exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	dc7e147e70	DB: 2020-07-24 3 changes to exploits/shellcodes FTPDummy 4.80 - Local Buffer Overflow (SEH) Snes9K 0.09z - 'Port Number' Buffer Overflow (SEH) UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass	2020-07-24 05:02:04 +00:00
Offensive Security	8bb6bd8fb0	DB: 2020-07-16 8 changes to exploits/shellcodes SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin) Zyxel Armor X1 WAP6806 - Directory Traversal Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection Online Polling System 1.0 - Authentication Bypass Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting Infor Storefront B2B 1.0 - 'usr_name' SQL Injection	2020-07-16 05:02:11 +00:00
Offensive Security	ff6e1034eb	DB: 2020-07-09 2 changes to exploits/shellcodes SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin) BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password)	2020-07-09 05:02:07 +00:00
Offensive Security	8f6367cf98	DB: 2020-07-08 8 changes to exploits/shellcodes Sony Playstation 4 (PS4) < 7.02 / FreeBSD 9 / FreeBSD 12 - 'ip6_setpktopt' Kernel Local Privilege Escalation (PoC) Microsoft Windows mshta.exe 2019 - XML External Entity Injection BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution (PoC) Sickbeard 0.1 - Remote Command Injection Online Shopping Portal 3.1 - 'email' SQL Injection Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation	2020-07-08 05:01:58 +00:00
Offensive Security	c22ad85b57	DB: 2020-06-26 2 changes to exploits/shellcodes mySCADA myPRO 7 - Hardcoded Credentials FHEM 6.0 - Local File Inclusion	2020-06-26 05:01:58 +00:00
Offensive Security	1979df6cb3	DB: 2020-06-19 51 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Notepad++ < 7.7 (x64) - Denial of Service SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service InputMapper 1.6.10 - Denial of Service SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH) XnConvert 1.82 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC) SpotDialup 1.6.7 - 'Key' Denial of Service (PoC) Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) FreeBSD 12.0 - 'fd' Local Privilege Escalation iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH) DeviceViewer 3.12.0.1 - Arbitrary Password Change Winrar 5.80 - XML External Entity Injection Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution Siemens TIA Portal - Remote Command Execution Android 7 < 9 - Remote Code Execution CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit) CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit) CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit) MyBB < 1.8.21 - Remote Code Execution Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit) Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery Publisure Hybrid - Multiple Vulnerabilities NetGain EM Plus 10.1.68 - Remote Command Execution Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion DotNetNuke 9.3.2 - Cross-Site Scripting VehicleWorkshop 1.0 - 'bookingid' SQL Injection WordPress Plugin Tutor.1.5.3 - Local File Inclusion WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting WordPress Plugin Wordfence.7.4.5 - Local File Disclosure WordPress Plugin contact-form-7 5.1.6 - Remote File Upload WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Joomla! 3.9.0 < 3.9.7 - CSV Injection PlaySMS 1.4.3 - Template Injection / Remote Code Execution Wing FTP Server - Authenticated CSRF (Delete Admin) WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification UADMIN Botnet 1.0 - 'link' SQL Injection Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload Wordpress Plugin PicUploader 1.0 - Remote File Upload PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution WordPress Plugin Helpful 2.4.11 - SQL Injection Prestashop 1.7.6.4 - Cross-Site Request Forgery WordPress Plugin Simple File List 5.4 - Remote Code Execution Library CMS Powerful Book Management System 2.2.0 - Session Fixation Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection Beauty Parlour Management System 1.0 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes) Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes) Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)	2020-06-19 05:02:01 +00:00
Offensive Security	8fc6092de1	DB: 2020-06-17 4 changes to exploits/shellcodes NETGEAR SSL312 Router - Denial of Service Netgear SSL312 Router - Denial of Service NETGEAR WGR614v9 Wireless Router - Denial of Service Netgear WGR614v9 Wireless Router - Denial of Service NETGEAR DG632 Router - Remote Denial of Service Netgear DG632 Router - Remote Denial of Service NETGEAR ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service NETGEAR ProSafe - Denial of Service Netgear ProSafe - Denial of Service NETGEAR WGR614 - Administration Interface Remote Denial of Service Netgear WGR614 - Administration Interface Remote Denial of Service NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path NETGEAR WG102 - Leaks SNMP Write Password With Read Access Netgear WG102 - Leaks SNMP Write Password With Read Access NETGEAR DG632 Router - Authentication Bypass Netgear DG632 Router - Authentication