bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2831 commits 1 branch 0 tags 258 MiB
Commit graph

117 commits

Author SHA1 Message Date
Exploit-DB
76d99ff06e DB: 2024-08-25 
7 changes to exploits/shellcodes/ghdb

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

HughesNet HT2000W Satellite Modem - Password Reset

Aurba 501 - Authenticated RCE
 2024-08-25 00:16:25 +00:00
Exploit-DB
8c78d80c78 DB: 2024-03-17 
7 changes to exploits/shellcodes/ghdb

Karaf v4.4.3 Console - RCE

Nokia BMC Log Scanner - Remote Code Execution

vm2 - sandbox escape

UPS Network Management Card 4 - Path Traversal

Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)

LaborOfficeFree 19.10 - MySQL Root Password Calculator
 2024-03-17 00:16:40 +00:00
Exploit-DB
bdcc81a451 DB: 2024-02-16 
4 changes to exploits/shellcodes/ghdb

DS Wireless Communication - Remote Code Execution

Metabase 0.46.6 - Pre-Auth Remote Code Execution

SISQUALWFM 7.1.319.103 - Host Header Injection
 2024-02-16 00:16:25 +00:00
Exploit-DB
3de26153c8 DB: 2023-04-02 
23 changes to exploits/shellcodes/ghdb

ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS)

Hughes Satellite Router HX200 v8.3.1.14 -  Remote File Inclusion

Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)

TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)

GeoVision Camera GV-ADR2701 - Authentication Bypass

AD Manager Plus 7122 - Remote Code Execution (RCE)

Enlightenment v0.25.3 - Privilege escalation

Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)

Apache 2.4.x - Buffer Overflow

perfSONAR v4.4.5 - Partial Blind CSRF

SugarCRM 12.2.0 - Remote Code Execution (RCE)

XCMS v1.83 - Remote Command Execution (RCE)

Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)

GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)

AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS)

NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit

Splashtop 8.71.12001.0 - Unquoted Service Path

Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)

FlipRotation v1.0 decoder - Shellcode (146 bytes)

Linux/x86 - Polymorphic linux x86 Shellcode (92 Bytes)

macOS/x64 - Execve Caesar Cipher String Null-Free Shellcode
 2023-04-02 00:16:21 +00:00
Exploit-DB
42ade901fe DB: 2023-03-31 
22 changes to exploits/shellcodes/ghdb

LISTSERV 17 - Insecure Direct Object Reference (IDOR)
LISTSERV 17 - Reflected Cross Site Scripting (XSS)

Router ZTE-H108NS - Stack Buffer Overflow (DoS)

Router ZTE-H108NS - Authentication Bypass

Boa Web Server v0.94.14 - Authentication Bypass

Covenant v0.5 - Remote Code Execution (RCE)

Dreamer CMS v4.0.0 - SQL Injection

Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)

Virtual Reception v1.0 - Web Server Directory Traversal

4images 1.9 - Remote Command Execution (RCE)

ClicShopping v3.402 - Cross-Site Scripting (XSS)

Concrete5 CME v9.1.3 - Xpath injection

Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)

Ecommerse v1.0 - Cross-Site Scripting (XSS)

Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)

myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)

WPForms 1.7.8 - Cross-Site Scripting (XSS)

CrowdStrike Falcon AGENT  6.44.15806  - Uninstall without Installation Token

Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path

Zillya Total Security 3.0.2367.0  - Local Privilege Escalation
 2023-03-31 00:16:26 +00:00
Offensive Security
d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
 2022-11-10 16:39:50 +00:00
Offensive Security
16b24da825 DB: 2022-08-02 
19 changes to exploits/shellcodes

Omnia MPX 1.5.0+r1 - Path Traversal
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)

OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)
Wavlink WN533A8 - Cross-Site Scripting (XSS)
Wavlink WN530HG4 - Password Disclosure
Wavlink WN533A8 - Password Disclosure
WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
WordPress Plugin Duplicator 1.4.7 - Information Disclosure
CuteEditor for PHP 6.6 - Directory Traversal
mPDF 7.0 - Local File Inclusion
NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated)
Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
 2022-08-02 05:01:49 +00:00
Offensive Security
280b8f430a DB: 2022-03-10 
5 changes to exploits/shellcodes

Cobian Backup 0.9 - Unquoted Service Path
Audio Conversion Wizard v2.01 - Buffer Overflow
Printix Client 1.3.1106.0 - Privilege Escalation
Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path

Webmin 1.984 - Remote Code Execution (Authenticated)
 2022-03-10 05:01:37 +00:00
Offensive Security
bba496461e DB: 2022-03-01 
6 changes to exploits/shellcodes

Cobian Reflector 0.9.93 RC1 - 'Password' Denial of Service (PoC)
Cobian Backup 11 Gravity 11.2.0.582 - 'Password' Denial of Service (PoC)
Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path

WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation
Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated)
Casdoor 1.13.0 - SQL Injection (Unauthenticated)
 2022-03-01 05:01:37 +00:00
Offensive Security
7755ac3af6 DB: 2022-02-24 
9 changes to exploits/shellcodes

Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 - Remote File CRUD
Simple Real Estate Portal System 1.0 - 'id' SQLi
Air Cargo Management System v1.0 - SQLi
aaPanel 6.8.21 - Directory Traversal (Authenticated)
Student Record System 1.0 - 'cid' SQLi (Authenticated)
WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated)
WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)
Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)
 2022-02-24 05:01:36 +00:00
Offensive Security
de260aeac6 DB: 2021-10-30 
95 changes to exploits/shellcodes

Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)
WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
Sandboxie 5.49.7 - Denial of Service (PoC)
WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
iDailyDiary 4.30 - Denial of Service (PoC)
RarmaRadio 2.72.8 - Denial of Service (PoC)
DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
Color Notes 1.4 - Denial of Service (PoC)
Macaron Notes great notebook 5.5 - Denial of Service (PoC)
My Notes Safe 5.3 - Denial of Service (PoC)

n+otes 1.6.2 - Denial of Service (PoC)

Telegram Desktop 2.9.2 - Denial of Service (PoC)

Mini-XML 3.2 - Heap Overflow
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

MariaDB 10.2 - 'wsrep_provider' OS Command Execution

Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free

Visual Studio Code 1.47.1 - Denial of Service (PoC)

DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)

MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)

Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service (PoC)

GNU Wget < 1.18 - Arbitrary File Upload (2)

WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting (XSS)

E-Learning System 1.0 - Authentication Bypass

PEEL Shopping 9.3.0 - 'Comments' Persistent Cross-Site Scripting

GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting

EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Persistent Cross-Site Scripting

Selea Targa 512 IP OCR-ANPR Camera - Stream Disclosure (Unauthenticated)

Library System 1.0 - Authentication Bypass

Web Based Quiz System 1.0 - 'name' Persistent Cross-Site Scripting

Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)

GetSimple CMS My SMTP Contact Plugin 1.1.1 - Cross-Site Request Forgery

GravCMS 1.10.7 - Unauthenticated Arbitrary File Write (Metasploit)

Umbraco v8.14.1 - 'baseUrl' SSRF

Cacti 1.2.12 - 'filter' SQL Injection

GetSimple CMS Custom JS 0.1 - Cross-Site Request Forgery

Internship Portal Management System 1.0 - Remote Code Execution(Unauthenticated)
Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting
Xmind 2020 - Persistent Cross-Site Scripting
Tagstoo 2.0.1 - Persistent Cross-Site Scripting
SnipCommand 0.1.0 - Persistent Cross-Site Scripting
Moeditor 0.2.0 - Persistent Cross-Site Scripting
Marky 0.0.1 - Persistent Cross-Site Scripting
StudyMD 0.3.2 - Persistent Cross-Site Scripting
Freeter 1.2.1 - Persistent Cross-Site Scripting
Markright 1.0 - Persistent Cross-Site Scripting
Markdownify 1.2.0 - Persistent Cross-Site Scripting
Anote 1.0 - Persistent Cross-Site Scripting
Subrion CMS 4.2.1 - Arbitrary File Upload
Printable Staff ID Card Creator System 1.0 - 'email' SQL Injection

Schlix CMS 2.2.6-6 - Arbitary File Upload (Authenticated)

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)

CHIYU IoT Devices - Denial of Service (DoS)

Zenario CMS 8.8.52729 - 'cID' SQL injection (Authenticated)

TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal

Atlassian Jira Server Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)

Scratch Desktop 3.17 - Remote Code Execution

Church Management System 1.0 - Arbitrary File Upload (Authenticated)

Phone Shop Sales Managements System 1.0 - Arbitrary File Upload

Zoo Management System 1.0 - 'Multiple' Persistent Cross-Site-Scripting (XSS)

WordPress Plugin Current Book 1.0.1 - 'Book Title' Persistent Cross-Site Scripting

ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)

KevinLAB BEMS 1.0 - Authentication Bypass

Event Registration System with QR Code 1.0 - Authentication Bypass

CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF)

Panasonic Sanyo CCTV Network Camera 2.03-0x - Cross-Site Request Forgery (Change Password)

qdPM 9.2 - Password Exposure (Unauthenticated)
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE)
Movable Type 7 r.5002 - XMLRPC API OS Command Injection (Metasploit)

GeoVision Geowebserver 5.3.3 - Local FIle Inclusion

Simple Phone Book 1.0 - 'Username' SQL Injection (Unauthenticated)

Umbraco CMS 8.9.1 - Directory Traversal

Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Dolibarr ERP 14.0.1 - Privilege Escalation

Compro Technology IP Camera - 'killps.cgi' Denial of Service (DoS)

Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation

Phpwcms 1.9.30 - Arbitrary File Upload

Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes)
Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes)
Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)
Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes)
Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes)
Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes)
Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)
Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes)
Windows/x86 - MessageBoxA PEB & Export Address Table NullFree/Dynamic Shellcode (230 bytes)
 2021-10-30 05:02:09 +00:00
Offensive Security
f33a724e0b DB: 2021-10-29 
58 changes to exploits/shellcodes

Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial of Service (PoC)
Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)
ProFTPD 1.3.7a - Remote Denial of Service
glFTPd 2.11a - Remote Denial of Service
Hasura GraphQL 1.3.3 - Denial of Service
Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
NBMonitor 1.6.8 - Denial of Service (PoC)
Nsauditor 3.2.3 - Denial of Service (PoC)
Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
Post-it 5.0.1 - Denial of Service (PoC)
Notex the best notes 6.4 - Denial of Service (PoC)
SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service (PoC)
Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial of Service (PoC)
GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC)
GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC)
Backup Key Recovery 2.2.7 - Denial of Service (PoC)
memono Notepad Version 4.2 - Denial of Service (PoC)

Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path

Cyberfox Web Browser 52.9.1 - Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
vsftpd 3.0.3 - Remote Denial of Service

Dlink DSL2750U - 'Reboot' Command Injection

PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)

Netsia SEBA+ 0.16.1 - Add Root User (Metasploit)

Arteco Web Client DVR/NVR - 'SessionId' Brute Force

Resumes Management and Job Application Website 1.0 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
'customhs_js_content' - 'customhs_js_content' Cross-Site Request Forgery
Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting

rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)

Mini Mouse 9.3.0 - Local File inclusion

rconfig 3.9.6 - Arbitrary File Upload

Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)

Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated)

OpenEMR 5.0.1.3 - Authentication Bypass
VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS)

Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting

Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection
Budget and Expense Tracker System 1.0 - Authenticated Bypass
Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)

WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)

Blood Bank System 1.0 - Authentication Bypass

Lodging Reservation Management System 1.0 - Authentication Bypass

Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read

Linux/x64 - /sbin/halt -p Shellcode (51 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)

Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)
 2021-10-29 05:02:12 +00:00
Offensive Security
1cf7d7364a DB: 2021-10-13 
176 changes to exploits/shellcodes

Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)
Sandboxie 5.49.7 - Denial of Service (PoC)
WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
iDailyDiary 4.30 - Denial of Service (PoC)
RarmaRadio 2.72.8 - Denial of Service (PoC)
DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
Color Notes 1.4 - Denial of Service (PoC)
Macaron Notes great notebook 5.5 - Denial of Service (PoC)
My Notes Safe 5.3 - Denial of Service (PoC)
Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
NBMonitor 1.6.8 - Denial of Service (PoC)
Nsauditor 3.2.3 - Denial of Service (PoC)
Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
n+otes 1.6.2 - Denial of Service (PoC)
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
Post-it 5.0.1 - Denial of Service (PoC)
Notex the best notes 6.4 - Denial of Service (PoC)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)

MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution

Visual Studio Code 1.47.1 - Denial of Service (PoC)

DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
Backup Key Recovery 2.2.7 - Denial of Service (PoC)
memono Notepad Version 4.2 - Denial of Service (PoC)

Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)

Dlink DSL2750U - 'Reboot' Command Injection
E-Learning System 1.0 - Authentication Bypass & RCE POC
Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)

ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation

GetSimple CMS 3.3.16 - Reflected XSS to RCE
House Rental and Property Listing 1.0 - Multiple Stored XSS
Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection)

EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting

Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)

Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)

Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)

CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)

WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution

Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover

Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)

Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC)

Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)

Montiorr 1.7.6m - File Upload to XSS

GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE

Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated)
Markdown Explorer 0.1.1 - XSS to RCE
Xmind 2020 - XSS to RCE
Tagstoo 2.0.1 - Stored XSS to RCE
SnipCommand 0.1.0 - XSS to RCE
Moeditor 0.2.0 - XSS to RCE
Marky 0.0.1 - XSS to RCE
StudyMD 0.3.2 - XSS to RCE
Freeter 1.2.1 - XSS to RCE
Markright 1.0 - XSS to RCE
Markdownify 1.2.0 - XSS to RCE
Anote 1.0 - XSS to RCE
Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated)
Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload

Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated)

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)

CHIYU IoT Devices - Denial of Service (DoS)

Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated)

TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal

Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)

Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution
ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection

Dolibarr ERP/CRM 10.0.6 - Login Brute Force

qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated)

Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated)

ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function

Budget and Expense Tracker System 1.0 - Authenticated Bypass
WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)
Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping
Phpwcms 1.9.30 - File Upload to XSS

Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes)
Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)
Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
 2021-10-13 05:02:15 +00:00
Offensive Security
c9a65a1f7b DB: 2021-09-03 
52 changes to exploits/shellcodes
 2021-09-03 21:04:54 +00:00
Offensive Security
b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
 2021-09-03 20:19:21 +00:00
Offensive Security
36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
 2021-09-03 13:39:06 +00:00
Offensive Security
32e384bbf0 DB: 2021-08-31 
8 changes to exploits/shellcodes

MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)
ZesleCP 3.1.9 - Remote Code Execution (RCE) (Authenticated)
Usermin 1.820 - Remote Code Execution (RCE) (Authenticated)
Bus Pass Management System 1.0 - 'viewid' SQL Injection
Strapi 3.0.0-beta - Set Password (Unauthenticated)
Strapi 3.0.0-beta.17.7 - Remote Code Execution (RCE) (Authenticated)
Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)
Projectsend r1295 - 'name' Stored XSS
 2021-08-31 05:01:56 +00:00
Offensive Security
4e7ab00187 DB: 2021-08-20 
204 changes to exploits/shellcodes

Charity Management System CMS 1.0 - Multiple Vulnerabilities
 2021-08-20 05:01:51 +00:00
Offensive Security
dc3bff8caf DB: 2021-08-17 
9 changes to exploits/shellcodes

NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting (XSS)
Simple Water Refilling Station Management System 1.0 - Authentication Bypass
Simple Water Refilling Station Management System 1.0 - Remote Code Execution (RCE) through File Upload
COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass
COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)
COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure
 2021-08-17 05:01:53 +00:00
Offensive Security
7014821c65 DB: 2021-07-21 
3 changes to exploits/shellcodes

Webmin 1.973 - 'save_user.cgi' Cross-Site Request Forgery (CSRF)
WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting (XSS)
Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery (CSRF)
 2021-07-21 05:01:52 +00:00
Offensive Security
680397ce33 DB: 2021-07-16 
4 changes to exploits/shellcodes

Webmin 1.973 - Cross-Site Request Forgery (CSRF)
osCommerce 2.3.4.1 - Remote Code Execution (2)
WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution (RCE) (Authenticated)
 2021-07-16 05:01:53 +00:00
Offensive Security
42322e3bcd DB: 2021-07-15 
2 changes to exploits/shellcodes

Webmin 1.973 - Cross-Site Request Forgery (CSRF)

WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS)
 2021-07-15 05:01:54 +00:00
Offensive Security
c19f7edfef DB: 2021-07-08 
4 changes to exploits/shellcodes

Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) (2)
Online Covid Vaccination Scheduler System 1.0 - 'username' time-based blind SQL Injection
WordPress Plugin Plainview Activity Monitor 20161228 - Remote Code Execution (RCE) (Authenticated) (2)
 2021-07-08 05:01:54 +00:00
Offensive Security
d6a44bd00b DB: 2021-06-08 
11 changes to exploits/shellcodes

Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)

IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP

GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration
OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 - Remote Code Execution (Authenticated)
WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting (XSS)
Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated)
Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated)
Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload (Unauthenticated)
 2021-06-08 05:02:03 +00:00
Offensive Security
26cc1d3fc3 DB: 2021-05-29 
5 changes to exploits/shellcodes

PHPFusion 9.03.50 - Remote Code Execution
WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting (XSS)
Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)
Trixbox 2.8.0.4 - 'lang' Path Traversal
Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)
 2021-05-29 05:01:54 +00:00
Offensive Security
18260aa372 DB: 2021-05-14 
5 changes to exploits/shellcodes

Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free
Firefox 72 IonMonkey - JIT Type Confusion
Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (SQLi)
Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL Injection (Authenticated)
ZeroShell 3.9.0 - Remote Command Execution
 2021-05-14 05:01:57 +00:00
Offensive Security
356d0ac56b DB: 2021-04-02 
5 changes to exploits/shellcodes

Latrix 0.6.0 - 'txtaccesscode' SQL Injection
ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)
phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)
ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)
 2021-04-02 05:01:54 +00:00
Offensive Security
82075ed5ca DB: 2021-01-29 
10 changes to exploits/shellcodes

jQuery UI 1.12.1 - Denial of Service (DoS)

Metasploit Framework 6.0.11 - msfvenom APK template command injection

fuelCMS 1.4.1 - Remote Code Execution
fuel CMS 1.4.1 - Remote Code Execution (1)

OpenEMR 5.0.1 - Remote Code Execution
OpenEMR 5.0.1 - Remote Code Execution (1)
EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)
OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
Fuel CMS 1.4.1 - Remote Code Execution (2)
Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution
 2021-01-29 05:01:58 +00:00
Offensive Security
2c7e8b1ddc DB: 2021-01-06 
19 changes to exploits/shellcodes

Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path
Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission
IncomCMS 2.0 - Insecure File Upload
House Rental and Property Listing 1.0 - Multiple Stored XSS
Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection)
WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[currency_code]' Stored XSS
WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS
Online Movie Streaming  1.0 - Authentication Bypass
Responsive ELearning System 1.0 - 'id' Sql Injection
Baby Care System 1.0 - 'Post title' Stored XSS
Responsive FileManager 9.13.4 - 'path' Path Traversal
Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated)
HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities
Cassandra Web 0.5.0 - Remote File Read
CSZ CMS 1.2.9 - Multiple Cross-Site Scripting
Online Learning Management System 1.0 - RCE (Authenticated)
Klog Server 2.4.1 - Command Injection (Unauthenticated)
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting
 2021-01-06 05:01:59 +00:00
Offensive Security
422d27db30 DB: 2020-12-24 
8 changes to exploits/shellcodes

Class Scheduling System 1.0 - Multiple Stored XSS
Online Learning Management System 1.0 - Authentication Bypass
Online Learning Management System 1.0 - Multiple Stored XSS
Online Learning Management System 1.0 - 'id' SQL Injection
Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection
Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)
Baby Care System 1.0 - 'roleid' SQL Injection
 2020-12-24 05:01:59 +00:00
Offensive Security
3aeb1a0d81 DB: 2020-12-23 
12 changes to exploits/shellcodes

10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH)
Victor CMS 1.0 - File Upload To RCE
Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)
CSE Bookstore 1.0 - Multiple SQL Injection
Library Management System 3.0 - _Add Category_ Stored XSS
Multi Branch School Management System 3.5 - _Create Branch_ Stored XSS
WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit)
Webmin 1.962 - 'Package Updates' Escape Bypass RCE (Metasploit)
Artworks Gallery Management System 1.0 - 'id' SQL Injection
Faculty Evaluation System 1.0 - Stored XSS
TerraMaster TOS 4.2.06 - RCE (Unauthenticated)
 2020-12-23 05:01:59 +00:00
Offensive Security
58ad270f64 DB: 2020-12-17 
6 changes to exploits/shellcodes

Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption

Adobe (Multiple Products) - XML Injection File Content Disclosure
GitLab 11.4.7 - Remote Code Execution (Authenticated)
Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting
Raysync 3.3.3.8 - RCE
Magic Home Pro 1.5.1 - Authentication Bypass
PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection
Seotoaster 3.2.0 - Stored XSS on Edit page properties
 2020-12-17 05:01:57 +00:00
Offensive Security
a41b8b4637 DB: 2020-11-25 
7 changes to exploits/shellcodes

docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)
nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting
Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service
ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)
Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)
OpenCart 3.0.3.6 - 'Profile Image' Stored Cross-Site Scripting (Authenticated)
OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting
 2020-11-25 05:01:56 +00:00
Offensive Security
e178c80d85 DB: 2020-10-29 
10 changes to exploits/shellcodes

PackageKit < 1.1.13 - File Existence Disclosure
aptdaemon < 1.1.1 - File Existence Disclosure
Blueman < 2.1.4 - Local Privilege Escalation
Exploit - EPSON 1.124 - 'seksmdb.exe' Unquoted Service Path
Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path
Prey 1.9.6 - _CronService_ Unquoted Service Path
IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path
Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)
CSE Bookstore 1.0 - Authentication Bypass
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion
 2020-10-29 05:02:08 +00:00
Offensive Security
8f6367cf98 DB: 2020-07-08 
8 changes to exploits/shellcodes

Sony Playstation 4 (PS4) < 7.02 / FreeBSD 9 / FreeBSD 12 - 'ip6_setpktopt' Kernel Local Privilege Escalation (PoC)

Microsoft Windows mshta.exe 2019 - XML External Entity Injection

BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI'  Remote Code Execution
BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI'  Remote Code Execution (PoC)
Sickbeard 0.1 - Remote Command Injection
Online Shopping Portal 3.1 - 'email' SQL Injection
Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection
BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation
 2020-07-08 05:01:58 +00:00
Offensive Security
1979df6cb3 DB: 2020-06-19 
51 changes to exploits/shellcodes

Tor Browser < 0.3.2.10 - Use After Free (PoC)
Notepad++ < 7.7 (x64)  - Denial of Service
SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
InputMapper 1.6.10 - Denial of Service

SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)

XnConvert 1.82 - Denial of Service (PoC)

SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC)

SpotDialup 1.6.7 - 'Key' Denial of Service (PoC)

Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)

FreeBSD 12.0 - 'fd' Local Privilege Escalation
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH)

DeviceViewer 3.12.0.1 - Arbitrary Password Change

Winrar 5.80 - XML External Entity Injection

Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution

Siemens TIA Portal - Remote Command Execution

Android 7 < 9 - Remote Code Execution
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)
CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit)

MyBB < 1.8.21 - Remote Code Execution

Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation

Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)

Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery

Publisure Hybrid - Multiple Vulnerabilities

NetGain EM Plus 10.1.68 - Remote Command Execution

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection

WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion

DotNetNuke 9.3.2 - Cross-Site Scripting

VehicleWorkshop 1.0 - 'bookingid' SQL Injection
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload

WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion

WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting

WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
Joomla! 3.9.0 < 3.9.7 - CSV Injection
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
Wing FTP Server - Authenticated CSRF (Delete Admin)

WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification

UADMIN Botnet 1.0 - 'link' SQL Injection

Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload

Wordpress Plugin PicUploader 1.0 - Remote File Upload

PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution

WordPress Plugin Helpful 2.4.11 - SQL Injection

Prestashop 1.7.6.4 - Cross-Site Request Forgery

WordPress Plugin Simple File List 5.4 - Remote Code Execution

Library CMS Powerful Book Management System 2.2.0 - Session Fixation

Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection

Beauty Parlour Management System 1.0 - Authentication Bypass

Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)

Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes)

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
 2020-06-19 05:02:01 +00:00
Offensive Security
e031da05b0 DB: 2020-05-27 
7 changes to exploits/shellcodes

StreamRipper32 2.6 - Buffer Overflow (PoC)
OpenEMR 5.0.1 - Remote Code Execution
Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated)
Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated)
Pi-hole 4.4.0 - Remote Code Execution (Authenticated)
WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution
 2020-05-27 05:02:09 +00:00
Offensive Security
f564ddfd17 DB: 2020-05-13 
10 changes to exploits/shellcodes

LanSend 3.2 - Buffer Overflow (SEH)
MacOS 320.whatis Script - Privilege Escalation
Phase Botnet - Blind SQL Injection
Orchard Core RC1 - Persistent Cross-Site Scripting
ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection
CuteNews 2.1.2 - Authenticated Arbitrary File Upload
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting
qdPM 9.1 - Arbitrary File Upload
TylerTech Eagle 2018.3.11 - Remote Code Execution
 2020-05-13 05:01:48 +00:00
Offensive Security
7cb5d48647 DB: 2020-05-12 
14 changes to exploits/shellcodes

SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions
Pi-hole < 4.4 - Authenticated Remote Code Execution
Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation
Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection
Kartris 1.6 - Arbitrary File Upload
Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting
CuteNews 2.1.2 - Arbitrary File Deletion
OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting
Victor CMS 1.0 - 'post' SQL Injection
Complaint Management System 1.0 - Authentication Bypass
LibreNMS 1.46 - 'search' SQL Injection
 2020-05-12 05:01:50 +00:00
Offensive Security
ccea007282 DB: 2020-05-01 
81 changes to exploits/shellcodes

WordPress 2.9 - Denial of Service
WordPress Core 2.9 - Denial of Service

Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)

IBM AIX 4.3.1 - 'adb' Denial of Service

Jzip -  Buffer Overflow (PoC) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
WordPress 4.0 - Denial of Service
WordPress < 4.0.1 - Denial of Service
WordPress Core 4.0 - Denial of Service
WordPress Core < 4.0.1 - Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

PHPFreeChat 1.7 - Denial of Service

XenForo 2 - CSS Loader Denial of Service

MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)

Windows PowerShell - Unsanitized Filename Command Execution
Microsoft Windows PowerShell - Unsanitized Filename Command Execution

QEMU - Denial of Service

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

FTP Navigator 8.03 -  'Custom Command' Denial of Service (SEH)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

FTPGetter Professional 5.97.0.223 -  Denial of Service (PoC)
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)

Tautulli 2.1.9 - Denial of Service (Metasploit)

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Cisco IP Phone 11.7 - Denial of service (PoC)

PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions  Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass

IBM AIX 4.3.1 - 'adb' Denial of Service

Systrace 1.x (Linux Kernel  x64) - Aware Local Privilege Escalation
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation

Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation

Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Pronestor Health Monitoring < 8.1.11.0  - Privilege Escalation
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation

Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

Linux Kernel 4.8.0-34 < 4.8.0-45  (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation

Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows NTFS - Privileged File Access Enumeration
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
Microsoft Windows NTFS - Privileged File Access Enumeration
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

_GCafé 3.0  - 'gbClienService' Unquoted Service Path
_GCafé 3.0 - 'gbClienService' Unquoted Service Path

Wondershare Application Framework Service - _WsAppService_  Unquote Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)

Bash 5.0 Patch 11 -  SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit

Windows - Shell COM Server Registrar Local Privilege Escalation
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation

Windows Kernel  - Information Disclosure
Microsoft Windows Kernel - Information Disclosure
NVIDIA Update Service Daemon 1.0.21  - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service  1.0.64.7  - 'Andrea ST Filters Service ' Unquoted Service Path
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path

Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)

WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)

Windows PowerShell ISE - Remote Code Execution
Microsoft Windows PowerShell ISE - Remote Code Execution

