exploit-db-mirror

Author	SHA1	Message	Date
Exploit-DB	989122095f	DB: 2025-04-04 11 changes to exploits/shellcodes/ghdb AppSmith 1.47 - Remote Code Execution (RCE) ollama 0.6.4 - Server Side Request Forgery (SSRF) Vite 6.2.2 - Arbitrary File Read ABB Cylon Aspect 3.07.02 - File Disclosure (Authenticated) Nagios Log Server 2024R1.3.1 - Stored XSS Webmin Usermin 2.100 - Username Enumeration ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials openSIS 9.1 - SQLi (Authenticated) Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure ProSSHD 1.2 - Denial of Service (DOS)	2025-04-04 00:16:25 +00:00
Exploit-DB	aa67db6cea	DB: 2024-04-13 15 changes to exploits/shellcodes/ghdb MinIO < 2024-01-31T20-20-33Z - Privilege Escalation PrusaSlicer 2.6.1 - Arbitrary code execution GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload HTMLy Version v2.9.6 - Stored XSS Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - _sort_ parameter PopojiCMS Version 2.0.1 - Remote Command Execution Quick CMS v6.7 en 2023 - 'password' SQLi Service Provider Management System v1.0 - SQL Injection WBCE 1.6.0 - Unauthenticated SQL injection WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated) Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS) Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS) Ray OS v2.6.3 - Command Injection RCE(Unauthorized) Terratec dmx_6fire USB - Unquoted Service Path	2024-04-13 00:16:27 +00:00
Exploit-DB	8c78d80c78	DB: 2024-03-17 7 changes to exploits/shellcodes/ghdb Karaf v4.4.3 Console - RCE Nokia BMC Log Scanner - Remote Code Execution vm2 - sandbox escape UPS Network Management Card 4 - Path Traversal Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated) LaborOfficeFree 19.10 - MySQL Root Password Calculator	2024-03-17 00:16:40 +00:00
Exploit-DB	7ef8e488d8	DB: 2024-03-04 22 changes to exploits/shellcodes/ghdb GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated) R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution TPC-110W - Missing Authentication for Critical Function A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc Easywall 0.3.1 - Authenticated Remote Command Execution Magento ver. 2.4.6 - XSLT Server Side Injection AC Repair and Services System v1.0 - Multiple SQL Injection Enrollment System v1.0 - SQL Injection Petrol Pump Management Software v.1.0 - SQL Injection Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload Real Estate Management System v1.0 - Remote Code Execution via File Upload Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection Simple Student Attendance System v1.0 - Time Based Blind SQL Injection Boss Mini 1.4.0 - local file inclusion Windows PowerShell - Event Log Bypass Single Quote Code Execution	2024-03-04 00:16:34 +00:00
Exploit-DB	c18d9953a2	DB: 2023-07-29 22 changes to exploits/shellcodes/ghdb Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS) Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities Joomla HikaShop 4.7.4 - Reflected XSS Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS mooDating 1.2 - Reflected Cross-site scripting (XSS) October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated) PaulPrinting CMS - (Search Delivery) Cross Site Scripting Perch v3.2 - Persistent Cross Site Scripting (XSS) RosarioSIS 10.8.4 - CSV Injection WordPress Plugin AN_Gradebook 5.0.1 - SQLi Zomplog 3.9 - Cross-site scripting (XSS) zomplog 3.9 - Remote Code Execution (RCE) copyparty 1.8.2 - Directory Traversal copyparty v1.8.6 - Reflected Cross Site Scripting (XSS) GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)	2023-07-29 00:16:43 +00:00
Exploit-DB	3a3c03321c	DB: 2023-07-20 18 changes to exploits/shellcodes/ghdb Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution ABB FlowX v4.00 - Exposure of Sensitive Information TP-Link TL-WR740N - Authenticated Directory Transversal Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS) Blackcat Cms v1.4 - Remote Code Execution (RCE) Blackcat Cms v1.4 - Stored XSS CmsMadeSimple v2.2.17 - Remote Code Execution (RCE) CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI) CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting (XSS) Joomla! com_booking component 2.4.9 - Information Leak (Account enumeration) Online Piggery Management System v1.0 - unauthenticated file upload vulnerability phpfm v1.7.9 - Authentication type juggling PimpMyLog v1.7.14 - Improper access control PMB 7.4.6 - SQL Injection Statamic 4.7.0 - File-Inclusion Vaidya-Mitra 1.0 - Multiple SQLi	2023-07-20 00:16:46 +00:00
Exploit-DB	0a7adaa3fc	DB: 2023-05-24 40 changes to exploits/shellcodes/ghdb Optoma 1080PSTX Firmware C02 - Authentication Bypass Screen SFT DAB 600/C - Authentication Bypass Account Creation Screen SFT DAB 600/C - Authentication Bypass Admin Password Change Screen SFT DAB 600/C - Authentication Bypass Erase Account Screen SFT DAB 600/C - Authentication Bypass Password Change Screen SFT DAB 600/C - Authentication Bypass Reset Board Config Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx) PnPSCADA v2.x - Unauthenticated PostgreSQL Injection Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution Yank Note v3.52.1 (Electron) - Arbitrary Code Execution Apache Superset 2.0.0 - Authentication Bypass FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting) PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE) Affiliate Me Version 5.0.1 - SQL Injection Best POS Management System v1.0 - Unauthenticated Remote Code Execution Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated) ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated) CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting) e107 v2.3.2 - Reflected XSS File Thingie 2.5.7 - Remote Code Execution (RCE) GetSimple CMS v3.3.16 - Remote Code Execution (RCE) LeadPro CRM v1.0 - SQL Injection PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS) Prestashop 8.0.4 - CSV injection Quicklancer v1.0 - SQL Injection SitemagicCMS 4.4.3 - Remote Code Execution (RCE) Smart School v1.0 - SQL Injection Stackposts Social Marketing Tool v1.0 - SQL Injection thrsrossi Millhouse-Project 1.414 - Remote Code Execution TinyWebGallery v2.5 - Remote Code Execution (RCE) WBiz Desk 1.2 - SQL Injection Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS) WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking MobileTrans 4.0.11 - Weak Service Privilege Escalation Trend Micro OfficeScan Client 10.0 - ACL Service LPE eScan Management Console 14.0.1400.2281 - Cross Site Scripting eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)	2023-05-24 00:16:34 +00:00
Exploit-DB	8945b320b5	DB: 2023-05-06 20 changes to exploits/shellcodes/ghdb Codigo Markdown Editor v1.0.1 (Electron) - Remote Code Execution Cmaps v8.0 - SQL injection EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal) File Thingie 2.5.7 - Remote Code Execution (RCE) Intern Record System v1.0 - SQL Injection (Unauthenticated) Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Jedox 2022.4.2 - Code Execution via RPC Interfaces Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Jedox 2022.4.2 - Remote Code Execution via Directory Traversal KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE) Online Pizza Ordering System v1.0 - Unauthenticated File Upload pluck v4.7.18 - Stored Cross-Site Scripting (XSS) Simple Task Managing System v1.0 - SQL Injection (Unauthenticated) Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE) Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS) Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)	2023-05-06 00:16:26 +00:00
Exploit-DB	673c08ece5	DB: 2023-04-25 4 changes to exploits/shellcodes/ghdb ImageMagick 7.1.0-49 - Arbitrary File Read ImageMagick 7.1.0-49 - Arbitrary File Read Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection pdfkit v0.8.7.2 - Command Injection	2023-04-25 00:16:26 +00:00
Exploit-DB	0cb2c9699d	DB: 2023-04-11 8 changes to exploits/shellcodes/ghdb Roxy Fileman 1.4.5 - Arbitrary File Upload Paradox Security Systems IPR512 - Denial Of Service WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing BrainyCP V1.0 - Remote Code Execution Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE) ever gauzy v0.281.9 - JWT weak HMAC secret	2023-04-11 00:16:33 +00:00
