bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2831 commits 1 branch 0 tags 258 MiB
Commit graph

1229 commits

Author SHA1 Message Date
Offensive Security
1873a7d234 DB: 2018-05-17 
12 changes to exploits/shellcodes

WhatsApp 2.18.31 - Memory Corruption
Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation
Libuser - roothelper Privilege Escalation (Metasploit)

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution
MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery
VirtueMart 3.1.14 - Persistent Cross-Site Scripting
Rockwell Scada System 27.011 - Cross-Site Scripting
Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting
Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery
totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery
WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery
RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting
 2018-05-17 05:01:47 +00:00
Offensive Security
daa3579622 DB: 2018-05-16 
1 changes to exploits/shellcodes

JasperReports - Authenticated File Read

Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell Shellcode (96 Bytes)
Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)
 2018-05-16 05:01:47 +00:00
Offensive Security
2d5885c58b DB: 2018-05-15 
5 changes to exploits/shellcodes

2345 Security Guard 3.7 - '2345NsProtect.sys' Denial of Service

FxCop 10/12 - XML External Entity Injection
Microsoft Windows FxCop 10/12 - XML External Entity Injection

Apple Safari 3.2.x - 'XXE' Local File Theft
Apple Safari 3.2.x - XML External Entity Local File Theft

Open-AudIT Community - 2.2.0 – Cross-Site Scripting
Open-AudIT Community 2.2.0 - Cross-Site Scripting
Monstra CMS 3.0.4 - Remote Code Execution
XATABoost 1.0.0 - SQL Injection

Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell Shellcode (96 Bytes)
 2018-05-15 05:01:47 +00:00
Offensive Security
0ca4688023 DB: 2018-05-14 
3 changes to exploits/shellcodes

Microsoft Windows 2003 SP2 - 'RRAS' SMB Remote Code Execution
WUZHI CMS 4.1.0 - 'form[qq_10]' Cross-Site Scripting
WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting
 2018-05-14 05:01:48 +00:00
Offensive Security
7788a305c5 DB: 2018-05-12 
6 changes to exploits/shellcodes

2345 Security Guard 3.7 - Denial of Service
2345 Security Guard 3.7 - '2345NetFirewall.sys' Denial of Service

2345 Security Guard 3.7 - '2345BdPcSafe.sys' Denial of Service

Reaper 5.78 - Local Buffer Overflow

EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection

Mantis 1.1.3 - manage_proj_page PHP Code Execution (Metasploit)
Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

Ncomputing vSpace Pro v10 and v11 - Directory Traversal PoC
Ncomputing vSpace Pro 10/11 - Directory Traversal

Fastweb FASTGate 0.00.47 - Cross-site Request Forgery
Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery

Open-AudIT Community - 2.2.0 – Cross-Site Scripting
 2018-05-12 05:01:46 +00:00
Offensive Security
e7bb9d2985 DB: 2018-05-11 
7 changes to exploits/shellcodes

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service

Mantis 1.1.3 - manage_proj_page PHP Code Execution (Metasploit)
Fastweb FASTGate 0.00.47 - Cross-site Request Forgery
ModbusPal 1.6b - XML External Entity Injection
MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

Linux/x86 - Read /etc/passwd Shellcode (62 bytes)
 2018-05-11 05:01:46 +00:00
Offensive Security
017887466c DB: 2018-05-10 
4 changes to exploits/shellcodes

Allok Video Splitter 3.1.12.17 - Denial of Service
GNU wget - Cookie Injection
FxCop 10/12 - XML External Entity Injection
Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit)
PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit)
PlaySMS 1.4 - sendfromfile.php Authenticated _Filename_ Field Code Execution (Metasploit)
Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit)
PlaySMS - 'import.php' Authenticated CSV File Upload Code Execution (Metasploit)
PlaySMS 1.4 - 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit)

Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)
 2018-05-10 05:01:46 +00:00
Offensive Security
635ec84504 DB: 2018-05-09 
5 changes to exploits/shellcodes