Bypass NETGEAR WNR2000 FW 1.2.0.8 - Information Disclosure Netgear WNR2000 FW 1.2.0.8 - Information Disclosure NETGEAR WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit) Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit) NETGEAR FM114P Wireless Firewall - File Disclosure Netgear FM114P Wireless Firewall - File Disclosure NETGEAR FM114P ProSafe Wireless Router - UPnP Information Disclosure Netgear FM114P ProSafe Wireless Router - UPnP Information Disclosure NETGEAR FM114P ProSafe Wireless Router - Rule Bypass Netgear FM114P ProSafe Wireless Router - Rule Bypass NETGEAR RP114 3.26 - Content Filter Bypass Netgear RP114 3.26 - Content Filter Bypass NETGEAR DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit) Netgear DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit) NETGEAR DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit) Netgear DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit) NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow Netgear MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow NETGEAR ReadyNAS - Perl Code Evaluation (Metasploit) Netgear ReadyNAS - Perl Code Evaluation (Metasploit) NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting NETGEAR WNR2000 - Multiple Information Disclosure Vulnerabilities Netgear WNR2000 - Multiple Information Disclosure Vulnerabilities NETGEAR WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities NETGEAR D6300B - '/diag.cgi?IPAddr4' Remote Command Execution Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution NETGEAR NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit) Netgear NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit) NETGEAR JNR1010 ADSL Router - (Authenticated) Remote File Disclosure NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure Netgear WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure NETGEAR WNR2000v5 - Remote Code Execution Netgear WNR2000v5 - Remote Code Execution NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit) Netgear R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit) NETGEAR WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit) Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit) NETGEAR DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit) Netgear DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit) NETGEAR - 'TelnetEnable' Magic Packet (Metasploit) Netgear - 'TelnetEnable' Magic Packet (Metasploit) WordPress MU < 1.3.2 - active_plugins option Code Execution WordPress MU < 1.3.2 - 'active_plugins' Code Execution NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery NETGEAR SPH200D - Multiple Vulnerabilities Netgear SPH200D - Multiple Vulnerabilities NETGEAR DGN1000B - Multiple Vulnerabilities Netgear DGN1000B - Multiple Vulnerabilities NETGEAR DGN2200B - Multiple Vulnerabilities Netgear DGN2200B - Multiple Vulnerabilities NETGEAR WNR1000 - Authentication Bypass Netgear WNR1000 - Authentication Bypass NETGEAR WPN824v3 - Unauthorized Configuration Download Netgear WPN824v3 - Unauthorized Configuration Download NETGEAR DGN1000 / DGN2200 - Multiple Vulnerabilities Netgear DGN1000 / DGN2200 - Multiple Vulnerabilities NETGEAR ProSafe - Information Disclosure Netgear ProSafe - Information Disclosure NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit) Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit) NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities Netgear WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure NETGEAR WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access NETGEAR ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities NETGEAR WNR1000v4 - Authentication Bypass Netgear WNR1000v4 - Authentication Bypass NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities Netgear NMS300 ProSafe Network Management System - Multiple Vulnerabilities NETGEAR R7000 - Command Injection NETGEAR R7000 - Cross-Site Scripting Netgear R7000 - Command Injection Netgear R7000 - Cross-Site Scripting NETGEAR Routers - Password Disclosure Netgear Routers - Password Disclosure NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution Netgear DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution Netgear DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery Multiple WordPress Plugins - Arbitrary File Upload Multiple WordPress Plugins - Arbitrary File Upload NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution NETGEAR WiFi Router R6120 - Credential Disclosure Netgear WiFi Router R6120 - Credential Disclosure NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting School File Management System 1.0 - 'username' SQL Injection School File Management System 1.0 - 'username' SQL Injection ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection WordPress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated) WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated) Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation Joomla J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Netgear R7000 Router - Remote Code Execution Gila CMS 1.11.8 - 'query' SQL Injection	2020-06-17 05:02:00 +00:00
