exploit-db-mirror

Author	SHA1	Message	Date
Exploit-DB	5c0c152cec	DB: 2024-02-14 6 changes to exploits/shellcodes/ghdb VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service Splunk 9.0.4 - Information Disclosure Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure	2024-02-14 00:16:18 +00:00
Exploit-DB	0a7adaa3fc	DB: 2023-05-24 40 changes to exploits/shellcodes/ghdb Optoma 1080PSTX Firmware C02 - Authentication Bypass Screen SFT DAB 600/C - Authentication Bypass Account Creation Screen SFT DAB 600/C - Authentication Bypass Admin Password Change Screen SFT DAB 600/C - Authentication Bypass Erase Account Screen SFT DAB 600/C - Authentication Bypass Password Change Screen SFT DAB 600/C - Authentication Bypass Reset Board Config Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx) PnPSCADA v2.x - Unauthenticated PostgreSQL Injection Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution Yank Note v3.52.1 (Electron) - Arbitrary Code Execution Apache Superset 2.0.0 - Authentication Bypass FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting) PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE) Affiliate Me Version 5.0.1 - SQL Injection Best POS Management System v1.0 - Unauthenticated Remote Code Execution Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated) ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated) CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting) e107 v2.3.2 - Reflected XSS File Thingie 2.5.7 - Remote Code Execution (RCE) GetSimple CMS v3.3.16 - Remote Code Execution (RCE) LeadPro CRM v1.0 - SQL Injection PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS) Prestashop 8.0.4 - CSV injection Quicklancer v1.0 - SQL Injection SitemagicCMS 4.4.3 - Remote Code Execution (RCE) Smart School v1.0 - SQL Injection Stackposts Social Marketing Tool v1.0 - SQL Injection thrsrossi Millhouse-Project 1.414 - Remote Code Execution TinyWebGallery v2.5 - Remote Code Execution (RCE) WBiz Desk 1.2 - SQL Injection Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS) WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking MobileTrans 4.0.11 - Weak Service Privilege Escalation Trend Micro OfficeScan Client 10.0 - ACL Service LPE eScan Management Console 14.0.1400.2281 - Cross Site Scripting eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)	2023-05-24 00:16:34 +00:00
Exploit-DB	3de26153c8	DB: 2023-04-02 23 changes to exploits/shellcodes/ghdb ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS) Hughes Satellite Router HX200 v8.3.1.14 - Remote File Inclusion Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated) TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated) GeoVision Camera GV-ADR2701 - Authentication Bypass AD Manager Plus 7122 - Remote Code Execution (RCE) Enlightenment v0.25.3 - Privilege escalation Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE) Apache 2.4.x - Buffer Overflow perfSONAR v4.4.5 - Partial Blind CSRF SugarCRM 12.2.0 - Remote Code Execution (RCE) XCMS v1.83 - Remote Command Execution (RCE) Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS) GitLab v15.3 - Remote Code Execution (RCE) (Authenticated) AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS) NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Splashtop 8.71.12001.0 - Unquoted Service Path Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS) FlipRotation v1.0 decoder - Shellcode (146 bytes) Linux/x86 - Polymorphic linux x86 Shellcode (92 Bytes) macOS/x64 - Execve Caesar Cipher String Null-Free Shellcode	2023-04-02 00:16:21 +00:00
Offensive Security	d63de06c7a	DB: 2022-11-10 2776 changes to exploits/shellcodes/ghdb	2022-11-10 16:39:50 +00:00
Offensive Security	6a94460ed6	DB: 2022-01-11 8 changes to exploits/shellcodes VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass) CoreFTP Server build 725 - Directory Traversal (Authenticated) HTTP Commander 3.1.9 - Stored Cross Site Scripting (XSS) Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated) Online Railway Reservation System 1.0 - Remote Code Execution (RCE) (Unauthenticated) Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated) Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated) Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)	2022-01-11 05:01:55 +00:00
Offensive Security	27af25c8c3	DB: 2021-11-02 19 changes to exploits/shellcodes jQuery UI 1.12.1 - Denial of Service (DoS) Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC) Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3) Microsoft Exchange 2019 - Server-Side Request Forgery KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated) WordPress Plugin SuperForms 4.9 - Arbitrary File Upload Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated) Web Based Quiz System 1.0 - 'MCQ options' Persistent Cross-Site Scripting Online Ordering System 1.0 - Arbitrary File Upload Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated) CouchCMS 2.2.1 - Persistent Cross-Site Scripting Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC) MagpieRSS 0.72 - 'url' Command Injection CouchCMS 2.2.1 - Server-Side Request Forgery GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting Montiorr 1.7.6m - Persistent Cross-Site Scripting	2021-11-02 05:02:13 +00:00