QEMU - Denial of Service

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

WordPress 1.2 - HTTP Splitting
WordPress Core 1.2 - HTTP Splitting

WordPress 1.5.1.1 - SQL Injection
WordPress Core 1.5.1.1 - SQL Injection

WordPress 1.5.1.1 - 'add new admin' SQL Injection
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection

WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress 1.5.1.3 - Remote Code Execution
WordPress 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress Core 1.5.1.3 - Remote Code Execution
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)

WordPress 2.0.5 - Trackback UTF-7 SQL Injection
WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection

WordPress 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection

WordPress 2.1.2 - 'xmlrpc' SQL Injection
WordPress Core 2.1.2 - 'xmlrpc' SQL Injection

WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing

WordPress 2.2 - 'xmlrpc.php' SQL Injection
WordPress Core 2.2 - 'xmlrpc.php' SQL Injection

WordPress 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload

WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities

WordPress 2.3.1 - Charset SQL Injection
WordPress Core 2.3.1 - Charset SQL Injection

Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection
Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection

WordPress 2.6.1 - SQL Column Truncation
WordPress Core 2.6.1 - SQL Column Truncation

WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)

WordPress 2.8.1 - 'url' Cross-Site Scripting
WordPress Core 2.8.1 - 'url' Cross-Site Scripting

WordPress 2.8.3 - Remote Admin Reset Password
WordPress Core 2.8.3 - Remote Admin Reset Password
WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

WordPress 2.9 - Failure to Restrict URL Access
WordPress Core 2.9 - Failure to Restrict URL Access

Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion

Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection

Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting

Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion

WordPress 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection

WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)

WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)

WordPress 3.1.3 - SQL Injection
WordPress Core 3.1.3 - SQL Injection

WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities

WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting

WordPress 1.5 - 'post.php' Cross-Site Scripting
WordPress Core 1.5 - 'post.php' Cross-Site Scripting

WordPress 2.0 - Comment Post HTML Injection
WordPress Core 2.0 - Comment Post HTML Injection

WordPress 2.0.5 - 'functions.php' Remote File Inclusion
WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion

WordPress 1.x/2.0.x - 'template.php' HTML Injection
WordPress Core 1.x/2.0.x - 'template.php' HTML Injection

WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress 2.1.1 - 'post.php' Cross-Site Scripting
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting
WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress 2.1.1 - Arbitrary Command Execution
WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress Core 2.1.1 - Arbitrary Command Execution
WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution

WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting

WordPress 2.2 - 'Request_URI' Cross-Site Scripting
WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting

WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting

WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting

WordPress 2.3.1 - Unauthorized Post Access
WordPress Core 2.3.1 - Unauthorized Post Access

WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting

WordPress 2.3.3 - 'cat' Directory Traversal
WordPress Core 2.3.3 - 'cat' Directory Traversal

WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 4.2 - Persistent Cross-Site Scripting
WordPress Core 4.2 - Persistent Cross-Site Scripting

WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities

WordPress 3.4.2 - Cross-Site Request Forgery
WordPress Core 3.4.2 - Cross-Site Request Forgery

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery

WordPress 4.5.3 - Directory Traversal / Denial of Service
WordPress Core 4.5.3 - Directory Traversal / Denial of Service

PHPFreeChat 1.7 - Denial of Service
WordPress 4.7.0/4.7.1 - Content Injection (Python)
WordPress 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)

WordPress < 4.7.1 - Username Enumeration
WordPress Core < 4.7.1 - Username Enumeration

WordPress Multiple Plugins - Arbitrary File Upload
Multiple  WordPress Plugins - Arbitrary File Upload

Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download

Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal

Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection

Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
WordPress 4.6 - Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
WordPress Core 4.6 - Remote Code Execution
WordPress Core < 4.7.4 - Unauthorized Password Reset

XenForo 2 - CSS Loader Denial of Service

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion

Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)

Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)

MikroTik 6.41.4 - FTP daemon Denial of Service PoC

Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting

Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla! Component Ek Rishta 2.10 - SQL Injection

Raisecom  XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection

Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection

Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection

Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting

WordPress CherryFramework Themes 3.1.4 - Backup File Download
WordPress Theme CherryFramework 3.1.4 - Backup File Download

WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting

Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing

Jenkins 2.150.2 -  Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Simple Online Hotel Reservation System  - SQL Injection
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

phpBB 3.2.3  - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution

60CycleCMS  - 'news.php' SQL Injection
60CycleCMS - 'news.php' SQL Injection

Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC

WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting

Centreon 19.04  - Remote Code Execution
Centreon 19.04 - Remote Code Execution

WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery

Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection

WordPress 5.2.3 - Cross-Site Host Modification
WordPress Core 5.2.3 - Cross-Site Host Modification

Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution

WordPress Arforms 3.7.1 - Directory Traversal
WordPress Plugin Arforms 3.7.1 - Directory Traversal
WordPress Plugin  FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin  Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin  Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0  - Remote Code Execution
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution

Joomla 3.9.13 - 'Host' Header Injection
Joomla! 3.9.13 - 'Host' Header Injection

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

NopCommerce 4.2.0 -  Privilege Escalation
NopCommerce 4.2.0 - Privilege Escalation

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Online Book Store 1.0 -  'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal ( Metasploit )
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal (Metasploit)

Tautulli 2.1.9 - Denial of Service ( Metasploit )
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass

LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash  LMS 3.1.2 - Reflective Cross-Site Scripting

WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)

Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting

Cacti 1.2.8 - Authenticated  Remote Code Execution
Cacti 1.2.8 - Authenticated Remote Code Execution

Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)

Wordpress Plugin Search Meter 2.13.2 - CSV injection
WordPress Plugin Search Meter 2.13.2 - CSV injection

Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection

Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion

Oracle WebLogic Server 12.2.1.4.0  -  Remote Code Execution
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution

Cisco IP Phone 11.7 - Denial of service (PoC)

Linux/ARM -  Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)

Linux/x86 - Rabbit Encoder Shellcode  (200 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
 2020-05-01 05:02:03 +00:00
Offensive Security
7b676133d3 DB: 2020-04-23 
5 changes to exploits/shellcodes

Vesta Control Panel 0.9.8-16 - Local Privilege Escalation

RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow (SEH)
Edimax EW-7438RPn - Information Disclosure (WiFi Password)
Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering)
Mahara 19.10.2 CMS - Persistent Cross-Site Scripting
 2020-04-23 05:01:50 +00:00
Offensive Security
85cdf30cea DB: 2020-03-19 
7 changes to exploits/shellcodes

NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path
Microsoft VSCode Python Extension - Code Execution
VMWare Fusion - Local Privilege Escalation

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

Netlink GPON Router 1.0.11 - Remote Code Execution

Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
 2020-03-19 05:01:49 +00:00
Offensive Security
79fee2e601 DB: 2020-03-14 
4 changes to exploits/shellcodes

AnyBurn 4.8 - Buffer Overflow (SEH)

Drobo 5N2 4.1.1 - Remote Command Injection

Centos WebPanel 7 - 'term' SQL Injection
 2020-03-14 05:01:46 +00:00
Offensive Security
9a3ddbdd3a DB: 2020-02-05 
5 changes to exploits/shellcodes

Sudo 1.8.25p - Buffer Overflow
Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)
F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)
 2020-02-05 05:02:01 +00:00
Offensive Security
d3ca859971 DB: 2020-01-11 
6 changes to exploits/shellcodes

TotalAV 2020 4.14.31 - Privilege Escalation
Pandora 7.0NG - Remote Code Execution
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution
ASTPP 4.0.1 VoIP Billing - Database Backup Download
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution
 2020-01-11 05:02:00 +00:00
Offensive Security
47d2a76f4f DB: 2019-11-02 
7 changes to exploits/shellcodes

OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path

Nostromo - Directory Traversal Remote Command Execution (Metasploit)
TheJshen contentManagementSystem 1.04 - 'id' SQL Injection
ownCloud 10.3.0 stable - Cross-Site Request Forgery
Apache Solr 8.2.0 - Remote Code Execution
 2019-11-02 05:01:41 +00:00
Offensive Security
afafb6c641 DB: 2019-10-24 
3 changes to exploits/shellcodes

IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
Rocket.Chat 2.1.0 - Cross-Site Scripting
Joomla! 3.4.6 - Remote Code Execution (Metasploit)
 2019-10-24 05:01:42 +00:00
Offensive Security
e4e566f5ff DB: 2019-10-22 
7 changes to exploits/shellcodes

winrar 5.80 64bit - Denial of Service
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)

sudo 1.2.27 - Security Bypass
sudo 1.8.27 - Security Bypass
winrar 5.80 - XML External Entity Injection
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
Solaris 11.4 - xscreensaver Privilege Escalation

CyberArk Password Vault 10.6 - Authentication Bypass
 2019-10-22 05:01:40 +00:00
Offensive Security
588067072a DB: 2019-10-17 
15 changes to exploits/shellcodes

sudo 1.8.28 - Security Bypass
sudo 1.2.27 - Security Bypass
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path
X.Org X Server 1.20.4 - Local Stack Overflow
LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
Solaris xscreensaver 11.4 - Privilege Escalation
Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path

Whatsapp 2.19.216 - Remote Code Execution
Accounts Accounting 7.02 - Persistent Cross-Site Scripting
CyberArk Password Vault 10.6 - Authentication Bypass

Linux/x86 -  Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
 2019-10-17 05:01:44 +00:00
Offensive Security
d1bcd4121d DB: 2019-10-04 
5 changes to exploits/shellcodes

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)
mintinstall 7.9.9 - Code Execution
AnchorCMS < 0.12.3a - Information Disclosure
 2019-10-04 05:01:47 +00:00