exploit-db-mirror

Author	SHA1	Message	Date
Exploit-DB	cbe784b087	DB: 2023-09-09 16 changes to exploits/shellcodes/ghdb Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS Drupal 10.1.2 - web-cache-poisoning-External-service-interaction Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure soosyze 2.0.0 - File Upload SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Wordpress Plugin Elementor 3.5.5 - Iframe Injection Wp2Fac - OS Command Injection Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE) SyncBreeze 15.2.24 - 'login' Denial of Service GOM Player 2.3.90.5360 - Buffer Overflow (PoC) GOM Player 2.3.90.5360 - Remote Code Execution (RCE) Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)	2023-09-09 00:16:33 +00:00
Exploit-DB	e07f33f24d	DB: 2023-08-22 17 changes to exploits/shellcodes/ghdb EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR) EuroTel ETL3100 - Transmitter Default Credentials EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download Color Prediction Game v1.0 - SQL Injection Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated) Dolibarr Version 17.0.1 - Stored XSS Global - Multi School Management System Express v1.0- SQL Injection OVOO Movie Portal CMS v3.3.3 - SQL Injection PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities Taskhub CRM Tool 2.8.6 - SQL Injection Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions TSPlus 16.0.0.0 - Remote Work Insecure Credential storage TSplus 16.0.0.0 - Remote Work Insecure Files and Folders TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)	2023-08-22 00:16:22 +00:00
Exploit-DB	c18d9953a2	DB: 2023-07-29 22 changes to exploits/shellcodes/ghdb Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS) Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities Joomla HikaShop 4.7.4 - Reflected XSS Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS mooDating 1.2 - Reflected Cross-site scripting (XSS) October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated) PaulPrinting CMS - (Search Delivery) Cross Site Scripting Perch v3.2 - Persistent Cross Site Scripting (XSS) RosarioSIS 10.8.4 - CSV Injection WordPress Plugin AN_Gradebook 5.0.1 - SQLi Zomplog 3.9 - Cross-site scripting (XSS) zomplog 3.9 - Remote Code Execution (RCE) copyparty 1.8.2 - Directory Traversal copyparty v1.8.6 - Reflected Cross Site Scripting (XSS) GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)	2023-07-29 00:16:43 +00:00
Exploit-DB	7e3a257da8	DB: 2023-04-26 11 changes to exploits/shellcodes/ghdb PaperCut NG/MG 22.0.4 - Authentication Bypass KodExplorer 4.49 - CSRF to Arbitrary File Upload Mars Stealer 8.3 - Admin Account Takeover Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path OCS Inventory NG 2.3.0.0 - Unquoted Service Path Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode	2023-04-26 00:16:27 +00:00
Exploit-DB	d46ab98863	DB: 2023-04-06 32 changes to exploits/shellcodes/ghdb Answerdev 1.0.3 - Account Takeover D-Link DIR-846 - Remote Command Execution (RCE) vulnerability Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow ERPNext 12.29 - Cross-Site Scripting (XSS) Liferay Portal 6.2.5 - Insecure Permissions GNU screen v4.9.0 - Privilege Escalation Apache Tomcat 10.1 - Denial Of Service PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated) BTCPay Server v1.7.4 - HTML Injection. Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE) Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS) ImageMagick 7.1.0-49 - DoS bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS) Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS) Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS) CKEditor 5 35.4.0 - Cross-Site Scripting (XSS) Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE) Froxlor 2.0.3 Stable - Remote Code Execution (RCE) ImageMagick 7.1.0-49 - Arbitrary File Read itech TrainSmart r1044 - SQL injection Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated) PhotoShow 3.0 - Remote Code Execution projectSend r1605 - Remote Code Exectution RCE Responsive FileManager 9.9.5 - Remote Code Execution (RCE) zstore 6.6.0 - Cross-Site Scripting (XSS) Binwalk v2.3.2 - Remote Command Execution (RCE) XWorm Trojan 2.1 - Null Pointer Derefernce DoS Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution) Linux/x86_64 - bash Shellcode with xor encoding	2023-04-06 00:16:31 +00:00
Exploit-DB	d4e68dbb7e	DB: 2023-04-04 39 changes to exploits/shellcodes/ghdb ProLink PRS1841 PLDT Home fiber - Default Password Nacos 2.0.3 - Access Control vulnerability sudo 1.8.0 to 1.9.12p1 - Privilege Escalation sleuthkit 4.11.1 - Command Injection Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS) ManageEngin AMP 4.3.0 - File-path-traversal SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS) AmazCart CMS 3.4 - Cross-Site-Scripting (XSS) Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS) Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated Art Gallery Management System Project v1.0 - SQL Injection (sqli) Unauthenticated ChiKoi v1.0 - SQL Injection ERPGo SaaS 3.9 - CSV Injection GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE) GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration) Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS) MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated) Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Prizm Content Connect v10.5.1030.8315 - XXE SLIMSV 9.5.2 - Cross-Site Scripting (XSS) WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS) Roxy WI v6.1.0.0 - Improper Authentication Control Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload Solaris 10 libXm - Buffer overflow Local privilege escalation Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path Windows 11 10.0.22000 - Backup service Privilege Escalation Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free Shellcode (373 bytes)	2023-04-04 00:16:32 +00:00
Exploit-DB	3de26153c8	DB: 2023-04-02 23 changes to exploits/shellcodes/ghdb ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS) Hughes Satellite Router HX200 v8.3.1.14 - Remote File Inclusion Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated) TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated) GeoVision Camera GV-ADR2701 - Authentication Bypass AD Manager Plus 7122 - Remote Code Execution (RCE) Enlightenment v0.25.3 - Privilege escalation Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE) Apache 2.4.x - Buffer Overflow perfSONAR v4.4.5 - Partial Blind CSRF SugarCRM 12.2.0 - Remote Code Execution (RCE) XCMS v1.83 - Remote Command Execution (RCE) Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS) GitLab v15.3 - Remote Code Execution (RCE) (Authenticated) AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS) NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Splashtop 8.71.12001.0 - Unquoted Service Path Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS) FlipRotation v1.0 decoder - Shellcode (146 bytes) Linux/x86 - Polymorphic linux x86 Shellcode (92 Bytes) macOS/x64 - Execve Caesar Cipher String Null-Free Shellcode	2023-04-02 00:16:21 +00:00
Exploit-DB	9b56e8731e	DB: 2023-04-01 25 changes to exploits/shellcodes/ghdb EQ Enterprise management system v2.2.0 - SQL Injection qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS) ASKEY RTF3505VW-N1 - Privilege Escalation Bangresto 1.0 - SQL Injection Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated) Cacti v1.2.22 - Remote Command Execution (RCE) Judging Management System v1.0 - Authentication Bypass Judging Management System v1.0 - Remote Code Execution (RCE) rconfig 3.9.7 - Sql Injection (Authenticated) Senayan Library Management System v9.0.0 - SQL Injection Spitfire CMS 1.0.475 - PHP Object Injection Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated) WooCommerce v7.1.0 - Remote Code Execution(RCE) CoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service Path SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Denial Of Service (DoS) SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authorization Bypass (IDOR) SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authentication Bypass SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Cross-Site Request Forgery SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution (RCE) SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Unauthenticated Factory Reset SOUND4 Server Service 4.1.102 - Local Privilege Escalation macOS/x64 - Execve Null-Free Shellcode	2023-04-01 00:16:31 +00:00
