bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2831 commits 1 branch 0 tags 258 MiB
Commit graph

13 commits

Author SHA1 Message Date
Exploit-DB
989122095f DB: 2025-04-04 
11 changes to exploits/shellcodes/ghdb

AppSmith 1.47 - Remote Code Execution (RCE)

ollama 0.6.4 - Server Side Request Forgery (SSRF)

Vite 6.2.2 - Arbitrary File Read

ABB Cylon Aspect 3.07.02 - File Disclosure (Authenticated)

Nagios Log Server 2024R1.3.1 - Stored XSS

Webmin Usermin 2.100 - Username Enumeration

ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials

openSIS 9.1 - SQLi (Authenticated)

Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure

ProSSHD 1.2 - Denial of Service (DOS)
 2025-04-04 00:16:25 +00:00
Exploit-DB
38cd2cd776 DB: 2023-06-10 
4 changes to exploits/shellcodes/ghdb

BTCPay Server v1.7.4 - HTML Injection.
BTCPay Server v1.7.4 - HTML Injection

Thruk Monitoring Web Interface 3.06 - Path Traversal

WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)

Grafana <=6.2.4 - HTML Injection
 2023-06-10 00:16:34 +00:00
Exploit-DB
79466d14c8 DB: 2023-04-24 
4 changes to exploits/shellcodes/ghdb

EasyNas 1.1.0 - OS Command Injection

EasyNas 1.1.0 - OS Command Injection
 2023-04-24 00:16:20 +00:00
Exploit-DB
d7c9ba572a DB: 2023-04-07 
50 changes to exploits/shellcodes/ghdb

Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI

ABUS Security Camera TVIP 20000-21150 - LFI_ RCE and SSH Root Access

Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)
Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection
Osprey Pump Controller 1.0.1 - (pseudonym) Semi-blind Command Injection
Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection
Osprey Pump Controller 1.0.1 - Administrator Backdoor Access
Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification
Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery
Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack
Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure
Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit
Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS

WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE

HospitalRun  1.0.0-beta - Local Root Exploit for macOS

Adobe Connect 10 - Username Disclosure

craftercms 4.x.x - CORS

EasyNas 1.1.0 - OS Command Injection

Agilebio Lab Collector Electronic Lab Notebook  v4.234 - Remote Code Execution (RCE)

Art Gallery Management System Project in PHP v 1.0 - SQL injection

atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
Auto Dealer Management System 1.0 - Broken Access Control Exploit
Auto Dealer Management System v1.0 - SQL Injection
Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php
Auto Dealer Management System v1.0 - SQL Injection on manage_user.php
Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
Best pos Management System v1.0 - SQL Injection

ChurchCRM v4.5.3-121fcc1 - SQL Injection

Dompdf 1.2.1 - Remote Code Execution (RCE)
Employee Task Management System v1.0 - Broken Authentication
Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)
Employee Task Management System v1.0 - SQL Injection on edit-task.php

flatnux 2021-03.25 - Remote Code Execution (Authenticated)

Intern Record System v1.0 - SQL Injection (Unauthenticated)

Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking

LDAP Tool Box Self Service Password v1.5.2 -  Account takeover
Music Gallery Site v1.0 - Broken Access Control
Music Gallery Site v1.0 - SQL Injection on  music_list.php
Music Gallery Site v1.0 - SQL Injection on page Master.php
Music Gallery Site v1.0 - SQL Injection on page view_music_details.php

POLR URL 2.3.0 - Shortener Admin Takeover

Purchase Order Management-1.0 - Local File Inclusion

Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)

Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)

modoboa  2.0.4 - Admin TakeOver

pdfkit v0.8.7.2 - Command Injection

FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking

Windows 11 10.0.22000 -  Backup service Privilege Escalation

TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)

Unified Remote 3.13.0 - Remote Code Execution (RCE)
 2023-04-07 00:16:28 +00:00
Offensive Security
b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
 2021-09-03 20:19:21 +00:00
Offensive Security
36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
 2021-09-03 13:39:06 +00:00
Offensive Security
acb55122f4 DB: 2021-04-23 
6 changes to exploits/shellcodes

OpenSMTPD 6.6.2 - Remote Code Execution
OpenSMTPD 6.6.1 - Remote Code Execution

OTRS 5.0.x/6.0.x - Remote Command Execution
OTRS 5.0.x/6.0.x - Remote Command Execution (1)

RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
OTRS 6.0.1 - Remote Command Execution (2)
 2021-04-23 05:01:59 +00:00
Offensive Security
880bbe402e DB: 2019-03-08 
14991 changes to exploits/shellcodes

HTC Touch - vCard over IP Denial of Service

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities

PeerBlock 1.1 - Blue Screen of Death

WS10 Data Server - SCADA Overflow (PoC)

Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

man-db 2.4.1 - 'open_cat_stream()' Local uid=man

CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

CCProxy 6.2 - 'ping' Remote Buffer Overflow

Savant Web Server 3.1 - Remote Buffer Overflow (2)

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3  - Remote Code Execution

Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
 2019-03-08 05:01:50 +00:00
Offensive Security
b6b60b70e9 DB: 2018-04-03 
11 changes to exploits/shellcodes

WebLog Expert Enterprise 9.4 - Privilege Escalation

Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change
Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change

Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC)
Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery
WampServer 3.1.2 - Cross-Site Request Forgery
VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal
VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials
DLink DIR-601 - Admin Password Disclosure
OpenCMS 10.5.3 - Cross-Site Request Forgery
OpenCMS 10.5.3 - Cross-Site Scripting
Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change
 2018-04-03 05:01:54 +00:00
Offensive Security
6885f2dcc7 DB: 2018-03-01 
26 changes to exploits/shellcodes

Sony Playstation 4 (PS4) 5.01 < 5.05 - WebKit Code Execution (PoC)
FreeBSD Kernel (FreeBSD 10.2 < 10.3 x64) - 'SETFKEY' (PoC)
FreeBSD Kernel (FreeBSD 10.2 x64) - 'sendmsg' Kernel Heap Overflow (PoC)
Apple iOS 11.2.5 / watchOS 4.2.2 / tvOS 11.2.5 - 'bluetoothd' Memory Corruption

Apple iOS - '.pdf' Jailbreak
Apple iOS - '.pdf' Local Privilege Escalation / Jailbreak

Foxit Reader 4.0 - '.pdf' Jailbreak
Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow / Jailbreak

Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' File Handling Local Command Execution
Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution

Sony Playstation 4 4.05 FW - Local Kernel Loader
Sony Playstation 4 (PS4) 4.05 - Jailbreak (WebKit / 'namedobj ' Kernel Loader)

Sony Playstation 4 4.55 FW - Local Kernel
Sony Playstation 4 (PS4) 4.07 < 4.55 - 'bpf' Local Kernel Code Execution (PoC)
Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC)
Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC)
Sony Playstation 3 (PS3) < 2.50 - WebKit Code Execution (PoC)
WebKitGTK 2.1.2  (Ubuntu 14.04) - Heap based Buffer Overflow
Linux Kernel - 'BadIRET' Local Privilege Escalation
Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader
Nintendo Switch - WebKit Code Execution (PoC)

Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak
Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation / Jailbreak

Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55)

EPIC MyChart - SQL Injection
EPIC MyChart - X-Path Injection

Routers2 2.24 - Cross-Site Scripting
 2018-03-01 05:01:48 +00:00
Offensive Security
995a8906f1 DB: 2018-01-22 
27 changes to exploits/shellcodes

Oracle JDeveloper 11.1.x/12.x - Directory Traversal
Shopware 5.2.5/5.3 - Cross-Site Scripting
CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities
PHPFreeChat 1.7 - Denial of Service
OTRS 5.0.x/6.0.x - Remote Command Execution

DarkComet (C2 Server) - File Upload

BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)

FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode
HP-UX - execve(/bin/sh) Shellcode (58 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode
HP-UX - execve(/bin/sh) Shellcode (58 bytes)

Linux/x86 - execve(/bin/sh)  + Re-Use Of Strings In .rodata Shellcode (16 bytes)
Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes)

Windows/x86 (XP SP2)  (French) - cmd.exe Shellcode (32 bytes)
Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes)
Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes)
Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes)
Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode
Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + Alphanumeric Shellcode (67 bytes)
Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + ASCII Printable Shellcode (49 bytes)
Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode
Windows  (9x/NT/2000/XP) - PEB method Shellcode (29 bytes)
Windows  (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)
Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes)
Windows (9x/NT/2000/XP) - PEB Method Shellcode (29 bytes)
Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)
Windows (9x/NT/2000/XP) - PEB Method Shellcode (35 bytes)

Windows/x86 (XP SP2)  (English / Arabic) - cmd.exe Shellcode (23 bytes)
Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes)
Windows  (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)
Windows  (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes)
Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)
Windows  (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)

Windows/x86 (XP SP2)  (French) - calc Shellcode (19 bytes)
Windows/x86 (XP SP2) (French) - calc.exe Shellcode (19 bytes)

Windows/x86 (XP SP3)  (English) - cmd.exe Shellcode (26 bytes)
Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes)

Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes)

Windows/x86 (XP SP3)  (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows/x86 (XP SP3) (Russia) - WinExec(cmd.exe) + ExitProcess Shellcode (12 bytes)

Linux/x86 - chmod 0777 /etc/shadow +  sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes)

Windows/x86-64 (7) - cmd Shellcode (61 bytes)
Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes)

Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)
Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes)

Windows/ARM  (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode
Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode
Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
Windows/x86 (XP Professional SP3) (English) - Add Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows/x86 - Add Administrator User (secuid0/m0nk) Shellcode (326 bytes)

Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)
Windows - Add Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)

Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode
Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode
Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)

BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)

Linux/x86 - Reverse TCP (127.1.1.1:10)  Xterm Shell Shellcode (68 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes)

Linux/x86 - execve(/bin/sh_ -c_ ping localhost)  Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh_ -c_ ping localhost) Shellcode (55 bytes)

Linux/x86 - execve() Using  JMP-FSTENV Shellcode (67 bytes)
Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes)

Linux/x86 - execve() + ROT-7  Shellcode (Encoder/Decoder)  (74 bytes)
Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes)

Windows/x86 - Create Admin User (X) Shellcode (304 bytes)
Windows/x86 - Create Administrator User (X) Shellcode (304 bytes)
Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes)
Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes)
Windows/x86 (XP Professional SP2) (English) - Wordpad.exe Shellcode (15 bytes)
Windows/x86 (XP Professional SP2) - calc.exe Shellcode (57 bytes)

Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes)
Windows/x86 (XP SP3) (English) - calc.exe Shellcode (16 bytes)
Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes)
Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes)
Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes)

Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) +  Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
 2018-01-22 05:01:45 +00:00
Offensive Security
bfebc3fa5a DB: 2018-01-20 
62 changes to exploits/shellcodes

macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability'
Peercast < 0.1211 - Format String
Trillian Pro < 2.01 - Design Error
dbPowerAmp < 2.0/10.0 - Buffer Overflow
PsychoStats < 2.2.4 Beta - Cross Site Scripting

MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution
GitStack 2.3.10 - Unauthenticated Remote Code Execution
Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection	 (PoC)
Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC)
Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities
DUWare Multiple Products - Multiple Vulnerabilities
AutoRank PHP < 2.0.4 - SQL Injection (PoC)
ASPapp Multiple Products - Multiple Vulnerabilities
osCommerce < 2.2-MS2 - Multiple Vulnerabilities
PostNuke < 0.726 Phoenix - Multiple Vulnerabilities
MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities
phpGedView < 2.65 beta 5 - Multiple Vulnerabilities
phpShop < 0.6.1-b - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 1.3 - SQL Injection
phpBB < 2.0.6d - Cross Site Scripting
Phorum < 5.0.3 Beta - Cross Site Scripting
vBulletin < 3.0.0 RC4 - Cross Site Scripting
Mambo < 4.5 - Multiple Vulnerabilities
phpBB < 2.0.7a - Multiple Vulnerabilities
Invision Power Top Site List < 1.1 RC 2 - SQL Injection
Invision Gallery < 1.0.1 - SQL Injection
PhotoPost < 4.6 - Multiple Vulnerabilities
TikiWiki < 1.8.1 - Multiple Vulnerabilities
phpBugTracker < 0.9.1 - Multiple Vulnerabilities
OpenBB < 1.0.6 - Multiple Vulnerabilities
PHPX < 3.26 - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 1.3.1 - Design Error
HelpCenter Live! < 1.2.7 - Multiple Vulnerabilities
LiveWorld Multiple Products - Cross Site Scripting
WHM.AutoPilot < 2.4.6.5 - Multiple Vulnerabilities
PHP-Calendar < 0.10.1 - Arbitrary File Inclusion
PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities
ReviewPost < 2.84 - Multiple Vulnerabilities
PhotoPost < 4.85 - Multiple Vulnerabilities
AZBB < 1.0.07d - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities
Burning Board < 2.3.1 - SQL Injection
XOOPS < 2.0.11 - Multiple Vulnerabilities
PEAR XML_RPC < 1.3.0 - Remote Code Execution
PHPXMLRPC < 1.1 - Remote Code Execution
SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
XPCOM - Race Condition
ADOdb < 4.71 - Cross Site Scripting
Geeklog < 1.4.0 - Multiple Vulnerabilities
PEAR LiveUser < 0.16.8 - Arbitrary File Access
Mambo < 4.5.3h - Multiple Vulnerabilities
phpRPC < 0.7 - Remote Code Execution
Gallery 2 < 2.0.2 - Multiple Vulnerabilities
PHPLib < 7.4 - SQL Injection
SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite
CubeCart < 3.0.12 - Multiple Vulnerabilities
Claroline < 1.7.7 - Arbitrary File Inclusion
X-Cart < 4.1.3 - Arbitrary Variable Overwrite
Mambo < 4.5.4 - SQL Injection
Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities
D-Link DNS-343 ShareCenter < 1.05 - Command Injection
D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)
 2018-01-20 05:01:49 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00