Offensive Security	590364ca2a	DB: 2020-06-09 4 changes to exploits/shellcodes Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow (SEH) (PoC) Quick Player 1.3 - '.m3l' Buffer Overflow (Unicode & SEH) Kyocera Printer d-COPIA253MF - Directory Traversal (PoC) Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection	2020-06-09 05:02:04 +00:00
Offensive Security	533f33f3f4	DB: 2020-06-05 17 changes to exploits/shellcodes IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path AirControl 1.4.2 - PreAuth Remote Code Execution Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated) Clinic Management System 1.0 - Unauthenticated Remote Code Execution Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated) Oriol Espinal CMS 1.0 - 'id' SQL Injection Clinic Management System 1.0 - Authenticated Arbitrary File Upload Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin) VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Navigate CMS 2.8.7 - Authenticated Directory Traversal D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Online Marriage Registration System 1.0 - Remote Code Execution Cayin Content Management Server 11.0 - Remote Command Injection (root) SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User) Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Cayin Signage Media Player 3.0 - Remote Command Injection (root) Cayin Digital Signage System xPost 2.5 - Remote Command Injection	2020-06-05 05:01:53 +00:00
Offensive Security	4fbd3630c8	DB: 2020-05-26 6 changes to exploits/shellcodes GoldWave - Buffer Overflow (SEH Unicode) Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit) Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit) Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated) Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting Online Discussion Forum Site 1.0 - Remote Code Execution	2020-05-26 05:01:56 +00:00
Offensive Security	6aad755e5e	DB: 2020-05-19 10 changes to exploits/shellcodes HP LinuxKI 6.01 - Remote Command Injection Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection Online Examination System 1.0 - 'eid' SQL Injection Oracle Hospitality RES 3700 5.7 - Remote Code Execution forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload online Chatting System 1.0 - 'id' SQL Injection Online Healthcare Patient Record Management System 1.0 - Authentication Bypass Online Healthcare management system 1.0 - Authentication Bypass	2020-05-19 05:01:51 +00:00
Offensive Security	522576cc79	DB: 2020-05-15 6 changes to exploits/shellcodes Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH) Complaint Management System 1.0 - 'username' SQL Injection Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution E-Commerce System 1.0 - Unauthenticated Remote Code Execution	2020-05-15 05:01:49 +00:00
Offensive Security	262c9c3eb6	DB: 2020-05-09 1 changes to exploits/shellcodes Extreme Networks Aerohive HiveOS 11.0 - Remote Denial of Service (PoC)	2020-05-09 05:01:48 +00:00
Offensive Security	c1eb769a98	DB: 2020-05-08 7 changes to exploits/shellcodes FlashGet 1.9.6 - Denial of Service (PoC) Car Park Management System 1.0 - Authentication Bypass Draytek VigorAP 1000C - Persistent Cross-Site Scripting School File Management System 1.0 - 'username' SQL Injection Online Clothing Store 1.0 - Arbitrary File Upload Pisay Online E-Learning System 1.0 - Remote Code Execution Online AgroCulture Farm Management System 1.0 - 'pid' SQL Injection	2020-05-08 05:01:51 +00:00
Offensive Security	cc95715dc2	DB: 2020-05-06 10 changes to exploits/shellcodes Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path Saltstack 3000.1 - Remote Code Execution BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection Fishing Reservation System 7.5 - 'uid' SQL Injection Online Scheduling System 1.0 - 'username' SQL Injection webERP 4.15.1 - Unauthenticated Backup File Access PhreeBooks ERP 5.2.5 - Remote Command Execution SimplePHPGal 0.7 - Remote File Inclusion NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration	2020-05-06 05:01:49 +00:00
Offensive Security	ccea007282	DB: 2020-05-01 81 changes to exploits/shellcodes WordPress 2.9 - Denial of Service WordPress Core 2.9 - Denial of Service Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC) Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC) IBM AIX 4.3.1 - 'adb' Denial of Service Jzip - Buffer Overflow (PoC) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) WordPress 4.0 - Denial of Service WordPress < 4.0.1 - Denial of Service WordPress Core 4.0 - Denial of Service WordPress Core < 4.0.1 - Denial of Service Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service PHPFreeChat 1.7 - Denial of Service XenForo 2 - CSS Loader Denial of Service MikroTik 6.41.4 - FTP daemon Denial of Service (PoC) Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Virgin Media Hub 3.0 Router - Denial of Service (PoC) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC) Windows PowerShell - Unsanitized Filename Command Execution Microsoft Windows PowerShell - Unsanitized Filename Command Execution QEMU - Denial of Service Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Tautulli 