2345 Security Guard 3.7 - Denial of Service
FTPShell Client 6.7 - Buffer Overflow
Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit)
PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit)
PlaySMS 1.4 - sendfromfile.php Authenticated _Filename_ Field Code Execution (Metasploit)

Linux/x86 - execve(/bin/sh) NOT Encoded Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) + NOT Encoded Shellcode (27 bytes)
 2018-05-09 05:01:46 +00:00
Offensive Security
a066ef9212 DB: 2018-05-07 
11 changes to exploits/shellcodes

HWiNFO 5.82-3410 - Denial of Service

DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH)
CSP MySQL User Manager 2.3.1 - Authentication Bypass
WordPress Plugin User Role Editor < 4.25 - Privilege Escalation

Linux/x86 - execve(/bin/sh) NOT Encoded Shellcode (27 bytes)
 2018-05-07 05:01:44 +00:00
Offensive Security
39c7c53159 DB: 2018-05-05 
4 changes to exploits/shellcodes

Windows WMI - Recieve Notification Exploit (Metasploit)

Google Chrome V8 - Object Allocation Size Integer Overflow
WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting
IceWarp Mail Server < 11.1.1 - Directory Traversal
 2018-05-05 05:01:45 +00:00
Offensive Security
813a3efbb5 DB: 2018-05-04 
20 changes to exploits/shellcodes

Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow

Jnes 1.0.2 - Stack Buffer Overflow

Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow

netek 0.8.2 - Denial of Service

Cisco Smart Install - Crash (PoC)
Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service
Linux Kernel  < 4.17-rc1 - 'AF_LLC' Double Free

Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Local Privilege Escalation (1)
Linux Kernel 2.6.32 < 3.x (CentOS 5/6) - 'PERF_EVENTS' Local Privilege Escalation (1)
Adobe Reader PDF - Client Side Request Injection
Windows - Local Privilege Escalation

Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit)
Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit)

Adobe Flash < 28.0.0.161 - Use-After-Free
Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC)
GPON Routers - Authentication Bypass / Command Injection
TBK DVR4104 / DVR4216 - Credentials Leak
Call of Duty Modern Warefare 2 - Buffer Overflow

Squirrelcart 1.x.x - 'cart.php' Remote File Inclusion
Squirrelcart 1.x - 'cart.php' Remote File Inclusion

Infinity 2.x.x - options[style_dir] Local File Disclosure
Infinity 2.x - 'options[style_dir]' Local File Disclosure

PHP-Nuke 8.x.x - Blind SQL Injection
PHP-Nuke 8.x - Blind SQL Injection

WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - 'cart.php' Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure

WHMCompleteSolution (WHMCS) 3.x.x - 'clientarea.php' Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x - 'clientarea.php' Local File Disclosure

Ajax Availability Calendar 3.x.x - Multiple Vulnerabilities
Ajax Availability Calendar 3.x - Multiple Vulnerabilities

vBulletin vBSEO 4.x.x - 'visitormessage.php' Remote Code Injection
vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection

WordPress Theme Photocrati 4.x.x - SQL Injection / Cross-Site Scripting
WordPress Theme Photocrati 4.x - SQL Injection / Cross-Site Scripting

Subrion 3.X.x - Multiple Vulnerabilities
Subrion 3.x - Multiple Vulnerabilities

Ciuis CRM 1.0.7 - SQL Injection

LifeSize ClearSea 3.1.4 - Directory Traversal

WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting
DLINK DCS-5020L - Remote Code Execution (PoC)
Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection
 2018-05-04 05:01:47 +00:00
Offensive Security
be89b7c04a DB: 2018-05-03 
11 changes to exploits/shellcodes

WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free
LibreOffice/Open Office - '.odt' Information Disclosure
Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH)

ASUS infosvr - Auth Bypass Command Execution (Metasploit)
ASUS infosvr - Authentication Bypass Command Execution (Metasploit)

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)
xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit)
Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit)
Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)
Exim < 4.90.1 - 'base64d' Remote Code Execution

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)

Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery
 2018-05-03 05:01:45 +00:00
Offensive Security
8e5b315870 DB: 2018-05-02 
1 changes to exploits/shellcodes

macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules
macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules
Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules
Apple macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

Nagios XI 5.2.[6-9]_ 5.3_ 5.4 - Chained Remote Root
Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root
WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site Scripting
 2018-05-02 05:01:56 +00:00
Offensive Security
df4d831719 DB: 2018-05-01 
6 changes to exploits/shellcodes

Navicat < 12.0.27 - Oracle Connection Overflow
macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules
macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)
WordPress Plugin Form Maker 1.12.20 - CSV Injection
Nagios XI 5.2.[6-9]_ 5.3_ 5.4 - Chained Remote Root
 2018-05-01 05:01:45 +00:00
Offensive Security
0579cde876 DB: 2018-04-30 
5 changes to exploits/shellcodes

ImageMagick 6.9.3-9/7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities

ImageMagick 6.9.3-9/7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit)
ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit)

Oracle WebLogic Server 10.3.6.0 - Java Deserialization
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution
Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution
Android Bluetooth - 'Blueborne' Information Leak (1)
Android Bluetooth - 'Blueborne' Information Leak (2)
Apache Struts 2.0.1 < 2.3.33 / 2.5 < 2.5.10 - Arbitrary Code Execution
 2018-04-30 05:01:48 +00:00
Offensive Security
b1f00227f1 DB: 2018-04-27 
12 changes to exploits/shellcodes

Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH)

Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH)

Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow

Shopy Point of Sale v1.0 - CSV Injection
Shopy Point of Sale 1.0 - CSV Injection

Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC)
Blog Master Pro v1.0 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection
Blog Master Pro 1.0 - CSV Injection
HRSALE The Ultimate HRM 1.0.2 - CSV Injection
HRSALE The Ultimate HRM 1.0.2 - 'award_id' SQL Injection

HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion
HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion
Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution
WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response
October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting
MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting
GitList 0.6 - Unauthenticated Remote Code Execution
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot
Frog CMS 0.9.5 - Persistent Cross-Site Scripting
 2018-04-27 05:01:49 +00:00
Offensive Security
2090553629 DB: 2018-04-26 
12 changes to exploits/shellcodes

VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read

Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service
Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)
Chrome V8 JIT - 'AwaitedPromise' Update Bug
Chrome V8 JIT - Arrow Function Scope Fixing Bug

Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC

Shopy Point of Sale v1.0 - CSV Injection
Blog Master Pro v1.0 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection
HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting
HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion

Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode
Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes)
Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access + Null-Free Shellcode (79 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)
Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)
Linux/x86 - execve(cp /bin/sh /tmp/sh; chmod +s /tmp/sh) + Null-Free Shellcode (74 bytes)
Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)
 2018-04-26 05:01:48 +00:00
Offensive Security
c249d94cb7 DB: 2018-04-25 
28 changes to exploits/shellcodes

gif2apng 1.9 - '.gif' Stack Buffer Overflow
VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC)
Kaspersky KSN for Linux 5.2 - Memory Corruption
Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service
Adobe Flash - Overflow when Playing Sound
Adobe Flash - Overflow in Slab Rendering
Adobe Flash - Info Leak in Image Inflation
Adobe Flash - Out-of-Bounds Write in blur Filtering
Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion
R 3.4.4 - Local Buffer Overflow
Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH)
lastore-daemon D-Bus - Privilege Escalation (Metasploit)
Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)
ASUS infosvr - Auth Bypass Command Execution (Metasploit)
UK Cookie Consent - Persistent Cross-Site Scripting
WUZHI CMS 4.1.0 - Cross-Site Request Forgery
Open-AudIT 2.1 - CSV Macro Injection
Monstra CMS 3.0.4 - Arbitrary Folder Deletion
Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting

Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode
Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes)
Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes)
Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)
 2018-04-25 05:01:39 +00:00
Offensive Security
082f2d1bd8 DB: 2018-04-24 
6 changes to exploits/shellcodes