Offensive Security	f33a724e0b	DB: 2021-10-29 58 changes to exploits/shellcodes Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial of Service (PoC) Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) ProFTPD 1.3.7a - Remote Denial of Service glFTPd 2.11a - Remote Denial of Service Hasura GraphQL 1.3.3 - Denial of Service Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) NBMonitor 1.6.8 - Denial of Service (PoC) Nsauditor 3.2.3 - Denial of Service (PoC) Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC) Post-it 5.0.1 - Denial of Service (PoC) Notex the best notes 6.4 - Denial of Service (PoC) SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service (PoC) Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial of Service (PoC) GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC) GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC) GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC) Backup Key Recovery 2.2.7 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path Cyberfox Web Browser 52.9.1 - Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access vsftpd 3.0.3 - Remote Denial of Service Dlink DSL2750U - 'Reboot' Command Injection PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) Netsia SEBA+ 0.16.1 - Add Root User (Metasploit) Arteco Web Client DVR/NVR - 'SessionId' Brute Force Resumes Management and Job Application Website 1.0 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) 'customhs_js_content' - 'customhs_js_content' Cross-Site Request Forgery Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Mini Mouse 9.3.0 - Local File inclusion rconfig 3.9.6 - Arbitrary File Upload Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS) Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated) OpenEMR 5.0.1.3 - Authentication Bypass VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated) WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS) Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection Budget and Expense Tracker System 1.0 - Authenticated Bypass Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF) WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) Blood Bank System 1.0 - Authentication Bypass Lodging Reservation Management System 1.0 - Authentication Bypass Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read Linux/x64 - /sbin/halt -p Shellcode (51 bytes) Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2) Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded) Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)	2021-10-29 05:02:12 +00:00
Offensive Security	ae2adf08f1	DB: 2021-10-22 5 changes to exploits/shellcodes NIMax 5.3.1 - 'Remote VISA System' Denial of Service (PoC) NIMax 5.3.1f0 - 'VISA Alias' Denial of Service (PoC) Easy Chat Server 3.1 - Directory Traversal and Arbitrary File Read Small CRM 3.0 - 'description' Stored Cross-Site Scripting (XSS)	2021-10-22 05:02:17 +00:00
Offensive Security	1cf7d7364a	DB: 2021-10-13 176 changes to exploits/shellcodes Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC) Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC) Sandboxie 5.49.7 - Denial of Service (PoC) WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) iDailyDiary 4.30 - Denial of Service (PoC) RarmaRadio 2.72.8 - Denial of Service (PoC) DupTerminator 1.4.5639.37199 - Denial of Service (PoC) Color Notes 1.4 - Denial of Service (PoC) Macaron Notes great notebook 5.5 - Denial of Service (PoC) My Notes Safe 5.3 - Denial of Service (PoC) Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) NBMonitor 1.6.8 - Denial of Service (PoC) Nsauditor 3.2.3 - Denial of Service (PoC) Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) n+otes 1.6.2 - Denial of Service (PoC) Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC) Post-it 5.0.1 - Denial of Service (PoC) Notex the best notes 6.4 - Denial of Service (PoC) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3) MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution Visual Studio Code 1.47.1 - Denial of Service (PoC) DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE) Backup Key Recovery 2.2.7 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Dlink DSL2750U - 'Reboot' Command Injection E-Learning System 1.0 - Authentication Bypass & RCE POC Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit) ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation GetSimple CMS 3.3.16 - Reflected XSS to RCE House Rental and Property Listing 1.0 - Multiple Stored XSS Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection) EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC) Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated) Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated) CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated) WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC) Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE) Montiorr 1.7.6m - File Upload to XSS GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated) Markdown Explorer 0.1.1 - XSS to RCE Xmind 2020 - XSS to RCE Tagstoo 2.0.1 - Stored XSS to RCE SnipCommand 0.1.0 - XSS to RCE Moeditor 0.2.0 - XSS to RCE Marky 0.0.1 - XSS to RCE StudyMD 0.3.2 - XSS to RCE Freeter 1.2.1 - XSS to RCE Markright 1.0 - XSS to RCE Markdownify 1.2.0 - XSS to RCE Anote 1.0 - XSS to RCE Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated) Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated) Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) CHIYU IoT Devices - Denial of Service (DoS) Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated) WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS) Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated) Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection Dolibarr ERP/CRM 10.0.6 - Login Brute Force qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated) Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated) ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function Budget and Expense Tracker System 1.0 - Authenticated Bypass WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS) Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Phpwcms 1.9.30 - File Upload to XSS Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2) Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes) Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode	2021-10-13 05:02:15 +00:00
