.0 - XSS to RCE Markdownify 1.2.0 - XSS to RCE Anote 1.0 - XSS to RCE Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated) Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated) Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) CHIYU IoT Devices - Denial of Service (DoS) Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated) WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS) Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated) Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection Dolibarr ERP/CRM 10.0.6 - Login Brute Force qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated) Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated) ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function Budget and Expense Tracker System 1.0 - Authenticated Bypass WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS) Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Phpwcms 1.9.30 - File Upload to XSS Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2) Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes) Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode	2021-10-13 05:02:15 +00:00
Offensive Security	a250e82458	DB: 2021-10-12 176 changes to exploits/shellcodes Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC) Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC) jQuery UI 1.12.1 - Denial of Service (DoS) AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC) Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) ProFTPD 1.3.7a - Remote Denial of Service glFTPd 2.11a - Remote Denial of Service Hasura GraphQL 1.3.3 - Denial of Service WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Telegram Desktop 2.9.2 - Denial of Service (PoC) SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC) GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC) GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC) Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2) Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC) Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm vsftpd 3.0.3 - Remote Denial of Service GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2) PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting Arteco Web Client DVR/NVR - 'SessionId' Brute Force Resumes Management and Job Application Website 1.0 - Multiple Stored XSS Library System 1.0 - Authentication Bypass Via SQL Injection MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated) Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Mini Mouse 9.3.0 - Local File inclusion / Path Traversal GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2) GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit) GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS) Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated) OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated) Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution (XSS/RCE) Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated) Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS) WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS) KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass Event Registration System with QR Code 1.0 - Authentication Bypass & RCE CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated) Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated) Compro Technology IP Camera - 'killps.cgi' Denial-of-Service (DoS) OpenSIS 8.0 'modname' - Directory/Path Traversal Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF) Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation PlaceOS 1.2109.1 - Open Redirection Blood Bank System 1.0 - SQL Injection / Authentication Bypass Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes) Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes) Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes) Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes) Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes) Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes) Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes) Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes) Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes) Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded) Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes) Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)	2021-10-12 05:02:16 +00:00
