bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2835 commits 1 branch 0 tags 264 MiB
Commit graph

5 commits

Author SHA1 Message Date
Offensive Security
27af25c8c3 DB: 2021-11-02 
19 changes to exploits/shellcodes

jQuery UI 1.12.1 - Denial of Service (DoS)

Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)

Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)

Microsoft Exchange 2019 - Server-Side Request Forgery

KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm

MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting

CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)

WordPress Plugin SuperForms 4.9 - Arbitrary File Upload

Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal

SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)

Web Based Quiz System 1.0 - 'MCQ options' Persistent Cross-Site Scripting

Online Ordering System 1.0 - Arbitrary File Upload

Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)
CouchCMS 2.2.1 - Persistent Cross-Site Scripting
Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC)

MagpieRSS 0.72 - 'url' Command Injection

CouchCMS 2.2.1 - Server-Side Request Forgery

GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting

Montiorr 1.7.6m - Persistent Cross-Site Scripting
 2021-11-02 05:02:13 +00:00
Offensive Security
a250e82458 DB: 2021-10-12 
176 changes to exploits/shellcodes

Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC)

Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)

jQuery UI 1.12.1 - Denial of Service (DoS)
AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)
ProFTPD 1.3.7a - Remote Denial of Service
glFTPd 2.11a - Remote Denial of Service
Hasura GraphQL 1.3.3 - Denial of Service
WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
Telegram Desktop 2.9.2 - Denial of Service (PoC)
SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service
Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC)
GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC)
GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC)

Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free

MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)

Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC)

Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
vsftpd 3.0.3 - Remote Denial of Service

GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2)

PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting

Arteco Web Client DVR/NVR - 'SessionId' Brute Force

Resumes Management and Job Application Website 1.0 - Multiple Stored XSS

Library System 1.0 - Authentication Bypass Via SQL Injection

MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF

SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)

Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting

Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting

Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution

MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS
Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS

rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)

Mini Mouse 9.3.0 - Local File inclusion / Path Traversal

GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE

Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass

rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2)

GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit)

GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE

Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS)

Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution

Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated)

OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass

VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated)

Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution (XSS/RCE)

Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated)

Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS)

WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS)

KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass

Event Registration System with QR Code 1.0 - Authentication Bypass & RCE

CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)

Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF

ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments

WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR

GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE

Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated)

Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated)

Compro Technology IP Camera - 'killps.cgi' Denial-of-Service (DoS)

OpenSIS 8.0 'modname' - Directory/Path Traversal

Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS

Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)

Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation

PlaceOS 1.2109.1 - Open Redirection

Blood Bank System 1.0 - SQL Injection / Authentication Bypass

Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass

Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read

Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes)
Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes)
Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes)
Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)
Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes)
Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes)

Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)
Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes)
Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)
 2021-10-12 05:02:16 +00:00
Offensive Security
b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
 2021-09-03 20:19:21 +00:00
Offensive Security
36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
 2021-09-03 13:39:06 +00:00
Offensive Security
dade976f06 DB: 2021-01-30 
12 changes to exploits/shellcodes

Apache - Arbitrary Long HTTP Headers Denial of Service (Perl)
Apache - Arbitrary Long HTTP Headers (Denial of Service)

Microsoft Internet Explorer - Denial of Service (11 bytes)
Microsoft Internet Explorer - Denial of Service

Apache - Arbitrary Long HTTP Headers Denial of Service (C)
Apache - Arbitrary Long HTTP Headers Denial of Service
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)
phpBB 2.0.15 - Register Multiple Users (Denial of Service)
XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)
XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)
XChat 2.6.7 (Windows) - Remote Denial of Service

Opera 9 IRC Client - Remote Denial of Service (Python)
Opera 9 IRC Client - Remote Denial of Service

Xfire 1.6.4 - Remote Denial of Service (Perl)
Xfire 1.6.4 - Remote Denial of Service

Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)
Microsoft Windows - NAT Helper Components Remote Denial of Service

Apple CFNetwork - HTTP Response Denial of Service (Ruby)
Apple CFNetwork - HTTP Response Denial of Service

PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service (Python)
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service

PHP Hosting Directory 2.0 - Database Disclosure (Python)
PHP Hosting Directory 2.0 - Database Disclosure
Ascend R 4.5 Ci12 - Denial of Service (C)
Ascend R 4.5 Ci12 - Denial of Service (Perl)
Ascend R 4.5 Ci12 - Denial of Service

BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Python)
BulletProof FTP Client 2010 - Buffer Overflow (SEH)

RedHat 6.2 Restore and Dump - Local Privilege Escalation (Perl)
RedHat 6.2 Restore and Dump - Local Privilege Escalation

Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Bash)
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation

Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Perl)
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation

ARPUS/Ce - Local Overflow (setuid) (Perl)
ARPUS/Ce - Local Overflow (setuid)

Xmame 0.102 - 'lang' Local Buffer Overflow (C)
Xmame 0.102 - 'lang' Local Buffer Overflow

CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
Browser3D 3.5 - '.sfs' Local Stack Overflow (C)
Browser3D 3.5 - '.sfs' Local Stack Overflow (Perl)
Browser3D 3.5 - '.sfs' Local Stack Overflow

CastRipper 2.50.70 - '.m3u' Universal Stack Overflow (Python)
CastRipper 2.50.70 - '.m3u' Universal Stack Overflow

Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation (Python)
Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Perl)
Soritong 1.0 - Universal Buffer Overflow (Python)
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Python)
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow
Soritong 1.0 - Universal Buffer Overflow
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow

Apple Mac OSX 10.8.4 - Local Privilege Escalation (Python)
Apple Mac OSX 10.8.4 - Local Privilege Escalation

BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby)
BulletProof FTP Client 2010 - Local Buffer Overflow (SEH)

Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032) (C#)
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032)

10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)
10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH) (ROP)

B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)
B64dec 1.1.2 - Buffer Overflow (SEH Overflow + EggHunter)

10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)

Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (PHP)
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure

Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Perl)
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure

Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2) (Perl)
Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2)

Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070) (Python)
Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070)

3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode (Perl)
3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Python)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Perl)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow

3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow

OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Perl)
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH

OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Python)
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH

Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution (Python)
Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution

IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (C)
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow

BIND 9.x - Remote DNS Cache Poisoning (Python)
BIND 9.x - Remote DNS Cache Poisoning

Microsoft Internet Explorer 7 - Memory Corruption (MS09-002) (Python)
Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)

EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (Perl)
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow

Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (PHP)
Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass

Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow (Perl)
Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow

Endian Firewall < 3.0.0 - OS Command Injection (Python)
Endian Firewall < 3.0.0 - OS Command Injection
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (C)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (Perl)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution

phpBB 2.0.12 - Change User Rights Authentication Bypass (C)
phpBB 2.0.12 - Change User Rights Authentication Bypass
Maxwebportal 1.36 - 'Password.asp' Change Password (3) (Perl)
Maxwebportal 1.36 - 'Password.asp' Change Password (2) (PHP)
Maxwebportal 1.36 - 'Password.asp' Change Password (3)
Maxwebportal 1.36 - 'Password.asp' Change Password (2)

phpStat 1.5 - 'setup.php' Authentication Bypass (Perl)
phpStat 1.5 - 'setup.php' Authentication Bypass

SimpleBBS 1.1 - Remote Command Execution (C)
SimpleBBS 1.1 - Remote Command Execution
DataLife Engine 4.1 - SQL Injection (Perl)
DataLife Engine 4.1 - SQL Injection (PHP)
DataLife Engine 4.1 - SQL Injection

cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP)
cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (PHP)
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (Perl)
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution

webSPELL 4.2.0d (Linux) - Local File Disclosure (C)
webSPELL 4.2.0d (Linux) - Local File Disclosure

Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload
PHPMailer < 5.2.18 - Remote Code Execution (Bash)
PHPMailer < 5.2.18 - Remote Code Execution (PHP)
PHPMailer < 5.2.18 - Remote Code Execution

PHPMailer < 5.2.18 - Remote Code Execution (Python)
PHPMailer < 5.2.18 - Remote Code Execution

WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection

Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload
BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
Online Grading System 1.0 - 'uname' SQL Injection
Quick.CMS 6.7 - Remote Code Execution (Authenticated)
Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover
MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
Simple Public Chat Room 1.0 - Authentication Bypass SQLi
Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)
 2021-01-30 05:01:55 +00:00