Offensive Security	a250e82458	DB: 2021-10-12 176 changes to exploits/shellcodes Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC) Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC) jQuery UI 1.12.1 - Denial of Service (DoS) AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC) Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) ProFTPD 1.3.7a - Remote Denial of Service glFTPd 2.11a - Remote Denial of Service Hasura GraphQL 1.3.3 - Denial of Service WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Telegram Desktop 2.9.2 - Denial of Service (PoC) SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC) GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC) GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC) Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2) Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC) Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm vsftpd 3.0.3 - Remote Denial of Service GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2) PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting Arteco Web Client DVR/NVR - 'SessionId' Brute Force Resumes Management and Job Application Website 1.0 - Multiple Stored XSS Library System 1.0 - Authentication Bypass Via SQL Injection MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated) Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Mini Mouse 9.3.0 - Local File inclusion / Path Traversal GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2) GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit) GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS) Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated) OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated) Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution (XSS/RCE) Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated) Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS) WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS) KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass Event Registration System with QR Code 1.0 - Authentication Bypass & RCE CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated) Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated) Compro Technology IP Camera - 'killps.cgi' Denial-of-Service (DoS) OpenSIS 8.0 'modname' - Directory/Path Traversal Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF) Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation PlaceOS 1.2109.1 - Open Redirection Blood Bank System 1.0 - SQL Injection / Authentication Bypass Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes) Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes) Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes) Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes) Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes) Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes) Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes) Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes) Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes) Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded) Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes) Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)	2021-10-12 05:02:16 +00:00
Offensive Security	c9a65a1f7b	DB: 2021-09-03 52 changes to exploits/shellcodes	2021-09-03 21:04:54 +00:00
Offensive Security	b4c96a5864	DB: 2021-09-03 28807 changes to exploits/shellcodes	2021-09-03 20:19:21 +00:00
Offensive Security	36c084c351	DB: 2021-09-03 45419 changes to exploits/shellcodes 2 new exploits/shellcodes Too many to list!	2021-09-03 13:39:06 +00:00
Offensive Security	4e7ab00187	DB: 2021-08-20 204 changes to exploits/shellcodes Charity Management System CMS 1.0 - Multiple Vulnerabilities	2021-08-20 05:01:51 +00:00
Offensive Security	8251bd238f	DB: 2021-08-14 9 changes to exploits/shellcodes ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path 4images 1.8 - 'limitnumber' SQL Injection (Authenticated) easy-mock 1.6.0 - Remote Code Execution (RCE) (Authenticated) Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS) Police Crime Record Management System 1.0 - 'casedetails' SQL Injection Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS Simple Image Gallery System 1.0 - 'id' SQL Injection RATES SYSTEM 1.0 - Authentication Bypass	2021-08-14 05:01:54 +00:00
Offensive Security	e7fc5a3e03	DB: 2021-07-29 3 changes to exploits/shellcodes Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution (RCE) PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection Event Registration System with QR Code 1.0 - Authentication Bypass & RCE TripSpark VEO Transportation - Blind SQL Injection	2021-07-29 05:01:55 +00:00
Offensive Security	90ccc5e194	DB: 2021-07-27 4 changes to exploits/shellcodes Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC) Elasticsearch ECE 7.13.3 - Anonymous Database Dump NoteBurner 2.35 - Denial Of Service (DoS) (PoC) XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion (Authenticated)	2021-07-27 05:01:56 +00:00
Offensive Security	680a0b6cea	DB: 2021-06-12 12 changes to exploits/shellcodes WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated) Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS) Cerberus FTP Web Service 11 - 'svg' Stored Cross-Site Scripting (XSS) Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery (SSRF) OpenEMR 5.0.0 - Remote Code Execution (Authenticated) WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Grocery crud 1.6.4 - 'order_by' SQL Injection Solar-Log 500 2.8.2 - Incorrect Access Control Solar-Log 500 2.8.2 - Unprotected Storage of Credentials Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated) WoWonder Social Network Platform 3.1 - Authentication Bypass	2021-06-12 05:01:55 +00:00
Offensive Security	fae217f419	DB: 2021-05-22 6 changes to exploits/shellcodes Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE) Solaris SunSSH 11.0 x86 - libpam Remote Root (2) Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS) WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated) Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)	2021-05-22 05:01:54 +00:00
Offensive Security	c2ae9df113	DB: 2021-05-19 2 changes to exploits/shellcodes EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection Microsoft Exchange 2019 - Unauthenticated Email Download	2021-05-19 05:01:55 +00:00