Exploit-DB	85954a8fad	DB: 2023-04-09 34 changes to exploits/shellcodes/ghdb ENTAB ERP 1.0 - Username PII leak ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS) ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS) FortiRecorder 6.4.3 - Denial of Service Schneider Electric v1.0 - Directory traversal & Broken Authentication Altenergy Power Control Software C1.2.5 - OS command injection Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE) Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated) Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu) Lucee Scheduled Job v1.0 - Command Execution Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE) Adobe Connect 11.4.5 - Local File Disclosure Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS) Suprema BioStar 2 v2.8.16 - SQL Injection Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS) dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated) GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Icinga Web 2.10 - Arbitrary File Disclosure Joomla! v4.2.8 - Unauthenticated information disclosure Medicine Tracker System v1.0 - Sql Injection Online Appointment System V1.0 - Cross-Site Scripting (XSS) Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE) pfsenseCE v2.6.0 - Anti-brute force protection bypass Restaurant Management System 1.0 - SQL Injection WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS) X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated) X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated) Microsoft Windows 11 - 'cmd.exe' Denial of Service ActFax 10.10 - Unquoted Path Services ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation	2023-04-09 00:16:30 +00:00
Exploit-DB	d4e68dbb7e	DB: 2023-04-04 39 changes to exploits/shellcodes/ghdb ProLink PRS1841 PLDT Home fiber - Default Password Nacos 2.0.3 - Access Control vulnerability sudo 1.8.0 to 1.9.12p1 - Privilege Escalation sleuthkit 4.11.1 - Command Injection Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS) ManageEngin AMP 4.3.0 - File-path-traversal SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS) AmazCart CMS 3.4 - Cross-Site-Scripting (XSS) Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS) Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated Art Gallery Management System Project v1.0 - SQL Injection (sqli) Unauthenticated ChiKoi v1.0 - SQL Injection ERPGo SaaS 3.9 - CSV Injection GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE) GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration) Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS) MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated) Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Prizm Content Connect v10.5.1030.8315 - XXE SLIMSV 9.5.2 - Cross-Site Scripting (XSS) WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS) Roxy WI v6.1.0.0 - Improper Authentication Control Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload Solaris 10 libXm - Buffer overflow Local privilege escalation Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path Windows 11 10.0.22000 - Backup service Privilege Escalation Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free Shellcode (373 bytes)	2023-04-04 00:16:32 +00:00
Offensive Security	d63de06c7a	DB: 2022-11-10 2776 changes to exploits/shellcodes/ghdb	2022-11-10 16:39:50 +00:00
Offensive Security	7cbe771564	DB: 2022-09-21 5 changes to exploits/shellcodes Blink1Control2 2.2.7 - Weak Password Encryption Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE) Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE) Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass Bookwyrm v0.4.3 - Authentication Bypass	2022-09-21 05:01:54 +00:00
Offensive Security	d8eefee2c7	DB: 2021-11-09 8 changes to exploits/shellcodes zlog 1.2.15 - Buffer Overflow Simple Client Management System 1.0 - SQLi (Authentication Bypass) Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting (XSS) Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated) Money Transfer Management System 1.0 - Authentication Bypass Froxlor 0.10.29.1 - SQL Injection (Authenticated) WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion FusionPBX 4.5.29 - Remote Code Execution (RCE) (Authenticated)	2021-11-09 05:02:09 +00:00
Offensive Security	b4c96a5864	DB: 2021-09-03 28807 changes to exploits/shellcodes	2021-09-03 20:19:21 +00:00
Offensive Security	36c084c351	DB: 2021-09-03 45419 changes to exploits/shellcodes 2 new exploits/shellcodes Too many to list!	2021-09-03 13:39:06 +00:00
Offensive Security	84533192ae	DB: 2021-02-09 19 changes to exploits/shellcodes SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution SmartFoxServer 2X 2.17.0 - Credentials Disclosure Millewin 13.39.146.1 - Local Privilege Escalation AMD Fuel Service - 'Fuel.service' Unquote Service Path Microsoft Internet Explorer 11 32-bit - Use-After-Free SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS Jenzabar 9.2.2 - 'query' Reflected XSS. WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS) Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS) WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion	2021-02-09 05:01:57 +00:00
Offensive Security	ed5a9457b6	DB: 2021-02-04 4 changes to exploits/shellcodes Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (1) Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (2) Pixelimity 1.0 - 'password' Cross-Site Request Forgery Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution	2021-02-04 05:01:56 +00:00
Offensive Security	82075ed5ca	DB: 2021-01-29 10 changes to exploits/shellcodes jQuery UI 1.12.1 - Denial of Service (DoS) Metasploit Framework 6.0.11 - msfvenom APK template command injection fuelCMS 1.4.1 - Remote Code Execution fuel CMS 1.4.1 - Remote Code Execution (1) OpenEMR 5.0.1 - Remote Code Execution OpenEMR 5.0.1 - Remote Code Execution (1) EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated) OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2) Fuel CMS 1.4.1 - Remote Code Execution (2) Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated) WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution	2021-01-29 05:01:58 +00:00
Offensive Security	c5f0b6dbf5	DB: 2020-12-10 9 changes to exploits/shellcodes Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption SmarterMail Build 6985 - Remote Code Execution Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow (SEH) Huawei HedEx Lite 200R006C00SPC005 - Path Traversal VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation VestaCP 0.9.8-26 - 'backup' Information Disclosure Task Management System 1.0 - 'First Name and Last Name' Stored XSS Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution Task Management System 1.0 - 'id' SQL Injection	2020-12-10 05:02:01 +00:00
Offensive Security	045c2fe1ae	DB: 2020-12-05 13 changes to exploits/shellcodes IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path Chromium 83 - Full CSP Bypass Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated) Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection MiniCMS 1.10 - 'content box' Stored XSS Testa Online Test Management System 3.4.7 - 'q' SQL Injection Savsoft Quiz 5 - 'field_title' Stored Cross-Site Scripting Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting Laravel Nova 3.7.0 - 'range' DoS CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload (Authenticated) Zabbix 5.0.0 - Stored XSS via URL Widget Iframe	2020-12-05 05:01:54 +00:00
Offensive Security	673a45a464	DB: 2020-11-28 13 changes to exploits/shellcodes libupnp 1.6.18 - Stack-based buffer overflow (DoS) SAP Lumira 1.31 - Stored Cross-Site Scripting Foxit Reader 9.0.1.1049 - Arbitrary Code Execution Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution Laravel Administrator 4 - Unrestricted File Upload (Authenticated) Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF Moodle 3.8 - Unrestricted File Upload Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated) House Rental 1.0 - 'keywords' SQL Injection ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting Best Support System 3.0.4 - 'ticket_body' Persistent XSS (Authenticated)	2020-11-28 05:01:59 +00:00
Offensive Security	85cdf30cea	DB: 2020-03-19 7 changes to exploits/shellcodes NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Microsoft VSCode Python Extension - Code Execution VMWare Fusion - Local Privilege Escalation Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) Netlink GPON Router 1.0.11 - Remote Code Execution Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)	2020-03-19 05:01:49 +00:00