2.1.9 - Denial of Service (Metasploit) Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Cisco IP Phone 11.7 - Denial of service (PoC) PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass IBM AIX 4.3.1 - 'adb' Denial of Service Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC) AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Windows NTFS - Privileged File Access Enumeration Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) Microsoft Windows NTFS - Privileged File Access Enumeration Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit) Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit) Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) _GCafé 3.0 - 'gbClienService' Unquoted Service Path _GCafé 3.0 - 'gbClienService' Unquoted Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Bash 5.0 Patch 11 - SUID Priv Drop Exploit Bash 5.0 Patch 11 - SUID Priv Drop Exploit Windows - Shell COM Server Registrar Local Privilege Escalation Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation Windows Kernel - Information Disclosure Microsoft Windows Kernel - Information Disclosure NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress 5.0.0 - Crop-image Shell Upload (Metasploit) WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) Windows PowerShell ISE - Remote Code Execution Microsoft Windows PowerShell ISE - Remote Code Execution QEMU - Denial of Service Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) WordPress 1.2 - HTTP Splitting WordPress Core 1.2 - HTTP Splitting WordPress 1.5.1.1 - SQL Injection WordPress Core 1.5.1.1 - SQL Injection WordPress 1.5.1.1 - 'add new admin' SQL Injection WordPress Core 1.5.1.1 - 'add new admin' SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress 1.5.1.3 - Remote Code Execution WordPress 1.5.1.3 - Remote Code Execution (Metasploit) WordPress Core 1.5.1.3 - Remote Code Execution WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit) WordPress 2.0.5 - Trackback UTF-7 SQL Injection WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection WordPress 2.0.6 - 'wp-trackback.php' SQL Injection WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection WordPress 2.1.2 - 'xmlrpc' SQL Injection WordPress Core 2.1.2 - 'xmlrpc' SQL Injection WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress 2.2 - 'xmlrpc.php' SQL Injection WordPress Core 2.2 - 'xmlrpc.php' SQL Injection WordPress 2.2 - 'wp-app.php' Arbitrary File Upload WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress 2.3.1 - Charset SQL Injection WordPress Core 2.3.1 - Charset SQL Injection Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection WordPress 2.6.1 - SQL Column Truncation WordPress Core 2.6.1 - SQL Column Truncation WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress 2.8.1 - 'url' Cross-Site Scripting WordPress Core 2.8.1 - 'url' Cross-Site Scripting WordPress 2.8.3 - Remote Admin Reset Password WordPress Core 2.8.3 - Remote Admin Reset Password WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress 2.9 - Failure to Restrict URL Access WordPress Core 2.9 - Failure to Restrict URL Access Joomla! Component Joomla Flickr 1.0 - Local File Inclusion Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion WordPress 3.0.1 - 'do_trackbacks()' SQL Injection WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress 3.1.3 - SQL Injection WordPress Core 3.1.3 - SQL Injection WordPress 3.3.1 - Multiple Vulnerabilities WordPress Core 3.3.1 - Multiple Vulnerabilities WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress 1.2 - 'edit.php?s' Cross-Site Scripting WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'wp-login.php' HTTP Response Splitting WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress 1.5 - 'post.php' Cross-Site Scripting WordPress Core 1.5 - 'post.php' Cross-Site Scripting WordPress 2.0 - Comment Post HTML Injection WordPress Core 2.0 - Comment Post HTML Injection WordPress 2.0.5 - 'functions.php' Remote File Inclusion WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion WordPress 1.x/2.0.x - 'template.php' HTML Injection WordPress Core 1.x/2.0.x - 'template.php' HTML Injection WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress 2.1.1 - 'post.php' Cross-Site Scripting WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress 2.1.1 - Arbitrary Command Execution WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress Core 2.1.1 - Arbitrary Command Execution WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress 2.2 - 'Request_URI' Cross-Site Scripting WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress 2.3.1 - Unauthorized Post Access WordPress Core 2.3.1 - Unauthorized Post Access WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress 2.3.3 - 'cat' Directory Traversal WordPress Core 2.3.3 - 'cat' Directory Traversal WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 4.2 - Persistent Cross-Site Scripting WordPress Core 4.2 - Persistent Cross-Site Scripting WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress 3.4.2 - Cross-Site Request Forgery WordPress Core 3.4.2 - Cross-Site Request