PRTG Network Monitor < 18.1.39.1648 - Stack Overflow (Denial of Service)
phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
Ncomputing vSpace Pro v10 and v11 - Directory Traversal PoC
Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
Monstra cms 3.0.4 - Persitent Cross-Site Scripting
 2018-04-24 05:01:45 +00:00
Offensive Security
a457bba56c DB: 2018-04-21 
1 changes to exploits/shellcodes

Cobub Razor 0.8.0 - Physical path Leakage
 2018-04-21 05:01:46 +00:00
Offensive Security
5445de75b2 DB: 2018-04-20 
1 changes to exploits/shellcodes

Wordpress Background Takeover < 4.1.4 - Directory Traversal
 2018-04-20 05:01:51 +00:00
Offensive Security
e8f4ef9188 DB: 2018-04-19 
14 changes to exploits/shellcodes

PDFunite 0.41.0 - '.pdf' Local Buffer Overflow
RSVG 2.40.13 / 2.42.2 - '.svg' Buffer Overflow
VX Search 10.6.18 - 'directory' Local Buffer Overflow

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)
Easy File Sharing Web Server 7.2 - Stack Buffer Overflow

Coship RT3052 Wireless Router - Persistent Cross-Site Scripting

Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Drupal  < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
Rvsitebuilder CMS - Database Backup Download
Match Clone Script 1.0.4 - Cross-Site Scripting
Kodi 17.6 - Persistent Cross-Site Scripting
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
 2018-04-19 05:01:48 +00:00
Offensive Security
d0cba5625f DB: 2018-04-18 
12 changes to exploits/shellcodes

Brave Browser < 0.13.0 -  'long alert() argument' Denial of Service
Brave Browser < 0.13.0 -  'window.close(self)' Denial of Service
AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution
Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation
Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017)
Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039)
D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)

Drupal  < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
Drupal  < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)

Drupal  < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution

Joomla! Component jDownloads 3.2.58 - Cross Site Scripting
 2018-04-18 05:01:47 +00:00
Offensive Security
f34469db27 DB: 2018-04-17 
17 changes to exploits/shellcodes

Barco ClickShare CSE-200 - Remote Denial of Service
Microsoft Windows - 'nt!NtQueryFullAttributesFile' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryAttributesFile' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryVolumeInformationFile' Kernel Stack Memory Disclosure
Microsoft Windows - 'nt!NtQuerySystemInformation (SystemPageFileInformation(Ex))' Kernel 64-bit Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation)' Kernel Pool Memory Disclosure
Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessImageFileName)' Kernel 64-bit Pool/Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation)' Kernel 64-bit Stack Memory Disclosure
Microsoft Windows - 'nt!NtQueryVirtualMemory (MemoryImageInformation)' Kernel 64-bit Stack Memory Disclosure
Microsoft Windows - 'CiSetFileCache' TOCTOU Incomplete Fix
Microsoft Edge - 'OpenProcess()' ACG Bypass
Zortam MP3 Media Studio 23.45 - Local Buffer Overflow (SEH)
SysGauge Pro 4.6.12 - Local Buffer Overflow (SEH)
CloudMe Sync 1.11.0 - Local Buffer Overflow
Cobub Razor 0.8.0 - SQL injection
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
 2018-04-17 05:01:45 +00:00
Offensive Security
bef325a736 DB: 2018-04-14 
9 changes to exploits/shellcodes

GNU Beep 1.3 - 'HoleyBeep' Local Privilege Escalation

Microsoft Credential Security Support Provider - Remote Code Execution

WordPress Plugin Shopping Cart 3.0.4 - Unrestricted Arbitrary File Upload
Drupal  < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Drupal  < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
 2018-04-14 05:01:49 +00:00
Offensive Security
a8b515dd6d DB: 2018-04-13 
3 changes to exploits/shellcodes

F5 BIG-IP SSL Virtual Server - Memory Disclosure
F5 BIG-IP SSL Virtual Server - 'Ticketbleed' Memory Disclosure