Offensive Security	0a0ad49d15	DB: 2020-03-11 7 changes to exploits/shellcodes Counter Strike: GO - '.bsp' Memory Control (PoC) Nagios XI - Authenticated Remote Command Execution (Metasploit) PHPStudy - Backdoor Remote Code execution (Metasploit) Sysaid 20.1.11 b26 - Remote Command Execution YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting Persian VIP Download Script 1.0 - 'active' SQL Injection	2020-03-11 05:01:47 +00:00
Offensive Security	875c0a9396	DB: 2020-02-13 11 changes to exploits/shellcodes xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation SunOS 5.10 Generic_147148-26 - Local Privilege Escalation MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow HP System Event Utility - Local Privilege Escalation	2020-02-13 05:02:00 +00:00
Offensive Security	1a9ce31a5f	DB: 2020-01-17 12 changes to exploits/shellcodes SunOS 5.10 Generic_147148-26 - Local Privilege Escalation Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP) Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting VICIDIAL Call Center Suite - Multiple SQL Injections Online Book Store 1.0 - 'bookisbn' SQL Injection WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Online Book Store 1.0 - Arbitrary File Upload Tautulli 2.1.9 - Denial of Service ( Metasploit ) Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection	2020-01-17 05:02:10 +00:00
Offensive Security	0a59eb70a8	DB: 2019-08-21 3 changes to exploits/shellcodes SilverSHielD 6.x - Local Privilege Escalation WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes) Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes) Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (129 bytes) Linux/x86_64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (120 bytes) Linux/MIPS64 - Reverse (localhost:4444/TCP) Shell Shellcode (157 bytes)	2019-08-21 05:02:32 +00:00
Offensive Security	6f49190671	DB: 2019-07-27 19 changes to exploits/shellcodes pdfresurrect 0.15 - Buffer Overflow Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation Serv-U FTP Server < 15.1.7 - Local Privilege Escalation Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (1) Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method) Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method) Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method) Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method) Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP) Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation VMware Workstation/Player < 12.5.5 - Local Privilege Escalation S-nail < 14.8.16 - Local Privilege Escalation Deepin Linux 15 - 'lastore-daemon' Local Privilege Escalation Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2) ASAN/SUID - Local Privilege Escalation Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation Ovidentia 8.4.3 - SQL Injection Moodle Filepicker 3.5.2 - Server Side Request Forgery Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit) Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection	2019-07-27 05:02:19 +00:00
Offensive Security	ab955a9b5d	DB: 2019-04-19 5 changes to exploits/shellcodes Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC) Evernote 7.9 - Code Execution via Path Traversal LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit) ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)	2019-04-19 05:02:10 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	a07949d1c7	DB: 2018-12-12 21 changes to exploits/shellcodes SmartFTP Client 9.0.2623.0 - Denial of Service (PoC) LanSpy 2.0.1.159 - Local Buffer Overflow (PoC) XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection McAfee True Key - McAfee.TrueKey.Service Privilege Escalation DomainMOD 4.11.01 - Cross-Site Scripting DomainMOD 4.11.01 - 'raid' Cross-Site Scripting Tourism Website Blog - Remote Code Execution / SQL Injection Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery PrestaShop 1.6.x/1.7.x - Remote Code Execution DomainMOD 4.11.01 - Cross-Site Scripting PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion TP-Link wireless router Archer C1200 - Cross-Site Scripting Huawei B315s-22 - Information Leak ZTE ZXHN H168N - Improper Access Restrictions Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting Apache OFBiz 16.11.05 - Cross-Site Scripting HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection ThinkPHP 5.0.23/5.1.31 - Remote Code Execution Adobe ColdFusion 2018 - Arbitrary File Upload Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)	2018-12-12 05:01:43 +00:00
Offensive Security	dfd1e454e1	DB: 2018-11-28 10 changes to exploits/shellcodes MariaDB Client 10.1.26 - Denial of Service (PoC) Arm Whois 3.11 - Buffer Overflow (ASLR) Xorg X11 Server - SUID privilege escalation (Metasploit) ELBA5 5.8.0 - Remote Code Execution Netgear Devices - Unauthenticated Remote Command Execution (Metasploit) Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting Ticketly 1.0 - 'kind_id' SQL Injection No-Cms 1.0 - 'order_by' SQL Injection Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal	2018-11-28 11:08:29 +00:00
Offensive Security	e3299ef341	DB: 2018-11-21 4 changes to exploits/shellcodes macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC) Qpopper 4.0.x - poppassd Privilege Escalation Qpopper 4.0.x - 'poppassd' Privilege Escalation HP-UX 11.0/11.11 - swxxx Privilege Escalation HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation ABRT - raceabrt Privilege Escalation(Metasploit) ABRT - 'raceabrt' Privilege Escalation (Metasploit) ImageMagick - Memory Leak Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Simple E-Document 1.31 - 'username' SQL Injection 2-Plan Team 1.0.4 - Arbitrary File Upload PHP Mass Mail 1.0 - Arbitrary File Upload WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Helpdezk 1.1.1 - Arbitrary File Upload DomainMOD 4.11.01 - Cross-Site Scripting Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Simple E-Document 1.31 - 'username' SQL Injection 2-Plan Team 1.0.4 - Arbitrary File Upload PHP Mass Mail 1.0 - Arbitrary File Upload WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Helpdezk 1.1.1 - Arbitrary File Upload DomainMOD 4.11.01 - Cross-Site Scripting Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)	2018-11-21 05:01:38 +00:00
Offensive Security	268e737bb6	DB: 2018-11-16 21 changes to exploits/shellcodes Notepad3 1.0.2.350 - Denial of Service (PoC) PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / Disable Functions Bypass PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass PHP 5.2.4 ionCube - 'ioncube_read_file' Safe Mode / Disable Functions Bypass PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass PHP 5.x COM - Safe Mode / Disable Functions Bypass VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation Libuser - 'roothelper' Privilege Escalation (Metasploit) Libuser - 'roothelper' Local Privilege Escalation (Metasploit) Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit) Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit) Sun Solaris 11.3 AVS - Local Kernel root Exploit Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass Webkit (Safari) - Universal Cross-site Scripting Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting PHP < 5.6.2 - 'Shellshock' 'disable_functions()' Bypass Command Injection PHP < 5.6.2 - 'Shellshock' Safe Mode / Disable Functions Bypass / Command Injection PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' Disable Functions Bypass / Load Dynamic Library PHP Imagick 3.3.0 - disable_functions Bypass Imagick 3.3.0 (PHP 5.4) - Disable Functions Bypass Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin) PHP-Proxy 5.1.0 - Local File Inclusion BitZoom 1.0 - 'rollno' SQL Injection Net-Billetterie 2.9 - 'login' SQL Injection Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection EverSync 0.5 - Arbitrary File Download Meneame English Pligg 5.8 - 'search' SQL Injection Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Simple E-Document 1.31 - 'username' SQL Injection 2-Plan Team 1.0.4 - Arbitrary File Upload PHP Mass Mail 1.0 - Arbitrary File Upload Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting	2018-11-16 05:01:40 +00:00
