exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	939bd7d9cd	DB: 2018-07-23 1 changes to exploits/shellcodes GeoVision GV-SNVR0811 - Directory Traversal	2018-07-23 05:01:45 +00:00
Offensive Security	350bb348ff	DB: 2018-07-21 3 changes to exploits/shellcodes TP-Link TL-WR840N - Denial of Service WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting MSVOD 10 - 'cid' SQL Injection Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass	2018-07-21 05:01:50 +00:00
Offensive Security	bf0a56a02f	DB: 2018-07-20 6 changes to exploits/shellcodes Google Chrome - Swiftshader Texture Allocation Integer Overflow Google Chrome - Swiftshader Blitting Floating-Point Precision Errors Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak Linux - BPF Sign Extension Local Privilege Escalation (Metasploit) WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting MyBB New Threads Plugin 1.1 - Cross-Site Scripting	2018-07-20 05:01:44 +00:00
Offensive Security	a2ac269de5	DB: 2018-07-19 8 changes to exploits/shellcodes JavaScript Core - Arbitrary Code Execution QNAP Q'Center - change_passwd Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs RCE (Metasploit) QNAP Q'Center - 'change_passwd' Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit) HomeMatic Zentrale CCU2 - Remote Code Execution MailGust 1.9 - Board Takeover SQL Injection MailGust 1.9 - Board Takeover (SQL Injection) Cyphor 0.19 - Board Takeover SQL Injection Cyphor 0.19 - Board Takeover (SQL Injection) versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection versatileBulletinBoard 1.00 RC2 - Board Takeover (SQL Injection) WordPress 2.6.1 - SQL Column Truncation Admin Takeover WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 1.x?/2.x/3.x - Admin Takeover Joomla! < 3.6.4 - Admin TakeOver Joomla! < 3.6.4 - Admin Takeover PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection Open-AudIT Community 2.1.1 - Cross-Site Scripting FTP2FTP 1.0 - Arbitrary File Download Modx Revolution < 2.6.4 - Remote Code Execution	2018-07-19 05:01:43 +00:00
Offensive Security	1f88d0a67a	DB: 2018-07-18 10 changes to exploits/shellcodes Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials QNAP Q'Center - change_passwd Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs RCE (Metasploit) Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)	2018-07-18 05:01:47 +00:00
Offensive Security	a657b64301	DB: 2018-07-17 7 changes to exploits/shellcodes macOS/iOS - JavaScript Injection Bug in OfficeImporter Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Microsoft Enterprise Mode Site List Manager - XML External Entity Injection Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit) Hadoop YARN ResourceManager - Command Execution (Metasploit) VelotiSmart WiFi B-380 Camera - Directory Traversal Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)	2018-07-17 05:01:49 +00:00
Offensive Security	b374aca9a3	DB: 2018-07-14 10 changes to exploits/shellcodes G DATA Total Security 25.4.0.3 - Activex Buffer Overflow Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit) HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit) HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit) IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit) IBM QRadar SIEM - Remote Code Execution (Metasploit) Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit) Apache CouchDB - Arbitrary Command Execution (Metasploit) phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit) Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit) Dolibarr 3.2.0 < Alpha - File Inclusion Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion Dolibarr ERP/CRM - OS Command Injection Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection Dolibarr CMS 3.5.3 - Multiple Vulnerabilities Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr ERP/CRM 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr ERP/CRM - '/user/index.php' Multiple SQL Injections Dolibarr ERP/CRM - '/user/info.php?id' SQL Injection Dolibarr ERP/CRM - '/admin/boxes.php?rowid' SQL Injection Dolibarr ERP/CRM 3.1.0 - '/user/index.php' Multiple SQL Injections Dolibarr ERP/CRM 3.1.0 - '/user/info.php?id' SQL Injection Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection Dolibarr CMS 3.x - '/adherents/fiche.php' SQL Injection Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities Dolibarr 7.0.0 - SQL Injection Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution WAGO e!DISPLAY 7300T - Multiple Vulnerabilities QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery	2018-07-14 05:01:50 +00:00
Offensive Security	e76244b41a	DB: 2018-07-13 8 changes to exploits/shellcodes Adobe Flash Player 10.0.22 and AIR - 'intf_count' Integer Overflow Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions VLC media player 2.2.8 - Arbitrary Code Execution (PoC) Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation 212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities 212Cafe Board 0.08 Beta / 6.30 Beta - Multiple Cross-Site Scripting Vulnerabilities 123 Flash Chat - Multiple Vulnerabilities 123 Flash Chat 7.8 - Multiple Vulnerabilities Dicoogle PACS 2.5.0 - Directory Traversal	2018-07-13 05:02:00 +00:00
Offensive Security	52954b4751	DB: 2018-07-12 5 changes to exploits/shellcodes Nibbleblog - Arbitrary File Upload (Metasploit) Nibbleblog 4.0.3 - Arbitrary File Upload (Metasploit) IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit) Nibbleblog - Multiple SQL Injections Nibbleblog 3 - Multiple SQL Injections Instagram-Clone Script 2.0 - Cross-Site Scripting Dicoogle PACS 2.5.0 - Directory Traversal	2018-07-12 05:01:59 +00:00
Offensive Security	02fa7c70d3	DB: 2018-07-11 9 changes to exploits/shellcodes HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit) HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit) OpenSSH < 6.6 SFTP (x64) - Command Execution OpenSSH < 6.6 SFTP - Command Execution ModSecurity 3.0.0 - Cross-Site Scripting Gitea 1.4.0 - Remote Code Execution WolfSight CMS 3.2 - SQL Injection Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution Elektronischer Leitz-Ordner 10 - SQL Injection D-Link DIR601 2.02 - Credential Disclosure	2018-07-11 05:01:52 +00:00
Offensive Security	727943f775	DB: 2018-07-10 8 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH) Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow HP VAN SDN Controller - Root Command Injection (Metasploit) HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit) GitList 0.6.0 - Argument Injection (Metasploit) Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Linux/x86 - Kill Process Shellcode (20 bytes)	2018-07-10 05:01:55 +00:00
Offensive Security	5e6d432161	DB: 2018-07-07 2 changes to exploits/shellcodes PolarisOffice 2017 8 - Remote Code Execution Airties AIR5444TT - Cross-Site Scripting	2018-07-07 05:01:49 +00:00
Offensive Security	08110782dd	DB: 2018-07-06 4 changes to exploits/shellcodes ADB Broadband Gateways / Routers - Local Root Jailbreak ADB Broadband Gateways / Routers - Privilege Escalation ADB Broadband Gateways / Routers - Authorization Bypass SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection	2018-07-06 05:01:46 +00:00
Offensive Security	d659af98fd	DB: 2018-07-05 5 changes to exploits/shellcodes ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution CMS Made Simple 2.2.5 - Remote Code Execution Online Trade - Information Disclosure ShopNx - Arbitrary File Upload	2018-07-05 05:01:52 +00:00
Offensive Security	6a98e55e9d	DB: 2018-07-04 4 changes to exploits/shellcodes openslp 2.0.0 - Double-Free Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (Metasploit) FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit) FTPShell Client 6.70 (Enterprise Edition) - Stack Buffer Overflow (Metasploit) ModSecurity 3.0.0 - Cross-Site Scripting ntop-ng < 3.4.180617 - Authentication Bypass	2018-07-04 05:01:48 +00:00
Offensive Security	e8a3702c6c	DB: 2018-07-03 11 changes to exploits/shellcodes Core FTP LE 2.2 - Buffer Overflow (PoC) SIPp 3.6 - Local Buffer Overflow (PoC) Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC) Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit) Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit) VMware NSX SD-WAN Edge < 3.1.2 - Command Injection DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)	2018-07-03 05:01:48 +00:00
Offensive Security	fdf8bfe785	DB: 2018-06-29 5 changes to exploits/shellcodes Microsoft Windows - WRITE_ANDX SMB command handling Kernel Denial of Service (Metasploit) Microsoft Windows - 'WRITE_ANDX' SMB Command Handling Kernel Denial of Service (Metasploit) freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - (Authenticated) SFTP 'rename' Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - (Authenticated) SFTP 'realpath' Remote Buffer Overflow (PoC) Novell Groupwise 8.0 - Malformed RCPT Command Off-by-One Novell Groupwise 8.0 - 'RCPT' Off-by-One WarFTPd 1.82.00-RC12 - LIST command Format String Denial of Service WarFTPd 1.82.00-RC12 - 'LIST' Format String Denial of Service Sysax Multi Server < 5.25 (SFTP Module) - Multiple Commands Denial of Service Vulnerabilities Sysax Multi Server < 5.25 (SFTP Module) - Multiple Denial of Service Vulnerabilities Novell Groupwise Internet Agent - IMAP LIST Command Remote Code Execution Novell Groupwise Internet Agent - IMAP LIST LSUB Command Remote Code Execution Novell Groupwise Internet Agent - IMAP 'LIST' Remote Code Execution Novell Groupwise Internet Agent - IMAP 'LIST LSUB' Remote Code Execution Solar FTP Server 2.0 - Multiple Commands Denial of Service Vulnerabilities Solar FTP Server 2.0 - Multiple Denial of Service Vulnerabilities LiteServe 2.81 - PASV Command Denial of Service LiteServe 2.81 - 'PASV' Denial of Service Notepad++ NppFTP plugin - LIST command Remote Heap Overflow (PoC) Notepad++ NppFTP Plugin - 'LIST' Remote Heap Overflow (PoC) TYPSoft FTP Server 1.10 - Multiple Commands Denial of Service Vulnerabilities TYPSoft FTP Server 1.10 - Multiple Denial of Service Vulnerabilities WFTPD 2.4.1RC11 - STAT/LIST Command Denial of Service WFTPD 2.4.1RC11 - 'STAT'/'LIST' Denial of Service WFTPD 2.4.1RC11 - MLST Command Remote Denial of Service WFTPD 2.4.1RC11 - 'MLST' Remote Denial of Service Oracle 8i - dbsnmp Command Remote Denial of Service Oracle 8i - 'dbsnmp' Remote Denial of Service Mollensoft Software Enceladus Server Suite 3.9 - FTP Command Buffer Overflow Mollensoft Software Enceladus Server Suite 3.9 - 'FTP' Buffer Overflow GuildFTPd 0.999.8 - CWD Command Denial of Service GuildFTPd 0.999.8 - 'CWD' Denial of Service Xlight FTP Server 1.25/1.41 - PASS Command Remote Buffer Overflow Xlight FTP Server 1.25/1.41 - 'PASS' Remote Buffer Overflow RobotFTP Server 1.0/2.0 - Remote Command Denial of Service RobotFTP Server 1.0/2.0 - Remote Denial of Service RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3) RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow (1) RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow (2) RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow (3) Opera Web Browser 7.54 - KDE KFMCLIENT Remote Command Execution Opera Web Browser 7.54 - 'KDE KFMCLIENT' Remote Command Execution MailEnable 1.x - SMTP HELO Command Remote Denial of Service MailEnable 1.x - SMTP 'HELO' Remote Denial of Service HP Printer FTP Print Server 2.4.5 - List Command Buffer Overflow HP Printer FTP Print Server 2.4.5 - 'LIST' Buffer Overflow HP JetDirect FTP Print Server - RERT Command Denial of Service HP JetDirect FTP Print Server - 'RERT' Denial of Service FSD 2.052/3.000 - servinterface.cc servinterface::sendmulticast Function PIcallsign Command Remote Overflow FSD 2.052/3.000 - 'servinterface.cc servinterface::sendmulticast' 'PIcallsign' Command Remote Overflow freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Remote Denial of Service Qbik WinGate 6.2.2 - LIST Command Remote Denial of Service Qbik WinGate 6.2.2 - 'LIST' Remote Denial of Service Quick 'n Easy FTP Server 3.9.1 - USER Command Remote Buffer Overflow Quick 'n Easy FTP Server 3.9.1 - 'USER' Remote Buffer Overflow Ability FTP Server 2.1.4 - 'afsmain.exe' USER Command Remote Denial of Service Ability FTP Server 2.1.4 - Admin Panel AUTHCODE Command Remote Denial of Service Ability FTP Server 2.1.4 - 'afsmain.exe' 'USER' Remote Denial of Service Ability FTP Server 2.1.4 - Admin Panel 'AUTHCODE' Remote Denial of Service Resolv+ (RESOLV_HOST_CONF) - Linux Library Command Execution Resolv+ 'RESOLV_HOST_CONF' - Linux Library Command Execution Platform Load Sharing Facility 4/5 - LSF_ENVDIR Local Command Execution Platform Load Sharing Facility 4/5 - 'LSF_ENVDIR' Local Command Execution Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Exeuction Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Execution Golden FTP Server 4.70 - PASS Command Buffer Overflow Golden FTP Server 4.70 - 'PASS' Buffer Overflow EasyFTP Server 1.7.0.11 - MKD Command Stack Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'MKD' Stack Buffer Overflow (Metasploit) Vermillion FTP Daemon - PORT Command Memory Corruption (Metasploit) Vermillion FTP Daemon - 'PORT' Memory Corruption (Metasploit) EasyFTP Server 1.7.0.11 - LIST Command Stack Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'LIST' Stack Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - CWD Command Stack Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'CWD' Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit) HP OpenView Network Node Manager (OV NNM) - 'connectedNodes.ovp'l Remote Command Execution (Metasploit) Zabbix Agent - net.tcp.listen Command Injection (Metasploit) Zabbix Agent - 'net.tcp.listen' Command Injection (Metasploit) Actfax FTP Server 4.27 - USER Command Stack Buffer Overflow (Metasploit) Actfax FTP Server 4.27 - 'USER' Stack Buffer Overflow (Metasploit) HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - rpc.ypupdated Command Execution (1) HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - rpc.ypupdated Command Execution (2) HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - 'rpc.ypupdated' Command Execution (1) HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - 'rpc.ypupdated' Command Execution (2) Majordomo 1.89/1.90 - lists Command Execution Majordomo 1.89/1.90 - 'lists' Command Execution PALS Library System WebPALS 1.0 - pals-cgi Arbitrary Command Execution PALS Library System WebPALS 1.0 - 'pals-cgi' Arbitrary Command Execution SGI IRIX 6.x - rpc.xfsmd Remote Command Execution SGI IRIX 6.x - 'rpc.xfsmd' Remote Command Execution HP-UX FTPD 1.1.214.4 - REST Command Memory Disclosure HP-UX FTPD 1.1.214.4 - 'REST' Memory Disclosure Sami FTP Server 2.0.1 - LIST Command Buffer Overflow Sami FTP Server 2.0.1 - 'LIST' Buffer Overflow Sami FTP Server - LIST Command Buffer Overflow (Metasploit) Sami FTP Server - 'LIST' Buffer Overflow (Metasploit) PineApp Mail-SeCure - livelog.html Arbitrary Command Execution (Metasploit) PineApp Mail-SeCure - 'livelog.html' Arbitrary Command Execution (Metasploit) FSD 2.052/3.000 - sysuser.cc sysuser::exechelp Function HELP Command Remote Overflow FSD 2.052/3.000 - 'sysuser.cc sysuser::exechelp' 'HELP' Remote Overflow HP Data Protector - EXEC_BAR Remote Command Execution HP Data Protector - 'EXEC_BAR' Remote Command Execution IPtools 0.1.4 - Remote Command Server Buffer Overflow IPtools 0.1.4 - Remote Buffer Overflow TWiki 20030201 - search.pm Remote Command Execution TWiki 20030201 - 'search.pm' Remote Command Execution AWStats 6.0 < 6.2 - configdir Remote Command Execution (C) AWStats 6.0 < 6.2 - configdir Remote Command Execution (Perl) AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (C) AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (Perl) Guppy 4.5.9 - 'REMOTE_ADDR' Remote Commands Execution Guppy 4.5.9 - 'REMOTE_ADDR' Remote Command Execution SimpleBBS 1.1 - Remote Commands Execution SimpleBBS 1.1 - Remote Command Execution SimpleBBS 1.1 - Remote Commands Execution (C) SimpleBBS 1.1 - Remote Command Execution (C) Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution phpBB 2.0.17 - 'signature_bbcode_uid' Remote Command phpDocumentor 1.3.0 rc4 - Remote Commands Execution phpBB 2.0.17 - 'signature_bbcode_uid' Remot Command phpDocumentor 1.3.0 rc4 - Remote Command Execution CPGNuke Dragonfly 9.0.6.1 - Remote Commands Execution SPIP 1.8.2g - Remote Commands Execution CPGNuke Dragonfly 9.0.6.1 - Remote Command Execution SPIP 1.8.2g - Remote Command Execution DocMGR 0.54.2 - 'file_exists' Remote Commands Execution DocMGR 0.54.2 - 'file_exists' Remote Command Execution EnterpriseGS 1.0 rc4 - Remote Commands Execution FlySpray 0.9.7 - 'install-0.9.7.php' Remote Commands Execution EnterpriseGS 1.0 rc4 - Remote Command Execution FlySpray 0.9.7 - 'install-0.9.7.php' Remote Command Execution PHPKIT 1.6.1R2 - 'filecheck' Remote Commands Execution PHPKIT 1.6.1R2 - 'filecheck' Remote Command Execution Coppermine Photo Gallery 1.4.3 - Remote Commands Execution Coppermine Photo Gallery 1.4.3 - Remote Command Execution GeekLog 1.x - 'error.log' (gpc = Off) Remote Commands Execution GeekLog 1.x - 'error.log' Remote Command Execution PHP-Stats 0.1.9.1 - Remote Commands Execution PHP-Stats 0.1.9.1 - Remote Commans Execution Gallery 2.0.3 - stepOrder[] Remote Commands Execution Gallery 2.0.3 - 'stepOrder[]' Remote Command Execution phpList 2.10.2 - GLOBALS[] Remote Code Execution phpList 2.10.2 - 'GLOBALS[]' Remote Code Execution Simplog 0.9.2 - 's' Remote Commands Execution Simplog 0.9.2 - 's' Remote Command Execution phpWebSite 0.10.2 - 'hub_dir' Remote Commands Execution phpWebSite 0.10.2 - 'hub_dir' Remote Command Execution phpGroupWare 0.9.16.010 - GLOBALS[] Remote Code Execution phpGroupWare 0.9.16.010 - 'GLOBALS[]' Remote Code Execution GuppY 4.5.16 - Remote Commands Execution GuppY 4.5.16 - Remote Command Execution AWStats 6.1 < 6.2 - configdir Remote Command Execution (Metasploit) AWStats 6.1 < 6.2 - 'configdir' Remote Command Execution (Metasploit) Achievo 0.7/0.8/0.9 - Remote File Inclusion Command Execution Achievo 0.7/0.8/0.9 - Remote File Inclusion / Command Execution SiteInteractive Subscribe Me - Setup.pl Arbitrary Command Execution SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin) HongCMS 3.0.0 - SQL Injection hycus CMS 1.0.4 - Authentication Bypass DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Cisco Adaptive Security Appliance - Path Traversal	2018-06-29 05:01:52 +00:00
Offensive Security	641d6cca75	DB: 2018-06-28 3 changes to exploits/shellcodes WinEggDropShell 1.7 - Unauthenticated Multiple Remote Stack Overflows (PoC) WinEggDropShell 1.7 - Multiple Remote Stack Overflows (PoC) FileCOPA FTP Server 1.01 - 'USER' Unauthenticated Remote Denial of Service FileCOPA FTP Server 1.01 - 'USER' Remote Denial of Service Asterisk 1.2.15/1.4.0 - Unauthenticated Remote Denial of Service Asterisk 1.2.15/1.4.0 - Remote Denial of Service Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC) Mercury/32 Mail SMTPD - Remote Stack Overrun (PoC) Hexamail Server 3.0.0.001 - 'pop3' Unauthenticated Remote Overflow (PoC) Hexamail Server 3.0.0.001 - 'pop3' Remote Overflow (PoC) Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Airsensor M520 - HTTPd Remote Denial of Service / Buffer Overflow (PoC) McAfee E-Business Server 8.5.2 - Unauthenticated Remote Code Execution / Denial of Service (PoC) McAfee E-Business Server 8.5.2 - Remote Code Execution / Denial of Service (PoC) freeSSHd 1.2.1 - Authenticated Remote Stack Overflow (PoC) freeSSHd 1.2.1 - (Authenticated) Remote Stack Overflow (PoC) vsftpd 2.0.5 - 'CWD' Authenticated Remote Memory Consumption vsftpd 2.0.5 - 'CWD' (Authenticated) Remote Memory Consumption Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC) Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC) Oracle Internet Directory 10.1.4 - Unauthenticated Remote Denial of Service Oracle Internet Directory 10.1.4 - Remote Denial of Service RhinoSoft Serv-U FTP Server 7.3 - Authenticated 'stou con:1' Denial of Service RhinoSoft Serv-U FTP Server 7.3 - (Authenticated) 'stou con:1' Denial of Service Noticeware E-mail Server 5.1.2.2 - 'POP3' Unauthenticated Denial of Service Noticeware E-mail Server 5.1.2.2 - 'POP3' Denial of Service freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow (PoC) Addonics NAS Adapter - Authenticated Denial of Service Addonics NAS Adapter - (Authenticated) Denial of Service RhinoSoft Serv-U FTP Server 7.4.0.1 - 'SMNT' Authenticated Denial of Service RhinoSoft Serv-U FTP Server 7.4.0.1 - 'SMNT' (Authenticated) Denial of Service XRDP 0.4.1 - Unauthenticated Remote Buffer Overflow (PoC) XRDP 0.4.1 - Remote Buffer Overflow (PoC) Addonics NAS Adapter - 'bts.cgi' Authenticated Remote Denial of Service Addonics NAS Adapter - 'bts.cgi' (Authenticated) Remote Denial of Service MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String (PoC) MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC) FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service Cerberus FTP server 3.0.6 - Unauthenticated Denial of Service Cerberus FTP server 3.0.6 - Denial of Service FtpXQ 3.0 - Authenticated Remote Denial of Service FtpXQ 3.0 - (Authenticated) Remote Denial of Service httpdx 1.5.2 - Unauthenticated Remote Denial of Service (PoC) httpdx 1.5.2 - Remote Denial of Service (PoC) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Crash (PoC) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Crash (PoC) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (SEH) (PoC) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (PoC) EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (SEH) (PoC) EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (PoC) httpdx 1.5.3b - Multiple Unauthenticated Remote Denial of Service Vulnerabilities (PoC) Kerio MailServer 6.2.2 - Unauthenticated Remote Denial of Service (PoC) httpdx 1.5.3b - Multiple Remote Denial of Service Vulnerabilities (PoC) Kerio MailServer 6.2.2 - Remote Denial of Service (PoC) eDisplay Personal FTP Server 1.0.0 - Unauthenticated Denial of Service (PoC) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Crashs (SEH) (PoC) eDisplay Personal FTP Server 1.0.0 - Denial of Service (PoC) eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Crashs (SEH) (PoC) IncrediMail 2.0 - ActiveX (Authenticate) Buffer Overflow (PoC) IncrediMail 2.0 - ActiveX (Authenticated) Buffer Overflow (PoC) (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Unauthenticated Denial of Service (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Denial of Service Microsoft Windows Server 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow Microsoft Windows Server 2003 - AD BROWSER ELECTION Remote Heap Overflow IPComp - encapsulation Unauthenticated Kernel Memory Corruption IPComp - encapsulation Kernel Memory Corruption Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit) Wyse - Machine Remote Power Off (Denial of Service) (Metasploit) WFTPD 2.4.1RC11 - Unauthenticated MLST Command Remote Denial of Service WFTPD 2.4.1RC11 - MLST Command Remote Denial of Service RobotFTP Server 1.0/2.0 - Unauthenticated Remote Command Denial of Service RobotFTP Server 1.0/2.0 - Remote Command Denial of Service Alt-N MDaemon 2-8 - IMAP Unauthenticated Remote Buffer Overflow Alt-N MDaemon 2-8 - IMAP Remote Buffer Overflow Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Unauthenticated Remote Reboot (Denial of Service) Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Remote Reboot (Denial of Service) Microsoft Windows - Unauthenticated SMB Remote Code Execution Scanner (MS17-010) (Metasploit) Microsoft Windows - SMB Remote Code Execution Scanner (MS17-010) (Metasploit) OpenVPN 2.4.0 - Unauthenticated Denial of Service OpenVPN 2.4.0 - Denial of Service NetAccess IP3 - Authenticated Ping Option Command Injection NetAccess IP3 - (Authenticated) Ping Option Command Injection Cobalt Linux 6.0 - RaQ Authenticate Privilege Escalation Cobalt Linux 6.0 - RaQ (Authenticated) Privilege Escalation Hosting Controller 0.6.1 - Unauthenticated User Registration (1) Hosting Controller 0.6.1 - User Registration (1) Hosting Controller 0.6.1 - Unauthenticated User Registration (2) Hosting Controller 0.6.1 - User Registration (2) HP-UX FTP Server - Unauthenticated Directory Listing (Metasploit) HP-UX FTP Server - Directory Listing (Metasploit) IBM Lotus Domino Server 6.5 - Unauthenticated Remote Overflow IBM Lotus Domino Server 6.5 - Remote Overflow Frontbase 4.2.7 - Authenticated Remote Buffer Overflow (2.2) Frontbase 4.2.7 - (Authenticated) Remote Buffer Overflow (2.2) IBM Tivoli Provisioning Manager - Unauthenticated Remote Overflow (Egghunter) IBM Tivoli Provisioning Manager - Remote Overflow (Egghunter) Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Remote Overflow SIDVault LDAP Server - Unauthenticated Remote Buffer Overflow Mercury/32 Mail Server 3.32 < 4.51 - SMTP Unauthenticated EIP Overwrite SIDVault LDAP Server - Remote Buffer Overflow Mercury/32 Mail Server 3.32 < 4.51 - SMTP EIP Overwrite Mercury/32 4.52 IMAPD - 'SEARCH' Authenticated Overflow Mercury/32 4.52 IMAPD - 'SEARCH' (Authenticated) Overflow SAP MaxDB 7.6.03.07 - Unauthenticated Remote Command Execution SAP MaxDB 7.6.03.07 - Remote Command Execution MailEnable Professional/Enterprise 3.13 - 'Fetch' Authenticated Remote Buffer Overflow MailEnable Professional/Enterprise 3.13 - 'Fetch' (Authenticated) Remote Buffer Overflow NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal NetWin Surgemail 3.8k4-4 - IMAP (Authenticated) Remote LIST Universal HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Unauthenticated Overflow (SEH) HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH) BigAnt Server 2.2 - Unauthenticated Remote Overflow (SEH) BigAnt Server 2.2 - Remote Overflow (SEH) freeSSHd 1.2.1 - Authenticated Remote Overflow (SEH) freeSSHd 1.2.1 - (Authenticated) Remote Overflow (SEH) Debian OpenSSH - Authenticated Remote SELinux Privilege Escalation Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation Serv-U FTP Server 7.3 - Authenticated Remote FTP File Replacement Serv-U FTP Server 7.3 - (Authenticated) Remote FTP File Replacement WinFTP Server 2.3.0 - 'LIST' Authenticated Remote Buffer Overflow WinFTP Server 2.3.0 - 'LIST' (Authenticated) Remote Buffer Overflow Telnet-Ftp Service Server 1.x - Multiple Authenticated Vulnerabilities Femitter FTP Server 1.x - Multiple Authenticated Vulnerabilities Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities cPanel - Authenticated 'lastvisit.html Domain' Arbitrary File Disclosure cPanel - (Authenticated) 'lastvisit.html Domain' Arbitrary File Disclosure Adobe JRun 4 - 'logfile' Authenticated Directory Traversal Adobe JRun 4 - 'logfile' (Authenticated) Directory Traversal HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Unauthenticated Remote Buffer Overflow HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Remote Buffer Overflow Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Overflow (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Remote Overflow EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (1) EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (1) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Buffer Overflow (Metasploit) (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Buffer Overflow (Metasploit) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (1) eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Stack Buffer Overflows (1) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (2) eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Stack Buffer Overflows (2) EasyFTP Server 1.7.0.2 - 'MKD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.2 - 'MKD' (Authenticated) Remote Buffer Overflow Iomega Home Media Network Hard Drive 2.038 < 2.061 - Unauthenticated File-system Access Iomega Home Media Network Hard Drive 2.038 < 2.061 - File-system Access ProSSHD 1.2 - Authenticated Remote (ASLR + DEP Bypass) ProSSHD 1.2 - (Authenticated) Remote (ASLR + DEP Bypass) Tiki Wiki 15.1 - Unauthenticated File Upload (Metasploit) Tiki Wiki 15.1 - File Upload (Metasploit) EasyFTP Server 1.7.0.11 - 'MKD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'CWD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'MKD' (Authenticated) Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'CWD' (Authenticated) Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow (Metasploit) UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflows EasyFTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflows Home FTP Server 1.11.1.149 - Authenticated Directory Traversal Home FTP Server 1.11.1.149 - (Authenticated) Directory Traversal Linksys WAP610N - Unauthenticated Root Access Security Linksys WAP610N - Root Access Security ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Authenticated Remote Buffer Overflow ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow Axis2 - Authenticated Code Execution (via REST) (Metasploit) Axis2 - (Authenticated) Code Execution (via REST) (Metasploit) Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP) (Metasploit) Axis2 / SAP BusinessObjects - (Authenticated) Code Execution (via SOAP) (Metasploit) Apache Tomcat Manager - Application Deployer Authenticated Code Execution (Metasploit) Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit) Microsoft Windows - Authenticated User Code Execution (Metasploit) Microsoft Windows - (Authenticated) User Code Execution (Metasploit) Novell NetMail 3.52d - IMAP Authenticate Buffer Overflow (Metasploit) Novell NetMail 3.52d - IMAP (Authenticated) Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Unauthenticated Stack Buffer Overflow (Metasploit) HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Stack Buffer Overflow (Metasploit) Squid - NTLM Authenticate Overflow (Metasploit) Squid - NTLM (Authenticated) Overflow (Metasploit) ManageEngine Applications Manager - Authenticated Code Execution (Metasploit) ManageEngine Applications Manager - (Authenticated) Code Execution (Metasploit) EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (2) EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (2) ActFax Server FTP - Authenticated Remote Buffer Overflow ActFax Server FTP - (Authenticated) Remote Buffer Overflow Blue Coat Reporter - Unauthenticated Directory Traversal Blue Coat Reporter - Directory Traversal Avaya WinPDM UniteHostRouter 3.8.2 - Remote Unauthenticated Command Execution Avaya WinPDM UniteHostRouter 3.8.2 - Remote Command Execution Sysax Multi Server 5.53 - SFTP Authenticated (SEH) Sysax 5.53 - SSH 'Username' Remote Buffer Overflow Unauthenticated Remote Code Execution (Egghunter) Sysax Multi Server 5.53 - SFTP (Authenticated) (SEH) Sysax 5.53 - SSH 'Username' Remote Buffer Overflow Remote Code Execution (Egghunter) MailMax 4.6 - POP3 'USER' Unauthenticated Remote Buffer Overflow MailMax 4.6 - POP3 'USER' Remote Buffer Overflow Webmin 0.9x / Usermin 0.9x/1.0 - Unauthenticated Access Session ID Spoofing Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing MySQL - Unauthenticated Remote User Enumeration MySQL - Remote User Enumeration DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (1) DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (2) DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (3) DameWare Mini Remote Control Server 3.7x - Buffer Overflow (1) DameWare Mini Remote Control Server 3.7x - Buffer Overflow (2) DameWare Mini Remote Control Server 3.7x - Buffer Overflow (3) NetWin SurgeFTP - Authenticated Admin Command Injection (Metasploit) NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit) Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution Firebird 1.0 - Unauthenticated Remote Database Name Buffer Overrun Firebird 1.0 - Remote Database Name Buffer Overrun Novell NCP - Unauthenticated Remote Command Execution Novell NCP - Remote Command Execution Kordil EDms 2.2.60rc3 - Unauthenticated Arbitrary File Upload (Metasploit) Kordil EDms 2.2.60rc3 - Arbitrary File Upload (Metasploit) SAP ConfigServlet - Unauthenticated Remote Payload Execution (Metasploit) SAP ConfigServlet - Remote Payload Execution (Metasploit) phpMyAdmin - 'preg_replace' Authenticated Remote Code Execution (Metasploit) phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution (Metasploit) D-Link Devices - 'command.php' Unauthenticated Remote Command Execution (Metasploit) D-Link Devices - 'command.php' Remote Command Execution (Metasploit) D-Link Devices - 'tools_vct.xgi' Unauthenticated Remote Command Execution (Metasploit) D-Link Devices - 'tools_vct.xgi' Remote Command Execution (Metasploit) MikroTik RouterOS - sshd (ROSSSH) Unauthenticated Remote Heap Corruption MikroTik RouterOS - sshd (ROSSSH) Remote Heap Corruption Raidsonic NAS Devices - Unauthenticated Remote Command Execution (Metasploit) Raidsonic NAS Devices - Remote Command Execution (Metasploit) vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit) vTiger CRM 5.3.0 5.4.0 - (Authenticated) Remote Code Execution (Metasploit) Zabbix - Authenticated Remote Command Execution (Metasploit) ISPConfig - Authenticated Arbitrary PHP Code Execution (Metasploit) Zabbix - (Authenticated) Remote Command Execution (Metasploit) ISPConfig - (Authenticated) Arbitrary PHP Code Execution (Metasploit) ProcessMaker Open Source - Authenticated PHP Code Execution (Metasploit) ProcessMaker Open Source - (Authenticated) PHP Code Execution (Metasploit) Linksys E-series - Unauthenticated Remote Code Execution Linksys E-series - Remote Code Execution Apache Tomcat Manager - Application Upload Authenticated Code Execution (Metasploit) Apache Tomcat Manager - Application Upload (Authenticated) Code Execution (Metasploit) Fritz!Box Webcm - Unauthenticated Command Injection (Metasploit) Fritz!Box Webcm - Command Injection (Metasploit) Sophos Web Protection Appliance Interface - Authenticated Arbitrary Command Execution (Metasploit) Sophos Web Protection Appliance Interface - (Authenticated) Arbitrary Command Execution (Metasploit) Vtiger - 'Install' Unauthenticated Remote Command Execution (Metasploit) Vtiger - 'Install' Remote Command Execution (Metasploit) Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root Remote Code Execution (Metasploit) Unitrends Enterprise Backup 7.3.0 - Root Remote Code Execution (Metasploit) Gitlist - Unauthenticated Remote Command Execution (Metasploit) WordPress Plugin MailPoet Newsletters 2.6.8 - 'wysija-newsletters' Unauthenticated Arbitrary File Upload (Metasploit) Gitlist - Remote Command Execution (Metasploit) WordPress Plugin MailPoet Newsletters 2.6.8 - 'wysija-newsletters' Arbitrary File Upload (Metasploit) D-Link Devices - Unauthenticated UPnP M-SEARCH Multicast Command Injection (Metasploit) D-Link Devices - UPnP M-SEARCH Multicast Command Injection (Metasploit) F5 Big-IP - Unauthenticated rsync Access F5 Big-IP - rsync Access Wing FTP Server - Authenticated Command Execution (Metasploit) Wing FTP Server - (Authenticated) Command Execution (Metasploit) Tincd - Authenticated Remote TCP Stack Buffer Overflow (Metasploit) Tincd - (Authenticated) Remote TCP Stack Buffer Overflow (Metasploit) Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Unauthenticated Remote Code Execution Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Remote Code Execution Shuttle Tech ADSL Modem/Router 915 WM - Unauthenticated Remote DNS Change Shuttle Tech ADSL Modem/Router 915 WM - Remote DNS Change ManageEngine (Multiple Products) - Authenticated Arbitrary File Upload (Metasploit) ManageEngine (Multiple Products) - (Authenticated) Arbitrary File Upload (Metasploit) D-Link DSL-2740R - Unauthenticated Remote DNS Change D-Link DSL-2740R - Remote DNS Change LG DVR LE6016D - Unauthenticated Remote Users/Passwords Disclosure LG DVR LE6016D - Remote Users/Passwords Disclosure Symantec Web Gateway 5 - 'restore.php' Authenticated Command Injection (Metasploit) Symantec Web Gateway 5 - 'restore.php' (Authenticated) Command Injection (Metasploit) Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit) Seagate Business NAS - Remote Command Execution (Metasploit) ElasticSearch - Unauthenticated Remote Code Execution ElasticSearch - Remote Code Execution Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution (Metasploit) Barracuda Firmware 5.0.0.012 - (Authenticated) Remote Command Execution (Metasploit) Konica Minolta FTP Utility 1.00 - Authenticated CWD Command Overflow (SEH) (Metasploit) Konica Minolta FTP Utility 1.00 - (Authenticated) CWD Command Overflow (SEH) (Metasploit) Zpanel - Unauthenticated Remote Code Execution (Metasploit) Zpanel - Remote Code Execution (Metasploit) SKIDATA Freemotion.Gate - Unauthenticated Web Services Multiple Command Execution Vulnerabilities SKIDATA Freemotion.Gate - Web Services Multiple Command Execution Vulnerabilities D-Link DCS-930L - Authenticated Remote Command Execution (Metasploit) D-Link DCS-930L - (Authenticated) Remote Command Execution (Metasploit) OpenSSH 7.2p1 - Authenticated xauth Command Injection OpenSSH 7.2p1 - (Authenticated) xauth Command Injection Novell ServiceDesk - Authenticated Arbitrary File Upload (Metasploit) Novell ServiceDesk - (Authenticated) Arbitrary File Upload (Metasploit) Bomgar Remote Support - Unauthenticated Code Execution (Metasploit) Bomgar Remote Support - Code Execution (Metasploit) Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) (3) Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution (Metasploit) Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) (3) Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit) AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution AsusWRT Router < 3.0.0.4.380.7743 - LAN Remote Code Execution NETGEAR JNR1010 ADSL Router - Authenticated Remote File Disclosure NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - Authenticated Remote File Disclosure NETGEAR JNR1010 ADSL Router - (Authenticated) Remote File Disclosure NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure D-Link DIR-Series Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) D-Link DIR-Series Routers - HNAP Login Stack Buffer Overflow (Metasploit) MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit) MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Command Execution (Metasploit) HPE iMC - dbman RestoreDBase Unauthenticated Remote Command Execution (Metasploit) HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit) HPE iMC - dbman 'RestoreDBase' Remote Command Execution (Metasploit) HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit) phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit) phpCollab 2.5.1 - File Upload (Metasploit) Supervisor 3.0a1 < 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit) Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit) NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit) NETGEAR WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit) Tenable Appliance < 4.5 - Unauthenticated Root Remote Code Execution Tenable Appliance < 4.5 - Root Remote Code Execution Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution Oracle GoldenGate 12.1.2.0.0 - Remote Code Execution Octopus Deploy - Authenticated Code Execution (Metasploit) Octopus Deploy - (Authenticated) Code Execution (Metasploit) Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution Logpoint < 5.6.4 - Root Remote Code Execution VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Unauthenticated Command Execution (Metasploit) VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Command Execution (Metasploit) UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Unauthenticated Root Remote Code Execution UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Root Remote Code Execution Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Unauthenticated Remote Code Execution (Metasploit) Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Remote Code Execution (Metasploit) Wireless IP Camera (P2P) WIFICAM - Unauthenticated Remote Code Execution Wireless IP Camera (P2P) WIFICAM - Remote Code Execution D-Link DIR-850L - Unauthenticated OS Command Execution (Metasploit) D-Link DIR-850L - OS Command Execution (Metasploit) pfSense - Authenticated Group Member Remote Command Execution (Metasploit) pfSense - (Authenticated) Group Member Remote Command Execution (Metasploit) AsusWRT LAN - Unauthenticated Remote Code Execution (Metasploit) AsusWRT LAN - Remote Code Execution (Metasploit) Tenda AC15 Router - Unauthenticated Remote Code Execution Tenda AC15 Router - Remote Code Execution Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution Unitrends UEB 10.0 - Root Remote Code Execution xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit) xdebug < 2.5.5 - OS Command Execution (Metasploit) PlaySMS - 'import.php' Authenticated CSV File Upload Code Execution (Metasploit) PlaySMS 1.4 - 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit) PlaySMS - 'import.php' (Authenticated) CSV File Upload Code Execution (Metasploit) PlaySMS 1.4 - 'sendfromfile.php?Filename' (Authenticated) 'Code Execution (Metasploit) Quest KACE Systems Management - Command Injection (Metasploit) Hosting Controller 0.6.1 - Unauthenticated User Registration (3) Hosting Controller 0.6.1 - User Registration (3) Hosting Controller 6.1 Hotfix 3.2 - Unauthenticated Access Hosting Controller 6.1 Hotfix 3.2 - Access e107 0.7.8 - 'mailout.php' Authenticated Access Escalation e107 0.7.8 - 'mailout.php' (Authenticated) Access Escalation Joomla! Component JPad 1.0 - Authenticated SQL Injection Joomla! Component JPad 1.0 - (Authenticated) SQL Injection AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload zFeeder 1.6 - 'admin.php' Unauthenticated Admin Bypass zFeeder 1.6 - 'admin.php' Admin Bypass Hannon Hill Cascade Server - Authenticated Command Execution Hannon Hill Cascade Server - (Authenticated) Command Execution Gravity Board X 2.0 Beta - SQL Injection / Authenticated Code Execution Gravity Board X 2.0 Beta - SQL Injection / (Authenticated) Code Execution Papoo CMS 3.7.3 - Authenticated Arbitrary Code Execution Papoo CMS 3.7.3 - (Authenticated) Arbitrary Code Execution HP Release Control - Authenticated XML External Entity (Metasploit) HP Release Control - (Authenticated) XML External Entity (Metasploit) 3Com* iMC (Intelligent Management Center) - Unauthenticated Traversal File Retrieval 3Com* iMC (Intelligent Management Center) - Traversal File Retrieval Apache Axis2 Administration Console - Authenticated Cross-Site Scripting Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting dotDefender 3.8-5 - Unauthenticated Remote Code Execution (via Cross-Site Scripting) dotDefender 3.8-5 - Remote Code Execution (via Cross-Site Scripting) Mitel AWC - Unauthenticated Command Execution Mitel AWC - Command Execution TYPO3 - Unauthenticated Arbitrary File Retrieval TYPO3 - Arbitrary File Retrieval vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion vTiger CRM 5.0.4 - Local File Inclusion N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code N_CMS 1.1E - Local File Inclusion / Remote Code IF-CMS 2.07 - Unauthenticated Local File Inclusion (1) IF-CMS 2.07 - Local File Inclusion (1) SQL-Ledger 2.8.33 - Authenticated Local File Inclusion / Edit SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit IF-CMS 2.07 - Unauthenticated Local File Inclusion (Metasploit) (2) IF-CMS 2.07 - Local File Inclusion (Metasploit) (2) Sun/Oracle GlassFish Server - Authenticated Code Execution (Metasploit) Sun/Oracle GlassFish Server - (Authenticated) Code Execution (Metasploit) TomatoCart 1.1 - Authenticated Local File Inclusion TomatoCart 1.1 - (Authenticated) Local File Inclusion ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Unauthenticated Directory Traversal ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal PHP Grade Book 1.9.4 - Unauthenticated SQL Database Export PHP Grade Book 1.9.4 - SQL Database Export Dolibarr ERP/CRM 3 - Authenticated OS Command Injection (Metasploit) Dolibarr ERP/CRM 3 - (Authenticated) OS Command Injection (Metasploit) WebCalendar 1.2.4 - Unauthenticated Remote Code Injection (Metasploit) WebCalendar 1.2.4 - Remote Code Injection (Metasploit) SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Authenticated SQL Injection SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / (Authenticated) SQL Injection PostNuke 0.6 - Unauthenticated User Login PostNuke 0.6 - User Login Trend Micro Control Manager 5.5/6.0 AdHocQuery - Authenticated Blind SQL Injection Trend Micro Control Manager 5.5/6.0 AdHocQuery - (Authenticated) Blind SQL Injection WordPress Theme Archin 3.2 - Unauthenticated Configuration Access WordPress Theme Archin 3.2 - Configuration Access Exper EWM-01 ADSL/MODEM - Unauthenticated DNS Change Exper EWM-01 ADSL/MODEM - DNS Change Geeklog 1.3.x - Authenticated SQL Injection Geeklog 1.3.x - (Authenticated) SQL Injection FirePass SSL VPN - Unauthenticated Local File Inclusion FirePass SSL VPN - Local File Inclusion vbPortal 2.0 alpha 8.1 - Authenticated SQL Injection vbPortal 2.0 alpha 8.1 - (Authenticated) SQL Injection IRIS Citations Management Tool - Authenticated Remote Command Execution IRIS Citations Management Tool - (Authenticated) Remote Command Execution BetaParticle blog 2.0/3.0 - 'upload.asp' Unauthenticated Arbitrary File Upload BetaParticle blog 2.0/3.0 - 'myFiles.asp' Unauthenticated File Manipulation BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload BetaParticle blog 2.0/3.0 - 'myFiles.asp' File Manipulation YeaLink IP Phone Firmware 9.70.0.100 - Unauthenticated Phone Call YeaLink IP Phone Firmware 9.70.0.100 - Phone Call HelpDeskZ 1.0.2 - Unauthenticated Arbitrary File Upload HelpDeskZ 1.0.2 - Arbitrary File Upload aoblogger 2.3 - 'create.php' Unauthenticated Entry Creation aoblogger 2.3 - 'create.php' Entry Creation WordPress Plugin Dexs PM System - Authenticated Persistent Cross-Site Scripting WordPress Plugin Dexs PM System - (Authenticated) Persistent Cross-Site Scripting ASUS DSL-X11 ADSL Router - Unauthenticated DNS Change ASUS DSL-X11 ADSL Router - DNS Change COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - DNS Change Tenda ADSL2/2+ Modem 963281TAN - Unauthenticated DNS Change Tenda ADSL2/2+ Modem 963281TAN - DNS Change PLANET VDR-300NU ADSL Router - Unauthenticated DNS Change PLANET VDR-300NU ADSL Router - DNS Change PIKATEL 96338WS_ 96338L-2M-8M - Unauthenticated DNS Change PIKATEL 96338WS_ 96338L-2M-8M - DNS Change Inteno EG101R1 VoIP Router - Unauthenticated DNS Change Inteno EG101R1 VoIP Router - DNS Change LifeSize UVC 1.2.6 - Authenticated Remote Code Execution LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Web Shell Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell EMC Cloud Tiering Appliance 10.0 - Unauthenticated XML External Entity Arbitrary File Read (Metasploit) EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read (Metasploit) Alienvault 4.5.0 - Authenticated SQL Injection (Metasploit) Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit) Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting Alienvault 4.3.1 - SQL Injection / Cross-Site Scripting Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit) Alienvault Open Source SIEM (OSSIM) 4.6.1 - (Authenticated) SQL Injection (Metasploit) FreePBX 13.0.x < 13.0.154 - Unauthenticated Remote Command Execution FreePBX 13.0.x < 13.0.154 - Remote Command Execution Lunar CMS 3.3 - Unauthenticated Remote Command Execution Lunar CMS 3.3 - Remote Command Execution ISPConfig 3.0.54p1 - Authenticated Admin Privilege Escalation ISPConfig 3.0.54p1 - (Authenticated) Admin Privilege Escalation Plogger 1.0-RC1 - Authenticated Arbitrary File Upload Plogger 1.0-RC1 - (Authenticated) Arbitrary File Upload ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution ActualAnalyzer Lite 2.81 - Command Execution WordPress Plugin Huge-IT Image Gallery 1.0.1 - Authenticated SQL Injection WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection WordPress Plugin Premium Gallery Manager - Unauthenticated Configuration Access WordPress Plugin Premium Gallery Manager - Configuration Access ZTE ZXDSL-931VII - Unauthenticated Configuration Dump ZTE ZXDSL-931VII - Configuration Dump IPFire - Cgi Web Interface Authenticated Bash Environment Variable Code Injection IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection SEO Control Panel 3.6.0 - Authenticated SQL Injection SEO Control Panel 3.6.0 - (Authenticated) SQL Injection Tapatalk for vBulletin 4.x - Unauthenticated Blind SQL Injection Subex Fms 7.4 - Unauthenticated SQL Injection Tapatalk for vBulletin 4.x - Blind SQL Injection Subex Fms 7.4 - SQL Injection WordPress Plugin wpDataTables 1.5.3 - Unauthenticated Arbitrary File Upload WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload WordPress Plugin WP Symposium 14.11 - Unauthenticated Arbitrary File Upload WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload PMB 4.1.3 - Authenticated SQL Injection PMB 4.1.3 - (Authenticated) SQL Injection D-Link DSL-2640B ADSL Router - 'ddnsmngr' Unauthenticated Remote DNS Change D-Link DSL-2640B ADSL Router - 'ddnsmngr' Remote DNS Change Seagate Business NAS 2014.00319 - Unauthenticated Remote Code Execution Seagate Business NAS 2014.00319 - Remote Code Execution WordPress Plugin Ultimate Product Catalogue - Unauthenticated SQL Injection (1) WordPress Plugin Ultimate Product Catalogue - Unauthenticated SQL Injection (2) WordPress Plugin Ultimate Product Catalogue - SQL Injection (1) WordPress Plugin Ultimate Product Catalogue - SQL Injection (2) WordPress Plugin Freshmail 1.5.8 - Unauthenticated SQL Injection WordPress Plugin Freshmail 1.5.8 - SQL Injection Broadlight Residential Gateway DI3124 - Unauthenticated Remote DNS Change Broadlight Residential Gateway DI3124 - Remote DNS Change D-Link DSL-2780B DLink_1.01.14 - Unauthenticated Remote DNS Change TP-Link TD-W8950ND ADSL2+ - Unauthenticated Remote DNS Change D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change TP-Link TD-W8950ND ADSL2+ - Remote DNS Change D-Link DSL-526B ADSL2+ AU_2.01 - Unauthenticated Remote DNS Change D-Link DSL-526B ADSL2+ AU_2.01 - Remote DNS Change phpCollab 2.5 - Unauthenticated Direct Request Multiple Protected Page Access phpCollab 2.5 - Direct Request Multiple Protected Page Access AirDroid - Unauthenticated Arbitrary File Upload AirDroid - Arbitrary File Upload D-Link DSL-2750u / DSL-2730u - Authenticated Local File Disclosure D-Link DSL-2750u / DSL-2730u - (Authenticated) Local File Disclosure Zenoss 3.2.1 - Authenticated Remote Command Execution Zenoss 3.2.1 - (Authenticated) Remote Command Execution WordPress Plugin Download Manager Free 2.7.94 & Pro 4 - Authenticated Persistent Cross-Site Scripting WordPress Plugin Download Manager Free 2.7.94 & Pro 4 - (Authenticated) Persistent Cross-Site Scripting Magento CE < 1.9.0.1 - Authenticated Remote Code Execution Magento CE < 1.9.0.1 - (Authenticated) Remote Code Execution BigTree CMS 4.2.3 - Authenticated SQL Injection BigTree CMS 4.2.3 - (Authenticated) SQL Injection vTiger CRM 6.3.0 - Authenticated Remote Code Execution vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution ZTE ZXHN H108N Router - Unauthenticated Configuration Disclosure ZTE ZXHN H108N Router - Configuration Disclosure vBulletin 5.1.x - Unauthenticated Remote Code Execution vBulletin 5.1.x - Remote Code Execution Jenkins 1.633 - Unauthenticated Credential Recovery Jenkins 1.633 - Credential Recovery MediaAccess TG788vn - Unauthenticated File Disclosure MediaAccess TG788vn - File Disclosure WhatsUp Gold 16.3 - Unauthenticated Remote Code Execution WhatsUp Gold 16.3 - Remote Code Execution WordPress Plugin Booking Calendar Contact Form 1.1.23 - Unauthenticated SQL Injection WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection Dell OpenManage Server Administrator 8.2 - Authenticated Directory Traversal Dell OpenManage Server Administrator 8.2 - (Authenticated) Directory Traversal Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Unauthenticated Remote Command Execution (Metasploit) Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Remote Command Execution (Metasploit) Observium 0.16.7533 - Authenticated Arbitrary Command Execution Observium 0.16.7533 - (Authenticated) Arbitrary Command Execution Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize / Arbitrary Write File Magento < 2.0.6 - Arbitrary Unserialize / Arbitrary Write File Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Unauthenticated Arbitrary File Upload Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Arbitrary File Upload CyberPower Systems PowerPanel 3.1.2 - Unauthenticated XML External Entity Out-Of-Band Data Retrieval CyberPower Systems PowerPanel 3.1.2 - XML External Entity Out-Of-Band Data Retrieval vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection AXIS (Multiple Products) - 'devtools ' Authenticated Remote Command Execution AXIS (Multiple Products) - 'devtools ' (Authenticated) Remote Command Execution PHP gettext 1.0.12 - 'gettext.php' Unauthenticated Code Execution PHP gettext 1.0.12 - 'gettext.php' Code Execution phpMyAdmin 4.6.2 - Authenticated Remote Code Execution phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution vBulletin 5.2.2 - Unauthenticated Server-Side Request Forgery vBulletin 5.2.2 - Server-Side Request Forgery MESSOA IP Cameras (Multiple Models) - Unauthenticated Password Change MESSOA IP Cameras (Multiple Models) - Password Change D-Link DSL-2640R - Unauthenticated DNS Change D-Link DSL-2640R - DNS Change GitStack 2.3.10 - Unauthenticated Remote Code Execution GitStack 2.3.10 - Remote Code Execution InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Command Execution InfraPower PPS-02-S Q213V1 - Remote Command Execution Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - (Authenticated) Arbitrary File Upload Pirelli DRG A115 ADSL Router - Unauthenticated DNS Change Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change Pirelli DRG A115 ADSL Router - DNS Change Tenda ADSL2/2+ Modem D840R - DNS Change Tenda ADSL2/2+ Modem D820R - Unauthenticated DNS Change Tenda ADSL2/2+ Modem D820R - DNS Change Pirelli DRG A115 v3 ADSL Router - Unauthenticated DNS Change Pirelli DRG A115 v3 ADSL Router - DNS Change HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python) WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby) WordPress 4.7.0/4.7.1 - Content Injection (Python) WordPress 4.7.0/4.7.1 - Content Injection (Ruby) vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion vBulletin 5 - 'routestring' Remote Code Execution vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion Cobbler 2.8.0 - Authenticated Remote Code Execution Cobbler 2.8.0 - (Authenticated) Remote Code Execution FiberHome AN5506 - Unauthenticated Remote DNS Change FiberHome AN5506 - Remote DNS Change GitStack - Unauthenticated Remote Code Execution Ametys CMS 4.0.2 - Unauthenticated Password Reset GitStack - Remote Code Execution Ametys CMS 4.0.2 - Password Reset Geneko Routers - Unauthenticated Path Traversal Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution Geneko Routers - Path Traversal Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Remote Code Execution WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - Unauthenticated File Upload (Metasploit) WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit) WordPress 4.6 - Unauthenticated Remote Code Execution WordPress 4.6 - Remote Code Execution TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Root Remote Code Execution TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution iBall Baton iB-WRA150N - Unauthenticated DNS Change iBall Baton iB-WRA150N - DNS Change UTstarcom WA3002G4 - Unauthenticated DNS Change D-Link DSL-2640U - Unauthenticated DNS Change Beetel BCM96338 Router - Unauthenticated DNS Change D-Link DSL-2640B ADSL Router - 'dnscfg' Unauthenticated Remote DNS Change UTstarcom WA3002G4 - DNS Change D-Link DSL-2640U - DNS Change Beetel BCM96338 Router - DNS Change D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution TP-Link WR940N - Authenticated Remote Code TP-Link WR940N - (Authenticated) Remote Code Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload Accesspress Anonymous Post Pro < 3.2.0 - Arbitrary File Upload ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit) ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit) Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit) Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit) Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC) Drupal < 7.58 - 'drupalgeddon3' (Authenticated) Remote Code Execution (PoC) HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting HRSALE The Ultimate HRM 1.0.2 - (Authenticated) Cross-Site Scripting Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution GitList 0.6 - Unauthenticated Remote Code Execution TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot GitList 0.6 - Remote Code Execution TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit) Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit) WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site Scripting WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - (Authenticated) Persistent Cross-Site Scripting JasperReports - Authenticated File Read JasperReports - (Authenticated) File Read Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion HPE VAN SDN 2.7.18.0503 - Remote Root	2018-06-28 05:01:45 +00:00
Offensive Security	2c912f897c	DB: 2018-06-27 3 changes to exploits/shellcodes PoDoFo 0.9.5 - Buffer Overflow Liferay Portal < 7.0.4 - Server-Side Request Forgery	2018-06-27 05:01:48 +00:00
Offensive Security	d8206fb5eb	DB: 2018-06-26 13 changes to exploits/shellcodes KVM (Nested Virtualization) - L1 Guest Privilege Escalation DIGISOL DG-BR4000NG - Buffer Overflow (PoC) Foxit Reader 9.0.1.1049 - Remote Code Execution WordPress Plugin iThemes Security < 7.0.3 - SQL Injection phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1) phpMyAdmin 4.8.1 - Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2) WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Cross-Site Request Forgery (Add Admin) DIGISOL DG-BR4000NG - Cross-Site Scripting Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser) AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password) Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Arbitrary File Upload WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection	2018-06-26 05:01:46 +00:00
Offensive Security	4f92fdbdd2	DB: 2018-06-23 6 changes to exploits/shellcodes QEMU Guest Agent 2.12.50 - Denial of Service Opencart < 3.0.2.0 - Denial of Service GreenCMS 2.3.0603 - Information Disclosure phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username) phpMyAdmin 4.8.1 - Local File Inclusion	2018-06-23 05:01:48 +00:00
Offensive Security	11ecb9c031	DB: 2018-06-22 4 changes to exploits/shellcodes Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution VideoInsight WebClient 5 - SQL Injection LFCMS 3.7.0 - Cross-Site Request Forgery (Add User) LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)	2018-06-22 05:01:45 +00:00
Offensive Security	ac267cb298	DB: 2018-06-21 11 changes to exploits/shellcodes Redis 5.0 - Denial of Service ntp 4.2.8p11 - Local Buffer Overflow (PoC) Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Mirasys DVMS Workstation 5.12.6 - Path Traversal MaDDash 2.0.2 - Directory Listing NewMark CMS 2.1 - 'sec_id' SQL Injection TP-Link TL-WA850RE - Remote Command Execution Apache CouchDB < 2.1.0 - Remote Code Execution IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit) VideoInsight WebClient 5 - SQL Injection	2018-06-21 05:01:44 +00:00
Offensive Security	086cfb2c76	DB: 2018-06-19 16 changes to exploits/shellcodes Nikto 2.1.6 - CSV Injection Pale Moon Browser < 27.9.3 - Use After Free (PoC) Audiograbber 1.83 - Local Buffer Overflow (SEH) Redis-cli < 5.0 - Buffer Overflow (PoC) Microsoft COM for Windows - Privilege Escalation Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass Canon MF210/MF220 - Authenticaton Bypass Canon LBP7110Cw - Authentication Bypass Canon LBP6030w - Authentication Bypass Joomla! Component jomres 9.11.2 - Cross-Site Request Forgery RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery Redatam Web Server < 7 - Directory Traversal	2018-06-19 05:01:47 +00:00
Offensive Security	329d5722a0	DB: 2018-06-16 3 changes to exploits/shellcodes Soroush IM Desktop app 0.15 - Authentication Bypass OEcms 3.1 - Cross-Site Scripting Dimofinf CMS 3.0.0 - Cross-Site Scripting	2018-06-16 05:01:46 +00:00
Offensive Security	1ccdc79fbd	DB: 2018-06-15 2 changes to exploits/shellcodes rtorrent 0.9.6 - Denial of Service Joomla Component Ek rishta 2.10 - SQL Injection	2018-06-15 05:01:44 +00:00
Offensive Security	de3b5004b9	DB: 2018-06-14 6 changes to exploits/shellcodes Microsoft Windows 10 - Child Process Restriction Mitigation Bypass glibc - 'realpath()' Privilege Escalation (Metasploit) RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation DHCP Client - Command Injection (DynoRoot) (Metasploit) MACCMS 10 - Cross-Site Request Forgery (Add User) Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload	2018-06-14 05:01:45 +00:00
Offensive Security	6d3190ddfa	DB: 2018-06-13 9 changes to exploits/shellcodes WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' DoS WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit) Joomla! Component EkRishta 2.10 - 'username' SQL Injection Siaberry 1.2.2 - Command Injection OX App Suite 7.8.4 - Multiple Vulnerabilities Canon PrintMe EFI - Cross-Site Scripting WordPress Google Map Plugin < 4.0.4 - SQL Injection WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection Canon LBP7110Cw - Authentication Bypass Canon LBP6030w - Authentication Bypass	2018-06-13 05:01:52 +00:00
Offensive Security	1877107e5a	DB: 2018-06-12 11 changes to exploits/shellcodes WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' DoS WampServer 3.0.6 - Cross-Site Request Forgery Schools Alert Management Script - SQL Injection WordPress Plugin Pie Register < 3.0.9 - Blind SQL Injection Event Manager Admin panel - 'events_new.php' SQL injection Joomla! Component EkRishta 2.10 - 'cid' SQL Injection Schools Alert Management Script - Arbitrary File Deletion userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting userSpice 4.3.24 - Username Enumeration Schools Alert Management Script - 'get_sec.php' SQL Injection Schools Alert Management Script - Arbitrary File Read	2018-06-12 05:01:49 +00:00
Offensive Security	0381c4c519	DB: 2018-06-09 11 changes to exploits/shellcodes Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service WebKit - WebAssembly Compilation Info Leak Google Chrome - Integer Overflow when Processing WebAssembly Locals WebKit - Use-After-Free when Resuming Generator WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass MantisBT XmlImportExport Plugin - PHP Code Injection (Metasploit) Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2) Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure MantisBT 1.2.3 (db_type) - Local File Inclusion Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion Mantis 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution Mantis 0.19 - Remote Server-Side Script Execution Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x - New Account Signup Mass Emailing Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis Bug Tracker 0.x - New Account Signup Mass Emailing Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting MantisBT 1.1.8 - Cross-Site Scripting / SQL Injection Mantis Bug Tracker 1.1.8 - Cross-Site Scripting / SQL Injection MantisBT 1.2.19 - Host Header Mantis Bug Tracker 1.2.19 - Host Header MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit) Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1) Monstra CMS < 3.0.4 - Cross-Site Scripting Automation Monstra CMS < 3.0.4 - Cross-Site Scripting XiongMai uc-httpd 1.0.0 - Buffer Overflow Splunk < 7.0.1 - Information Disclosure Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes) Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes) Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)	2018-06-09 05:01:42 +00:00
Offensive Security	4af1687693	DB: 2018-06-08 5 changes to exploits/shellcodes macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver Apple macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation Fortinet FortiClient 5.2.3 (Windows 10 x64 Pre-Anniversary) - Local Privilege Escalation Fortinet FortiClient 5.2.3 (Windows 10 x64 Post-Anniversary) - Local Privilege Escalation Fortinet FortiClient 5.2.3 (Windows 10 x86) - Local Privilege Escalation Ftp Server 1.32 - Credential Disclosure WordPress Form Maker Plugin 1.12.24 - SQL Injection WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Monstra CMS < 3.0.4 - Cross-Site Scripting Automation	2018-06-08 05:01:44 +00:00
Offensive Security	0909e63d9e	DB: 2018-06-07 6 changes to exploits/shellcodes PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass Canon MF210/MF220 - Authenticaton Bypass	2018-06-07 05:01:47 +00:00
Offensive Security	ad4b4f15f3	DB: 2018-06-06 11 changes to exploits/shellcodes Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Clone2GO Video converter 2.8.2 - Buffer Overflow 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) 10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH) 10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH) WebKitGTK+ < 2.21.3 - Crash (PoC) WebKit - not_number defineProperties UAF (Metasploit) EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting Pagekit < 1.0.13 - Cross-Site Scripting Code Generator Brother HL Series Printers 1.15 - Cross-Site Scripting Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)	2018-06-06 05:01:46 +00:00
