bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2831 commits 1 branch 0 tags 258 MiB
Commit graph

349 commits

Author SHA1 Message Date
Offensive Security
40a94aad26 DB: 2019-02-04 
4 changes to exploits/shellcodes

Tiki Wiki 15.1 - File Upload (Metasploit)

LibSSH 0.7.6 / 0.8.4 - Unauthorized Access

Tiki Wiki 15.1 - File Upload (Metasploit)
 2019-02-04 05:01:42 +00:00
Offensive Security
ed58accc5a DB: 2019-01-30 
5 changes to exploits/shellcodes

MiniUPnPd 2.1 - Out-of-Bounds Read

MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation
MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation

HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)

PDF Signer 3.0 - SSTI to RCE via CSRF Cookie

Linux/x86 - execve() - Terminal Calculator (bc) Shellcode (53 bytes)
Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes)
Linux/ARM -  Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes)
Linux/ARM -  Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/x86 - execve(/bin/sh) + RShift-1 Encoded Shellcode (29 bytes)
 2019-01-30 05:01:46 +00:00
Offensive Security
b68cbec24d DB: 2019-01-29 
26 changes to exploits/shellcodes

Sricam gSOAP 2.8 - Denial of Service
Smart VPN 1.1.3.0 - Denial of Service (PoC)
MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)
BEWARD Intercom 2.3.1 - Credentials Disclosure
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference
CMSsite 1.0 - 'cat_id' SQL Injection
CMSsite 1.0 - 'search' SQL Injection
Cisco RV300 / RV320 - Information Disclosure
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
Newsbull Haber Script 1.0.0 - 'search' SQL Injection
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection
Teameyo Project Management System 1.0 - SQL Injection
Mess Management System 1.0 - SQL Injection
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection

Linux/x86 - exit(0) Shellcode (5 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2)
Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes)
Linux/ARM -  Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
 2019-01-29 05:01:52 +00:00
Offensive Security
6e7548ed0d DB: 2019-01-25 
10 changes to exploits/shellcodes

Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)

AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
Joomla! Component J-CruisePortal 6.0.4 - SQL Injection
Joomla! Component JHotelReservation 6.0.7 - SQL Injection
SimplePress CMS 1.0.7 - SQL Injection
SirsiDynix e-Library 3.5.x - Cross-Site Scripting
Splunk Enterprise 7.2.3 - Authenticated Custom App RCE
ImpressCMS 1.3.11 - 'bid' SQL Injection
Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
 2019-01-25 05:01:41 +00:00
Offensive Security
9ef926e1a1 DB: 2019-01-24 
12 changes to exploits/shellcodes

Microsoft Windows CONTACT - HTML Injection / Remote Code Execution
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
Joomla! Component vBizz 1.0.7 - SQL Injection
Joomla! Component vBizz 1.0.7 - Remote Code Execution
Joomla! Component vWishlist 1.0.1 - SQL Injection
Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection
Joomla! Component vReview 1.9.11 - SQL Injection
Joomla! Component vRestaurant 1.9.4 - SQL Injection
Joomla! Component VMap 1.9.6 - SQL Injection
Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection
Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection
Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection
 2019-01-24 05:01:41 +00:00
Offensive Security
2ad3a5e94e DB: 2019-01-22 
11 changes to exploits/shellcodes

Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer
Echo Mirage 3.1 - Buffer Overflow (PoC)

GattLib 0.2 - Stack Buffer Overflow
Kepler Wallpaper Script 1.1 - SQL Injection
Coman 1.0 - 'id' SQL Injection
Reservic 1.0 - 'id' SQL Injection
MoneyFlux 1.0 - 'id' SQL Injection
PHP Dashboards NEW 5.8 - 'dashID' SQL Injection
PHP Dashboards NEW 5.8 - Local File Inclusion
PHP Uber-style GeoTracking 1.1 - SQL Injection
Adianti Framework 5.5.0 - SQL Injection
 2019-01-22 05:01:54 +00:00
Offensive Security
fa261f0558 DB: 2019-01-17 
18 changes to exploits/shellcodes

Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
Roxy Fileman 1.4.5 - Arbitrary File Download
doorGets CMS 7.0 - Arbitrary File Download
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
 2019-01-17 05:01:45 +00:00
Offensive Security
c2a1585898 DB: 2019-01-10 
10 changes to exploits/shellcodes

Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
MDwiki < 0.6.2 - Cross-Site Scripting
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
BlogEngine 3.3 - XML External Entity Injection

Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
 2019-01-10 05:01:43 +00:00
Offensive Security
e8dcb9f022 DB: 2019-01-03 
12 changes to exploits/shellcodes

EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
WebKit JSC - 'AbstractValue::set' Use-After-Free
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write

Ayukov NFTP FTP Client 2.0 - Buffer Overflow
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection
Frog CMS 0.9.5 - Cross-Site Scripting
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
WSTMart 2.0.8 - Cross-Site Scripting
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
WSTMart 2.0.8 - Cross-Site Scripting

FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection

Craft CMS 3.0.25 - Cross-Site Scripting
bludit Pages Editor 3.0.0 - Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
bludit Pages Editor 3.0.0 - Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
Vtiger CRM 7.1.0 - Remote Code Execution
 2019-01-03 05:01:43 +00:00
Offensive Security
1b31850a46 DB: 2018-12-25 
15 changes to exploits/shellcodes

Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)
Google Chrome 70 - SQLite Magellan Crash (PoC)
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
Keybase keybase-redirector - '$PATH' Local Privilege Escalation
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
Netatalk - Bypass Authentication
Kubernetes - (Unauthenticated) Arbitrary Requests
Kubernetes - (Authenticated) Arbitrary Requests
WSTMart 2.0.8 - Cross-Site Scripting
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)

Linux/x86 - Kill All Processes Shellcode (14 bytes)
 2018-12-25 05:01:44 +00:00
Offensive Security
aedf107ce9 DB: 2018-12-20 
12 changes to exploits/shellcodes

MiniShare Server 1.3.2 - Remote Denial of Service
MiniShare 1.3.2 - Remote Denial of Service

MiniShare 1.5.5 - Local Buffer Overflow (SEH)
MiniShare 1.5.5 - 'users.txt' Local Buffer Overflow (SEH)
Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure
PassFab RAR 9.3.2 - Buffer Overflow (SEH)
LanSpy 2.0.1.159 - Local Buffer Overflow
PDF Explorer 1.5.66.2 - Buffer Overflow (SEH)

MiniShare HTTP 1.5.5 - Remote Buffer Overflow
MiniShare 1.5.5 - Remote Buffer Overflow

MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)
Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting
Integria IMS 5.0.83 - Cross-Site Request Forgery
Bolt CMS < 3.6.2 - Cross-Site Scripting
Yeswiki Cercopitheque - 'id' SQL Injection
IBM Operational Decision Manager 8.x - XML External Entity Injection

Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)
 2018-12-20 05:01:43 +00:00
Offensive Security
a9bfc525dd DB: 2018-12-18 
1 changes to exploits/shellcodes

GNU inetutils < 1.9.4 - 'telnet.c' Multiple Overflows (PoC)
 2018-12-18 05:01:47 +00:00
Offensive Security
04a490a7c2 DB: 2018-12-14 
3 changes to exploits/shellcodes

Linux - 'userfaultfd' Bypasses tmpfs File Permissions
WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains

CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
 2018-12-14 05:01:46 +00:00
Offensive Security
516678356d DB: 2018-12-06 
2 changes to exploits/shellcodes

ImageMagick - Memory Leak
Apache Superset 0.23 - Remote Code Execution
Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
Apache Superset < 0.23 - Remote Code Execution
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting

HasanMWB 1.0 - SQL Injection
 2018-12-06 05:01:45 +00:00
Offensive Security
60710bbfd9 DB: 2018-12-05 
19 changes to exploits/shellcodes

Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
Wireshark - 'find_signature' Heap Out-of-Bounds Read
Xorg X11 Server (AIX) - Local Privilege Escalation
Emacs - movemail Privilege Escalation (Metasploit)
OpenSSH < 7.7 - User Enumeration (2)
HP Intelligent Management - Java Deserialization RCE (Metasploit)
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
KeyBase Botnet 1.5 - SQL Injection
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting

Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
 2018-12-05 05:01:44 +00:00
Offensive Security
0a4925cc93 DB: 2018-12-04 
10 changes to exploits/shellcodes

Mozilla Firefox 63.0.1 - Denial of Service (PoC)
Budabot 4.0 - Denial of Service (PoC)

CyberArk 9.7 - Memory Disclosure
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
Apache Superset 0.23 - Remote Code Execution
Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
 2018-12-04 05:01:48 +00:00
Offensive Security
7cc86c322f DB: 2018-12-01 
8 changes to exploits/shellcodes

Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
VBScript - 'rtFilter' Out-of-Bounds Read
HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation

Apache Spark - Unauthenticated Command Execution (Metasploit)
Schneider Electric PLC - Session Calculation Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
 2018-12-01 05:01:40 +00:00
Offensive Security
62445895aa DB: 2018-11-30 
8 changes to exploits/shellcodes

WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object
Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit)
Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
PHP imap_open - Remote Code Execution (Metasploit)
TeamCity Agent - XML-RPC Command Execution (Metasploit)
 2018-11-30 05:01:41 +00:00
Offensive Security
dfd1e454e1 DB: 2018-11-28 
10 changes to exploits/shellcodes

MariaDB Client 10.1.26 - Denial of Service (PoC)
Arm Whois 3.11 - Buffer Overflow (ASLR)
Xorg X11 Server - SUID privilege escalation (Metasploit)
ELBA5 5.8.0 - Remote Code Execution
Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
Ticketly 1.0 - 'kind_id' SQL Injection
No-Cms 1.0 - 'order_by' SQL Injection
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
 2018-11-28 11:08:29 +00:00
Offensive Security
9496a4320a DB: 2018-11-18 
4 changes to exploits/shellcodes

systemd - reexec State Injection
systemd - chown_one() can Dereference Symlinks
systemd - 'reexec' State Injection

Centos 7.1 / Fedora 22 - abrt Privilege Escalation
abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation

Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download
Google Chrome (Fedora 25 / Ubuntu 16.04) - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download

glibc - 'getcwd()' Local Privilege Escalation
glibc < 2.26 - 'getcwd()' Local Privilege Escalation

Linux Kernel <  4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation
Linux Kernel <  4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation

systemd - 'chown_one()' Dereference Symlinks

SilverStripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - (Multiple Vulnerabilities) Cross-Site Scripting / Cross-Site Request Forgery

EditMe CMS - Cross-Site Request Forgery (Add New Admin)
EditMe CMS - Cross-Site Request Forgery (Add Admin)

Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure
WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure

WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User)
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)

Drupal < 7.58 - 'drupalgeddon3' (Authenticated) Remote Code Execution (PoC)
Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)

IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)

KingMedia 4.1 - Remote Code Execution
KingMedia 4.1 - File Upload

CMS Made Simple 2.2.7 - Remote Code Execution
CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution

LibreHealth 2.0.0 - Arbitrary File Actions
LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
 2018-11-18 05:01:40 +00:00
Offensive Security
5643770257 DB: 2018-11-17 
6 changes to exploits/shellcodes

Mumsoft Easy Software 2.0 - Denial of Service (PoC)
Easy Outlook Express Recovery 2.0 - Denial of Service (PoC)

Linux - Broken uid/gid Mapping for Nested User Namespaces

Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
Helpdezk 1.1.1 - Arbitrary File Upload
DomainMOD 4.11.01 - Cross-Site Scripting
 2018-11-17 05:01:40 +00:00
Offensive Security
268e737bb6 DB: 2018-11-16 
21 changes to exploits/shellcodes

Notepad3 1.0.2.350 - Denial of Service (PoC)

PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / Disable Functions Bypass

PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass
PHP 5.2.4 ionCube - 'ioncube_read_file' Safe Mode / Disable Functions Bypass

PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass
PHP 5.x COM - Safe Mode / Disable Functions Bypass

VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation
VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation

Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation
Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation

Libuser - 'roothelper' Privilege Escalation (Metasploit)
Libuser - 'roothelper' Local Privilege Escalation (Metasploit)

Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)
Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)

Sun Solaris 11.3 AVS - Local Kernel root Exploit
Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation
PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass
Webkit (Safari) - Universal Cross-site Scripting
Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting

PHP < 5.6.2 - 'Shellshock' 'disable_functions()' Bypass Command Injection
PHP < 5.6.2 - 'Shellshock' Safe Mode / Disable Functions Bypass / Command Injection

PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function
PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' Disable Functions Bypass / Load Dynamic Library

PHP Imagick 3.3.0 - disable_functions Bypass
Imagick 3.3.0 (PHP 5.4) - Disable Functions Bypass
Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)
PHP-Proxy 5.1.0 - Local File Inclusion
BitZoom 1.0 - 'rollno' SQL Injection
Net-Billetterie 2.9 - 'login' SQL Injection
Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection
EverSync 0.5 - Arbitrary File Download
Meneame English Pligg 5.8 - 'search' SQL Injection
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Simple E-Document 1.31 - 'username' SQL Injection
2-Plan Team 1.0.4 - Arbitrary File Upload
PHP Mass Mail 1.0 - Arbitrary File Upload
Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
 2018-11-16 05:01:40 +00:00
Offensive Security
1d25aee539 DB: 2018-11-15 
15 changes to exploits/shellcodes

AMPPS 2.7 - Denial of Service (PoC)
Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)
ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)
SwitchVPN for macOS 2.1012.03 - Privilege Escalation

Atlassian Jira - Authenticated Upload Code Execution (Metasploit)
iServiceOnline 1.0 - 'r' SQL Injection
Helpdezk 1.1.1 - 'query' SQL Injection
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
EdTv 2 - 'id' SQL Injection
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
Advanced Comment System 1.0 - SQL Injection
Rmedia SMS 1.0 - SQL Injection
Pedidos 1.0 - SQL Injection
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
 2018-11-15 05:01:40 +00:00
Offensive Security
3a7153b2ac DB: 2018-11-14 
24 changes to exploits/shellcodes

CuteFTP Mac 3.1 - Denial of Service (PoC)
Evince 3.24.0 - Command Injection
Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service
XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
xorg-x11-server < 1.20.1 - Local Privilege Escalation

Data Center Audit 2.6.2 - 'username' SQL Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection

Nominas 0.27 - 'username' SQL Injection
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
Surreal ToDo 0.6.1.2 - SQL Injection
Surreal ToDo 0.6.1.2 - Local File Inclusion
Alienor Web Libre 2.0 - SQL Injection
Musicco 2.0.0 - Arbitrary Directory Download
Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin)
Tina4 Stack 1.0.3 - SQL Injection / Database File Download
Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)
Easyndexer 1.0 - Arbitrary File Download
ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)
Gumbo CMS 0.99 - SQL Injection
Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload
Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download
Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
Webiness Inventory 2.3 - SQL Injection
SIPve 0.0.2-R19 - SQL Injection

Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)
 2018-11-14 05:01:43 +00:00
Offensive Security
3a6748b9d9 DB: 2018-11-13 
15 changes to exploits/shellcodes

HeidiSQL 9.5.0.5196 - Denial of Service (PoC)
CuteFTP 9.3.0.3 - Denial of Service (PoC)
Mongoose Web Server 6.9 - Denial of Service (PoC)
Data Center Audit 2.6.2 - 'username' SQL Injection
TufinOS 2.17 Build 1193 - XML External Entity Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
Nominas 0.27 - 'username' SQL Injection
 2018-11-13 05:01:42 +00:00
Offensive Security
925e6e0629 DB: 2018-11-10 
2 changes to exploits/shellcodes

Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)
Microsoft Windows 10 (x86/x64) - WLAN AutoConfig Denial of Service (PoC)
Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation
Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation

openslp 2.0.0 - Double-Free
OpenSLP 2.0.0 - Double-Free

Windows Speech Recognition - Buffer Overflow (PoC)
Microsoft Windows Speech Recognition - Buffer Overflow (PoC)

Microsoft Windows Utility Manager - Local SYSTEM (MS04-011)
Microsoft Windows Utility Manager - Local Privilege Escalation (MS04-011)

Windows Firewall Control - Unquoted Service Path Privilege Escalation
Microsoft Windows Firewall Control - Unquoted Service Path Privilege Escalation

Windows DVD Maker 6.1.7 - XML External Entity Injection
Microsoft Windows DVD Maker 6.1.7 - XML External Entity Injection

Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)

Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
Microsoft Windows 10  (Build 1703  Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation

Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation
Microsoft Windows Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation

Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation
Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation

Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
Microsoft Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
OpenSLP 2.0.0 - Multiple Vulnerabilities
Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)
 2018-11-10 05:01:40 +00:00
Offensive Security
11366ca935 DB: 2018-11-07 
18 changes to exploits/shellcodes

FaceTime - RTP Video Processing Heap Corruption
FaceTime - 'readSPSandGetDecoderParams' Stack Corruption
FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption
Blue Server 1.1 - Denial of Service (PoC)
eToolz 3.4.8.0 - Denial of Service (PoC)
VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)
Arm Whois 3.11 - Buffer Overflow (SEH)
libiec61850 1.3 - Stack Based Buffer Overflow
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)

PHP Proxy 3.0.3 - Local File Inclusion

Voovi Social Networking Script 1.0 - 'user' SQL Injection
CMS Made Simple 2.2.7 - Remote Code Execution
OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)
Grocery crud 1.6.1 - 'search_field' SQL Injection
OOP CMS BLOG 1.0 - 'search' SQL Injection
OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
LibreHealth 2.0.0 - Arbitrary File Actions
 2018-11-07 05:01:44 +00:00
Offensive Security
ef70ec156b DB: 2018-10-31 
22 changes to exploits/shellcodes

ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
SIPp 3.3.990 - Local Buffer Overflow (PoC)
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
xorg-x11-server 1.20.3 - Privilege Escalation
Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)

Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
Electricks eCommerce 1.0 - 'prodid' SQL Injection
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
Webiness Inventory 2.9 - Arbitrary File Upload
NETGEAR WiFi Router R6120 - Credential Disclosure
MyBB Downloads 2.0.3 - SQL Injection
Expense Management 1.0 - Arbitrary File Upload
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
Notes Manager 1.0 - Arbitrary File Upload
Instagram Clone 1.0 - Arbitrary File Upload
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
CI User Login and Management 1.0 - Arbitrary File Upload

Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)
 2018-10-31 05:01:53 +00:00
Offensive Security
15b77b5965 DB: 2018-10-30 
33 changes to exploits/shellcodes

Navicat 12.0.29 - 'SSH' Denial of Service (PoC)
AlienIP 2.41 - Denial of Service (PoC)
Local Server 1.0.9 - Denial of Service (PoC)
systemd - reexec State Injection
systemd - chown_one() can Dereference Symlinks
ASRock Drivers - Privilege Escalation
Modbus Slave 7.0.0 - Denial of Service (PoC)
School Equipment Monitoring System 1.0 - 'login' SQL Injection
Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)

Paramiko 2.4.1 - Authentication Bypass
Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection
Grapixel New Media 2 - 'pageref' SQL Injection
Library Management System 1.0 - 'frmListBooks' SQL Injection
Open Faculty Evaluation System 7 - 'batch_name' SQL Injection
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
MTGAS  MOGG Web Simulator Script - SQL Injection
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
Curriculum Evaluation System 1.0 - SQL Injection
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection
School Event Management System 1.0 - SQL Injection
School Event Management System 1.0 - Arbitrary File Upload
School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Arbitrary File Upload
School Attendance Monitoring System 1.0 - SQL Injection
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
RhinOS CMS 3.x - Arbitrary File Download
E-Negosyo System 1.0 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)
SaltOS Erp Crm 3.1 r8126 - Database File Download
K-iwi Framework 1775 - SQL Injection
 2018-10-30 05:01:46 +00:00
Offensive Security
832a222df4 DB: 2018-10-26 
21 changes to exploits/shellcodes

ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)
BORGChat 1.0.0 build 438 - Denial of Service (PoC)

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
Adult Filter 1.0 - Buffer Overflow (SEH)
WebEx - Local Service Permissions Exploit (Metasploit)

exim 4.90 - Remote Code Execution
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
exim 4.90 - Remote Code Execution
WebExec - Authenticated User Code Execution (Metasploit)

ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
phptpoint Pharmacy Management System 1.0 - 'username' SQL injection
phptpoint Hospital Management System 1.0 - 'user' SQL injection
Simple Chat System 1.0 - 'id' SQL Injection
Delta Sql 1.8.2 - Arbitrary File Upload
User Management 1.1 - Cross-Site Scripting
ClipBucket 2.8 - 'id' SQL Injection
Simple POS and Inventory 1.0 - 'cat' SQL Injection
AiOPMSD Final 1.0.0 - 'q' SQL Injection
AjentiCP 1.2.23.13 - Cross-Site Scripting
MPS Box 0.1.8.0 - 'uuid' SQL Injection
Open STA Manager 2.3 - Arbitrary File Download
 2018-10-26 05:01:46 +00:00
Offensive Security
dac8dd4731 DB: 2018-10-25 
15 changes to exploits/shellcodes

Adult Filter 1.0 - Denial of Service (PoC)

Microsoft Data Sharing - Local Privilege Escalation (PoC)

Webmin 1.5 - Web Brute Force (CGI)

exim 4.90 - Remote Code Execution
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
SG ERP 1.0 - 'info' SQL Injection
Fifa Master XLS 2.3.2 - 'usw' SQL Injection
Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
Apache OFBiz 16.11.04 - XML External Entity Injection
D-Link Routers - Command Injection
D-Link Routers - Plaintext Password
D-Link Routers - Directory Traversal

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes
 2018-10-25 05:01:46 +00:00
Offensive Security
60464134cb DB: 2018-10-20 
1 changes to exploits/shellcodes

libSSH - Authentication Bypass

PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin)
PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)
 2018-10-20 05:01:44 +00:00
Offensive Security
635345499a DB: 2018-10-18 
15 changes to exploits/shellcodes

Git Submodule - Arbitrary Code Execution
Git Submodule - Arbitrary Code Execution (PoC)
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
Git Submodule - Arbitrary Code Execution

Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)

Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials
BigTree CMS 4.2.23 - Cross-Site Scripting
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
Time and Expense Management System 3.0 - 'table' SQL Injection
 2018-10-18 05:01:46 +00:00
Offensive Security
038ac7b860 DB: 2018-10-11 
4 changes to exploits/shellcodes

FileZilla 3.33 - Buffer Overflow (PoC)

WhatsApp - RTP Processing Heap Corruption

MicroTik RouterOS < 6.43rc3 - Remote Root

Ektron CMS 9.20 SP2 - Improper Access Restrictions
 2018-10-11 05:01:43 +00:00
Offensive Security
6fe17058fb DB: 2018-10-10 
15 changes to exploits/shellcodes

Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass
Microsoft Edge Chakra JIT - Type Confusion

Seqrite End Point Security 7.4 - Privilege Escalation

Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass)

360 3.5.0.1033 - Sandbox Escape
ghostscript - executeonly Bypass with errorhandler Setup
ifwatchd - Privilege Escalation (Metasploit)

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit)