Offensive Security	68d01808ce	DB: 2021-09-30 6 changes to exploits/shellcodes Mitrastar GPT-2541GNAC-N1 - Privilege escalation Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated) WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS) OpenSIS 8.0 - 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS) Pet Shop Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)	2021-09-30 05:02:08 +00:00
Offensive Security	b104992c7d	DB: 2021-09-28 7 changes to exploits/shellcodes Ether_MP3_CD_Burner 1.3.8 - Buffer Overflow (SEH) Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC) XAMPP 7.4.3 - Local Privilege Escalation Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS) Library System 1.0 - 'student_id' SQL injection (Authenticated)	2021-09-28 05:02:15 +00:00
Offensive Security	1148d69c62	DB: 2021-09-22 5 changes to exploits/shellcodes Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC) VSAT Sailor 900 - Remote Overflow Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated) WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)	2021-09-22 05:02:16 +00:00
Offensive Security	629e350774	DB: 2021-09-14 18 changes to exploits/shellcodes Active WebCam 11.5 - Unquoted Service Path ECOA Building Automation System - Missing Encryption Of Sensitive Information Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai ECOA Building Automation System - Hard-coded Credentials SSH Access Men Salon Management System 1.0 - Multiple Vulnerabilities ECOA Building Automation System - Weak Default Credentials ECOA Building Automation System - Path Traversal Arbitrary File Upload ECOA Building Automation System - Directory Traversal Content Disclosure ECOA Building Automation System - 'multiple' Cross-Site Request Forgery (CSRF) ECOA Building Automation System - Cookie Poisoning Authentication Bypass ECOA Building Automation System - Configuration Download Information Disclosure ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function ECOA Building Automation System - Remote Privilege Escalation ECOA Building Automation System - Local File Disclosure ECOA Building Automation System - Arbitrary File Deletion Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)	2021-09-14 05:02:12 +00:00
Offensive Security	b4c96a5864	DB: 2021-09-03 28807 changes to exploits/shellcodes	2021-09-03 20:19:21 +00:00
Offensive Security	6cbe6ebbb6	DB: 2021-09-03 395 changes to exploits/shellcodes EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC) Electronics Workbench - '.ewb' Local Stack Overflow (PoC) BulletProof FTP Client 2.63 - Local Heap Overflow (PoC) Easy Web Password 1.2 - Local Heap Memory Consumption (PoC) Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC) Zortam MP3 Media Studio 9.40 - Multiple Memory Corruption Vulnerabilities ImTOO MPEG Encoder 3.1.53 - '.cue' / '.m3u' Local Buffer Overflow (PoC) ZoIPer 2.22 - Call-Info Remote Denial of Service PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service PHP - MultiPart Form-Data Denial of Service (PoC) PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service PHP - MultiPart Form-Data Denial of Service (PoC) Nuked KLan 1.7.7 & SP4 - Denial of Service AIC Audio Player 1.4.1.587 - Local Crash (PoC) Xerox 4595 - Denial of Service WinMerge 2.12.4 - Project File Handling Stack Overflow Acoustica Mixcraft 1.00 - Local Crash SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC) Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption Spotify 0.8.2.610 - search func Memory Exhaustion Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC) WaveSurfer 1.8.8p4 - Memory Corruption (PoC) DIMIN Viewer 5.4.0 - Crash (PoC) FreeVimager 4.1.0 - Crash (PoC) DIMIN Viewer 5.4.0 - Crash (PoC) FreeVimager 4.1.0 - Crash (PoC) CoolPlayer+ Portable 2.19.4 - Local Buffer Overflow Light Audio Player 1.0.14 - Memory Corruption (PoC) Image Transfer IOS - Remote Crash (PoC) Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH) VUPlayer 2.49 - '.cue' Universal Buffer Overflow Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflow (SEH) Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflow Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflow (SEH) Alleycode HTML Editor 2.2.1 - Local Buffer Overflow GPG2/Kleopatra 2.0.11 - Malformed Certificate Free WMA MP3 Converter 1.1 - '.wav' Local Buffer Overflow OtsTurntables Free 1.00.047 - '.olf' Universal Buffer Overflow Watermark Master 2.2.23 - '.wstyle' Local Buffer Overflow (SEH) Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (3) QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2) CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow quickshare file share 1.2.1 - Directory Traversal (1) SPlayer 3.7 (build 2055) - Remote Buffer Overflow