Offensive Security	17684f6fe1	DB: 2021-04-08 5 changes to exploits/shellcodes Google Chrome 86.0.4240 V8 - Remote Code Execution Google Chrome 81.0.4044 V8 - Remote Code Execution Google Chrome 86.0.4240 V8 - Remote Code Execution Google Chrome 81.0.4044 V8 - Remote Code Execution Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS Composr CMS 10.0.36 - Cross Site Scripting Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read	2021-04-08 05:02:19 +00:00
Offensive Security	f857f1dbab	DB: 2021-04-06 6 changes to exploits/shellcodes Rockstar Service - Insecure File Permissions Simple Food Website 1.0 - Authentication Bypass Basic Shopping Cart 1.0 - Authentication Bypass OpenEMR 4.1.0 - 'u' SQL Injection Mini Mouse 9.2.0 - Remote Code Execution Mini Mouse 9.2.0 - Path Traversal	2021-04-06 05:02:04 +00:00
Offensive Security	356d0ac56b	DB: 2021-04-02 5 changes to exploits/shellcodes Latrix 0.6.0 - 'txtaccesscode' SQL Injection ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1) phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated) ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)	2021-04-02 05:01:54 +00:00
Offensive Security	e6cd1b38eb	DB: 2021-03-30 9 changes to exploits/shellcodes Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption vsftpd 3.0.3 - Remote Denial of Service WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated) TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated) Concrete5 8.5.4 - 'name' Stored XSS Equipment Inventory System 1.0 - 'multiple' Stored XSS Budget Management System 1.0 - 'Budget title' Stored XSS Novel Boutique House-plus 3.5.1 - Arbitrary File Download SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow	2021-03-30 05:01:56 +00:00
Offensive Security	edafbb9119	DB: 2021-03-13 4 changes to exploits/shellcodes Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)	2021-03-13 05:01:58 +00:00
Offensive Security	84533192ae	DB: 2021-02-09 19 changes to exploits/shellcodes SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution SmartFoxServer 2X 2.17.0 - Credentials Disclosure Millewin 13.39.146.1 - Local Privilege Escalation AMD Fuel Service - 'Fuel.service' Unquote Service Path Microsoft Internet Explorer 11 32-bit - Use-After-Free SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS Jenzabar 9.2.2 - 'query' Reflected XSS. WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS) Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS) WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion	2021-02-09 05:01:57 +00:00
Offensive Security	8e0113decc	DB: 2021-01-05 12 changes to exploits/shellcodes Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path Knockpy 4.1.1 - CSV Injection Wordpress Core 5.2.2 - 'post previews' XSS 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Advanced Comment System 1.0 - 'ACS_path' Path Traversal sar2html 3.2.1 - 'plot' Remote Code Execution CMS Made Simple 2.2.15 - RCE (Authenticated) Subrion CMS 4.2.1 - 'avatar[path]' XSS Click2Magic 1.1.5 - Stored Cross-Site Scripting Arteco Web Client DVR/NVR - 'SessionId' Brute Force	2021-01-05 05:02:00 +00:00
Offensive Security	cd30696d15	DB: 2020-12-22 15 changes to exploits/shellcodes Queue Management System 4.0.0 - _Add User_ Stored XSS Spotweb 1.4.9 - 'search' SQL Injection Academy-LMS 4.3 - Stored XSS Spiceworks 7.5 - HTTP Header Injection Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload SCO Openserver 5.0.7 - 'section' Reflected XSS SCO Openserver 5.0.7 - 'outputform' Command Injection Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS Point of Sale System 1.0 - Multiple Stored XSS Online Marriage Registration System 1.0 - 'searchdata' SQL Injection Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC) Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)	2020-12-22 05:01:58 +00:00
Offensive Security	cb83a6e2dd	DB: 2020-12-19 17 changes to exploits/shellcodes docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC) FRITZ!Box 7.20 - DNS Rebinding Protection Bypass SyncBreeze 10.0.28 - 'login' Denial of Service (Poc) Xeroneit Library Management System 3.1 - _Add Book Category _ Stored XSS Point of Sale System 1.0 - Authentication Bypass Alumni Management System 1.0 - Unrestricted File Upload To RCE Alumni Management System 1.0 - _Course Form_ Stored XSS Alumni Management System 1.0 - 'id' SQL Injection Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit) Smart Hospital 3.1 - _Add Patient_ Stored XSS Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)	2020-12-19 05:01:57 +00:00
Offensive Security	0ffa4d35c4	DB: 2020-12-03 32 changes to exploits/shellcodes aSc TimeTables 2021.6.2 - Denial of Service (PoC) IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path Microsoft Windows - Win32k Elevation of Privilege Ksix Zigbee Devices - Playback Protection Bypass (PoC) Mitel mitel-cs018 - Call Data Information Disclosure Expense Management System - 'description' Stored Cross Site Scripting ILIAS Learning Management System 4.3 - SSRF Pharmacy Store Management System 1.0 - 'id' SQL Injection Under Construction Page with CPanel 1.0 - SQL injection EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF Student Result Management System 1.0 - Authentication Bypass SQL Injection EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution WonderCMS 3.1.3 - Authenticated Remote Code Execution PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting NewsLister - Authenticated Persistent Cross-Site Scripting Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile DotCMS 20.11 - Stored Cross-Site Scripting WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass ChurchCRM 4.2.0 - CSV/Formula Injection ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS) Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover Simple College Website 1.0 - 'page' Local File Inclusion Car Rental Management System 1.0 - SQL Injection / Local File include WordPress Plugin Wp-FileManager 6.8 - RCE	2020-12-03 05:01:56 +00:00
Offensive Security	216721f32c	DB: 2020-12-01 4 changes to exploits/shellcodes YATinyWinFTP - Denial of Service (PoC) ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure Rejetto HttpFileServer 2.3.x - Remote Command Execution (3) Intelbras Router RF 301K 1.1.2 - Authentication Bypass	2020-12-01 05:01:56 +00:00