Offensive Security	c9e53fa57b	DB: 2022-11-12 7 changes to exploits/shellcodes/ghdb AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal MSNSwitch Firmware MNT.2408 - Remote Code Exectuion (RCE) SmartRG Router SR510n 2.6.13 - RCE (Remote Code Execution) Open Web Analytics 1.7.3 - Remote Code Execution (RCE) CVAT 2.0 - SSRF (Server Side Request Forgery) IOTransfer V4 - Unquoted Service Path NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass) Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes) Linux/MIPS - reboot() Shellcode (32 bytes) Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes)	2022-11-12 09:02:02 +00:00
Offensive Security	fba9658f51	Add more fields into csv dump	2022-11-10 16:38:06 +00:00
Offensive Security	f2d7e05ad0	DB: 2022-02-19 17 changes to exploits/shellcodes Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path Intel(R) Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation WordPress Plugin dzs-zoomsounds 6.60 - Remote Code Execution (RCE) (Unauthenticated) Hotel Druid 3.0.3 - Remote Code Execution (RCE) Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS) Solaris/SPARC - setuid(0) + chmod (/bin/ksh) + exit(0) Shellcode Solaris/SPARC - chmod(./me) Shellcode Solaris/SPARC - setuid(0) + execve (/bin/ksh) Shellcode Linux/MIPS - N32 MSB Reverse Shell Shellcode	2022-02-19 05:01:36 +00:00
Offensive Security	41553c4004	DB: 2022-02-09 11 changes to exploits/shellcodes Wing FTP Server 4.3.8 - Remote Code Execution (RCE) (Authenticated) Hotel Reservation System 1.0 - SQLi (Unauthenticated) Strapi CMS 3.0.0-beta.17.4 - Set Password (Unauthenticated) (Metasploit) FileBrowser 2.17.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE) Hospital Management System 4.0 - 'multiple' SQL Injection WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross Site Scripting (XSS) Wordpress Plugin Simple Job Board 2.9.3 - Local File Inclusion WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting (XSS) WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting (XSS) Windows/x86 - Locate kernel32 base address / Stack Crack method NullFree Shellcode (171 bytes)	2022-02-09 05:02:00 +00:00
Offensive Security	30be173453	DB: 2022-02-05 8 changes to exploits/shellcodes FLAME II MODEM USB - Unquoted Service Path WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated) WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting (XSS) (Authenticated) Servisnet Tessa - Privilege Escalation (Metasploit) Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) (Metasploit) Servisnet Tessa - Add sysAdmin User (Unauthenticated) (Metasploit) Windows/x86 - Download File and Execute / Dynamic PEB & EDT method Shellcode (458 bytes) Windows/x86 - Locate kernel32 base address / Memory Sieve method Shellcode (133 bytes)	2022-02-05 05:01:59 +00:00
Offensive Security	de260aeac6	DB: 2021-10-30 95 changes to exploits/shellcodes Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC) Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC) AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC) Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC) WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Sandboxie 5.49.7 - Denial of Service (PoC) WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) iDailyDiary 4.30 - Denial of Service (PoC) RarmaRadio 2.72.8 - Denial of Service (PoC) DupTerminator 1.4.5639.37199 - Denial of Service (PoC) Color Notes 1.4 - Denial of Service (PoC) Macaron Notes great notebook 5.5 - Denial of Service (PoC) My Notes Safe 5.3 - Denial of Service (PoC) n+otes 1.6.2 - Denial of Service (PoC) Telegram Desktop 2.9.2 - Denial of Service (PoC) Mini-XML 3.2 - Heap Overflow Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (3) Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1) Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2) MariaDB 10.2 - 'wsrep_provider' OS Command Execution Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free Visual Studio Code 1.47.1 - Denial of Service (PoC) DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE) MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2) Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service (PoC) GNU Wget < 1.18 - Arbitrary File Upload (2) WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting (XSS) E-Learning System 1.0 - Authentication Bypass PEEL Shopping 9.3.0 - 'Comments' Persistent Cross-Site Scripting GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Persistent Cross-Site Scripting Selea Targa 512 IP OCR-ANPR Camera - Stream Disclosure (Unauthenticated) Library System 1.0 - Authentication Bypass Web Based Quiz System 1.0 - 'name' Persistent Cross-Site Scripting Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE) GetSimple CMS My SMTP Contact Plugin 1.1.1 - Cross-Site Request Forgery GravCMS 1.10.7 - Unauthenticated Arbitrary File Write (Metasploit) Umbraco v8.14.1 - 'baseUrl' SSRF Cacti 1.2.12 - 'filter' SQL Injection GetSimple CMS Custom JS 0.1 - Cross-Site Request Forgery Internship Portal Management System 1.0 - Remote Code Execution(Unauthenticated) Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting Xmind 2020 - Persistent Cross-Site Scripting Tagstoo 2.0.1 - Persistent Cross-Site Scripting SnipCommand 0.1.0 - Persistent Cross-Site Scripting Moeditor 0.2.0 - Persistent Cross-Site Scripting Marky 0.0.1 - Persistent Cross-Site Scripting StudyMD 0.3.2 - Persistent Cross-Site Scripting Freeter 1.2.1 - Persistent Cross-Site Scripting Markright 1.0 - Persistent Cross-Site Scripting Markdownify 1.2.0 - Persistent Cross-Site Scripting Anote 1.0 - Persistent Cross-Site Scripting Subrion CMS 4.2.1 - Arbitrary File Upload Printable Staff ID Card Creator System 1.0 - 'email' SQL Injection Schlix CMS 2.2.6-6 - Arbitary File Upload (Authenticated) Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) CHIYU IoT Devices - Denial of Service (DoS) Zenario CMS 8.8.52729 - 'cID' SQL injection (Authenticated) TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated) WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal Atlassian Jira Server Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS) Scratch Desktop 3.17 - Remote Code Execution Church Management System 1.0 - Arbitrary File Upload (Authenticated) Phone Shop Sales Managements System 1.0 - Arbitrary File Upload Zoo Management System 1.0 - 'Multiple' Persistent Cross-Site-Scripting (XSS) WordPress Plugin Current Book 1.0.1 - 'Book Title' Persistent Cross-Site Scripting ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated) KevinLAB BEMS 1.0 - Authentication Bypass Event Registration System with QR Code 1.0 - Authentication Bypass CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) Panasonic Sanyo CCTV Network Camera 2.03-0x - Cross-Site Request Forgery (Change Password) qdPM 9.2 - Password Exposure (Unauthenticated) ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) Movable Type 7 r.5002 - XMLRPC API OS Command Injection (Metasploit) GeoVision Geowebserver 5.3.3 - Local FIle Inclusion Simple Phone Book 1.0 - 'Username' SQL Injection (Unauthenticated) Umbraco CMS 8.9.1 - Directory Traversal Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated) Dolibarr ERP 14.0.1 - Privilege Escalation Compro Technology IP Camera - 'killps.cgi' Denial of Service (DoS) Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation Phpwcms 1.9.30 - Arbitrary File Upload Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes) Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes) Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes) Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes) Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes) Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes) Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes) Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes) Windows/x86 - MessageBoxA PEB & Export Address Table NullFree/Dynamic Shellcode (230 bytes)	2021-10-30 05:02:09 +00:00