Acunetix 8 build 20120704 - Remote Stack Overflow Omeka 2.2.1 - Remote Code Execution D-Link DSL-2740R - Remote DNS Change D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution TorrentTrader 1.0 RC2 - SQL Injection WEBInsta CMS 0.3.1 - 'templates_dir' Remote File Inclusion MiniPort@l 0.1.5 Beta - 'skiny' Remote File Inclusion PHP DocWriter 0.3 - 'script' Remote File Inclusion phpBB Journals System Mod 1.0.2 RC2 - Remote File Inclusion phpBB SpamBlocker Mod 1.0.2 - Remote File Inclusion RSSonate - 'xml2rss.php' Remote File Inclusion CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion RSSonate - 'xml2rss.php' Remote File Inclusion CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion QnECMS 2.5.6 - 'adminfolderpath' Remote File Inclusion BrewBlogger 1.3.1 - 'printLog.php' SQL Injection e-Ark 1.0 - '/src/ark_inc.php' Remote File Inclusion awrate.com Message Board 1.0 - 'search.php' Remote File Inclusion Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion Gizzar 03162002 - 'index.php' Remote File Inclusion SH-News 0.93 - 'misc.php' Remote File Inclusion JSBoard 2.0.10 - 'login.php?table' Local File Inclusion XOOPS Module WF-Links 1.03 - 'cid' SQL Injection Scorp Book 1.0 - 'smilies.php?config' Remote File Inclusion WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion mxBB Module FAQ & RULES 2.0.0 - Remote File Inclusion EQdkp 1.3.2 - 'listmembers.php' SQL Injection FlashBB 1.1.8 - 'sendmsg.php' Remote File Inclusion SimpleBlog 3.0 - 'comments_get.asp?id' SQL Injection Pakupaku CMS 0.4 - Arbitrary File Upload / Local File Inclusion CCMS 3.1 Demo - SQL Injection MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection AuraCMS 1.62 - Multiple SQL Injections sCssBoard (Multiple Versions) - 'pwnpack' Remote s EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion RevokeBB 1.0 RC11 - 'Search' SQL Injection Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection PHPortal 1.2 - Multiple Remote File Inclusions Libera CMS 1.12 - 'cookie' SQL Injection Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload WCMS 1.0b - Arbitrary Add Admin FOSS Gallery Admin 1.0 - Arbitrary File Upload MemHT Portal 4.0.1 - SQL Injection / Code Execution Mediatheka 4.2 - Blind SQL Injection Pligg 9.9.5b - Arbitrary File Upload / SQL Injection XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution Joomla! Component Casino 0.3.1 - Multiple SQL Injections s ZeusCart 2.3 - 'maincatid' SQL Injection ASP Football Pool 2.3 - Remote Database Disclosure LightNEasy sql/no-db 2.2.x - System Configuration Disclosure Zen Cart 1.3.8 - Remote Code Execution Joomla! Component com_pinboard - 'task' SQL Injection Joomla! Component com_bookflip - 'book_id' SQL Injection Messages Library 2.0 - Arbitrary Delete Message Arab Portal 2.2 - Blind Cookie Authentication Bypass Joomla! Plugin JD-WordPress 2.0 RC2 - Remote File Inclusion REZERVI 3.0.2 - Remote Command Execution Joomla! Component BF Quiz 1.0 - SQL Injection (2) E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection AJ Matrix DNA - SQL Injection Joomla! Component JE Story Submit - Local File Inclusion CF Image Hosting Script 1.3.82 - File Disclosure hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting CMSLogik 1.2.1 - Multiple Vulnerabilities C.P.Sub 4.5 - Authentication Bypass WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload PHPMailer < 5.2.20 - Remote Code Execution phpIPAM 1.4 - SQL Injection Joomla! 3.9.0 < 3.9.7 - CSV Injection	2021-09-03 14:58:20 +00:00
Offensive Security	36c084c351	DB: 2021-09-03 45419 changes to exploits/shellcodes 2 new exploits/shellcodes Too many to list!	2021-09-03 13:39:06 +00:00
Offensive Security	e7fc5a3e03	DB: 2021-07-29 3 changes to exploits/shellcodes Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution (RCE) PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection Event Registration System with QR Code 1.0 - Authentication Bypass & RCE TripSpark VEO Transportation - Blind SQL Injection	2021-07-29 05:01:55 +00:00
Offensive Security	e4e9d54ac6	DB: 2021-07-22 4 changes to exploits/shellcodes KevinLAB BEMS 1.0 - Undocumented Backdoor Account KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass KevinLAB BEMS 1.0 - File Path Traversal Information Disclosure (Authenticated) CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion	2021-07-22 05:01:53 +00:00