Offensive Security	ce8af77d3e	DB: 2020-11-26 4 changes to exploits/shellcodes Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow	2020-11-26 05:01:56 +00:00
Offensive Security	ccea007282	DB: 2020-05-01 81 changes to exploits/shellcodes WordPress 2.9 - Denial of Service WordPress Core 2.9 - Denial of Service Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC) Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC) IBM AIX 4.3.1 - 'adb' Denial of Service Jzip - Buffer Overflow (PoC) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) WordPress 4.0 - Denial of Service WordPress < 4.0.1 - Denial of Service WordPress Core 4.0 - Denial of Service WordPress Core < 4.0.1 - Denial of Service Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service PHPFreeChat 1.7 - Denial of Service XenForo 2 - CSS Loader Denial of Service MikroTik 6.41.4 - FTP daemon Denial of Service (PoC) Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Virgin Media Hub 3.0 Router - Denial of Service (PoC) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC) Windows PowerShell - Unsanitized Filename Command Execution Microsoft Windows PowerShell - Unsanitized Filename Command Execution QEMU - Denial of Service Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Tautulli 2.1.9 - Denial of Service (Metasploit) Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Cisco IP Phone 11.7 - Denial of service (PoC) PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass IBM AIX 4.3.1 - 'adb' Denial of Service Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC) AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Windows NTFS - Privileged File Access Enumeration Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) Microsoft Windows NTFS - Privileged File Access Enumeration Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit) Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit) Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) _GCafé 3.0 - 'gbClienService' Unquoted Service Path _GCafé 3.0 - 'gbClienService' Unquoted Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Bash 5.0 Patch 11 - SUID Priv Drop Exploit Bash 5.0 Patch 11 - SUID Priv Drop Exploit Windows - Shell COM Server Registrar Local Privilege Escalation Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation Windows Kernel - Information Disclosure Microsoft Windows Kernel - Information Disclosure NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress 5.0.0 - Crop-image Shell Upload (Metasploit) WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) Windows PowerShell ISE - Remote Code Execution Microsoft Windows PowerShell ISE - Remote Code Execution QEMU - Denial of Service Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) WordPress 1.2 - HTTP Splitting WordPress Core 1.2 - HTTP Splitting WordPress 1.5.1.1 - SQL Injection WordPress Core 1.5.1.1 - SQL Injection WordPress 1.5.1.1 - 'add new admin' SQL Injection WordPress Core 1.5.1.1 - 'add new admin' SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress 1.5.1.3 - Remote Code Execution WordPress 1.5.1.3 - Remote Code Execution (Metasploit) WordPress Core 1.5.1.3 - Remote Code Execution WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit) WordPress 2.0.5 - Trackback UTF-7 SQL Injection WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection WordPress 2.0.6 - 'wp-trackback.php' SQL Injection WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection WordPress 2.1.2 - 'xmlrpc' SQL Injection WordPress Core 2.1.2 - 'xmlrpc' SQL Injection WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress 2.2 - 'xmlrpc.php' SQL Injection WordPress Core 2.2 - 'xmlrpc.php' SQL Injection WordPress 2.2 - 'wp-app.php' Arbitrary File Upload WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress 2.3.1 - Charset SQL Injection WordPress Core 2.3.1 - Charset SQL Injection Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection WordPress 2.6.1 - SQL Column Truncation WordPress Core 2.6.1 - SQL Column Truncation WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress 2.8.1 - 'url' Cross-Site Scripting WordPress Core 2.8.1 - 'url' Cross-Site Scripting WordPress 2.8.3 - Remote Admin Reset Password WordPress Core 2.8.3 - Remote Admin Reset Password WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress 2.9 - Failure to Restrict URL Access WordPress Core 2.9 - Failure to Restrict URL Access Joomla! Component Joomla Flickr 1.0 - Local File Inclusion Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion WordPress 3.0.1 - 'do_trackbacks()' SQL Injection WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress 3.1.3 - SQL Injection WordPress Core 3.1.3 - SQL Injection WordPress 3.3.1 - Multiple Vulnerabilities WordPress Core 3.3.1 - Multiple Vulnerabilities WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress 1.2 - 'edit.php?s' Cross-Site Scripting WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'wp-login.php' HTTP Response Splitting WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress 1.5 - 'post.php' Cross-Site Scripting WordPress Core 1.5 - 'post.php' Cross-Site Scripting WordPress 2.0 - Comment Post HTML Injection WordPress Core 2.0 - Comment Post HTML Injection WordPress 2.0.5 - 'functions.php' Remote File Inclusion WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion WordPress 1.x/2.0.x - 'template.php' HTML Injection WordPress Core 1.x/2.0.x - 'template.php' HTML Injection WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress 2.1.1 - 'post.php' Cross-Site Scripting WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress 2.1.1 - Arbitrary Command Execution WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress Core 2.1.1 - Arbitrary Command Execution WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress 2.2 - 'Request_URI' Cross-Site Scripting WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress 2.3.1 - Unauthorized Post Access WordPress Core 2.3.1 - Unauthorized Post Access WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress 2.3.3 - 'cat' Directory Traversal WordPress Core 2.3.3 - 'cat' Directory Traversal WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 4.2 - Persistent Cross-Site Scripting WordPress Core 4.2 - Persistent Cross-Site Scripting WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress 3.4.2 - Cross-Site Request Forgery WordPress Core 3.4.2 - Cross-Site Request Forgery Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress 4.5.3 - Directory Traversal / Denial of Service WordPress Core 4.5.3 - Directory Traversal / Denial of Service PHPFreeChat 1.7 - Denial of Service WordPress 4.7.0/4.7.1 - Content Injection (Python) WordPress 4.7.0/4.7.1 - Content Injection (Ruby) WordPress Core 4.7.0/4.7.1 - Content Injection (Python) WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby) WordPress < 4.7.1 - Username Enumeration WordPress Core < 4.7.1 - Username Enumeration WordPress Multiple Plugins - Arbitrary File Upload Multiple WordPress Plugins - Arbitrary File Upload Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection WordPress 4.6 - Remote Code Execution WordPress < 4.7.4 - Unauthorized Password Reset WordPress Core 4.6 - Remote Code Execution WordPress Core < 4.7.4 - Unauthorized Password Reset XenForo 2 - CSS Loader Denial of Service Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion WordPress Plugin Site Editor 1.1.1 - Local File Inclusion Joomla Component Fields - SQLi Remote Code Execution (Metasploit) Joomla! Component Fields - SQLi Remote Code Execution (Metasploit) Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection) MikroTik 6.41.4 - FTP daemon Denial of Service PoC Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Joomla Component Ek Rishta 2.10 - SQL Injection Joomla! Component Ek Rishta 2.10 - SQL Injection Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection WordPress Plugin Ninja Forms 3.3.13 - CSV Injection Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Virgin Media Hub 3.0 Router - Denial of Service (PoC) Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress CherryFramework Themes 3.1.4 - Backup File Download WordPress Theme CherryFramework 3.1.4 - Backup File Download WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing Jenkins 2.150.2 - Remote Command Execution (Metasploit) Jenkins 2.150.2 - Remote Command Execution (Metasploit) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) phpBB 3.2.3 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution 60CycleCMS - 'news.php' SQL Injection 60CycleCMS - 'news.php' SQL Injection Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Intelbras IWR 3000N - Denial of Service (Remote Reboot) Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting Centreon 19.04 - Remote Code Execution Centreon 19.04 - Remote Code Execution WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress 5.2.3 - Cross-Site Host Modification WordPress Core 5.2.3 - Cross-Site Host Modification Joomla 3.4.6 - 'configuration.php' Remote Code Execution Joomla! 3.4.6 - 'configuration.php' Remote Code Execution WordPress Arforms 3.7.1 - Directory Traversal WordPress Plugin Arforms 3.7.1 - Directory Traversal WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution Joomla 3.9.13 - 'Host' Header Injection Joomla! 3.9.13 - 'Host' Header Injection Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) NopCommerce 4.2.0 - Privilege Escalation NopCommerce 4.2.0 - Privilege Escalation WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal ( Metasploit ) Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal (Metasploit) Tautulli 2.1.9 - Denial of Service ( Metasploit ) Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit) WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit) Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Cacti 1.2.8 - Authenticated Remote Code Execution Cacti 1.2.8 - Authenticated Remote Code Execution Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) Wordpress Plugin Search Meter 2.13.2 - CSV injection WordPress Plugin Search Meter 2.13.2 - CSV injection Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Cisco IP Phone 11.7 - Denial of service (PoC) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes)	2020-05-01 05:02:03 +00:00
Offensive Security	3b5a0d91fe	DB: 2020-01-30 9 changes to exploits/shellcodes XMLBlueprint 16.191112 - XML External Entity Injection Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Kibana 6.6.1 - CSV Injection Liferay CE Portal 6.0.2 - Remote Command Execution Cups Easy 1.0 - Cross Site Request Forgery (Password Reset) Satellian 1.12 - Remote Code Execution Centreon 19.10.5 - 'Pollers' Remote Command Execution Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting	2020-01-30 05:02:05 +00:00
Offensive Security	cd36764b57	DB: 2019-12-31 28 changes to exploits/shellcodes OpenBSD - Dynamic Loader chpass Privilege Escalation (Metasploit) Reptile Rootkit - reptile_cmd Privilege Escalation (Metasploit) Microsoft UPnP - Local Privilege Elevation (Metasploit) AVS Audio Converter 9.1.2.600 - Stack Overflow (PoC) FTP Navigator 8.03 - Stack Overflow (SEH) Wing FTP Server 6.0.7 - Unquoted Service Path Domain Quester Pro 6.02 - Stack Overflow (SEH) FreeBSD-SA-19:02.fd - Privilege Escalation FreeBSD-SA-19:15.mqueuefs - Privilege Escalation HomeAutomation 3.3.2 - Persistent Cross-Site Scripting HomeAutomation 3.3.2 - Authentication Bypass HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin) HomeAutomation 3.3.2 - Remote Code Execution elearning-script 1.0 - Authentication Bypass XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin) Thrive Smart Home 1.1 - Authentication Bypass XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin) XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin) WEMS BEMS 21.3.1 - Undocumented Backdoor Account AVE DOMINAplus 1.10.x - Credential Disclosure AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enable/disable alarm) AVE DOMINAplus 1.10.x - Authentication Bypass Heatmiser Netmonitor 3.03 - Hardcoded Credentials MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure RICOH SP 4510SF Printer - HTML Injection RICOH Web Image Monitor 1.09 - HTML Injection Heatmiser Netmonitor 3.03 - HTML Injection	2019-12-31 05:02:03 +00:00