Offensive Security	bbbf700308	DB: 2018-10-27 5 changes to exploits/shellcodes xorg-x11-server < 1.20.3 - Local Privilege Escalation Quick Count 2.0 - 'txtInstID' SQL Injection MPS Box 0.1.8.0 - Arbitrary File Upload Delta Sql 1.8.2 - 'id' SQL Injection Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection	2018-10-27 05:01:46 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	a2ac269de5	DB: 2018-07-19 8 changes to exploits/shellcodes JavaScript Core - Arbitrary Code Execution QNAP Q'Center - change_passwd Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs RCE (Metasploit) QNAP Q'Center - 'change_passwd' Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit) HomeMatic Zentrale CCU2 - Remote Code Execution MailGust 1.9 - Board Takeover SQL Injection MailGust 1.9 - Board Takeover (SQL Injection) Cyphor 0.19 - Board Takeover SQL Injection Cyphor 0.19 - Board Takeover (SQL Injection) versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection versatileBulletinBoard 1.00 RC2 - Board Takeover (SQL Injection) WordPress 2.6.1 - SQL Column Truncation Admin Takeover WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 1.x?/2.x/3.x - Admin Takeover Joomla! < 3.6.4 - Admin TakeOver Joomla! < 3.6.4 - Admin Takeover PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection Open-AudIT Community 2.1.1 - Cross-Site Scripting FTP2FTP 1.0 - Arbitrary File Download Modx Revolution < 2.6.4 - Remote Code Execution	2018-07-19 05:01:43 +00:00
Offensive Security	5947825a84	DB: 2018-03-10 15 changes to exploits/shellcodes uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service μTorrent (uTorrent) / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC) μTorrent (uTorrent) 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC) uTorrent WebUI 0.370 - Authorisation Header Denial of Service μTorrent (uTorrent) WebUI 0.370 - Authorisation Header Denial of Service Memcached - 'memcrashed' Denial of Service Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (2) Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1) Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service WebLog Expert Enterprise 9.4 - Denial of Service uTorrent 2.0.3 - 'plugin_dll.dll' DLL Hijacking μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking uTorrent 2.0.3 - DLL Hijacking μTorrent (uTorrent) 2.0.3 - DLL Hijacking iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow Microsoft Office - 'Composite Moniker Remote Code Execution Mozilla Firefox - Address Bar Spoofing Tor (Firefox 41 < 50) - Code Execution Chrome 35.0.1916.153 - Sandbox Escape / Command Execution WebLog Expert Enterprise 9.4 - Authentication Bypass uTorrent 1.6 build 474 - 'announce' Key Remote Heap Overflow μTorrent (uTorrent) 1.6 build 474 - 'announce' Key Remote Heap Overflow t. hauck jana WebServer 1.0/1.45/1.46 - Directory Traversal T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution Werkzeug - 'Debug Shell' Command Execution TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal toronja CMS - SQL Injection Toronja CMS - SQL Injection uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery μTorrent (uTorrent) WebUI 0.310 Beta 2 - Cross-Site Request Forgery tinybrowser - 'tinybrowser.php' Directory Listing tinybrowser - 'edit.php' Directory Listing TinyBrowser - 'tinybrowser.php' Directory Listing TinyBrowser - 'edit.php' Directory Listing Xoops 2.5.7.2 - Directory Traversal Bypass XOOPS 2.5.7.2 - Directory Traversal Bypass SAP BusinessObjects launch pad - Server-Side Request Forgery antMan < 0.9.1a - Authentication Bypass Bacula-Web < 8.0.0-rc2 - SQL Injection	2018-03-10 05:01:50 +00:00
Offensive Security	b5d3581200	DB: 2018-02-21 8 changes to exploits/shellcodes Easy Karaokay Player 3.3.31 - '.wav' Integer Division by Zero Ofilter Player 1.1 - '.wav' Integer Division by Zero Wireshark 1.10.7 - Denial of Service (PoC) ZTE / TP-Link RomPager - Denial of Service Exif Pilot 4.7.2 - Buffer Overflow (SEH) InfraRecorder - '.m3u' File Buffer Overflow (PoC) MySQL 5.5.45 - procedure analyse Function Denial of Service Microsoft Windows Kernel - 'nt!RtlpCopyLegacyContextX86' Stack Memory Disclosure Microsoft Internet Explorer 11 - 'Js::RegexHelper::RegexReplace' Use-After-Free Sim Editor 6.6 - Local Stack Buffer Overflow Microsoft Windows - Global Reparse Point Security Feature Bypass/Elevation of Privilege Microsoft Windows - NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Microsoft Windows - Constrained Impersonation Capability Privilege Escalation MagniComp SysInfo - mcsiwrapper Privilege Escalation (Metasploit) Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation utorrent - JSON-RPC Remote Code Execution / Information Disclosure ZTE WXV10 W300 - Multiple Vulnerabilities Moodle 2.7 - Persistent Cross-Site Scripting D-Link DIR-615 - Multiple Vulnerabilities CMS Made Simple 2.1.6 - Multiple Vulnerabilities Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes) Linux/x86 - shutdown -h now Shellcode (56 bytes) Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes) Linux/x86 - shutdown -h now Shellcode (56 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes)	2018-02-21 05:01:48 +00:00
Offensive Security	79b9c08b88	DB: 2018-02-09 2 changes to exploits/shellcodes Abuse-SDL 0.7 - Command-Line Argument Buffer Overflow Abuse-SDL 0.7 - Command Line Argument Buffer Overflow MuPDF 1.3 - Stack Buffer Overflow in xps_parse_color() MuPDF 1.3 - 'xps_parse_color()' Stack Buffer Overflow Marked2 - Local File Disclosure HPE iLO4 < 2.53 - Add New Administrator User	2018-02-09 05:01:51 +00:00
Offensive Security	cf96346519	DB: 2018-01-25 124 changes to exploits/shellcodes Airsensor M520 - HTTPD Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Samsung DVR SHR2040 - HTTPD Remote Denial of Service Denial of Service (PoC) Samsung DVR SHR2040 - HTTPd Remote Denial of Service Denial of Service (PoC) Novell ZenWorks 10/11 - TFTPD Remote Code Execution Novell ZENworks 10/11 - TFTPD Remote Code Execution Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi WhitSoft SlimServe HTTPd 1.1 - Get Denial of Service WhitSoft SlimServe HTTPd 1.1 - 'GET_ Denial of Service GoAhead Software GoAhead WebServer (Windows) 2.1 - Denial of Service GoAhead Web Server 2.1 (Windows) - Denial of Service Anti-Web HTTPD 2.2 Script - Engine File Opening Denial of Service Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service Rosiello Security Sphiro HTTPD 0.1B - Remote Heap Buffer Overflow Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow D-Link DWL-G700AP 2.00/2.01 - HTTPD Denial of Service D-Link DWL-G700AP 2.00/2.01 - HTTPd Denial of Service Lorex LH300 Series - ActiveX Buffer Overflow (PoC) Debut Embedded httpd 1.20 - Denial of Service Debut Embedded HTTPd 1.20 - Denial of Service Xorg 1.4 < 1.11.2 - File Permission Change X.Org xorg 1.4 < 1.11.2 - File Permission Change Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit) Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit) ICU library 52 < 54 - Multiple Vulnerabilities rooter VDSL Device - Goahead WebServer Disclosure FS4104-AW VDSL Device (Rooter) - GoAhead WebServer Disclosure Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal Simple HTTPd 1.42 - PUT Request Remote Buffer Overflow Simple HTTPd 1.42 - 'PUT' Remote Buffer Overflow Debian 2.1 - httpd Debian 2.1 - HTTPd Apache 0.8.x/1.0.x / NCSA httpd 1.x - test-cgi Directory Listing Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing Inso DynaWeb httpd 3.1/4.0.2/4.1 - Format String Inso DynaWeb HTTPd 3.1/4.0.2/4.1 - Format String W3C CERN httpd 3.0 Proxy - Cross-Site Scripting W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting ATP httpd 0.4 - Single Byte Buffer Overflow ATP HTTPd 0.4 - Single Byte Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - 'SOCKS4' Buffer Overflow Light HTTPd 0.1 - GET Buffer Overflow (1) Light HTTPd 0.1 - GET Buffer Overflow (2) Light HTTPd 0.1 - 'GET' Buffer Overflow (1) Light HTTPd 0.1 - 'GET' Buffer Overflow (2) Light HTTPD 0.1 (Windows) - Remote Buffer Overflow Light HTTPd 0.1 (Windows) - Remote Buffer Overflow Ultra Mini HTTPD 1.21 - Remote Stack Buffer Overflow Ultra Mini HTTPd 1.21 - Remote Stack Buffer Overflow Ultra Mini HTTPD - Remote Stack Buffer Overflow (Metasploit) Ultra Mini HTTPd - Remote Stack Buffer Overflow (Metasploit) BusyBox 