Offensive Security	29558b9c84	DB: 2021-07-17 6 changes to exploits/shellcodes Argus Surveillance DVR 4.0 - Weak Password Encryption Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation Aruba Instant 8.7.1.0 - Arbitrary File Modification Aruba Instant (IAP) - Remote Code Execution ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated) Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection	2021-07-17 05:01:54 +00:00
Offensive Security	eb316547aa	DB: 2021-06-19 5 changes to exploits/shellcodes Dlink DSL2750U - 'Reboot' Command Injection ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF) ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS) Node.JS - 'node-serialize' Remote Code Execution (3)	2021-06-19 05:01:57 +00:00
Offensive Security	a9fa314bbf	DB: 2021-06-04 14 changes to exploits/shellcodes BasicNote 1.1.9 - Denial of Service (PoC) ColorNote 4.1.9 - Denial of Service (PoC) Notepad notes 2.6.7 - Denial of Service (PoC) Blacknote 2.2.1 - Denial of Service (PoC) CHIYU IoT Devices - 'Telnet' Authentication Bypass PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution Seo Panel 4.8.0 - 'from_time' Reflected XSS CHIYU IoT Devices - Denial of Service (DoS) FUDForum 3.1.0 - 'srch' Reflected XSS FUDForum 3.1.0 - 'author' Reflected XSS Gitlab 13.9.3 - Remote Code Execution (Authenticated) 4Images 1.8 - 'redirect' Reflected XSS	2021-06-04 05:01:54 +00:00
Offensive Security	7fa85628bd	DB: 2021-04-22 19 changes to exploits/shellcodes Hasura GraphQL 1.3.3 - Denial of Service Tenda D151 & D301 - Configuration Download (Unauthenticated) rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access) Fast PHP Chat 1.3 - 'my_item_search' SQL Injection WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS) BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS) Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS) rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2) OpenEMR 5.0.2.1 - Remote Code Execution Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS) Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS) Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit) Hasura GraphQL 1.3.3 - Local File Read Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)	2021-04-22 05:01:54 +00:00
Offensive Security	7390cdc1c3	DB: 2021-03-23 10 changes to exploits/shellcodes ProFTPD 1.3.7a - Remote Denial of Service SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path Winpakpro 4.8 - 'GuardTourService' Unquoted Service Path Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal MyBB 1.8.25 - Chained Remote Command Execution	2021-03-23 05:01:58 +00:00
Offensive Security	d85f0c8d35	DB: 2021-03-20 20 changes to exploits/shellcodes KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path SOYAL 701 Server 9.0.1 - Insecure Permissions SOYAL 701 Client 9.0.1 - Insecure Permissions KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access Plone CMS 5.2.3 - 'Title' Stored XSS LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Boonex Dolphin 7.4.2 - 'width' Stored XSS Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated) VestaCP 0.9.8 - 'v_sftp_licence' Command Injection SOYAL Biometric Access Control System 5.0 - Master Code Disclosure SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) Online News Portal 1.0 - 'name' SQL Injection Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting	2021-03-20 05:01:58 +00:00
Offensive Security	cb83a6e2dd	DB: 2020-12-19 17 changes to exploits/shellcodes docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC) FRITZ!Box 7.20 - DNS Rebinding Protection Bypass SyncBreeze 10.0.28 - 'login' Denial of Service (Poc) Xeroneit Library Management System 3.1 - _Add Book Category _ Stored XSS Point of Sale System 1.0 - Authentication Bypass Alumni Management System 1.0 - Unrestricted File Upload To RCE Alumni Management System 1.0 - _Course Form_ Stored XSS Alumni Management System 1.0 - 'id' SQL Injection Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit) Smart Hospital 3.1 - _Add Patient_ Stored XSS Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)	2020-12-19 05:01:57 +00:00
Offensive Security	21fa83f241	DB: 2020-11-20 12 changes to exploits/shellcodes Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC) Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure Joomla! Component com_memorix - SQL Injection Joomla! Component com_informations - SQL Injection Joomla! Component com_memorix - SQL Injection Joomla! Component com_informations - SQL Injection PESCMS TEAM 2.3.2 - Multiple Reflected XSS Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification xuucms 3 - 'keywords' SQL Injection Gitlab 12.9.0 - Arbitrary File Read (Authenticated) TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution TestBox CFML Test Framework 4.1.0 - Directory Traversal Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection M/Monit 3.7.4 - Privilege Escalation M/Monit 3.7.4 - Password Disclosure Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting	2020-11-20 05:02:04 +00:00