Offensive Security	61159b7f3e	DB: 2018-06-05 5 changes to exploits/shellcodes R 3.4.4 - Local Buffer Overflow RGui 3.4.4 - Local Buffer Overflow Zip-n-Go 4.9 - Buffer Overflow (SEH) Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) CyberArk < 10 - Memory Disclosure GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin) GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin) SearchBlox 8.6.7 - XML External Entity Injection EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting	2018-06-05 05:01:52 +00:00
Offensive Security	072457b6b8	DB: 2018-06-04 4 changes to exploits/shellcodes Smartshop 1 - 'id' SQL Injection Smartshop 1 - Cross-Site Request Forgery GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)	2018-06-04 05:01:45 +00:00
Offensive Security	22ba7ab5f3	DB: 2018-06-02 5 changes to exploits/shellcodes Epiphany 3.28.2.1 - Denial of Service Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader Sony Playstation 4 (PS4) 5.1 - Kernel (PoC) Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP) Git < 2.17.1 - Remote Code Execution Wordpress Plugin Events Calendar - SQL Injection WordPress Plugin Events Calendar - SQL Injection Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes) Linux/x86 - Egghunter + Null-Free Shellcode (11 Bytes) Linux/x86 - EggHunter + access() Shellcode (38 bytes) Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes) Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes) Linux/x86 - Egghunter (0xdeadbeef) + access() + execve(/bin/sh) Shellcode (38 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (105 bytes) Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)	2018-06-02 05:01:45 +00:00
Offensive Security	0f18636d14	DB: 2018-06-01 9 changes to exploits/shellcodes Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion TAC Xenta 511/911 - Directory Traversal New STAR 2.1 - SQL Injection / Cross-Site Scripting PHP Dashboards NEW 5.5 - 'email' SQL Injection CSV Import & Export 1.1.0 - SQL Injection / Cross-Site Scripting Grid Pro Big Data 1.0 - SQL Injection Linux/x86 - EggHunter + access() Shellcode (38 bytes) Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes) Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes)	2018-06-01 05:01:45 +00:00
Offensive Security	89ee92def8	DB: 2018-05-31 6 changes to exploits/shellcodes Siemens SIMATIC S7-300 CPU - Remote Denial of Service Procps-ng - Multiple Vulnerabilities SearchBlox 8.6.6 - Cross-Site Request Forgery Yosoro 1.0.4 - Remote Code Execution MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Dolibarr 7.0.0 - SQL Injection	2018-05-31 05:01:44 +00:00
Offensive Security	96e4f1686b	DB: 2018-05-30 9 changes to exploits/shellcodes GNU Barcode 0.99 - Buffer Overflow GNU Barcode 0.99 - Memory Leak IssueTrak 7.0 - SQL Injection Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection NUUO NVRmini2 / NVRsolo - Arbitrary File Upload MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting Pivotal Spring Java Framework < 5.0 - Remote Code Execution Facebook Clone Script 1.0.5 - 'search' SQL Injection Facebook Clone Script 1.0.5 - Cross-Site Request Forgery	2018-05-30 05:01:46 +00:00
Offensive Security	9fd8680103	DB: 2018-05-29 11 changes to exploits/shellcodes ALFTP 5.31 - Local Buffer Overflow (SEH Bypass) CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass) Wordpress Plugin Events Calendar - SQL Injection / Cross-Site Scripting Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass DomainMod 4.09.03 - 'oid' Cross-Site Scripting DomainMod 4.09.03 - 'sslpaid' Cross-Site Scripting Wordpress Plugin Events Calendar - SQL Injection Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery wityCMS 0.6.1 - Cross-Site Scripting Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes)	2018-05-29 05:01:46 +00:00
Offensive Security	3df6650dac	DB: 2018-05-28 11 changes to exploits/shellcodes Werewolf Online 0.8.8 - Information Disclosure Bitmain Antminer D3/L3+/S9 - Remote Command Execution Wordpress Plugin Events Calendar - SQL Injection / Cross-Site Scripting Ingenious School Management System - 'id' SQL Injection Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting Lyrist - 'id' SQL Injection BookingWizz Booking System 5.5 - 'id' SQL Injection Listing Hub CMS 1.0 - SQL Injection ClipperCMS 1.3.3 - Cross-Site Scripting My Directory 2.0 - SQL Injection / Cross-Site Scripting Baby Names Search Engine 1.0 - 'a' SQL Injection	2018-05-28 05:01:49 +00:00
Offensive Security	6ba5b68c67	DB: 2018-05-27 8 changes to exploits/shellcodes Symfony 2.7.0 < 4.0.10 - Denial of Service Employee Work Schedule 5.9 - 'cal_id' SQL Injection Ajax Full Featured Calendar 2.0 - 'search' SQL Injection EasyService Billing 1.0 - Cross-Site Request Forgery EasyService Billing 1.0 - Cross-Site Scripting EasyService Billing 1.0 - 'q' SQL Injection mySurvey 1.0 - 'id' SQL Injection easyLetters 1.0 - 'id' SQL Injection	2018-05-27 05:01:47 +00:00
Offensive Security	608176a851	DB: 2018-05-26 8 changes to exploits/shellcodes Microsoft Edge Chakra - Cross Context Use-After-Free Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write D-Link DSL-2750B - OS Command Injection (Metasploit) KomSeo Cart 1.3 - 'my_item_search' SQL Injection MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting Oracle WebCenter FatWire Content Server < 7 - Improper Access Control Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting	2018-05-26 05:01:44 +00:00
Offensive Security	c0126aa27f	DB: 2018-05-25 16 changes to exploits/shellcodes DynoRoot DHCP - Client Command Injection DynoRoot DHCP Client - Command Injection Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution Flash ActiveX 18.0.0.194 - Code Execution Microsoft Internet Explorer 11 - javascript Code Execution Flash ActiveX 28.0.0.137 - Code Execution (1) Flash ActiveX 28.0.0.137 - Code Execution (2) GNU glibc < 2.27 - Local Buffer Overflow NewsBee CMS 1.4 - Cross-Site Request Forgery ASP.NET jVideo Kit - 'query' SQL Injection PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting OpenDaylight - SQL Injection Timber 1.1 - Cross-Site Request Forgery Honeywell XL Web Controller - Cross-Site Scripting EU MRV Regulatory Complete Solution 1 - Authentication Bypass Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes) Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)	2018-05-25 05:01:45 +00:00
Offensive Security	54b5ed8407	DB: 2018-05-24 31 changes to exploits/shellcodes WordPress Core - 'load-scripts.php' Denial of Service WordPress Core - 'load-scripts.php' Denial of Service Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free FTPShell Server 6.80 - Denial of Service Siemens SCALANCE S613 - Remote Denial of Service Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH) Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH) WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service FTPShell Server 6.80 - Buffer Overflow (SEH) SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting EasyService Billing 1.0 - 'p1' SQL Injection MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection PHP Dashboards 4.5 - 'email' SQL Injection Mobile Card Selling Platform 1 - Cross-Site Request Forgery PHP Dashboards 4.5 - SQL Injection Online Store System CMS 1.0 - SQL Injection Gigs 2.0 - 'username' SQL Injection GPSTracker 1.0 - 'id' SQL Injection Shipping System CMS 1.0 - SQL Injection Wecodex Store Paypal 1.0 - SQL Injection SAT CFDI 3.3 - SQL Injection School Management System CMS 1.0 - 'username' SQL Injection Library CMS 1.0 - SQL Injection Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection eWallet Online Payment Gateway 2 - Cross-Site Request Forgery Mcard Mobile Card Selling Platform 1 - SQL Injection Honeywell Scada System - Information Disclosure NewsBee CMS 1.4 - Cross-Site Request Forgery SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change WordPress Plugin Peugeot Music - Arbitrary File Upload BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Bind (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) BSD/x86 - Reverse (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Reverse (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Bind (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) FreeBSD/x86 - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Bind TCP Shell Shellcode (Generator) Windows (XP SP1) - Bind TCP Shell Shellcode (Generator) Linux/x86 - Bind (/TCP) Shell Shellcode (Generator) Windows (XP SP1) - Bind (/TCP) Shell Shellcode (Generator) Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Windows - Reverse (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/x64 - Reverse (/TCP) Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/PPC - Reverse (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/SPARC - Reverse (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Bind (/TCP) Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Bind (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Reverse (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) Linux/x86 - Bind (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Reverse (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Reverse (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse (/TCP) Shell Shellcode (90 bytes) (Generator) Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Bind (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Reverse (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - Reverse (/TCP) Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x86 - Bind (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x64 - Bind (4444/TCP) Shell Shellcode (132 bytes) NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes) NetBSD/x86 - Reverse (6666/TCP) Shell Shellcode (83 bytes) OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes) OpenBSD/x86 - Bind (6969/TCP) Shell Shellcode (148 bytes) Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) Solaris/MIPS - Reverse (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shell Shellcode (Generator) Solaris/SPARC - Bind (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/SPARC - Bind (/TCP) Shell Shellcode (240 bytes) Solaris/x86 - Bind (/TCP) Shell Shellcode (Generator) Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows/x86 (5.0 < 7.0) - Bind (28876/TCP) Shell + Null-Free Shellcode Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode Windows/x86 - Reverse (/TCP) + Download File + Save + Execute Shellcode Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP/2000/2003) - Reverse (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) Windows (XP SP1) - Bind (58821/TCP) Shell Shellcode (116 