1.01 - HTTPD Directory Traversal BusyBox 1.01 - HTTPd Directory Traversal Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1) Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (1) Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2) Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (2) Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection Apache mod_cgi - 'Shellshock' Remote Command Injection Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection Apache mod_cgi - 'Shellshock' Remote Command Injection IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit) GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit) GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit) Getsimple 2.01 - Local File Inclusion Getsimple CMS 2.01 - Local File Inclusion Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) Novell ZENworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) ManageEngine DesktopCentral 8.0.0 build < 80293 - Arbitrary File Upload ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File Upload ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution ManageEngine EventLog Analyzer - Multiple Vulnerabilities ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1) Bash CGI - 'Shellshock' Remote Command Injection (Metasploit) Bash CGI - 'Shellshock' Remote Command Injection (Metasploit) Getsimple 3.0 - 'set' Local File Inclusion Getsimple CMS 3.0 - 'set' Local File Inclusion ZENworks Configuration Management 11.3.1 - Remote Code Execution Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution Kaseya Virtual System Administrator - Multiple Vulnerabilities (1) Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1) Getsimple - 'path' Local File Inclusion Getsimple CMS 3.1.2 - 'path' Local File Inclusion Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit) SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit) ManageEngine Password Manager Pro and ManageEngine IT360 - SQL Injection ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection BMC Track-It! 11.4 - Multiple Vulnerabilities Billion / TrueOnline / ZyXEL Routers - Multiple Vulnerabilities SysAid Help Desk 14.4 - Multiple Vulnerabilities Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities GetSimple CMS 3.3.1 - Cross-Site Scripting CMS Made Simple 1.11.9 - Multiple Vulnerabilities ManageEngine Desktop Central - Create Administrator ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2) ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes) FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes) FreeBSD/x64 - exec /bin/sh Shellcode (31 bytes) FreeBSD/x64 - execve(/bin/sh) Shellcode (34 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x64 - execve(/bin/sh) Shellcode (33 bytes) NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes) Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes) UnixWare - execve(/bin/sh) Shellcode (95 bytes) Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes) UnixWare - execve(/bin/sh) Shellcode (95 bytes) Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Windows/x64 - URLDownloadToFileA(http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Windows/x86 (XP SP3) - ShellExecuteA Shellcode Windows/x86 (XP SP3) - ShellExecuteA() Shellcode Linux/x86 - Fork Bomb Shellcode (6 bytes) (1) Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Windows/x86 - JITed Stage-0 Shellcode Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes) Windows/x86 (XP SP2) - WinExec(write.exe) + ExitProcess Shellcode (16 bytes) Windows/x86 - MessageBox Shellcode (Metasploit) Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode Windows/x86 - MessageBox Shellcode (Generator) (Metasploit) Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes) Windows/x64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes) Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes) Windows/x64 (7) - cmd.exe Shellcode (61 bytes) Windows - MessageBoxA Shellcode (238 bytes) Windows - MessageBoxA() Shellcode (238 bytes) Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes) Linux/x64 - Disable ASLR Security Shellcode (143 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes) Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator) Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes) Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes) Windows (XP SP3) (Spanish) - URLDownloadToFileA() + CreateProcessA() + ExitProcess() Shellcode (176+ bytes) (Generator) Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) Windows - WinExec(cmd.exe) + ExitProcess Shellcode (195 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes) Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes) Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes) Windows (XP SP3) (English) - MessageBoxA() Shellcode (87 bytes) OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) OSX/x64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes) ARM - Add Root User Shellcode (66+ bytes) (Generator) (Metasploit) Windows/x86 - Eggsearch Shellcode (33 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes) Linux/x64 - execve(/bin/sh) Shellcode (52 bytes) Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes) Linux/x64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes) Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode Windows (2000/XP/7) - URLDownloadToFile(http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes) Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir() Shellcode (37 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir() Shellcode (37 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes) Linux/x64 - execve(/bin/sh) Via Push Shellcode (23 bytes) Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes) Linux/x64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes) Linux/x86-64 - execve() Encoded Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode Linux/x64 - execve() Encoded Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode (Generator) Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes) OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes) Windows/x86 - user32!MessageBox(Hello World!) + Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode (Generator) Windows/x64 (2003) - Token Stealing Shellcode (59 bytes) OSX/x64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes) OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes) OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Linux/x64 - execve(/bin/sh) Shellcode (34 bytes) Linux/x86-64 - execve() Shellcode (22 bytes) Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes) Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes) Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - execve() Shellcode (22 bytes) Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Egghunter (0x6b634068) Shellcode (24 bytes) Linux/x64 - execve() + Polymorphic Shellcode (31 bytes) Windows (XP < 10) - Command Generator WinExec() + Null-Free Shellcode (Generator) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x64 - Read /etc/passwd Shellcode (156 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes) Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1) Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - execve(/bin/sh) Shellcode (26 bytes) Linux/x64 - execve(/bin/sh) Shellcode (25 bytes) (1) Linux/x64 - execve(/bin/bash) Shellcode (33 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Read /etc/passwd Shellcode (65 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Windows/x86 - URLDownloadToFileA(http://192.168.86.130/sample.exe) + SetFileAttributesA(pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x86-64 - Bind TCP Shell Shellcode (Generator) Linux/x64 - Bind TCP Shell Shellcode (Generator) Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x64 - execve() + XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Windows/x86 - MessageBoxA Shellcode (242 bytes) Windows/x86 - MessageBoxA() Shellcode (242 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes) Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes) Linux/x64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes) Linux/x64 - Read /etc/passwd Shellcode (82 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - sethostname(Rooted !) + killall Shellcode (33 