Offensive Security	c7e37046e7	DB: 2020-11-17 12 changes to exploits/shellcodes KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path Logitech Solar Keyboard Service - 'L4301_Solar' Unquoted Service Path Atheros Coex Service Application 8.0.0.255 - 'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path Cisco 7937G - DoS/Privilege Escalation Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated) Water Billing System 1.0 - 'id' SQL Injection (Authenticated) Car Rental Management System 1.0 - 'id' SQL Injection (Authenticated) User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection PMB 5.6 - 'chemin' Local File Disclosure Car Rental Management System 1.0 - Remote Code Execution (Authenticated) Car Rental Management System 1.0 - 'car_id' Sql Injection	2020-11-17 05:01:57 +00:00
Offensive Security	6eb03eae23	DB: 2020-11-06 5 changes to exploits/shellcodes Amarok 2.8.0 - Denial-of-Service TP-Link WDR4300 - Remote Code Execution (Authenticated) iDS6 DSSPro Digital Signage System 6.2 - Cross-Site Request Forgery (CSRF) iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation	2020-11-06 05:01:58 +00:00
Offensive Security	17bbfdaf38	DB: 2020-10-28 6 changes to exploits/shellcodes TDM Digital Signage PC Player 4.1 - Insecure File Permissions Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse InoERP 0.7.2 - Remote Code Execution (Unauthenticated) Sentrifugo 3.2 - File Upload Restriction Bypass (Authenticated) Client Management System 1.0 - 'searchdata' SQL injection Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)	2020-10-28 05:02:08 +00:00
Offensive Security	f697a81a18	DB: 2020-10-02 12 changes to exploits/shellcodes Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery (Unauthenticated) BrightSign Digital Signage Diagnostic Web Server 8.2.26 - File Delete Path Traversal SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure SpinetiX Fusion Digital Signage 3.4.8 - Cross-Site Request Forgery (Add Admin) SpinetiX Fusion Digital Signage 3.4.8 - Username Enumeration MonoCMS Blog 1.0 - Arbitrary File Deletion (Authenticated) WebsiteBaker 2.12.2 - 'display_name' SQL Injection (authenticated) GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting (Authenticated) CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting (Authenticated) Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting Exhibitor Web UI 1.7.1 - Remote Code Execution	2020-10-02 05:02:08 +00:00
Offensive Security	c22ad85b57	DB: 2020-06-26 2 changes to exploits/shellcodes mySCADA myPRO 7 - Hardcoded Credentials FHEM 6.0 - Local File Inclusion	2020-06-26 05:01:58 +00:00
Offensive Security	1979df6cb3	DB: 2020-06-19 51 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Notepad++ < 7.7 (x64) - Denial of Service SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service InputMapper 1.6.10 - Denial of Service SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH) XnConvert 1.82 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC) SpotDialup 1.6.7 - 'Key' Denial of Service (PoC) Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) FreeBSD 12.0 - 'fd' Local Privilege Escalation iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH) DeviceViewer 3.12.0.1 - Arbitrary Password Change Winrar 5.80 - XML External Entity Injection Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution Siemens TIA Portal - Remote Command Execution Android 7 < 9 - Remote Code Execution CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit) CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit) CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit) MyBB < 1.8.21 - Remote Code Execution Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit) Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery Publisure Hybrid - Multiple Vulnerabilities NetGain EM Plus 10.1.68 - Remote Command Execution Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion DotNetNuke 9.3.2 - Cross-Site Scripting VehicleWorkshop 1.0 - 'bookingid' SQL Injection WordPress Plugin Tutor.1.5.3 - Local File Inclusion WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting WordPress Plugin Wordfence.7.4.5 - Local File Disclosure WordPress Plugin contact-form-7 5.1.6 - Remote File Upload WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Joomla! 