Forgery Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress 4.5.3 - Directory Traversal / Denial of Service WordPress Core 4.5.3 - Directory Traversal / Denial of Service PHPFreeChat 1.7 - Denial of Service WordPress 4.7.0/4.7.1 - Content Injection (Python) WordPress 4.7.0/4.7.1 - Content Injection (Ruby) WordPress Core 4.7.0/4.7.1 - Content Injection (Python) WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby) WordPress < 4.7.1 - Username Enumeration WordPress Core < 4.7.1 - Username Enumeration WordPress Multiple Plugins - Arbitrary File Upload Multiple WordPress Plugins - Arbitrary File Upload Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection WordPress 4.6 - Remote Code Execution WordPress < 4.7.4 - Unauthorized Password Reset WordPress Core 4.6 - Remote Code Execution WordPress Core < 4.7.4 - Unauthorized Password Reset XenForo 2 - CSS Loader Denial of Service Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion WordPress Plugin Site Editor 1.1.1 - Local File Inclusion Joomla Component Fields - SQLi Remote Code Execution (Metasploit) Joomla! Component Fields - SQLi Remote Code Execution (Metasploit) Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection) MikroTik 6.41.4 - FTP daemon Denial of Service PoC Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Joomla Component Ek Rishta 2.10 - SQL Injection Joomla! Component Ek Rishta 2.10 - SQL Injection Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection WordPress Plugin Ninja Forms 3.3.13 - CSV Injection Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Virgin Media Hub 3.0 Router - Denial of Service (PoC) Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress CherryFramework Themes 3.1.4 - Backup File Download WordPress Theme CherryFramework 3.1.4 - Backup File Download WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing Jenkins 2.150.2 - Remote Command Execution (Metasploit) Jenkins 2.150.2 - Remote Command Execution (Metasploit) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) phpBB 3.2.3 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution 60CycleCMS - 'news.php' SQL Injection 60CycleCMS - 'news.php' SQL Injection Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Intelbras IWR 3000N - Denial of Service (Remote Reboot) Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting Centreon 19.04 - Remote Code Execution Centreon 19.04 - Remote Code Execution WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress 5.2.3 - Cross-Site Host Modification WordPress Core 5.2.3 - Cross-Site Host Modification Joomla 3.4.6 - 'configuration.php' Remote Code Execution Joomla! 3.4.6 - 'configuration.php' Remote Code Execution WordPress Arforms 3.7.1 - Directory Traversal WordPress Plugin Arforms 3.7.1 - Directory Traversal WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution Joomla 3.9.13 - 'Host' Header Injection Joomla! 3.9.13 - 'Host' Header Injection Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) NopCommerce 4.2.0 - Privilege Escalation NopCommerce 4.2.0 - Privilege Escalation WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal ( Metasploit ) Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal (Metasploit) Tautulli 2.1.9 - Denial of Service ( Metasploit ) Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit) WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit) Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Cacti 1.2.8 - Authenticated Remote Code Execution Cacti 1.2.8 - Authenticated Remote Code Execution Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) Wordpress Plugin Search Meter 2.13.2 - CSV injection WordPress Plugin Search Meter 2.13.2 - CSV injection Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Cisco IP Phone 11.7 - Denial of service (PoC) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes)	2020-05-01 05:02:03 +00:00
Offensive Security	b1e1bfd776	DB: 2020-04-28 7 changes to exploits/shellcodes Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Netis E1+ 1.2.32533 - Backdoor Account (root) Online shopping system advanced 1.0 - 'p' SQL Injection Netis E1+ V1.2.32533 - Unauthenticated WiFi Password Leak Online Course Registration 2.0 - Authentication Bypass Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)	2020-04-28 05:01:48 +00:00
Offensive Security	7b87f30fbc	DB: 2020-04-25 5 changes to exploits/shellcodes Popcorn Time 6.2 - 'Update service' Unquoted Service Path EspoCRM 5.8.5 - Privilege Escalation Edimax EW-7438RPn 1.13 - Remote Code Execution Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)	2020-04-25 05:01:51 +00:00
Offensive Security	7b676133d3	DB: 2020-04-23 5 changes to exploits/shellcodes Vesta Control Panel 0.9.8-16 - Local Privilege Escalation RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow (SEH) Edimax EW-7438RPn - Information Disclosure (WiFi Password) Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering) Mahara 19.10.2 CMS - Persistent Cross-Site Scripting	2020-04-23 05:01:50 +00:00