bytes) Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes) Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes) Windows/x64 - WinExec(cmd.exe) Shellcode (93 bytes) Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Windows/x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir() Shellcode (25 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes) Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x64 - mkdir() Shellcode (25 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x64 - execve(/bin/sh) Shellcode (22 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes) Linux/x64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes) Linux/x64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes) Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes) Linux/x64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes) FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x64 - execve(/bin/sh) Shellcode (28 bytes) FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x86-64 - shutdown -h now Shellcode (65 bytes) Linux/x86-64 - shutdown -h now Shellcode (64 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes) Linux/x64 - Execute /bin/sh Shellcode (27 bytes) Linux/x64 - Execute /bin/sh Shellcode (24 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes) Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes) Linux/x64 - shutdown -h now Shellcode (64 bytes) Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) Windows/x86-64 (10) - Egghunter Shellcode (45 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2) Windows/x64 (10) - Egghunter Shellcode (45 bytes) Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (2) Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1) Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Windows - cmd.exe Shellcode (718 bytes) Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (1) Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes) Linux/x64 - execve(/bin/sh) Shellcode (24 bytes) Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x64 - Kill All Processes Shellcode (19 bytes) Linux/x64 - Fork Bomb Shellcode (11 bytes) Linux/x86-64 - mkdir(evil) Shellcode (30 bytes) Linux/x64 - mkdir(evil) Shellcode (30 bytes) Windows/x86-64 - API Hooking Shellcode (117 bytes) Windows/x64 - API Hooking Shellcode (117 bytes)	2018-01-25 18:22:06 +00:00
Offensive Security	d1b70e7a13	DB: 2018-01-25 8 changes to exploits/shellcodes RAVPower 2.000.056 - Memory Disclosure Acunetix WVS 10 - Local Privilege Escalation Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit) Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape Blizzard Update Agent - JSON RPC DNS Rebinding NoMachine 5.3.9 - Local Privilege Escalation Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1) Acunetix WVS 10 - Remote Command Execution RAVPower 2.000.056 - Root Remote Code Execution Kaltura - Remote PHP Code Execution over Cookie (Metasploit) GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit) Vodafone Mobile Wifi - Reset Admin Password Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution Professional Local Directory Script 1.0 - SQL Injection WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure	2018-01-25 05:01:47 +00:00
Offensive Security	81d6f781ab	DB: 2018-01-12 31 changes to exploits/shellcodes MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege Escalation macOS - 'process_policy' Stack Leak Through Uninitialized Field Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read Jungo Windriver 12.5.1 - Privilege Escalation Jungo Windriver 12.5.1 - Local Privilege Escalation Parity Browser < 1.6.10 - Bypass Same Origin Policy Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' Man In The Middle Remote Code Execution Granding MA300 - Traffic Sniffing MitM Fingerprint PIN Disclosure Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit) phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit) eVestigator Forensic PenTester - MITM Remote Code Execution eVestigator Forensic PenTester - Man In The Middle Remote Code Execution BestSafe Browser - MITM Remote Code Execution BestSafe Browser - Man In The Middle Remote Code Execution SKILLS.com.au Industry App - MITM Remote Code Execution Virtual Postage (VPA) - MITM Remote Code Execution SKILLS.com.au Industry App - Man In The Middle Remote Code Execution Virtual Postage (VPA) - Man In The Middle Remote Code Execution Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution SAP NetWeaver J2EE Engine 7.40 - SQL Injection D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes) BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes) FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes) FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes) Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode HPUX - execve /bin/sh Shellcode (58 bytes) Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode HP-UX - execve /bin/sh Shellcode (58 bytes) OpenBSD/x86 - execve /bin/sh Shellcode (23 Bytes) OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes) ARM - Bind TCP Shell (0x1337/TCP) Shellcode ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes) Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 Bytes) Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 Bytes) Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes) FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes) FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes) FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes) FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes) FreeBSD - reboot() Shellcode (15 Bytes) IRIX - execve(/bin/sh -c) Shellcode (72 bytes) IRIX - execve(/bin/sh) Shellcode (43 bytes) IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes) IRIX - execve(/bin/sh) Shellcode (68 bytes) IRIX - stdin-read Shellcode (40 bytes) Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 Bytes) Linux/x86 - Read /etc/passwd Shellcode (54 bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 Bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)	2018-01-12 05:02:17 +00:00
Offensive Security	3d73ec60b6	DB: 2018-01-06 23 changes to exploits/shellcodes Emulive Server4 7560 - Remote Denial of Service Emulive Server4 Build 7560 - Remote Denial of Service ShareCenter D-Link DNS-320 - Remote reboot/shutdown/reset (Denial of Service) D-Link DNS-320 ShareCenter - Remote Reboot/Shutdown/Reset (Denial of Service) DNS4Me 3.0 - Denial of Service / Cross-Site Scripting EmuLive Server4 - Authentication Bypass / Denial of Service GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit) keene digital media server 1.0.2 - Directory Traversal variant Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - Traversal Arbitrary File Access Keene Digital Media Server 1.0.2 - Directory Traversal Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - Traversal Arbitrary File Access D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access WDMyCloud < 2.30.165 - Multiple Vulnerabilities Ayukov NFTP FTP Client 2.0 - Buffer Overflow (Metasploit) Cisco IOS - Remote Code Execution Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection WordPress 1.5.1.2 - xmlrpc Interface SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection MySQL Eventum 1.5.5 - 'login.php' SQL Injection PHP live helper 2.0.1 - Multiple Vulnerabilities PHP Live Helper 2.0.1 - Multiple Vulnerabilities Zen Cart 1.3.9f (typefilter) - Local File Inclusion Zen Cart 1.3.9f - 'typefilter' Local File Inclusion phpWebSite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting phpWebSite 0.7.3/0.8.x/0.9.x Comment Module - 'CM_pid' Cross-Site Scripting YaBB 1.x/9.1.2000 - YaBB.pl IMSend Cross-Site Scripting YaBB 1.x/9.1.2000 - 'YaBB.pl IMSend' Cross-Site Scripting SugarCRM 1.x/2.0 Module - 'record' SQL Injection SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access SugarCRM 1.x/2.0 Module - 'record' SQL Injection SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting Kayako eSupport 2.x - Ticket System Multiple SQL Injections Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting Kayako eSupport 2.x - Ticket System Multiple SQL Injections Kayako ESupport 2.