F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure

Joomla Convert Forms version 2.0.3 -  Formula Injection (CSV Injection)
 2018-04-13 05:01:51 +00:00
Offensive Security
3339727aed DB: 2018-04-12 
2 changes to exploits/shellcodes

Cobub Razor 0.7.2 - Cross Site Request Forgery
WolfCMS 0.8.3.1 - Cross Site Request Forgery
Cobub Razor 0.7.2 - Cross-Site Request Forgery
WolfCMS 0.8.3.1 - Cross-Site Request Forgery

KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit
KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)

iScripts SonicBB 1.0 - Reflected Cross-Site Scripting
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)
Wordpress Plugin Activity Log 2.4.0 - Stored Cross Site Scripting
WUZHI CMS 4.1.0 - ‘Add Admin Account’ Cross-Site Request Forgery
WUZHI CMS 4.1.0 - ‘Add User Account’ Cross-Site Request Forgery
Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User)
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
WordPress File Upload Plugin 4.3.2 - Stored Cross Site Scripting
WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS
WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)

Linux/x64 - x64 Assembly Shellcode (Generator)
 2018-04-12 05:01:47 +00:00
Offensive Security
08c1a4df45 DB: 2018-04-11 
9 changes to exploits/shellcodes

Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion

DVD X Player Standard 5.5.3.9 - Buffer Overflow
iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting
Wordpress Plugin Activity Log 2.4.0 - Stored Cross Site Scripting
WUZHI CMS 4.1.0 - ‘Add Admin Account’ Cross-Site Request Forgery
WUZHI CMS 4.1.0 - ‘Add User Account’ Cross-Site Request Forgery
Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control
WordPress File Upload Plugin 4.3.2 - Stored Cross Site Scripting
WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS
 2018-04-11 05:01:46 +00:00
Offensive Security
c91cad5a90 DB: 2018-04-10 
19 changes to exploits/shellcodes

WebKit - WebAssembly Parsing Does not Correctly Check Section Order
CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure
H2 Database - 'Alias' Arbitrary Code Execution
GoldWave 5.70 - Local Buffer Overflow (SEH Unicode)
PMS 0.42 - Local Stack-Based Overflow (ROP)

Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution
WolfCMS 0.8.3.1 - Cross Site Request Forgery
Cobub Razor 0.7.2 - Add New Superuser Account
MyBB Plugin Recent Threads On Index - Cross-Site Scripting
WolfCMS 0.8.3.1 - Open Redirection
Yahei PHP Prober 0.4.7 - Cross-Site Scripting
WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution
CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection
KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit
Buddypress Xprofile Custom Fields Type 2.6.3  - Remote Code Execution
WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting
WordPress Plugin Google Drive 2.2 - Remote Code Execution
 2018-04-10 05:01:53 +00:00
Offensive Security
4088e4151b DB: 2018-04-07 
6 changes to exploits/shellcodes

Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass
Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption

LineageOS 14.1 Blueborne - Remote Code Execution
FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass
DotNetNuke DNNarticle Module 11 - Directory Traversal
Cobub Razor 0.7.2 - Cross Site Request Forgery
 2018-04-07 05:01:44 +00:00
Offensive Security
086c3ec61b DB: 2018-04-06 
9 changes to exploits/shellcodes

Microsoft Windows Defender - 'mpengine.dll' Memory Corruption
Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods
MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting
Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting
WebRTC - Private IP Leakage (Metasploit)
YzmCMS 3.6 - Cross-Site Scripting
Z-Blog 1.5.1.1740 - Cross-Site Scripting
Z-Blog 1.5.1.1740 - Full Path Disclosure
GetSimple CMS 3.3.13 - Cross-Site Scripting
 2018-04-06 05:01:45 +00:00
Offensive Security
541446d964 DB: 2018-04-05 
1 changes to exploits/shellcodes

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix)
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix 2)
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (1)
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (2)

ProcessMaker - Plugin Upload (Metasploit)
 2018-04-05 05:01:44 +00:00
Offensive Security
d81af66afd DB: 2018-04-04 
5 changes to exploits/shellcodes