Offensive Security	f33a724e0b	DB: 2021-10-29 58 changes to exploits/shellcodes Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial of Service (PoC) Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) ProFTPD 1.3.7a - Remote Denial of Service glFTPd 2.11a - Remote Denial of Service Hasura GraphQL 1.3.3 - Denial of Service Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) NBMonitor 1.6.8 - Denial of Service (PoC) Nsauditor 3.2.3 - Denial of Service (PoC) Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC) Post-it 5.0.1 - Denial of Service (PoC) Notex the best notes 6.4 - Denial of Service (PoC) SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service (PoC) Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial of Service (PoC) GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC) GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC) GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC) Backup Key Recovery 2.2.7 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path Cyberfox Web Browser 52.9.1 - Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access vsftpd 3.0.3 - Remote Denial of Service Dlink DSL2750U - 'Reboot' Command Injection PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) Netsia SEBA+ 0.16.1 - Add Root User (Metasploit) Arteco Web Client DVR/NVR - 'SessionId' Brute Force Resumes Management and Job Application Website 1.0 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) 'customhs_js_content' - 'customhs_js_content' Cross-Site Request Forgery Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Mini Mouse 9.3.0 - Local File inclusion rconfig 3.9.6 - Arbitrary File Upload Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS) Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated) OpenEMR 5.0.1.3 - Authentication Bypass VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated) WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS) Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection Budget and Expense Tracker System 1.0 - Authenticated Bypass Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF) WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) Blood Bank System 1.0 - Authentication Bypass Lodging Reservation Management System 1.0 - Authentication Bypass Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read Linux/x64 - /sbin/halt -p Shellcode (51 bytes) Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2) Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded) Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)	2021-10-29 05:02:12 +00:00
Offensive Security	4f2cf56b31	DB: 2021-10-23 11 changes to exploits/shellcodes Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection OpenSIS 8.0 'modname' - Directory Traversal Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload Budget and Expense Tracker System 1.0 - Arbitrary File Upload FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting Jetty 9.4.37.v20210219 - Information Disclosure Clinic Management System 1.0 - SQL injection to Remote Code Execution Online Course Registration 1.0 - Blind Boolean-Based SQL Injection (Authenticated) Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)	2021-10-23 05:02:09 +00:00
Offensive Security	679a62755b	DB: 2021-10-14 28 changes to exploits/shellcodes Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root (Telnet/SSH) Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated) Simple Payroll System 1.0 - SQLi Authentication Bypass Dolibarr ERP/CRM 14.0.1 - Privilege Escalation Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution (RCE) Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated) Budget and Expense Tracker System 1.0 - Arbitrary File Upload FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated) Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated) Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE) Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF) Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass Simple Issue Tracker System 1.0 - SQLi Authentication Bypass Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS) Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS) Sonicwall SonicOS 7.0 - Host Header Injection Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)	2021-10-14 05:02:11 +00:00
Offensive Security	1cf7d7364a	DB: 2021-10-13 176 changes to exploits/shellcodes Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC) Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC) Sandboxie 5.49.7 - Denial of Service (PoC) WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) iDailyDiary 4.30 - Denial of Service (PoC) RarmaRadio 2.72.8 - Denial of Service (PoC) DupTerminator 1.4.5639.37199 - Denial of Service (PoC) Color Notes 1.4 - Denial of Service (PoC) Macaron Notes great notebook 5.5 - Denial of Service (PoC) My Notes Safe 5.3 - Denial of Service (PoC) Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) NBMonitor 1.6.8 - Denial of Service (PoC) Nsauditor 3.2.3 - Denial of Service (PoC) Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) n+otes 1.6.2 - Denial of Service (PoC) Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC) Post-it 5.0.1 - Denial of Service (PoC) Notex the best notes 6.4 - Denial of Service (PoC) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3) MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution Visual Studio Code 1.47.1 - Denial of Service (PoC) DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE) Backup Key Recovery 2.2.7 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Dlink DSL2750U - 'Reboot' Command Injection E-Learning System 1.0 - Authentication Bypass & RCE POC Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit) ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation GetSimple CMS 3.3.16 - Reflected XSS to RCE House Rental and Property Listing 1.0 - Multiple Stored XSS Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection) EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC) Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated) Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated) CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated) WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC) Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE) Montiorr 1.7.6m - File Upload to XSS GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated) Markdown Explorer 0.1.1 - XSS to RCE Xmind 2020 - XSS to RCE Tagstoo 2.0.1 - Stored XSS to RCE SnipCommand 0.1.0 - XSS to RCE Moeditor 0.2.0 - XSS to RCE Marky 0.0.1 - XSS to RCE StudyMD 0.3.2 - XSS to RCE Freeter 1.2.1 - XSS to RCE Markright 1.0 - XSS to RCE Markdownify 1.2.0 - XSS to RCE Anote 1.0 - XSS to RCE Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated) Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated) Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) CHIYU IoT Devices - Denial of Service (DoS) Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated) WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS) Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated) Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection Dolibarr ERP/CRM 10.0.6 - Login Brute Force qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated) Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated) ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function Budget and Expense Tracker System 1.0 - Authenticated Bypass WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS) Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Phpwcms 1.9.30 - File Upload to XSS Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2) Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes) Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode	2021-10-13 05:02:15 +00:00
Offensive Security	a250e82458	DB: 2021-10-12 176 changes to exploits/shellcodes Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC) Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC) jQuery UI 1.12.1 - Denial of Service (DoS) AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC) Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) ProFTPD 1.3.7a - Remote Denial of Service glFTPd 2.11a - Remote Denial of Service Hasura GraphQL 1.3.3 - Denial of Service WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Telegram Desktop 2.9.2 - Denial of Service (PoC) SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC) GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC) GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC) Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2) Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC) Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm vsftpd 3.0.3 - Remote Denial of Service GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2) PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting Arteco Web Client DVR/NVR - 'SessionId' Brute Force Resumes Management and Job Application Website 1.0 - Multiple Stored XSS Library System 1.0 - Authentication Bypass Via SQL Injection MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated) Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Mini Mouse 9.3.0 - Local File inclusion / Path Traversal GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2) GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit) GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS) Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated) OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated) Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution (XSS/RCE) Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated) Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS) WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS) KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass Event Registration System with QR Code 1.0 - Authentication Bypass & RCE CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated) Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated) Compro Technology IP Camera - 'killps.cgi' Denial-of-Service (DoS) OpenSIS 8.0 'modname' - Directory/Path Traversal Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF) Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation PlaceOS 1.2109.1 - Open Redirection Blood Bank System 1.0 - SQL Injection / Authentication Bypass Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes) Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes) Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes) Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes) Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes) Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes) Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes) Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes) Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes) Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded) Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes) Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)	2021-10-12 05:02:16 +00:00
Offensive Security	794d9e4342	DB: 2021-10-08 8 changes to exploits/shellcodes Google SLO-Generator 2.0.0 - Code Execution Apache HTTP Server 2.4.49 - Path Traversal Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE) Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting Online Traffic Offense Management System 1.0 - Multiple SQL Injection (Unauthenticated) Online Traffic Offense Management System 1.0 - Multiple XSS (Unauthenticated) Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated) Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)	2021-10-08 05:02:10 +00:00
Offensive Security	8955161978	DB: 2021-10-02 10 changes to exploits/shellcodes Exam Form Submission System 1.0 - SQL Injection Authentication Bypass Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Blood Bank System 1.0 - SQL Injection / Authentication Bypass Phpwcms 1.9.30 - File Upload to XSS Vehicle Service Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated) Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass WhatsUpGold 21.0.3 - Stored Cross-Site Scripting (XSS) CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated) Directory Management System 1.0 - SQL Injection Authentication Bypass Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes)	2021-10-02 05:02:11 +00:00
Offensive Security	629e350774	DB: 2021-09-14 18 changes to exploits/shellcodes Active WebCam 11.5 - Unquoted Service Path ECOA Building Automation System - Missing Encryption Of Sensitive Information Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai ECOA Building Automation System - Hard-coded Credentials SSH Access Men Salon Management System 1.0 - Multiple Vulnerabilities ECOA Building Automation System - Weak Default Credentials ECOA Building Automation System - Path Traversal Arbitrary File Upload ECOA Building Automation System - Directory Traversal Content Disclosure ECOA Building Automation System - 'multiple' Cross-Site Request Forgery (CSRF) ECOA Building Automation System - Cookie Poisoning Authentication Bypass ECOA Building Automation System - Configuration Download Information Disclosure ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function ECOA Building Automation System - Remote Privilege Escalation ECOA Building Automation System - Local File Disclosure ECOA Building Automation System - Arbitrary File Deletion Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)	2021-09-14 05:02:12 +00:00
Offensive Security	36c084c351	DB: 2021-09-03 45419 changes to exploits/shellcodes 2 new exploits/shellcodes Too many to list!	2021-09-03 13:39:06 +00:00
Offensive Security	c385c8068c	DB: 2021-07-20 6 changes to exploits/shellcodes WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated) WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS) Dolibarr ERP/CRM 10.0.6 - Login Brute Force PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode	2021-07-20 05:01:52 +00:00
Offensive Security	906bbc4943	DB: 2021-07-14 8 changes to exploits/shellcodes Apache Tomcat 9.0.0.M1 - Open Redirect WordPress Plugin WPFront Notification Bar 1.9.1.04012 - Stored Cross-Site Scripting (XSS) Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS) Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS) OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated) (2) Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)	2021-07-14 05:01:54 +00:00
Offensive Security	eaff7043e2	DB: 2021-06-11 6 changes to exploits/shellcodes Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) n+otes 1.6.2 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Student Result Management System 1.0 - 'class' SQL Injection TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS) Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)	2021-06-11 05:01:56 +00:00
Offensive Security	599b380301	DB: 2021-05-11 7 changes to exploits/shellcodes DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: May 3rd 2021 PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS) Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated) Microweber CMS 1.1.20 - Remote Code Execution (Authenticated) Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes)	2021-05-11 05:01:57 +00:00
Offensive Security	dcd1229758	DB: 2021-05-04 7 changes to exploits/shellcodes GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE Voting System 1.0 - Time based SQLI (Unauthenticated SQL injection) Piwigo 11.3.0 - 'language' SQL GitLab Community Edition (CE) 13.10.3 - User Enumeration GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes) Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes)	2021-05-04 05:01:59 +00:00
Offensive Security	53c15c17c6	DB: 2021-04-16 6 changes to exploits/shellcodes glFTPd 2.11a - Remote Denial of Service Horde Groupware Webmail 5.2.22 - Stored XSS Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS) htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS) Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)	2021-04-16 05:02:00 +00:00
Offensive Security	338282491b	DB: 2021-02-25 8 changes to exploits/shellcodes SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC) Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC) LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path python jsonpickle 2.0.0 - Remote Code Execution Unified Remote 3.9.0.2463 - Remote Code Execution LayerBB 1.1.4 - 'search_query' SQL Injection Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)	2021-02-25 05:01:54 +00:00
Offensive Security	0ebed6d4c4	DB: 2021-02-10 5 changes to exploits/shellcodes Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquote Service Path AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path Online Car Rental System 1.0 - Stored Cross Site Scripting Adobe Connect 10 - Username Disclosure Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes)	2021-02-10 05:01:58 +00:00
Offensive Security	3fa3a8be65	DB: 2021-01-26 8 changes to exploits/shellcodes MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF Collabtive 3.1 - 'address' Persistent Cross-Site Scripting CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS CASAP Automated Enrollment System 1.0 - 'route' Stored XSS Library System 1.0 - 'category' SQL Injection Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit) Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)	2021-01-26 05:01:58 +00:00
Offensive Security	3e80d07fdb	DB: 2021-01-23 15 changes to exploits/shellcodes Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated) Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated) Selea Targa IP OCR-ANPR Camera - CSRF Add Admin Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated) Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated) Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated) Library System 1.0 - Authentication Bypass Via SQL Injection CASAP Automated Enrollment System 1.0 - Authentication Bypass ERPNext 12.14.0 - SQL Injection (Authenticated) Atlassian Confluence Widget Connector Macro - SSTI Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes) Linux/x86 - Socat Bind Shellcode (113 bytes) Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes) Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes) Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes) Linux/x86 - Egghunter (0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes) Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes)	2021-01-23 05:01:59 +00:00