Offensive Security	1c5c38825d	DB: 2020-04-22 10 changes to exploits/shellcodes Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation WordPress 2.0.2 - 'cache' Remote Shell Injection Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption WordPress Core 2.0.2 - 'cache' Remote Shell Injection CSZ CMS 1.2.7 - Persistent Cross-Site Scripting PMB 5.6 - 'logid' SQL Injection CSZ CMS 1.2.7 - 'title' HTML Injection IQrouter 3.3.1 Firmware - Remote Code Execution NSClient++ 0.5.2.35 - Authenticated Remote Code Execution jizhi CMS 1.6.7 - Arbitrary File Download P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)	2020-04-22 05:01:47 +00:00
Offensive Security	189c8b52c9	DB: 2020-04-18 6 changes to exploits/shellcodes Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow (SEH + DEP) Code Blocks 16.01 - Buffer Overflow (SEH) UNICODE Nexus Repository Manager - Java EL Injection RCE (Metasploit) Playable 9.18 iOS - Persistent Cross-Site Scripting TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection Cisco IP Phone 11.7 - Denial of service (PoC)	2020-04-18 05:01:49 +00:00
Offensive Security	0137126a8e	DB: 2020-04-15 4 changes to exploits/shellcodes B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter) Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution WSO2 3.1.0 - Persistent Cross-Site Scripting Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution	2020-04-15 05:01:49 +00:00
Offensive Security	be2aa5d840	DB: 2020-04-14 7 changes to exploits/shellcodes Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH) Huawei HG630 2 Router - Authentication Bypass TVT NVMS 1000 - Directory Traversal Webtateas 2.0 - Arbitrary File Read WSO2 3.1.0 - Arbitrary File Delete Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection	2020-04-14 05:01:51 +00:00
Offensive Security	6d55b45cdf	DB: 2020-04-09 2 changes to exploits/shellcodes Django 3.0 - Cross-Site Request Forgery Token Bypass Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)	2020-04-09 05:01:51 +00:00
Offensive Security	19615ff704	DB: 2020-04-01 7 changes to exploits/shellcodes FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC) Redis - Replication Code Execution (Metasploit) IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit) DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit) SharePoint Workflows - XOML Injection (Metasploit) Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection	2020-04-01 05:01:47 +00:00
Offensive Security	4b289033f4	DB: 2020-03-27 3 changes to exploits/shellcodes TP-Link Archer C50 3 - Denial of Service (PoC) Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution	2020-03-27 05:01:46 +00:00
Offensive Security	52df09d89e	DB: 2020-03-25 4 changes to exploits/shellcodes Veyon 4.3.4 - 'VeyonService' Unquoted Service Path UliCMS 2020.1 - Persistent Cross-Site Scripting Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting UCM6202 1.0.18.13 - Remote Command Injection	2020-03-25 05:01:47 +00:00
Offensive Security	85cdf30cea	DB: 2020-03-19 7 changes to exploits/shellcodes NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Microsoft VSCode Python Extension - Code Execution VMWare Fusion - Local Privilege Escalation Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) Netlink GPON Router 1.0.11 - Remote Code Execution Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)	2020-03-19 05:01:49 +00:00
Offensive Security	79fee2e601	DB: 2020-03-14 4 changes to exploits/shellcodes AnyBurn 4.8 - Buffer Overflow (SEH) Drobo 5N2 4.1.1 - Remote Command Injection Centos WebPanel 7 - 'term' SQL Injection	2020-03-14 05:01:46 +00:00
Offensive Security	4df22c7404	DB: 2020-03-10 13 changes to exploits/shellcodes Microsoft Windows - 'WizardOpium' Local Privilege Escalation OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit) Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit) PHP-FPM - Underflow Remote Code Execution (Metasploit) Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit) Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit) Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit) ManageEngine ServiceDesk Plus 9.3 - User Enumeration 60CycleCMS - 'news.php' SQL Injection Sahi pro 8.x - Directory Traversal Sentrifugo HRMS 3.2 - 'id' SQL Injection	2020-03-10 05:01:44 +00:00
Offensive Security	d85ad29bbc	DB: 2020-03-04 4 changes to exploits/shellcodes RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection Alfresco 5.2.4 - Persistent Cross-Site Scripting GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection	2020-03-04 05:01:50 +00:00
Offensive Security	afe5797b88	DB: 2020-03-03 12 changes to exploits/shellcodes Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH) Wing FTP Server 6.2.3 - Privilege Escalation Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow Joplin Desktop 1.0.184 - Cross-Site Scripting Netis WF2419 2.2.36123 - Remote Code Execution Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware) Wing FTP Server 6.2.5 - Privilege Escalation TP LINK TL-WR849N - Remote Code Execution Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload) Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)	2020-03-03 05:01:48 +00:00