Wikidforum 2.20 - 'select_sort' SQL Injection

Wikidforum 2.20 - 'message_id' SQL Injection

Monstra 3.0.4 - Cross-Site Scripting
 2018-10-10 05:01:44 +00:00
Offensive Security
b311000a22 DB: 2018-10-09 
16 changes to exploits/shellcodes

net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)
net-snmp 5.7.3 - Authenticated Denial of Service (PoC)
Linux - Kernel Pointer Leak via BPF
Android - sdcardfs Changes current->fs Without Proper Locking
360 3.5.0.1033 - Sandbox Escape
Git Submodule - Arbitrary Code Execution
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)
Cisco Prime Infrastructure - Unauthenticated Remote Code Execution
Unitrends UEB - HTTP API Remote Code Execution (Metasploit)
Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
Imperva SecureSphere 13 - Remote Command Execution

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
 2018-10-09 05:01:44 +00:00
Offensive Security
89530e070b DB: 2018-10-05 
5 changes to exploits/shellcodes

virtualenv 16.0.0 - Sandbox Escape
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR)

LayerBB Forum 1.1.1 - 'search_query' SQL Injection

Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (50 byes)
 2018-10-05 05:02:07 +00:00
Offensive Security
716ece3cc6 DB: 2018-10-02 
13 changes to exploits/shellcodes

Snes9K 0.0.9z - Denial of Service (PoC)
Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
H2 Database 1.4.196 - Remote Code Execution
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
Fork CMS 5.4.0 - Cross-Site Scripting
Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection
Education Website 1.0 - 'subject' SQL Injection
Singleleg MLM Software 1.0 - 'msg_id' SQL Injection
Binary MLM Software 1.0 - 'pid' SQL Injection
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
WUZHICMS 2.0 - Cross-Site Scripting
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
 2018-10-02 05:01:58 +00:00
Offensive Security
6efd01d5b6 DB: 2018-09-27 
5 changes to exploits/shellcodes

TransMac 12.2 - Denial of Service (PoC)
CrossFont 7.5 - Denial of Service (PoC)

Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath

Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)
 2018-09-27 05:01:58 +00:00
Offensive Security
ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
 2018-09-25 05:01:51 +00:00
Offensive Security
c7cec74ceb DB: 2018-09-20 
6 changes to exploits/shellcodes

Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
LG SuperSign EZ CMS 2.5 - Local File Inclusion
 2018-09-20 05:01:45 +00:00
Offensive Security
c1b7aa12fc DB: 2018-09-15 
10 changes to exploits/shellcodes

CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC)
InfraRecorder 0.53 - '.txt' Denial of Service (PoC)
Faleemi Plus 1.0.2 - Denial of Service (PoC)

Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH)
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection

Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)
Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes)
Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes)
Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
 2018-09-15 05:01:52 +00:00
Offensive Security
2785d40187 DB: 2018-09-14 
12 changes to exploits/shellcodes

Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)
MediaTek Wirless Utility rt2870 - Denial of Service (PoC)
TeamViewer App 13.0.100.0 - Denial of Service (PoC)
Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler
InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH)
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation
Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH)
Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH)
Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow
Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket

MyBB 1.8.17 - Cross-Site Scripting
Apache Portals Pluto 3.0.0 - Remote Code Execution
Apache Syncope 2.0.7 - Remote Code Execution
 2018-09-14 05:01:54 +00:00
Offensive Security
b42759b8b8 DB: 2018-09-13 
15 changes to exploits/shellcodes

jiNa OCR Image to Text 1.0 - Denial of Service (PoC)
PixGPS 1.1.8 - Denial of Service (PoC)
RoboImport 1.2.0.72 - Denial of Service (PoC)
PicaJet FX 2.6.5 - Denial of Service (PoC)
iCash 7.6.5 - Denial of Service (PoC)
PDF Explorer 1.5.66.2 - Denial of Service (PoC)
Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC)
Apple macOS 10.13.4 - Denial of Service (PoC)
CirCarLife SCADA 4.3.0 - Credential Disclosure
Rubedo CMS 3.4.0 - Directory Traversal
SynaMan 4.0 build 1488 - Authenticated Cross-Site Scripting (XSS)
SynaMan 4.0 build 1488 - SMTP Credential Disclosure
IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection
MyBB 1.8.17 - Cross-Site Scripting
LG Smart IP Camera 1508190 - Backup File Download
 2018-09-13 05:01:52 +00:00
Offensive Security
87053f010c DB: 2018-09-11 
12 changes to exploits/shellcodes

SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH)
Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH)
Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Zenmap (Nmap) 7.70 - Denial of Service (PoC)
Ghostscript - Failed Restore Command Execution (Metasploit)
VirtualBox 5.2.6.r120293 - VM Escape

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities
RPi Cam Control < 6.3.14 - Multiple Vulnerabilities
LW-N605R 12.20.2.1486 - Remote Code Execution
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
 2018-09-11 05:01:54 +00:00
Offensive Security
76af808136 DB: 2018-09-08 
6 changes to exploits/shellcodes

DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH)
iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow (SEH)

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution

D-Link Dir-600M N150 - Cross-Site Scripting
MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection
Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
QNAP Photo Station 5.7.0 - Cross-Site Scripting
 2018-09-08 05:01:54 +00:00
Offensive Security
8379495e8e DB: 2018-09-07 
10 changes to exploits/shellcodes

Cisco Umbrella Roaming Client 2.0.168 - Privilege Escalation

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)

Tenda ADSL Router D152 - Cross-Site Scripting
Jorani Leave Management 0.6.5 - Cross-Site Scripting
Jorani Leave Management 0.6.5 - 'startdate' SQL Injection
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
Online Quiz Maker 1.0 - 'catid' SQL Injection
Logicspice FAQ Script 2.9.7 - Remote Code Execution
PHP File Browser Script 1 - Directory Traversal
Online Quiz Maker 1.0 - 'catid' SQL Injection
D-Link Dir-600M N150 - Cross-Site Scripting
Logicspice FAQ Script 2.9.7 - Remote Code Execution
PHP File Browser Script 1 - Directory Traversal
 2018-09-07 05:01:55 +00:00
Offensive Security
32f471140a DB: 2018-09-06 
18 changes to exploits/shellcodes

Microsoft people 10.1807.2131.0 - Denial of service (PoC)

GNU glibc < 2.27 - Local Buffer Overflow

UltraISO 9.7.1.3519 - Buffer Overflow (SEH)

JBoss 4.2.x/4.3.x - Information Disclosure

Git < 2.17.1 - Remote Code Execution

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

Monstra CMS 3.0.4 - Remote Code Execution

OpenDaylight - SQL Injection
Tenda ADSL Router D152 - Cross-Site Scripting

Pivotal Spring Java Framework < 5.0 - Remote Code Execution
 2018-09-06 05:01:55 +00:00
Offensive Security
a0f0afa2de DB: 2018-09-01 
5 changes to exploits/shellcodes

Acunetix WVS Reporter 10.0 - Denial of Service (PoC)
Argus Surveillance DVR 4.0.0.0 - Privilege Escalation
Network Manager VPNC - Username Privilege Escalation (Metasploit)
Vox TG790 ADSL Router - Cross-Site Scripting
DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)
 2018-09-01 05:01:55 +00:00
Offensive Security
444206a6be DB: 2018-08-30 
21 changes to exploits/shellcodes

NASA openVSP 3.16.1 - Denial of Service (PoC)
Immunity Debugger 1.85 - Denial of Service (PoC)
ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)
Fathom 2.4 - Denial Of Service (PoC)
Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)
Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)
HD Tune Pro 5.70 - Denial of Service (PoC)
Drive Power Manager 1.10 - Denial Of Service (PoC)
Easy PhotoResQ 1.0 - Denial Of Service (PoC)
Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC)
SIPP 3.3 - Stack-Based Buffer Overflow
R 3.4.4 - Buffer Overflow (SEH)

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure
phpMyAdmin 4.7.x - Cross-Site Request Forgery
Episerver 7 patch 4 - XML External Entity Injection
Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes)
Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode
Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes)
Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)
 2018-08-30 05:01:54 +00:00