Offensive Security	d65226277c	DB: 2021-01-21 4 changes to exploits/shellcodes ChurchRota 2.6.4 - RCE (Authenticated) Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution) Linux/x86 - Socat Bind Shellcode (113 bytes)	2021-01-21 05:01:57 +00:00
Offensive Security	62b25db87d	DB: 2021-01-20 2 changes to exploits/shellcodes osTicket 1.14.2 - SSRF Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes)	2021-01-20 05:02:00 +00:00
Offensive Security	969e7d6c90	DB: 2021-01-16 13 changes to exploits/shellcodes Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS E-Learning System 1.0 - Authentication Bypass & RCE POC Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit) PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message) WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS) Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF) Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection EyesOfNetwork 5.3 - File Upload Remote Code Execution BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes) BSD/x86 - execve(/bin/sh) + Encoded Shellcode (49 bytes) FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes) FreeBSD x86/x64 - execve(/bin/sh) + Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - setreuid() + execve(pfctl -d) Shellcode (56 bytes) FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes) FreeBSD/x86 - execve(/bin/sh) + Encoded Shellcode (48 bytes) Linux/PPC - read + exec Shellcode (32 bytes) Linux/PPC - read() + exec Shellcode (32 bytes) Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Append RSA Key To /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - Reverse PHP (Writes To /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive + Payload Loader Shellcode (68+ bytes) BSD/x86 - symlink . /bin/sh Shellcode (32 bytes) BSD/x86 - symlink /bin/sh Shellcode (32 bytes) Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Linux/x86 - Overwrite MBR On /dev/sda With _LOL!' Shellcode (43 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + No Password + exit() Shellcode (107 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) With umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x64 - setuid(0) + chmod (/etc/passwd 0777) + exit(0) Shellcode (63 bytes) Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - chmod(/etc/shadow 0777) + Polymorphic Shellcode (84 bytes) Linux/ARM - chmod(/etc/shadow 0777) Shellcode (35 bytes) Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (6778/TCP) Shell + Polymorphic + XOR Encoded Shellcode (125 bytes) Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind (0x1337/TCP) Listener + Receive + Payload Loader Shellcode Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/SuperH (sh4) - setuid(0) + chmod (/etc/shadow 0666) + exit(0) Shellcode (43 bytes) Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit) Windows - Download File + Execute Via DNS + IPv6 Shellcode (Generator) (Metasploit) Linux/MIPS (Little Endian) - system() Shellcode (80 bytes) Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid() + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts Shellcode (77 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (77-85/90-98 bytes) Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Windows/x64 (XP) - Download File + Execute Shellcode Using PowerShell (Generator) Linux/MIPS (Little Endian) - chmod(/etc/shadow 666) Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod(/etc/passwd 666) Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - execve(/bin/sh) + ROT13 Encoded Shellcode (68 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts + Obfuscated Shellcode (98 bytes) Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Custom execve() + 'Followtheleader' Shellcode (Encoder/Decoder) (Generator) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - mkdir(HACK) + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Reboot() Shellcode (28 bytes) Linux/x86 - reboot() Shellcode (28 bytes) Linux/x64 - execve() Encoded Shellcode (57 bytes) Linux/x64 - execve() + Encoded Shellcode (57 bytes) Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Windows/x86 - Download File (//192.168.1.19/c) Via WebDAV + Execute Null-Free Shellcode (96 bytes) Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes) Windows - Keylogger To File (./log.bin) + Null-Free Shellcode (431 bytes) Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes) Windows - Keylogger To File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes) BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) BSD / Linux / Windows (x86/x64) - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Shellcode (194 bytes) (Generator) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing Via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes) BSD/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes) Linux/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes) BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (31 bytes) Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes) Linux/x86 - Audio (knock knock knock) Via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes) Linux/x86 - Remote File Download Shellcode (42 bytes) Linux/x86 - Download File Shellcode (42 bytes) Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes) Linux/x86 - reboot() + Mutated + Null-Free Shellcode (55 bytes) Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes) Linux/x86 - execve(wget) + Mutated + Null-Free Shellcode (96 bytes) Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes) Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes) Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes) Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + Execute Shellcode (108 bytes) Linux/x86 - execve(/bin/sh) Using jump/call/pop Shellcode (52 bytes) Linux/x86 - Copy /etc/passwd To /tmp/outfile Shellcode (97 bytes) Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Linux/x64 - execve(/bin/sh -c reboot) Shellcode (89 bytes) Linux/x64 - mkdir() Shellcode (25 bytes) Linux/x64 - mkdir(ajit) Shellcode (25 bytes) IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes) IRIX - Bind (/TCP) Shell (/bin/sh) Shellcode (364 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes) Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (79 bytes) Linux/ARM - chmod(/etc/passwd 0777) Shellcode (39 bytes) Linux/x64 - Execute /bin/sh Shellcode (27 bytes) Linux/x64 - execve(/bin/sh) Shellcode (27 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (96 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes) Linux/x64 - shutdown -h now Shellcode (64 bytes) Linux/x64 - /sbin/shutdown -h now Shellcode (65 bytes) Linux/x64 - /sbin/shutdown -h now Shellcode (64 bytes) Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator) Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes) Linux/x64 - execve(/bin/sh) + Custom Encoded XOR Shellcode Linux/x64 - execve(/bin/sh) + Custom Encoded XOR + Polymorphic Shellcode (Generator) Linux/x64 - execve(/bin/sh) + Twofish Encoded + DNS (CNAME) Password + Shellcode Linux/x86 - execve(/bin/sh) + NOT Encoder / Decoder Shellcode (44 bytes) Linux/x64 - x64 Assembly Shellcode (Generator) Linux/x64 - execve() Assembly Shellcode (Generator) Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes) Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (37 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + (Dual IPv4 and IPv6) Shellcode (146 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + IPv4/6 Shellcode (146 bytes) Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (28 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (20 Bytes) Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes) Linux/x86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes) Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (4 Bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse (192.168.2.157:31337/TCP) Shellcode (181 bytes) Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x86 - execve(/usr/bin/head -n99 cat etc/passwd) Shellcode (61 Bytes) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes) Windows/x86 - Download With TFTP And Execute Shellcode (51-60 bytes) (Generator) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + Execute Shellcode (119 bytes) Windows/x86 (XP Pro SP3) - Download File Via TFTP + Execute Shellcode (51-60 bytes) (Generator) Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes) Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes) Linux/ARM - Reverse (192.168.1.124:4321/TCP) Shell (/bin/sh) Shellcode (64 bytes) Windows/x86 - Download File (http://192.168.0.13/ms.msi) Via msiexec + Execute Shellcode (95 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (119 bytes) Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes) Linux/x86 - Add User (sshd/root) To /etc/passwd Shellcode (149 bytes) Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes) Linux/x86 - cat .bash_history + base64 Encode + cURL (http://localhost:8080) Shellcode (125 bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) Shellcode (91 Bytes) (Generator) Linux/x86 - Shred file (test.txt) Shellcode (72 bytes) Linux/x86 - Shred File (test.txt) Shellcode (72 bytes) Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes) Linux/x64 - execve(/bin/sh) Shellcode (23 bytes) Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + Reposition + INC Encoder Shellcode (66 bytes) Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe _c:\evil.exe_) Shellcode (210 Bytes) Windows/x86 - Download File (http://192.168.10.10/evil.exe _c:\evil.exe_) Via bitsadmin + Execute Shellcode (210 Bytes) Linux/x86 - Chmod + Execute (/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes) Linux/x86 - chmod + execute(/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (140 bytes) Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes) Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes) Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + mmap() + read() Stager Shellcode (60 Bytes) Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (8 Bytes) Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) Using JMP-CALL-POP Shellcode (21 bytes) Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes) Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes) Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (168 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + Polymorphic Shellcode (53 bytes) Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (107 bytes) Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes) Linux/x86_64 - execve(_/bin/sh_) + AVX2 XOR Decoder Shellcode (62 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes) Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes) Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (107 Bytes) Linux/x86 - Bind (43690/TCP) + Null-Free Shellcode (53 Bytes) Linux/x86 - execve(/bin/sh) + NOT + XOR-N + Random Encoded Shellcode (132 bytes) Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes) Linux/x86 - (NOT\|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes) Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Byte Free Shellcode (188 bytes) Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes) Windows/7 - Screen Lock Shellcode (9 bytes) Linux/x86 - Add Root User (vl43ck/test) To /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) To /etc/passwd Shellcode (74 bytes) Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) Socket Reuse Shellcode (42 bytes) Linux/x86 - execve(/bin/sh) + NOT\|ROT+8 Encoded + Null-Free Shellcode (47 bytes) Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Free Shellcode (188 bytes) Linux/x86 - execve() + Alphanumeric Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + Random Bytes Encoder + XOR/SUB/NOT/ROR Shellcode (114 bytes) Windows/x64 (7) - Screen Lock Shellcode (9 bytes) Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows/x86 - WinExec Calc.exe + Null-Free Shellcode (195 bytes) Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes) Linux/x86 - Reboot + Polymorphic Shellcode (26 bytes) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes) Linux/ARM - execve /bin/dash Shellcode (32 bytes) Windows/x86 - MSVCRT System + Dynamic Null-Free + Add RDP Admin (MajinBuu/TurnU2C@ndy!!) + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Password (P3WP3Wl4ZerZ) + Null-free Shellcode (272 Bytes) Linux/ARM - execve(/bin/dash) Shellcode (32 bytes) Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes) Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (124 bytes) Windows/x86 - Download using mshta.exe Shellcode (100 bytes) Windows/x86 - Download File (http://192.168.43.192:8080/9MKWaRO.hta) Via mshta Shellcode (100 bytes)	2021-01-16 05:01:56 +00:00
Offensive Security	f8d41df29f	DB: 2021-01-14 4 changes to exploits/shellcodes dnsrecon 0.10.0 - CSV Injection Erlang Cookie - Remote Code Execution Online Hotel Reservation System 1.0 - Admin Authentication Bypass Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (91 bytes) Linux/x64 - Reverse TCP Stager Shellcode (188 bytes) Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Byte Free Shellcode (188 bytes) Linux/x86 - bind shell on port 13377 Shellcode (65 bytes) Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes)	2021-01-14 05:01:54 +00:00
Offensive Security	91f4f8025d	DB: 2021-01-13 4 changes to exploits/shellcodes Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated) Cemetry Mapping and Information System 1.0 - Multiple SQL Injections SmartAgent 3.1.0 - Privilege Escalation Linux/x86 - bind shell on port 13377 Shellcode (65 bytes)	2021-01-13 05:01:55 +00:00
Offensive Security	cb83a6e2dd	DB: 2020-12-19 17 changes to exploits/shellcodes docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC) FRITZ!Box 7.20 - DNS Rebinding Protection Bypass SyncBreeze 10.0.28 - 'login' Denial of Service (Poc) Xeroneit Library Management System 3.1 - _Add Book Category _ Stored XSS Point of Sale System 1.0 - Authentication Bypass Alumni Management System 1.0 - Unrestricted File Upload To RCE Alumni Management System 1.0 - _Course Form_ Stored XSS Alumni Management System 1.0 - 'id' SQL Injection Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit) Smart Hospital 3.1 - _Add Patient_ Stored XSS Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)	2020-12-19 05:01:57 +00:00
Offensive Security	720fabd066	DB: 2020-07-28 114 changes to exploits/shellcodes Notepad++ < 7.7 (x64) - Denial of Service winrar 5.80 64bit - Denial of Service WinRAR 5.80 (x64) - Denial of Service Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter 'target_offset' Out-of-Bounds Privilege Escalation TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Windows 7 SP1 (x86) - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Word 2007 (x86) - Information Disclosure IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass) MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass) Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH) Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path DEWESoft X3 SP1 (64-bit) - Remote Command Execution DEWESoft X3 SP1 (x64) - Remote Command Execution CompleteFTP Professional 12.1.3 - Remote Code Execution TeamCity Agent XML-RPC 10.0 - Remote Code Execution eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x86 - Kill All Processes Shellcode (14 bytes) Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes) Linux/x86 - (NOT\|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes) Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes) Linux/x86 - (NOT\|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes) Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes) Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes) Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes) Linux/x86 - Bind Shell Generator Shellcode (114 bytes) Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes) Linux/x86 - Bind Shell Generator Shellcode (114 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)	2020-07-28 05:01:59 +00:00