Offensive Security	02aee6c80e	DB: 2020-02-28 5 changes to exploits/shellcodes Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) Comtrend VR-3033 - Command Injection Apache Tomcat - AJP 'Ghostcat File Read/Inclusion Cacti 1.2.8 - Authenticated Remote Code Execution Cacti 1.2.8 - Unauthenticated Remote Code Execution	2020-02-28 05:01:52 +00:00
Offensive Security	cf92ea269e	DB: 2020-02-25 22 changes to exploits/shellcodes Quick N Easy Web Server 3.3.8 - Denial of Service (PoC) Go SSH servers 0.0.2 - Denial of Service (PoC) Android Binder - Use-After-Free (Metasploit) Diamorphine Rootkit - Signal Privilege Escalation (Metasploit) Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit) Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Real Web Pentesting Tutorial Step by Step - [Persian] AMSS++ v 4.31 - 'id' SQL Injection SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin) AMSS++ 4.7 - Backdoor Admin Account SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure ATutor 2.2.4 - 'id' SQL Injection I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure ManageEngine EventLog Analyzer 10.0 - Information Disclosure eLection 2.0 - 'id' SQL Injection DotNetNuke 9.5 - Persistent Cross-Site Scripting DotNetNuke 9.5 - File Upload Restrictions Bypass Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure Cacti 1.2.8 - Remote Code Execution Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)	2020-02-25 05:01:52 +00:00
Offensive Security	16b45536b7	DB: 2020-02-20 5 changes to exploits/shellcodes WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Virtual Freer 1.58 - Remote Command Execution DBPower C300 HD Camera - Remote Configuration Disclosure Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak	2020-02-20 05:01:53 +00:00
Offensive Security	228a37da9c	DB: 2020-02-18 15 changes to exploits/shellcodes HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path Cuckoo Clock v5.0 - Buffer Overflow Anviz CrossChex - Buffer Overflow (Metasploit) SOPlanning 1.45 - 'by' SQL Injection Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Avaya Aura Communication Manager 5.2 - Remote Code Execution Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User) WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting SOPlanning 1.45 - Cross-Site Request Forgery (Add User) SOPlanning 1.45 - 'users' SQL Injection LabVantage 8.3 - Information Disclosure	2020-02-18 05:01:54 +00:00
Offensive Security	7d757326b8	DB: 2020-02-06 8 changes to exploits/shellcodes Socat 1.7.3.4 - Heap-Based Overflow (PoC) xglance-bin 11.00 - Privilege Escalation HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account AVideo Platform 8.1 - Information Disclosure (User Enumeration) Wago PFC200 - Authenticated Remote Code Execution (Metasploit) Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC) AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)	2020-02-06 05:02:08 +00:00
Offensive Security	9a3ddbdd3a	DB: 2020-02-05 5 changes to exploits/shellcodes Sudo 1.8.25p - Buffer Overflow Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit) F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)	2020-02-05 05:02:01 +00:00
Offensive Security	8683ee3eea	DB: 2020-02-04 8 changes to exploits/shellcodes BearFTP 0.1.0 - 'PASV' Denial of Service P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC) Jobberbase 2.0 CMS - 'jobs-in' SQL Injection IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting phpList 3.5.0 - Authentication Bypass Jira 8.3.4 - Information Disclosure (Username Enumeration) Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection School ERP System 1.0 - Cross Site Request Forgery (Add Admin)	2020-02-04 05:02:00 +00:00
Offensive Security	3b5a0d91fe	DB: 2020-01-30 9 changes to exploits/shellcodes XMLBlueprint 16.191112 - XML External Entity Injection Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Kibana 6.6.1 - CSV Injection Liferay CE Portal 6.0.2 - Remote Command Execution Cups Easy 1.0 - Cross Site Request Forgery (Password Reset) Satellian 1.12 - Remote Code Execution Centreon 19.10.5 - 'Pollers' Remote Command Execution Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting	2020-01-30 05:02:05 +00:00
Offensive Security	a497fe32ec	DB: 2020-01-25 6 changes to exploits/shellcodes Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) Ricoh Printer Drivers - Local Privilege Escalation TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Webtareas 2.0 - 'id' SQL Injection OLK Web Store 2020 - Cross-Site Request Forgery Genexis Platinum-4410 2.1 - Authentication Bypass	2020-01-25 05:02:04 +00:00
Offensive Security	1a9ce31a5f	DB: 2020-01-17 12 changes to exploits/shellcodes SunOS 5.10 Generic_147148-26 - Local Privilege Escalation Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP) Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting VICIDIAL Call Center Suite - Multiple SQL Injections Online Book Store 1.0 - 'bookisbn' SQL Injection WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Online Book Store 1.0 - Arbitrary File Upload Tautulli 2.1.9 - Denial of Service ( Metasploit ) Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection	2020-01-17 05:02:10 +00:00
Offensive Security	dbb38f4b3a	DB: 2020-01-16 3 changes to exploits/shellcodes Barco WePresent - file_transfer.cgi Command Injection (Metasploit) Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal ( Metasploit )	2020-01-16 05:02:06 +00:00