3.9.0 < 3.9.7 - CSV Injection PlaySMS 1.4.3 - Template Injection / Remote Code Execution Wing FTP Server - Authenticated CSRF (Delete Admin) WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification UADMIN Botnet 1.0 - 'link' SQL Injection Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload Wordpress Plugin PicUploader 1.0 - Remote File Upload PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution WordPress Plugin Helpful 2.4.11 - SQL Injection Prestashop 1.7.6.4 - Cross-Site Request Forgery WordPress Plugin Simple File List 5.4 - Remote Code Execution Library CMS Powerful Book Management System 2.2.0 - Session Fixation Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection Beauty Parlour Management System 1.0 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes) Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes) Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)	2020-06-19 05:02:01 +00:00
Offensive Security	4fbd3630c8	DB: 2020-05-26 6 changes to exploits/shellcodes GoldWave - Buffer Overflow (SEH Unicode) Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit) Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit) Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated) Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting Online Discussion Forum Site 1.0 - Remote Code Execution	2020-05-26 05:01:56 +00:00
Offensive Security	ccea007282	DB: 2020-05-01 81 changes to exploits/shellcodes WordPress 2.9 - Denial of Service WordPress Core 2.9 - Denial of Service Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC) Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC) IBM AIX 4.3.1 - 'adb' Denial of Service Jzip - Buffer Overflow (PoC) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) WordPress 4.0 - Denial of Service WordPress < 4.0.1 - Denial of Service WordPress Core 4.0 - Denial of Service WordPress Core < 4.0.1 - Denial of Service Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service PHPFreeChat 1.7 - Denial of Service XenForo 2 - CSS Loader Denial of Service MikroTik 6.41.4 - FTP daemon Denial of Service (PoC) Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Virgin Media Hub 3.0 Router - Denial of Service (PoC) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC) Windows PowerShell - Unsanitized Filename Command Execution Microsoft Windows PowerShell - Unsanitized Filename Command Execution QEMU - Denial of Service Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Tautulli 2.1.9 - Denial of Service (Metasploit) Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Cisco IP Phone 11.7 - Denial of service (PoC) PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass IBM AIX 4.3.1 - 'adb' Denial of Service Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC) AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Windows NTFS - Privileged File Access Enumeration Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) Microsoft Windows NTFS - Privileged File Access Enumeration Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit) Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit) Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) _GCafé 3.0 - 'gbClienService' Unquoted Service Path _GCafé 3.0 - 'gbClienService' Unquoted Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Bash 5.0 Patch 11 - SUID Priv Drop Exploit Bash 5.0 Patch 11 - SUID Priv Drop Exploit Windows - Shell COM Server Registrar Local Privilege Escalation Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation Windows Kernel - Information Disclosure Microsoft Windows Kernel - Information Disclosure NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress 5.0.0 - Crop-image Shell Upload (Metasploit) WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) Windows PowerShell ISE - Remote Code Execution Microsoft Windows PowerShell ISE - Remote Code Execution QEMU - Denial of Service Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) WordPress 1.2 - HTTP Splitting WordPress Core 1.2 - HTTP Splitting WordPress 1.5.1.1 - SQL Injection WordPress Core 1.5.1.1 - SQL Injection WordPress 1.5.1.1 - 'add new admin' SQL Injection WordPress Core 1.5.1.1 - 'add new admin' SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress 1.5.1.3 - Remote Code Execution WordPress 1.5.1.3 - Remote Code Execution (Metasploit) WordPress Core 1.5.1.3 - Remote Code Execution WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit) WordPress 2.0.5 - Trackback UTF-7 SQL Injection WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection WordPress 2.0.6 - 'wp-trackback.php' SQL Injection WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection WordPress 2.1.2 - 'xmlrpc' SQL Injection WordPress Core 2.1.2 - 'xmlrpc' SQL Injection WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress 2.2 - 'xmlrpc.php' SQL Injection WordPress Core 2.2 - 'xmlrpc.php' SQL Injection WordPress 2.2 - 'wp-app.php' Arbitrary File Upload WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress 2.3.1 - Charset SQL Injection WordPress Core 2.3.1 - Charset SQL Injection Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection WordPress 2.6.1 - SQL Column Truncation WordPress Core 2.6.1 - SQL Column Truncation WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress 2.8.1 - 'url' Cross-Site Scripting WordPress Core 2.8.1 - 'url' Cross-Site Scripting WordPress 2.8.3 - Remote Admin Reset Password WordPress Core 2.8.3 - Remote Admin Reset Password WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress 2.9 - Failure to Restrict URL Access WordPress Core 2.9 - Failure to Restrict URL Access Joomla! Component Joomla Flickr 1.0 - Local File Inclusion Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion WordPress 3.0.1 - 'do_trackbacks()' SQL Injection WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress 3.1.3 - SQL Injection WordPress Core 3.1.3 - SQL Injection WordPress 3.3.1 - Multiple Vulnerabilities WordPress Core 3.3.1 - Multiple Vulnerabilities WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress 1.2 - 'edit.php?s' Cross-Site Scripting WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'wp-login.php' HTTP Response Splitting WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress 1.5 - 'post.php' Cross-Site Scripting WordPress Core 1.5 - 'post.php' Cross-Site Scripting WordPress 2.0 - Comment Post HTML Injection WordPress Core 2.0 - Comment Post HTML Injection WordPress 2.0.5 - 'functions.php' Remote File Inclusion WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion WordPress 1.x/2.0.x - 'template.php' HTML Injection WordPress Core 1.x/2.0.x - 'template.php' HTML Injection WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress 2.1.1 - 'post.php' Cross-Site Scripting WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress 2.1.1 - Arbitrary Command Execution WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress Core 2.1.1 - Arbitrary Command Execution WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress 2.2 - 'Request_URI' Cross-Site Scripting WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress 2.3.1 - Unauthorized Post Access WordPress Core 2.3.1 - Unauthorized Post Access WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress 2.3.3 - 'cat' Directory Traversal WordPress Core 2.3.3 - 'cat' Directory Traversal WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 4.2 - Persistent Cross-Site Scripting WordPress Core 4.2 - Persistent Cross-Site Scripting WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress 3.4.2 - Cross-Site Request Forgery WordPress Core 3.4.2 - Cross-Site Request Forgery Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress 4.5.3 - Directory Traversal / Denial of Service WordPress Core 4.5.3 - Directory Traversal / Denial of Service PHPFreeChat 1.7 - Denial of Service WordPress 4.7.0/4.7.1 - Content Injection (Python) WordPress 4.7.0/4.7.1 - Content Injection (Ruby) WordPress Core 4.7.0/4.7.1 - Content Injection (Python) WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby) WordPress < 4.7.1 - Username Enumeration WordPress Core < 4.7.1 - Username Enumeration WordPress Multiple Plugins - Arbitrary File Upload Multiple WordPress Plugins - Arbitrary File Upload Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection WordPress 4.6 - Remote Code Execution WordPress < 4.7.4 - Unauthorized Password Reset WordPress Core 4.6 - Remote Code Execution WordPress Core < 4.7.4 - Unauthorized Password Reset XenForo 2 - CSS Loader Denial of Service Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion WordPress Plugin Site Editor 1.1.1 - Local File Inclusion Joomla Component Fields - SQLi Remote Code Execution (Metasploit) Joomla! Component Fields - SQLi Remote Code Execution (Metasploit) Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection) MikroTik 6.41.4 - FTP daemon Denial of Service PoC Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Joomla Component Ek Rishta 2.10 - SQL Injection Joomla! Component Ek Rishta 2.10 - SQL Injection Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection WordPress