Offensive Security	e46d9f65ff	DB: 2020-07-27 32 changes to exploits/shellcodes Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite) Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH) Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter) DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter) Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter) Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH) Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter) docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated) ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin) WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated) Bludit 3.9.2 - Directory Traversal LibreHealth 2.0.0 - Authenticated Remote Code Execution Online Course Registration 1.0 - Unauthenticated Remote Code Execution elaniin CMS - Authentication Bypass Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated) PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting Bio Star 2.8.2 - Local File Inclusion Webtareas 2.1p - Arbitrary File Upload (Authenticated) F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication) Socket.io-file 2.0.31 - Arbitrary File Upload pfSense 2.4.4-p3 - Cross-Site Request Forgery Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting Rails 5.0.1 - Remote Code Execution Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes) Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes) Windows/x86 - Download using mshta.exe Shellcode (100 bytes)	2020-07-27 05:02:04 +00:00
Offensive Security	1979df6cb3	DB: 2020-06-19 51 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Notepad++ < 7.7 (x64) - Denial of Service SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service InputMapper 1.6.10 - Denial of Service SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH) XnConvert 1.82 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC) SpotDialup 1.6.7 - 'Key' Denial of Service (PoC) Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) FreeBSD 12.0 - 'fd' Local Privilege Escalation iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH) DeviceViewer 3.12.0.1 - Arbitrary Password Change Winrar 5.80 - XML External Entity Injection Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution Siemens TIA Portal - Remote Command Execution Android 7 < 9 - Remote Code Execution CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit) CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit) CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit) MyBB < 1.8.21 - Remote Code Execution Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit) Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery Publisure Hybrid - Multiple Vulnerabilities NetGain EM Plus 10.1.68 - Remote Command Execution Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion DotNetNuke 9.3.2 - Cross-Site Scripting VehicleWorkshop 1.0 - 'bookingid' SQL Injection WordPress Plugin Tutor.1.5.3 - Local File Inclusion WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting WordPress Plugin Wordfence.7.4.5 - Local File Disclosure WordPress Plugin contact-form-7 5.1.6 - Remote File Upload WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Joomla! 3.9.0 < 3.9.7 - CSV Injection PlaySMS 1.4.3 - Template Injection / Remote Code Execution Wing FTP Server - Authenticated CSRF (Delete Admin) WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification UADMIN Botnet 1.0 - 'link' SQL Injection Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload Wordpress Plugin PicUploader 1.0 - Remote File Upload PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution WordPress Plugin Helpful 2.4.11 - SQL Injection Prestashop 1.7.6.4 - Cross-Site Request Forgery WordPress Plugin Simple File List 5.4 - Remote Code Execution Library CMS Powerful Book Management System 2.2.0 - Session Fixation Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection Beauty Parlour Management System 1.0 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes) Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes) Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)	2020-06-19 05:02:01 +00:00
Offensive Security	bb9f12afc7	DB: 2020-06-16 3 changes to exploits/shellcodes SOS JobScheduler 1.13.3 - Stored Password Decryption Linux/ARM - execve /bin/dash Shellcode (32 bytes) Linux/ARM - Bind (0.0.0.0:1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (100 bytes)	2020-06-16 05:01:56 +00:00
Offensive Security	ccea007282	DB: 2020-05-01 81 changes to exploits/shellcodes WordPress 2.9 - Denial of Service WordPress Core 2.9 - Denial of Service Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC) Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC) IBM AIX 4.3.1 - 'adb' Denial of Service Jzip - Buffer Overflow (PoC) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) WordPress 4.0 - Denial of Service WordPress < 4.0.1 - Denial of Service WordPress Core 4.0 - Denial of Service WordPress Core < 4.0.1 - Denial of Service Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service PHPFreeChat 1.7 - Denial of Service XenForo 2 - CSS Loader Denial of Service MikroTik 6.41.4 - FTP daemon Denial of Service (PoC) Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Virgin Media Hub 3.0 Router - Denial of Service (PoC) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC) Windows PowerShell - Unsanitized Filename Command Execution Microsoft Windows PowerShell - Unsanitized Filename Command Execution QEMU - Denial of Service Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Tautulli 2.1.9 - Denial of Service (Metasploit) Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Cisco IP Phone 11.7 - Denial of service (PoC) PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass IBM AIX 4.3.1 - 'adb' Denial of Service Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC) AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Windows NTFS - Privileged File Access Enumeration Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) Microsoft Windows NTFS - Privileged File Access Enumeration Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit) Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit) Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) _GCafé 3.0 - 'gbClienService' Unquoted Service Path _GCafé 3.0 - 'gbClienService' Unquoted Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Bash 5.0 Patch 11 - SUID Priv Drop Exploit Bash 5.0 Patch 11 - SUID Priv Drop Exploit Windows - Shell COM Server Registrar Local Privilege Escalation Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation Windows Kernel - Information Disclosure Microsoft Windows Kernel - Information Disclosure NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress 5.0.0 - Crop-image Shell Upload (Metasploit) WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) Windows PowerShell ISE - Remote Code Execution Microsoft Windows PowerShell ISE - Remote Code Execution QEMU - Denial of Service Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) WordPress 1.2 - HTTP Splitting WordPress Core 1.2 - HTTP Splitting WordPress 1.5.1.1 - SQL Injection WordPress Core 1.5.1.1 - SQL Injection WordPress 1.5.1.1 - 'add new admin' SQL Injection WordPress Core 1.5.1.1 - 'add new admin' SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress 1.5.1.3 - Remote Code Execution WordPress 1.5.1.3 - Remote Code Execution (Metasploit) WordPress Core 1.5.1.3 - Remote Code Execution WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit) WordPress 2.0.5 - Trackback UTF-7 SQL Injection WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection WordPress 2.0.6 - 'wp-trackback.php' SQL Injection WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection WordPress 2.1.2 - 'xmlrpc' SQL Injection WordPress Core 2.1.2 - 'xmlrpc' SQL Injection WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress 2.2 - 'xmlrpc.php' SQL Injection WordPress Core 2.2 - 'xmlrpc.php' SQL Injection WordPress 2.2 - 'wp-app.php' Arbitrary File Upload WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress 2.3.1 - Charset SQL Injection WordPress Core 2.3.1 - Charset SQL Injection Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection WordPress 2.6.1 - SQL Column Truncation WordPress Core 2.6.1 - SQL Column Truncation WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress 2.8.1 - 'url' Cross-Site Scripting WordPress Core 2.8.1 - 'url' Cross-Site Scripting WordPress 2.8.3 - Remote Admin Reset Password WordPress Core 2.8.3 - Remote Admin Reset Password WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress 2.9 - Failure to Restrict URL Access WordPress Core 2.9 - Failure to Restrict URL Access Joomla! Component Joomla Flickr 1.0 - Local File Inclusion Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion WordPress 3.0.1 - 'do_trackbacks()' SQL Injection WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress 3.1.3 - SQL Injection WordPress Core 3.1.3 - SQL Injection WordPress 3.3.1 - Multiple Vulnerabilities WordPress Core 3.3.1 - Multiple Vulnerabilities WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress 1.2 - 'edit.php?s' Cross-Site Scripting WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'wp-login.php' HTTP Response Splitting WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress 1.5 - 'post.php' Cross-Site Scripting WordPress Core 1.5 - 'post.php' Cross-Site Scripting WordPress 2.0 - Comment Post HTML Injection WordPress Core 2.0 - Comment Post HTML Injection WordPress 2.0.5 - 'functions.php' Remote File Inclusion WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion WordPress 1.x/2.0.x - 'template.php' HTML Injection WordPress Core 1.x/2.0.x - 'template.php' HTML Injection WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress 2.1.1 - 'post.php' Cross-Site Scripting WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress 2.1.1 - Arbitrary Command Execution WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress Core 2.1.1 - Arbitrary Command Execution WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress 2.2 - 'Request_URI' Cross-Site Scripting WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress 2.3.1 - Unauthorized Post Access WordPress Core 2.3.1 - Unauthorized Post Access WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress 2.3.3 - 'cat' Directory Traversal WordPress Core 2.3.3 - 'cat' Directory Traversal WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 4.2 - Persistent Cross-Site Scripting WordPress Core 4.2 - Persistent Cross-Site Scripting WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress 3.4.2 - Cross-Site Request Forgery WordPress Core 3.4.2 - Cross-Site Request Forgery Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress 4.5.3 - Directory Traversal / Denial of Service WordPress Core 4.5.3 - Directory Traversal / Denial of Service PHPFreeChat 1.7 - Denial of Service WordPress 4.7.0/4.7.1 - Content Injection (Python) WordPress 4.7.0/4.7.1 - Content Injection (Ruby) WordPress Core 4.7.0/4.7.1 - Content Injection (Python) WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby) WordPress < 4.7.1 - Username Enumeration WordPress Core < 4.7.1 - Username Enumeration WordPress Multiple Plugins - Arbitrary File Upload Multiple WordPress Plugins - Arbitrary File Upload Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection WordPress 4.6 - Remote Code Execution WordPress < 4.7.4 - Unauthorized Password Reset WordPress Core 4.6 - Remote Code Execution WordPress Core < 4.7.4 - Unauthorized Password Reset XenForo 2 - CSS Loader Denial of Service Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion WordPress Plugin Site Editor 1.1.1 - Local File Inclusion Joomla Component Fields - SQLi Remote Code Execution (Metasploit) Joomla! Component Fields - SQLi Remote Code Execution (Metasploit) Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection) MikroTik 6.41.4 - FTP daemon Denial of Service PoC Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Joomla Component Ek Rishta 2.10 - SQL Injection Joomla! Component Ek Rishta 2.10 - SQL Injection Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection WordPress Plugin Ninja Forms 3.3.13 - CSV Injection Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Virgin Media Hub 3.0 Router - Denial of Service (PoC) Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress CherryFramework Themes 3.1.4 - Backup File Download WordPress Theme CherryFramework 3.1.4 - Backup File Download WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing Jenkins 2.150.2 - Remote Command Execution (Metasploit) Jenkins 2.150.2 - Remote Command Execution (Metasploit) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) phpBB 3.2.3 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution 60CycleCMS - 'news.php' SQL Injection 60CycleCMS - 'news.php' SQL Injection Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Intelbras IWR 3000N - Denial of Service (Remote Reboot) Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting Centreon 19.04 - Remote Code Execution Centreon 19.04 - Remote Code Execution WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress 5.2.3 - Cross-Site Host Modification WordPress Core 5.2.3 - Cross-Site Host Modification Joomla 3.4.6 - 'configuration.php' Remote Code Execution Joomla! 3.4.6 - 'configuration.php' Remote Code Execution WordPress Arforms 3.7.1 - Directory Traversal WordPress Plugin Arforms 3.7.1 - Directory Traversal WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution Joomla 3.9.13 - 'Host' Header Injection Joomla! 3.9.13 - 'Host' Header Injection Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) NopCommerce 4.2.0 - Privilege Escalation NopCommerce 4.2.0 - Privilege Escalation WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal ( Metasploit ) Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal (Metasploit) Tautulli 2.1.9 - Denial of Service ( Metasploit ) Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit) WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit) Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Cacti 1.2.8 - Authenticated Remote Code Execution Cacti 1.2.8 - Authenticated Remote Code Execution Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) Wordpress Plugin Search Meter 2.13.2 - CSV injection WordPress Plugin Search Meter 2.13.2 - CSV injection Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Cisco IP Phone 11.7 - Denial of service (PoC) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes)	2020-05-01 05:02:03 +00:00
Offensive Security	7b87f30fbc	DB: 2020-04-25 5 changes to exploits/shellcodes Popcorn Time 6.2 - 'Update service' Unquoted Service Path EspoCRM 5.8.5 - Privilege Escalation Edimax EW-7438RPn 1.13 - Remote Code Execution Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)	2020-04-25 05:01:51 +00:00
Offensive Security	1c5c38825d	DB: 2020-04-22 10 changes to exploits/shellcodes Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation WordPress 2.0.2 - 'cache' Remote Shell Injection Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption WordPress Core 2.0.2 - 'cache' Remote Shell Injection CSZ CMS 1.2.7 - Persistent Cross-Site Scripting PMB 5.6 - 'logid' SQL Injection CSZ CMS 1.2.7 - 'title' HTML Injection IQrouter 3.3.1 Firmware - Remote Code Execution NSClient++ 0.5.2.35 - Authenticated Remote Code Execution jizhi CMS 1.6.7 - Arbitrary File Download P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)	2020-04-22 05:01:47 +00:00
Offensive Security	606ad946d3	DB: 2020-03-26 7 changes to exploits/shellcodes AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path 10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH) Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Joomla! Component GMapFP 3.30 - Arbitrary File Upload LeptonCMS 4.5.0 - Persistent Cross-Site Scripting Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)	2020-03-26 05:01:48 +00:00
Offensive Security	b84d953124	DB: 2020-03-24 10 changes to exploits/shellcodes ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC) Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC) CyberArk PSMP 10.9.1 - Policy Restriction Bypass PHPMailer < 5.2.18 - Remote Code Execution (Bash) FIBARO System Home Center 5.021 - Remote File Include rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)	2020-03-24 05:01:50 +00:00
Offensive Security	85cdf30cea	DB: 2020-03-19 7 changes to exploits/shellcodes NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Microsoft VSCode Python Extension - Code Execution VMWare Fusion - Local Privilege Escalation Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) Netlink GPON Router 1.0.11 - Remote Code Execution Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)	2020-03-19 05:01:49 +00:00
Offensive Security	cf92ea269e	DB: 2020-02-25 22 changes to exploits/shellcodes Quick N Easy Web Server 3.3.8 - Denial of Service (PoC) Go SSH servers 0.0.2 - Denial of Service (PoC) Android Binder - Use-After-Free (Metasploit) Diamorphine Rootkit - Signal Privilege Escalation (Metasploit) Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit) Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Real Web Pentesting Tutorial Step by Step - [Persian] AMSS++ v 4.31 - 'id' SQL Injection SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin) AMSS++ 4.7 - Backdoor Admin Account SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure ATutor 2.2.4 - 'id' SQL Injection I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure ManageEngine EventLog Analyzer 10.0 - Information Disclosure eLection 2.0 - 'id' SQL Injection DotNetNuke 9.5 - Persistent Cross-Site Scripting DotNetNuke 9.5 - File Upload Restrictions Bypass Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure Cacti 1.2.8 - Remote Code Execution Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)	2020-02-25 05:01:52 +00:00

1 2 3 4

182 commits