Offensive Security	b73c74bb9d	DB: 2020-01-15 6 changes to exploits/shellcodes Redir 3.3 - Denial of Service (PoC) WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN VPN unlimited 6.1 - Unquoted Service Path IBM RICOH InfoPrint 6500 Printer - HTML Injection IBM RICOH 6400 Printer - HTML Injection	2020-01-15 05:01:57 +00:00
Offensive Security	de1e6651e0	DB: 2020-01-10 8 changes to exploits/shellcodes ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC) MSN Password Recovery 1.30 - XML External Entity Injection Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery Oracle Weblogic 10.3.6.0.0 - Remote Command Execution	2020-01-10 05:02:00 +00:00
Offensive Security	c7085a57b4	DB: 2020-01-09 9 changes to exploits/shellcodes Cisco DCNM JBoss 10.4 - Credential Leakage EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow ASTPP VoIP 4.0.1 - Remote Code Execution JetBrains TeamCity 2018.2.4 - Remote Code Execution Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting Online Book Store 1.0 - Unauthenticated Remote Code Execution Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)	2020-01-09 05:02:04 +00:00
Offensive Security	fe24bda1f5	DB: 2020-01-08 4 changes to exploits/shellcodes AnyDesk 5.4.0 - Unquoted Service Path Job Portal 1.0 - Remote Code Execution piSignage 2.6.4 - Directory Traversal Complaint Management System 4.0 - Remote Code Execution	2020-01-08 05:02:04 +00:00
Offensive Security	95c6eeab79	DB: 2020-01-07 33 changes to exploits/shellcodes NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC) SpotIE 2.9.5 - 'Key' Denial of Service (PoC) Dnss Domain Name Search Software - 'Key' Denial of Service (PoC) BlueAuditor 1.7.2.0 - 'Name' Denial of Service (PoC) ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service (PoC) NetShareWatcher 1.5.8.0 - 'Key' Denial of Service (PoC) Dnss Domain Name Search Software - 'Name' Denial of Service (PoC) TextCrawler Pro3.1.1 - Denial of Service (PoC) RemShutdown 2.9.0.0 - 'Key' Denial of Service (PoC) Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service (PoC) RemShutdown 2.9.0.0 - 'Name' Denial of Service (PoC) NBMonitor 1.6.6.0 - 'Key' Denial of Service (PoC) Office Product Key Finder 1.5.4 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service (PoC) SpotMSN 2.4.6 - 'Name' Denial of Service (PoC) SpotIM 2.2 - 'Name' Denial Of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Duplicate Cleaner Pro 4 - Denial of Service (PoC) Microsoft Outlook VCF cards - Denial of Service (PoC) Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path Windows - Shell COM Server Registrar Local Privilege Escalation Dairy Farm Shop Management System 1.0 - 'username' SQL Injection Complaint Management System 4.0 - 'cid' SQL injection IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin) Hostel Management System 2.0 - 'id' SQL Injection elaniin CMS 1.0 - Authentication Bypass Small CRM 2.0 - Authentication Bypass Voyager 1.3.0 - Directory Traversal Codoforum 4.8.3 - Persistent Cross-Site Scripting Django < 3.0 < 2.2 < 1.11 - Account Hijack Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)	2020-01-07 05:02:07 +00:00
Offensive Security	fcc50f8a35	DB: 2020-01-02 5 changes to exploits/shellcodes Microsoft Windows .Group File - Code Execution nostromo 1.9.6 - Remote Code Execution Shopping Portal ProVersion 3.0 - Authentication Bypass IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal Hospital Management System 4.0 - Authentication Bypass	2020-01-02 05:01:56 +00:00
Offensive Security	cd36764b57	DB: 2019-12-31 28 changes to exploits/shellcodes OpenBSD - Dynamic Loader chpass Privilege Escalation (Metasploit) Reptile Rootkit - reptile_cmd Privilege Escalation (Metasploit) Microsoft UPnP - Local Privilege Elevation (Metasploit) AVS Audio Converter 9.1.2.600 - Stack Overflow (PoC) FTP Navigator 8.03 - Stack Overflow (SEH) Wing FTP Server 6.0.7 - Unquoted Service Path Domain Quester Pro 6.02 - Stack Overflow (SEH) FreeBSD-SA-19:02.fd - Privilege Escalation FreeBSD-SA-19:15.mqueuefs - Privilege Escalation HomeAutomation 3.3.2 - Persistent Cross-Site Scripting HomeAutomation 3.3.2 - Authentication Bypass HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin) HomeAutomation 3.3.2 - Remote Code Execution elearning-script 1.0 - Authentication Bypass XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin) Thrive Smart Home 1.1 - Authentication Bypass XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin) XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin) WEMS BEMS 21.3.1 - Undocumented Backdoor Account AVE DOMINAplus 1.10.x - Credential Disclosure AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enable/disable alarm) AVE DOMINAplus 1.10.x - Authentication Bypass Heatmiser Netmonitor 3.03 - Hardcoded Credentials MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure RICOH SP 4510SF Printer - HTML Injection RICOH Web Image Monitor 1.09 - HTML Injection Heatmiser Netmonitor 3.03 - HTML Injection	2019-12-31 05:02:03 +00:00

... 3 4 5 6 7 ...

479 commits