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities Double Choco Latte 0.9.3/0.9.4 - 'main.php' Arbitrary PHP Code Execution PHPCOIN 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access phpCoin 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Notes Module for phpBB - SQL Injection phpBB Notes Module - SQL Injection osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities Help Center Live 1.0/1.2.x - Multiple Input Validation Vulnerabilities HelpCenter Live! 1.0/1.2.x - Multiple Input Validation Vulnerabilities FusionBB 0.x - Multiple Input Validation Vulnerabilities Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities osCommerce 2.1/2.2 - Multiple HTTP Response Splitting Vulnerabilities PAFaq - Question Cross-Site Scripting PAFaq - Administrator 'Username' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection Kayako LiveResponse 2.0 - 'index.php?Username' Cross-Site Scripting Kayako LiveResponse 2.0 - 'index.php' Calendar Feature Multiple SQL Injections Kayako Live Response 2.0 - 'index.php?Username' Cross-Site Scripting Kayako Live Response 2.0 - 'index.php' Calendar Feature Multiple SQL Injections MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection EyeOS 0.8.x - Session Remote Command Execution eyeOS 0.8.x - Session Remote Command Execution CPAINT 1.3/2.0 - 'TYPE.php' Cross-Site Scripting CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting XMB Forum 1.8/1.9 - 'u2u.php?Username' Cross-Site Scripting Zen Cart Web Shopping Cart 1.x - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion Zen Cart Web Shopping Cart 1.3.0.2 - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion osCommerce 2.1/2.2 - 'product_info.php' SQL Injection CakePHP 1.1.7.3363 - 'Vendors.php' Directory Traversal HAMweather 3.9.8 - 'template.php' Script Code Injection Kayako SupportSuite 3.0.32 - PHP_SELF Trigger_Error Function Cross-Site Scripting Kayako SupportSuite 3.0.32 - 'PHP_SELF Trigger_Error' Function Cross-Site Scripting Jamroom 3.3.8 - Cookie Authentication Bypass Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection Vanilla 1.1.4 - HTML Injection / Cross-Site Scripting UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities Zen Cart < 1.3.8a - SQL Injection PHP Topsites < 2.2 - Multiple Vulnerabilities phpLinks < 2.1.2 - Multiple Vulnerabilities P-Synch < 6.2.5 - Multiple Vulnerabilities WinMX < 2.6 - Design Error FTP Service < 1.2 - Multiple Vulnerabilities MegaBrowser < 0.71b - Multiple Vulnerabilities Max Web Portal < 1.30 - Multiple Vulnerabilities Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities Gespage 7.4.8 - SQL Injection Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)	2018-01-06 05:02:14 +00:00
Offensive Security	b768a6ef6c	DB: 2018-01-05 5 changes to exploits/shellcodes Multiple CPUs - 'Spectre' Information Disclosure (PoC) Iopsys Router - 'dhcp' Remote Code Execution Linksys WVBR0-25 - User-Agent Command Execution (Metasploit) Xplico - Remote Code Execution (Metasploit)	2018-01-05 05:02:22 +00:00
Offensive Security	a24ecf72c3	DB: 2017-12-01 82 changes to exploits/shellcodes 32 new exploits/shellcodes Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC) CA BrightStor HSM r11.5 - Remote Stack Based Overflow / Denial of Service CA BrightStor HSM r11.5 - Remote Stack Overflow / Denial of Service Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC) Rosoft Media Player 4.1.8 - RML Stack Buffer Overflow (PoC) Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow FontForge - '.BDF' Font File Stack Based Buffer Overflow FontForge - '.BDF' Font File Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC) Libmodplug 0.8.8.2 - '.abc' Stack Buffer Overflow (PoC) Citrix XenApp / XenDesktop - Stack Based Buffer Overflow Citrix XenApp / XenDesktop - Stack Buffer Overflow Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC) Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC) IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow Oracle Outside-In - '.LWP' File Parsing Stack Based Buffer Overflow Oracle Outside-In - '.LWP' File Parsing Stack Buffer Overflow mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC) mcrypt 2.6.8 - Stack Buffer Overflow (PoC) MySQL (Linux) - Stack Based Buffer Overrun (PoC) MySQL (Linux) - Heap Based Overrun (PoC) MySQL (Linux) - Stack Buffer Overrun (PoC) MySQL (Linux) - Heap Overrun (PoC) Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Based Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (1) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow Multiple Vendor Telnet Client - Env_opt_add Heap Buffer Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow Winamp 5.63 - Stack Based Buffer Overflow Winamp 5.63 - Stack Buffer Overflow Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap-Based Buffer Overflow (MS14-056) Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap Buffer Overflow (MS14-056) MPlayer 1.0 - AVIHeader.C Heap Based Buffer Overflow MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Based Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow Google Android Web Browser - '.GIF' File Heap Buffer Overflow Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC) Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow OpenVms 8.3 Finger Service - Stack Based Buffer Overflow OpenVms 8.3 Finger Service - Stack Buffer Overflow Free Download Manager - Stack Based Buffer Overflow Free Download Manager - Stack Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Buffer Overflow Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Valhala Honeypot 1.8 - Stack Based Buffer Overflow Valhala Honeypot 1.8 - Stack Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Based Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Based Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Based Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read FBZX 2.10 - Local Stack Based Buffer Overflow TACK 1.07 - Local Stack Based Buffer Overflow FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Out-of-Bounds Read FBZX 2.10 - Local Stack Buffer Overflow TACK 1.07 - Local Stack Buffer Overflow Gnome Nautilus 3.16 - Denial of Service Wireshark - iseries_parse_packet Heap Based Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow Wireshark - iseries_parse_packet Heap Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Buffer Overflow Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow Wireshark - find_signature Stack Based Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow Wireshark - getRate Stack Based Out-of-Bounds Read Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow Wireshark - find_signature Stack Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Buffer Overflow Wireshark - getRate Stack Out-of-Bounds Read Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1) Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (1) pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read pdfium - CPDF_Function::Call Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Buffer Overflow Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC) glibc - 'getaddrinfo' Stack Buffer Overflow (PoC) Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow libxml2 - xmlDictAddString Heap Based Buffer Overread libxml2 - xmlParseEndTag2 Heap Based Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread libxml2 - htmlCurrentChar Heap Based Buffer Overread Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow libxml2 - xmlDictAddString Heap Buffer Overread libxml2 - xmlParseEndTag2 Heap Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread libxml2 - htmlCurrentChar Heap Buffer Overread Kamailio 4.3.4 - Heap Based Buffer Overflow Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read Kamailio 4.3.4 - Heap Buffer Overflow Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2) Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2) Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow Graphite2 - GlyphCache::Loader Heap Based Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow Graphite2 - GlyphCache::Loader Heap Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097) Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) SAP SAPCAR 721.510 - Heap-Based Buffer Overflow SAP SAPCAR 721.510 - Heap Buffer Overflow Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow OpenJPEG - 'mqc.c' Heap Buffer Overflow tcprewrite - Heap-Based Buffer Overflow tcprewrite - Heap Buffer Overflow Dnsmasq < 2.78 - 2-byte Heap-Based Overflow Dnsmasq < 2.78 - Heap-Based Overflow Dnsmasq < 2.78 - Stack-Based Overflow Dnsmasq < 2.78 - 2-byte Heap Overflow Dnsmasq < 2.78 - Heap Overflow Dnsmasq < 2.78 - Stack Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow PHP 7.1.8 - Heap-Based Buffer Overflow PHP 7.1.8 - Heap Buffer Overflow QEMU - NBD Server Long Export Name Stack Buffer Overflow Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page TerminatorX 3.81 - Local Stack Overflow / Privilege Escalation TerminatorX 3.81 - Local Stack Overflow / Local Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Local Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Local Privilege Escalation AIX lquerylv - Local Buffer Overflow / Privilege Escalation AIX lquerylv - Local Buffer Overflow / Local Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Local Privilege Escalation libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Privilege Escalation Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Local Privilege Escalation Gopher 3.0.9 - '+VIEWS' Remote Client-Side Buffer Overflow Gopher 3.0.9 - '+VIEWS' Client-Side Buffer Overflow XMail 1.21 - '-t' Command Line Option Buffer Overflow / Privilege Escalation XMail 1.21 - '-t' Command Line Option Local Buffer Overflow / Local Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation Microsoft Excel - Remote Code Execution Microsoft Excel - Code Execution HP-UX 11i - 'swpackage' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swpackage' Local Stack Overflow / Local Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation News Rover 12.1 Rev 1 - Remote Stack Overflow (1) News Rover 12.1 Rev 1 - Stack Overflow (1) News Rover 12.1 Rev 1 - Remote Stack Overflow (2) News Rover 12.1 Rev 1 - Stack Overflow (2) FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation Apple Mac OSX - mount_smbfs Stack Based Buffer Overflow Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit) MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Buffer Overflows Libmodplug - 's3m' Remote Buffer Overflow Libmodplug - 's3m' Buffer Overflow Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin) Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) Microsoft Visio 2002 - '.DXF' File Stack based Overflow Microsoft Visio 2002 - '.DXF' Local Stack Overflow AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit) AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit) Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Local Privilege Escalation BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (3) S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Local Privilege Escalation Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Local Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Local Privilege Escalation Internet Download Manager - Stack Based Buffer Overflow Internet Download Manager - Local Stack Buffer Overflow AFD 1.2.x - Working Directory Local Buffer Overflow / Privilege Escalation AFD 1.2.x - Working Directory Local Buffer Overflow / Local Privilege Escalation mcrypt 2.5.8 - Stack Based Overflow mcrypt 2.5.8 - Local Stack Overflow Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow / Privilege Escalation (MS04-020) Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation (1) Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1) Winamp 5.12 - '.m3u' Stack Based Buffer Overflow Winamp 5.12 - '.m3u' Local Stack Buffer Overflow RealNetworks RealOne Player/RealPlayer - '.RM' Local Stack Buffer Overflow KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow Super Player 3500 - '.m3u' Local Stack Based Buffer Overflow Super Player 3500 - '.m3u' Local Stack Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Based Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Buffer Overflow MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Based Buffer Overflow MuPDF 1.3 - Stack Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Based Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Local Privilege Escalation BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Privilege Escalation Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow Sim Editor 6.6 - Stack Based Buffer Overflow Sim Editor 6.6 - Local Stack Buffer Overflow Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022) Microsoft Word - Local Machine Zone Code Execution (MS15-022) Symantec Encryption Desktop 10 - Local Buffer Overflow / Privilege Escalation Symantec Encryption Desktop 10 - Local Buffer Overflow / Local Privilege Escalation AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (2) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2) Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042) Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042) TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow NRSS Reader 0.3.9 - Local Stack Based Overflow NRSS Reader 0.3.9 - Local Stack Overflow Linux - ecryptfs and /proc/$pid/environ Privilege Escalation Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099) Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099) NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow Callback / Privilege Escalation NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout) Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit) PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution PDF-XChange Viewer 2.5 Build 314.0 - Code Execution Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (2) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2) UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation macOS High Sierra - Root Privilege Escalation (Metasploit) lftp 2.6.9 - Remote Stack based Overflow lftp 2.6.9 - Remote Stack Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack/SEH Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack Overflow (SEH) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit) Microsoft MPEG Layer-3 Audio - Stack Overflow (MS10-026) (Metasploit) Citrix Gateway - ActiveX Control Stack Based Buffer Overflow (Metasploit) Citrix Gateway - ActiveX Control Stack Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack Buffer Overflow (Metasploit) Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (3) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (3) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (2) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities RealNetworks RealOne Player/RealPlayer - '.RM' File Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Based Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Buffer Overflow Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow Vim - 'mch_expand_wildcards()' Heap Buffer Overflow Acunetix 8 build 20120704 - Remote Stack Based Overflow Acunetix 8 build 20120704 - Remote Stack Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Based Buffer Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Based Buffer Overflow Stub TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub glibc - 'getaddrinfo' Stack Based Buffer Overflow glibc - 'getaddrinfo' Remote Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities R2/Extreme 1.65 - Stack Based Buffer Overflow / Directory Traversal R2/Extreme 1.65 - Stack Buffer Overflow / Directory Traversal Alligra Calligra - Heap Based Buffer Overflow Alligra Calligra - Heap Buffer Overflow Aloaha PDF Suite - Stack Based Buffer Overflow Aloaha PDF Suite - Remote Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit) ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit) pfSense - Authenticated Group Member Remote Command Execution (Metasploit) Almnzm - 'COOKIE: customer' SQL Injection Tutorialms 1.4 (show) - SQL Injection Tutorialms 1.4 - 'show' SQL Injection osCommerce 2.3.4.1 - Arbitrary File Upload Knowledge Base Enterprise Edition 4.62.00 - SQL Injection Knowledge Base Enterprise Edition 4.62.0 - SQL Injection WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload phpDolphin 2.0.5 - Multiple Vulnerabilities OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities AbanteCart 1.2.7 - Cross-Site Scripting MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection Synology StorageManager 5.2 - Remote Root Command Execution Synology StorageManager 5.2 - Root Remote Command Execution WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal	2017-12-01 10:57:46 +00:00
Offensive Security	d304cc3d3e	DB: 2017-11-24 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00

48 commits