Plugin Ninja Forms 3.3.13 - CSV Injection Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Virgin Media Hub 3.0 Router - Denial of Service (PoC) Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress CherryFramework Themes 3.1.4 - Backup File Download WordPress Theme CherryFramework 3.1.4 - Backup File Download WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing Jenkins 2.150.2 - Remote Command Execution (Metasploit) Jenkins 2.150.2 - Remote Command Execution (Metasploit) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) phpBB 3.2.3 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution 60CycleCMS - 'news.php' SQL Injection 60CycleCMS - 'news.php' SQL Injection Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Intelbras IWR 3000N - Denial of Service (Remote Reboot) Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting Centreon 19.04 - Remote Code Execution Centreon 19.04 - Remote Code Execution WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress 5.2.3 - Cross-Site Host Modification WordPress Core 5.2.3 - Cross-Site Host Modification Joomla 3.4.6 - 'configuration.php' Remote Code Execution Joomla! 3.4.6 - 'configuration.php' Remote Code Execution WordPress Arforms 3.7.1 - Directory Traversal WordPress Plugin Arforms 3.7.1 - Directory Traversal WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution Joomla 3.9.13 - 'Host' Header Injection Joomla! 3.9.13 - 'Host' Header Injection Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) NopCommerce 4.2.0 - Privilege Escalation NopCommerce 4.2.0 - Privilege Escalation WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal ( Metasploit ) Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal (Metasploit) Tautulli 2.1.9 - Denial of Service ( Metasploit ) Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit) WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit) Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Cacti 1.2.8 - Authenticated Remote Code Execution Cacti 1.2.8 - Authenticated Remote Code Execution Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) Wordpress Plugin Search Meter 2.13.2 - CSV injection WordPress Plugin Search Meter 2.13.2 - CSV injection Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Cisco IP Phone 11.7 - Denial of service (PoC) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes)	2020-05-01 05:02:03 +00:00
Offensive Security	19615ff704	DB: 2020-04-01 7 changes to exploits/shellcodes FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC) Redis - Replication Code Execution (Metasploit) IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit) DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit) SharePoint Workflows - XOML Injection (Metasploit) Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection	2020-04-01 05:01:47 +00:00
Offensive Security	85cdf30cea	DB: 2020-03-19 7 changes to exploits/shellcodes NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Microsoft VSCode Python Extension - Code Execution VMWare Fusion - Local Privilege Escalation Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) Netlink GPON Router 1.0.11 - Remote Code Execution Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)	2020-03-19 05:01:49 +00:00
Offensive Security	79fee2e601	DB: 2020-03-14 4 changes to exploits/shellcodes AnyBurn 4.8 - Buffer Overflow (SEH) Drobo 5N2 4.1.1 - Remote Command Injection Centos WebPanel 7 - 'term' SQL Injection	2020-03-14 05:01:46 +00:00
Offensive Security	7d757326b8	DB: 2020-02-06 8 changes to exploits/shellcodes Socat 1.7.3.4 - Heap-Based Overflow (PoC) xglance-bin 11.00 - Privilege Escalation HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account AVideo Platform 8.1 - Information Disclosure (User Enumeration) Wago PFC200 - Authenticated Remote Code Execution (Metasploit) Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC) AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)	2020-02-06 05:02:08 +00:00
Offensive Security	1a9ce31a5f	DB: 2020-01-17 12 changes to exploits/shellcodes SunOS 5.10 Generic_147148-26 - Local Privilege Escalation Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP) Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting VICIDIAL Call Center Suite - Multiple SQL Injections Online Book Store 1.0 - 'bookisbn' SQL Injection WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Online Book Store 1.0 - Arbitrary File Upload Tautulli 2.1.9 - Denial of Service ( Metasploit ) Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection	2020-01-17 05:02:10 +00:00

1 2 3 4

162 commits