Offensive Security	b7471ba451	DB: 2019-12-19 9 changes to exploits/shellcodes XnView 2.49.1 - 'Research' Denial of Service (PoC) macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event() AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow OpenMRS - Java Deserialization RCE (Metasploit) Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown) Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin) Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting Telerik UI - Remote Code Execution via Insecure Deserialization	2019-12-19 05:01:59 +00:00
Offensive Security	efa6ef060e	DB: 2019-12-06 5 changes to exploits/shellcodes NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path Amiti Antivirus 25.0.640 - Unquoted Service Path SSDWLAB 6.1 - Authentication Bypass Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution	2019-12-06 05:02:01 +00:00
Offensive Security	6adaedca69	DB: 2019-08-27 6 changes to exploits/shellcodes Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit) LSoft ListServ < 16.5-2018a - Cross-Site Scripting WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery	2019-08-27 05:02:18 +00:00
Offensive Security	7e6884af13	DB: 2019-08-15 12 changes to exploits/shellcodes Windows PowerShell - Unsanitized Filename Command Execution ABC2MTEX 1.6.1 - Command Line Stack Overflow Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion Agent Tesla Botnet - Arbitrary Code Execution (Metasploit) Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell SugarCRM Enterprise 9.0.0 - Cross-Site Scripting Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection D-Link DIR-600M - Authentication Bypass (Metasploit) WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery TortoiseSVN 1.12.1 - Remote Code Execution ManageEngine opManager 12.3.150 - Authenticated Code Execution	2019-08-15 05:02:48 +00:00
Offensive Security	f3c28b3d62	DB: 2019-05-01 23 changes to exploits/shellcodes SpotAuditor 3.6.7 - Denial of Service (PoC) SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC) SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC) Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter) IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter) DeviceViewer 3.12.0.1 - 'user' SEH Overflow Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit) AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit) Pimcore < 5.71 - Unserialize RCE (Metasploit) Netgear DGN2200 / DGND3700 - Admin Password Disclosure Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Joomla! Component ARI Quiz 3.7.4 - SQL Injection Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery HumHub 1.3.12 - Cross-Site Scripting Spring Cloud Config 2.1.x - Path Traversal (Metasploit) Domoticz 4.10577 - Unauthenticated Remote Command Execution Joomla! Component JiFile 2.3.1 - Arbitrary File Download Hyvikk Fleet Manager - Shell Upload Agent Tesla Botnet - Information Disclosure Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution	2019-05-01 05:02:01 +00:00
Offensive Security	aaf10d8566	DB: 2019-04-20 4 changes to exploits/shellcodes SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit) Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit) Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection	2019-04-20 05:01:59 +00:00
Offensive Security	285aecc39e	DB: 2019-04-12 2 changes to exploits/shellcodes Manage Engine ServiceDesk Plus 9.3 - Privilege Escalation	2019-04-12 05:02:00 +00:00
Offensive Security	d1b8d5e115	DB: 2019-04-06 4 changes to exploits/shellcodes AIDA64 Extreme 5.99.4900 - 'Logging' SEH Buffer Overflow WordPress 5.0.0 - Crop-image Shell Upload (Metasploit) Manage Engine ServiceDesk Plus 9.3 - Privilege Escalation WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery	2019-04-06 05:02:01 +00:00
Offensive Security	e4e3f1c741	DB: 2019-03-29 15 changes to exploits/shellcodes Microsoft Visio 2016 16.0.4738.1000 - 'Log in accounts' Denial of Service gnutls 3.6.6 - 'verify_crt()' Use-After-Free Microsoft Windows Task Scheduler (Windows XP/2000) - '.job' (MS04-022) Microsoft Windows Task Scheduler (XP/2000) - '.job' (MS04-022) Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (1) Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (2) Multiple Vendor BIOS - Keyboard Buffer Password Persistence (1) Multiple Vendor BIOS - Keyboard Buffer Password Persistence (2) NXP Semiconductors MIFARE Classic Smartcard - Multiple Security Weaknesses NXP Semiconductors MIFARE Classic Smartcard - Multiple Vulnerabilities Accellion Secure File Transfer Appliance - Multiple Command Restriction Weakness Privilege Escalations Accellion Secure File Transfer Appliance - Multiple Command Restriction / Privilege Escalations EncFS 1.6.0 - Flawed CBC/CFB Cryptography Implementation Weaknesses EncFS 1.6.0 - Flawed CBC/CFB Cryptography Implementation PonyOS 3.0 - VFS Permissions PonyOS 3.0 - ELF Loader Privilege Escalation PonyOS 3.0 - TTY 'ioctl()' Kernel Local Privilege Escalation Linux Kernel (PonyOS 3.0) - VFS Permissions Local Privilege Escalation Linux Kernel (PonyOS 3.0) - ELF Loader Local Privilege Escalation Linux Kernel (PonyOS 3.0) - TTY 'ioctl()' Local Privilege Escalation PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Kernel Privilege Escalation Linux Kernel (PonyOS 4.0) - 'fluttershy' LD_LIBRARY_PATH Local Privilege Escalation Microsoft Windows Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017) Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039) Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS17-017) Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS16-039) Microsoft Windows MSHTML Engine - _Edit_ Remote Code Execution Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter) Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Linux Kernel 2.2 - TCP/IP Spoof IP Microsoft Windows Media Encoder (Windows XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) Microsoft Windows Media Encoder (XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass Weakness (1) Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass Weakness (2) Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (1) Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (2) Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation Weakness (1) Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation Weakness (2) Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation (1) Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation (2) PHP 5.2.6 - 'create_function()' Code Injection Weakness (2) PHP 5.2.6 - 'create_function()' Code Injection Weakness (1) PHP 5.2.6 - 'create_function()' Code Injection (2) PHP 5.2.6 - 'create_function()' Code Injection (1) GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness (1) GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness (2) GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy (1) GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy (2) WebKit - Insufficient Entropy Random Number Generator Weakness (1) WebKit - Insufficient Entropy Random Number Generator Weakness (2) WebKit - Insufficient Entropy Random Number Generator (1) WebKit - Insufficient Entropy Random Number Generator (2) SonicWALL - SessId Cookie Brute Force Weakness Admin Session Hijacking SonicWALL - 'SessId' Cookie Brute Force / Admin Session Hijacking Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit) elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit) Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit) Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit) CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit) Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit) Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure Weakness (1) Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure Weakness (2) Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (1) Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (2) LemonLDAP:NG 0.9.3.1 - User Enumeration Weakness / Cross-Site Scripting LemonLDAP:NG 0.9.3.1 - User Enumeration / Cross-Site Scripting Novell Teaming 1.0 - User Enumeration Weakness / Multiple Cross-Site Scripting Vulnerabilities Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities MotoCMS - admin/data/users.xml Access Restriction Weakness Information Disclosure MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure Coppermine Gallery < 1.5.44 - Directory Traversal Weaknesses Coppermine Gallery < 1.5.44 - Directory Traversal Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change Tenda W308R v2 Wireless Router 5.07.48 - (Cookie Session) Remote DNS Change Cobub Razor 0.8.0 - Physical path Leakage Cobub Razor 0.8.0 - Physical Path Leakage Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion Airbnb Clone Script - Multiple SQL Injection Fat Free CRM 0.19.0 - HTML Injection WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion i-doit 1.12 - 'qr.php' Cross-Site Scripting Job Portal 3.1 - 'job_submit' SQL Injection BigTree 4.3.4 CMS - Multiple SQL Injection Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection	2019-03-29 05:01:59 +00:00
Offensive Security	c09f5132f7	DB: 2019-03-27 9 changes to exploits/shellcodes Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC) Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting XooGallery - Multiple SQL Injection XooDigital - 'p' SQL Injection Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion SJS Simple Job Script - SQL Injection / Cross-Site Scripting	2019-03-27 05:01:59 +00:00
Offensive Security	ce1901fc4f	DB: 2019-03-12 10 changes to exploits/shellcodes Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC) NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode) Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit) OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit) PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes) Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)	2019-03-12 05:01:58 +00:00
Offensive Security	790ba4b35e	DB: 2019-03-09 5 changes to exploits/shellcodes Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) phpBB 3.2.3 - Remote Code Execution OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting McAfee ePO 5.9.1 - Registered Executable Local Access Bypass DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery Linux/x86 - INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes)	2019-03-09 05:02:48 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	a37e3008e5	DB: 2019-03-05 20 changes to exploits/shellcodes Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion FileZilla 3.40.0 - 'Local search' / 'Local site' Denial of Service (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1) STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2) symphony CMS 2.3 - Multiple Vulnerabilities Symphony CMS 2.3 - Multiple Vulnerabilities Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution zzzphp CMS 1.6.1 - Cross-Site Request Forgery Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload) Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit) OOP CMS BLOG 1.0 - Multiple SQL Injection OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery CMSsite 1.0 - Multiple Cross-Site Request Forgery elFinder 2.1.47 - Command Injection vulnerability in the PHP connector MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal Bolt CMS 3.6.4 - Cross-Site Scripting Craft CMS 3.1.12 Pro - Cross-Site Scripting WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes) Linux/x64 - Kill All Processes Shellcode (11 bytes) Linux/x86 - iptables -F Shellcode (43 bytes)	2019-03-05 05:01:50 +00:00
Offensive Security	6050f45223	DB: 2019-02-02 4 changes to exploits/shellcodes Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC) PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit SureMDM < 2018-11 Patch - Local / Remote File Inclusion Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (3)	2019-02-02 05:01:47 +00:00

1 2

93 commits