Google Chrome V8 - 'ElementsAccessorBase::CollectValuesOrEntriesImpl' Type Confusion
Google Chrome V8 - 'Genesis::InitializeGlobal' Out-of-Bounds Read/Write
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix)
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix 2)

Moxa AWK-3131A 1.4 < 1.7  - 'Username' OS Command Injection
 2018-04-04 05:01:46 +00:00
Offensive Security
b6b60b70e9 DB: 2018-04-03 
11 changes to exploits/shellcodes

WebLog Expert Enterprise 9.4 - Privilege Escalation

Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change
Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change

Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC)
Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery
WampServer 3.1.2 - Cross-Site Request Forgery
VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal
VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials
DLink DIR-601 - Admin Password Disclosure
OpenCMS 10.5.3 - Cross-Site Request Forgery
OpenCMS 10.5.3 - Cross-Site Scripting
Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change
 2018-04-03 05:01:54 +00:00
Offensive Security
a13c4ea572 DB: 2018-03-31 
23 changes to exploits/shellcodes

SysGauge 4.5.18 - Local Denial of Service
Systematic SitAware - NVG Denial of Service
Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH)
Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow
Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow
Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow

Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow

osTicket 1.10 - SQL Injection
osTicket 1.10 - SQL Injection (PoC)
Open-AuditIT Professional 2.1 - Cross-Site Request Forgery
Homematic CCU2 2.29.23 - Arbitrary File Write
MiniCMS 1.10 - Cross-Site Request Forgery
WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting
WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection
Homematic CCU2 2.29.23 - Remote Command Execution
Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection
WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure
Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change
osCommerce 2.3.4.1 - Remote Code Execution
Tenda W316R Wireless Router 5.07.50 - Remote DNS Change
D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass
Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change
Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit)
Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC)
 2018-03-31 05:01:49 +00:00
Offensive Security
4a4b338844 DB: 2018-03-30 
8 changes to exploits/shellcodes

GitStack - Unsanitized Argument Remote Code Execution (Metasploit)
Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)

Drupal 7.0 < 7.31 - SQL Injection (1)
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (PoC) (Reset Password) (1)
Drupal 7.0 < 7.31 - SQL Injection (2)
Drupal 7.32 - SQL Injection (PHP)
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Add Admin User)
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (PoC) (Reset Password) (2)

Drupal < 7.32 - Unauthenticated SQL Injection
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Remote Code Execution)
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Admin Session)
Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
 2018-03-30 05:01:51 +00:00
Offensive Security
4fd08ae698 DB: 2018-03-29 
6 changes to exploits/shellcodes

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting
Microsoft Windows Remote Assistance - XML External Entity Injection
Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change
Open-AuditIT Professional 2.1 - Cross-Site Scripting
 2018-03-29 05:01:52 +00:00
Offensive Security
74e4743579 DB: 2018-03-28 
1 changes to exploits/shellcodes

ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)
 2018-03-28 05:01:48 +00:00
Offensive Security
285f79e70e DB: 2018-03-27 
4 changes to exploits/shellcodes

Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve )
Crashmail 1.6 - Stack-Based Buffer Overflow (ROP)
Fast AVI MPEG Splitter 1.2 - Stack-Based Buffer Overflow
LabF nfsAxe 3.7 - Privilege Escalation

Acrolinx Server < 5.2.5 - Directory Traversal

Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass

Laravel Log Viewer < 0.13.0 - Local File Download

Linux/x86 - EggHunter Shellcode (11 Bytes)
Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes)
 2018-03-27 05:01:50 +00:00
Offensive Security
e3fb91f1d7 DB: 2018-03-24 
14 changes to exploits/shellcodes

Android Bluetooth -  BNEP bnep_data_ind() Remote Heap Disclosure
Android Bluetooth -  BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read
Dell EMC NetWorker - Denial of Service
WM Recorder 16.8.1 - Denial of Service
Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service
Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow
Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve )
Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH)
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass
TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery
XenForo 2 - CSS Loader Denial of Service
MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting
Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion

Linux/x86 - EggHunter Shellcode (11 Bytes)
 2018-03-24 05:01:48 +00:00
Offensive Security
31a39a07b9 DB: 2018-03-23 
1 changes to exploits/shellcodes

Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak
 2018-03-23 05:01:51 +00:00
Offensive Security
ce0c08bf93 DB: 2018-03-22 
1 changes to exploits/shellcodes

Cisco node-jos < 0.11.0 - Re-sign Tokens
 2018-03-22 05:01:48 +00:00
Offensive Security
dd3b710ae8 DB: 2018-03-21 
14 changes to exploits/shellcodes

Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit Pool Memory Disclosure
Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit Stack Memory Disclosure
Microsoft Windows Kernel - 'nt!KiDispatchException' 64-bit Stack Memory Disclosure
Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure
Internet Explorer - 'RegExp.lastMatch' Memory Disclosure
Kamailio 5.1.1 / 5.1.0 / 5.0.0 - Off-by-One Heap Overflow
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) -  'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) -  'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) -  'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) -  'netfilter target_offset' Local Privilege Escalation
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
Microsoft Windows - Desktop Bridge VFS Privilege Escalation
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation
Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Escalation
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
Vehicle Sales Management System - Multiple Vulnerabilities

Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)
 2018-03-21 05:01:50 +00:00
Offensive Security
224c305b0d DB: 2018-03-20 
9 changes to exploits/shellcodes

Linux 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
Linux Kenel 2.6.37-rc1 - serial_core TIOCGICOUNT Leak

Linux 2.6.36 IGMP - Remote Denial of Service
Linux Kernel 2.6.36 IGMP - Remote Denial of Service

Linux - SELinux W+X Protection Bypass via AIO
Linux SELinux - W+X Protection Bypass via AIO

Linux group_info refcounter - Overflow Memory Corruption
Linux Kernel - 'group_info' refcounter Overflow Memory Corruption

Linux io_submit L2TP sendmsg - Integer Overflow
Linux Kernel - io_submit L2TP sendmsg Integer Overflow

Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited

Linux ARM/ARM64 - 'perf_event_open()' Arbitrary Memory Read
Linux Kernel (ARM/ARM64) - 'perf_event_open()' Arbitrary Memory Read

Linux - 'mincore()' Uninitialized Kernel Heap Page Disclosure
Linux Kernel - 'mincore()' Uninitialized Kernel Heap Page Disclosure

Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (1)
Linux Kernel < 4.5.1 - Off-By-One (PoC)
Linux Kernel - 'mincore()' Heap Page Disclosure (PoC)
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (2)

Linux libc 5.3.12 / RedHat Linux 4.0 / Slackware Linux 3.1 - libc NLSPATH
Linux libc 5.3.12 (RedHat Linux 4.0 / Slackware Linux 3.1) - libc NLSPATH

Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Local Buffer Overflow
Linux libc 5.3.12/5.4 (RedHat Linux 4.0) - 'vsyslog()' Local Buffer Overflow

Linux 6.1/6.2/7.0/7.1 Man Page - Source Buffer Overflow
Linux Man Page 6.1/6.2/7.0/7.1- Source Buffer Overflow

Linux VServer Project 1.2x - CHRoot Breakout
Linux VServer Project 1.2x - Chroot Breakout
Linux espfix64 - Nested NMIs Interrupting Privilege Escalation
Linux (x86) - Memory Sinkhole Privilege Escalation
Linux Kernel - 'espfix64' Nested NMIs Interrupting Privilege Escalation
Linux Kernel (x86) - Memory Sinkhole Privilege Escalation

Linux 3.17 - 'Python ctypes and memfd_create' noexec File Security Bypass
Linux Kernel 3.17 - 'Python ctypes and memfd_create' noexec File Security Bypass

Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation
Linux Kernel - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation
Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) -  'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) -  'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation
Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation
 2018-03-20 05:01:55 +00:00
Offensive Security
b0fc7bfd43 DB: 2018-03-17 
6 changes to exploits/shellcodes