bytes) FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) FreeBSD/x86 - Bind (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode Linux/x86 - Bind (13377/TCP) Netcat Shell Shellcode Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Reverse (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux/x86 - Bind (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) Linux/x86 - Bind (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes) BSD/x86 - Bind (2525/TCP) Shell Shellcode (167 bytes) Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind (0x1337/TCP) Shell Shellcode Linux/ARM - Bind (68/UDP) Listener + Reverse (192.168.0.1:67/TCP) Shell Shellcode Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) FreeBSD/x86 - Reverse (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/x86 - Reverse (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode OSX/x64 - Universal ROP + Reverse (/TCP) Shell Shellcode Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/MIPS - Reverse (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows/x86 - Bind (/TCP) Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x64 - Bind (4444/TCP) Shell Shellcode (508 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Linux/x86 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode Windows/ARM (RT) - Bind (4444/TCP) Shell Shellcode Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows/x86 - Reverse (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Linux/MIPS (Little Endian) - Reverse (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows/x86 (7) - Bind (4444/TCP) Shell Shellcode (357 bytes) Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Reverse (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Reverse (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes) Linux/x86 - Bind (5555/TCP) Netcat Shell Shellcode (60 bytes) Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) Mainframe/System Z - Bind (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) OSX/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Google Android - Bind (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Bind (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x64 - Reverse (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind (4444/TCP) Shell Shellcode (251 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/ARM - Reverse (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - Reverse (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (86 bytes) Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x64 - Bind TCP Shell Shellcode (Generator) Linux/x86 - Reverse (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x64 - Bind (/TCP) Shell Shellcode (Generator) Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x64 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x86 - Bind (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x64 - Reverse (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind (/TCP) Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x64 - Bind (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86 - Reverse (127.1.1.1:10/TCP) Xterm Shell Shellcode (68 bytes) Linux/x64 - Bind (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x64 - Reverse (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x86 - Bind (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Linux/x86 - Bind (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Bind (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode OSX/PPC - Reverse (/TCP) Shell (/bin/csh) Shellcode OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) OSX/PPC - Bind (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes) BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind (2222/TCP) Shell Shellcode (133 bytes) BSD/x86 - Bind (2222/TCP) Shell Shellcode (100 bytes) Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode Solaris/SPARC - Bind TCP Shell Shellcode Solaris/SPARC - Bind (2001/TCP) Shell (/bin/sh) Shellcode Solaris/SPARC - Bind (/TCP) Shell Shellcode Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) Linux/x86 - Bind (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - Reverse (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Bind (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - Bind (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - Bind TCP Shell Shellcode (112 bytes) Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Bind (/TCP) Shell Shellcode (112 bytes) Linux/x86 - Reverse (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Bind (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Windows/x86 (NT/XP/2000/2003) - Bind (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes) Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes) Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Windows/x86 - Reverse (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Windows/x64 - Reverse (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - Reverse (/TCP) Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x64 - Bind (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (87 bytes) Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse (/TCP) Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind (/TCP) Shell + Dual/Multi Mode Shellcode (156 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x64 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows/x86 - Reverse (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/x86 - Reverse (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) Linux/ARM (Raspberry Pi) - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x64 - Bind (/TCP) Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) FreeBSD/x86 - Bind (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes) IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes) Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Android/ARM - Reverse (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes) Linux/StrongARM - Bind (/TCP) Shell (/bin/sh) Shellcode (203 bytes) Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/SuperH (sh4) - Bind (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - Bind (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/x86 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes) Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes) Linux/x86 - Reverse (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x64 - Reverse (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86 - Reverse (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x64 - Reverse (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x64 - Reverse (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes) Linux/ARM (Raspberry Pi) - Bind (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - Reverse (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes) Linux/x86 - Bind (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (113 bytes)	2018-05-24 05:01:50 +00:00
Offensive Security	7bbc323854	DB: 2018-05-23 20 changes to exploits/shellcodes Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Microsoft Edge Chakra JIT - Magic Value Type Confusion AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read MakeMyTrip 7.2.4 - Information Disclosure Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit) Microsoft Windows - 'POP/MOV SS' Privilege Escalation Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting Zechat 1.5 - SQL Injection / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Nordex N149/4.0-4.5 - SQL Injection WebSocket Live Chat - Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting PaulPrinting CMS Printing 1.0 - SQL Injection iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery ERPnext 11 - Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Feedy RSS News Ticker 2.0 - 'cat' SQL Injection NewsBee CMS 1.4 - 'download.php' SQL Injection Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting	2018-05-23 05:01:45 +00:00
Offensive Security	08c35595ed	DB: 2018-05-22 23 changes to exploits/shellcodes Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit) R 3.4.4 - Local Buffer Overflow (DEP Bypass) KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Superfood 1.0 - Multiple Vulnerabilities Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Zenar Content Management System - Cross-Site Scripting GitBucket 4.23.1 - Remote Code Execution ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery Teradek Cube 7.3.6 - Cross-Site Request Forgery Teradek Slice 7.3.15 - Cross-Site Request Forgery Schneider Electric PLCs - Cross-Site Request Forgery Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Merge PACS 7.0 - Cross-Site Request Forgery Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting	2018-05-22 05:01:47 +00:00
Offensive Security	42f3759885	DB: 2018-05-21 6 changes to exploits/shellcodes Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass) mySCADA myPRO 7 - Hard-Coded Credentials D-Link DSL-3782 - Authentication Bypass Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection	2018-05-21 05:01:47 +00:00
Offensive Security	41ea196761	DB: 2018-05-19 12 changes to exploits/shellcodes Microsoft Edge - 'Array.filter' Info Leak Microsoft Edge - 'Array.filter' Information Leak Microsoft Edge Chakra JIT - Bound Check Elimination Bug Windows - Local Privilege Escalation Windows WMI - Recieve Notification Exploit (Metasploit) Microsoft Windows - Local Privilege Escalation Microsoft Windows WMI - Recieve Notification Exploit (Metasploit) Microsoft Xbox One 10.0.14393.2152 - Code Execution (PoC) Prime95 29.4b8 - Stack Buffer Overflow (SEH) DynoRoot DHCP - Client Command Injection Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit) Microsoft Edge (Windows 10) - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution Microsoft Edge (Windows 10) - 'chakra.dll' Information Leak / Type Confusion Remote Code Execution Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010) Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010) HPE iMC 7.3 - Remote Code Execution (Metasploit) Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Monstra CMS before 3.0.4 - Cross-Site Scripting SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery Cisco SA520W Security Appliance - Path Traversal SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion	2018-05-19 05:01:48 +00:00
Offensive Security	5aca1b9763	DB: 2018-05-18 8 changes to exploits/shellcodes Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall Libuser - roothelper Privilege Escalation (Metasploit) Libuser - 'roothelper' Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Jenkins CLI - HTTP Java Deserialization (Metasploit) Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit) NodAPS 4.0 - SQL injection / Cross-Site Request Forgery Intelbras NCLOUD 300 1.0 - Authentication bypass SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery	2018-05-18 05:01:49 +00:00

... 20 21 22 23 24 ...

1229 commits