Android DRM Services - Buffer Overflow
MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow
SAP NetWeaver AS JAVA CRM -  Log injection Remote Command Execution
Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution

Spring Data REST < 2.6.9 (Ingalls SR9)_ 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Contec Smart Home 4.15 - Unauthorized Password Reset
 2018-03-17 05:01:46 +00:00
Offensive Security
80a6e65803 DB: 2018-03-16 
3 changes to exploits/shellcodes

WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting
Spring Data REST < 2.6.9 (Ingalls SR9)_ 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
 2018-03-16 05:01:48 +00:00
Offensive Security
17d2f47aad DB: 2018-03-14 
6 changes to exploits/shellcodes

Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC)

MicroTik RouterOS 3.13 - SNMP write (Set request)
MikroTik RouterOS 3.13 - SNMP write (Set request)

Mikrotik RouterOS sshd (ROSSSH) - Unauthenticated Remote Heap Corruption
MikroTik RouterOS - sshd (ROSSSH) Unauthenticated Remote Heap Corruption
MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution
MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
Tuleap 9.17.99.189 - Blind SQL Injection
 2018-03-14 05:01:48 +00:00
Offensive Security
3f6d16d5c3 DB: 2018-03-13 
8 changes to exploits/shellcodes

Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader
Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Kernel Loader

SC 7.16 - Stack-Based Buffer Overflow

DEWESoft X3 SP1 (64-bit) - Remote Command Execution

Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)

ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)

Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials
TextPattern 4.6.2 - 'qty' SQL Injection
Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution
 2018-03-13 05:01:46 +00:00
Offensive Security
5947825a84 DB: 2018-03-10 
15 changes to exploits/shellcodes

uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service
μTorrent (uTorrent) / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service

uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)
μTorrent (uTorrent) 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)

uTorrent WebUI 0.370 - Authorisation Header Denial of Service
μTorrent (uTorrent) WebUI 0.370 - Authorisation Header Denial of Service

Memcached - 'memcrashed' Denial of Service
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (2)
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1)
Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API
Broadcom BCM43xx Wi-Fi  - 'BroadPWN' Denial of Service
WebLog Expert Enterprise 9.4 - Denial of Service

uTorrent 2.0.3 - 'plugin_dll.dll' DLL Hijacking
μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking

uTorrent 2.0.3 - DLL Hijacking
μTorrent (uTorrent) 2.0.3 - DLL Hijacking

iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow
Microsoft Office - 'Composite Moniker Remote Code Execution
Mozilla Firefox - Address Bar Spoofing
Tor (Firefox 41 < 50) - Code Execution
Chrome 35.0.1916.153 - Sandbox Escape / Command Execution
WebLog Expert Enterprise 9.4 - Authentication Bypass

uTorrent 1.6 build 474 - 'announce' Key Remote Heap Overflow
μTorrent (uTorrent) 1.6 build 474 - 'announce' Key Remote Heap Overflow

t. hauck jana WebServer 1.0/1.45/1.46 - Directory Traversal
T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal

Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution

Werkzeug - 'Debug Shell' Command Execution

TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal
TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal

toronja CMS - SQL Injection
Toronja CMS - SQL Injection

uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery
μTorrent (uTorrent) WebUI 0.310 Beta 2 - Cross-Site Request Forgery
tinybrowser - 'tinybrowser.php' Directory Listing
tinybrowser - 'edit.php' Directory Listing
TinyBrowser - 'tinybrowser.php' Directory Listing
TinyBrowser - 'edit.php' Directory Listing

Xoops 2.5.7.2 - Directory Traversal Bypass
XOOPS 2.5.7.2 - Directory Traversal Bypass

SAP BusinessObjects launch pad - Server-Side Request Forgery

antMan < 0.9.1a - Authentication Bypass

Bacula-Web < 8.0.0-rc2 - SQL Injection
 2018-03-10 05:01:50 +00:00
Offensive Security
a2480f5b98 DB: 2018-03-08 
2 changes to exploits/shellcodes

Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection
antMan 0.9.0c - Authentication Bypass
 2018-03-08 05:01:46 +00:00