exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	dd4f02248d	DB: 2019-03-06 2 changes to exploits/shellcodes STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2) Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload) Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor / Custom Binary) elFinder 2.1.47 - Command Injection vulnerability in the PHP connector elFinder 2.1.47 - 'PHP connector' Command Injection OpenDocMan 1.3.4 - 'search.php where' SQL Injection Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes) Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes) Linux/x86 - XOR Encoder / Decoder execve() /bin/sh Shellcode (45 bytes)	2019-03-06 05:01:57 +00:00
Offensive Security	a37e3008e5	DB: 2019-03-05 20 changes to exploits/shellcodes Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion FileZilla 3.40.0 - 'Local search' / 'Local site' Denial of Service (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1) STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2) symphony CMS 2.3 - Multiple Vulnerabilities Symphony CMS 2.3 - Multiple Vulnerabilities Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution zzzphp CMS 1.6.1 - Cross-Site Request Forgery Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload) Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit) OOP CMS BLOG 1.0 - Multiple SQL Injection OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery CMSsite 1.0 - Multiple Cross-Site Request Forgery elFinder 2.1.47 - Command Injection vulnerability in the PHP connector MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal Bolt CMS 3.6.4 - Cross-Site Scripting Craft CMS 3.1.12 Pro - Cross-Site Scripting WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes) Linux/x64 - Kill All Processes Shellcode (11 bytes) Linux/x86 - iptables -F Shellcode (43 bytes)	2019-03-05 05:01:50 +00:00
Offensive Security	cd868436ff	DB: 2019-02-19 25 changes to exploits/shellcodes Realterm Serial Terminal 2.0.0.70 - Denial of Service Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH) NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC) Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers qdPM 9.1 - 'type' Cross-Site Scripting qdPM 9.1 - 'search[keywords]' Cross-Site Scripting Master IP CAM 01 3.3.4.2103 - Remote Command Execution MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module CMSsite 1.0 - 'post' SQL Injection M/Monit 3.7.2 - Privilege Escalation Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload Apache CouchDB 2.3.0 - Cross-Site Scripting ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)	2019-02-19 05:02:08 +00:00
Offensive Security	d667cf901c	DB: 2019-02-06 11 changes to exploits/shellcodes Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC) River Past Audio Converter 7.7.16 - Denial of Service (PoC) ResourceSpace 8.6 - 'watched_searches.php' SQL Injection SuiteCRM 7.10.7 - 'parentTab' SQL Injection SuiteCRM 7.10.7 - 'record' SQL Injection ResourceSpace 8.6 - 'watched_searches.php' SQL Injection SuiteCRM 7.10.7 - 'parentTab' SQL Injection SuiteCRM 7.10.7 - 'record' SQL Injection BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin) BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery devolo dLAN 550 duo+ Starter Kit - Remote Code Execution Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery OpenMRS Platform < 2.24.0 - Insecure Object Deserialization Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)	2019-02-06 05:01:42 +00:00
Offensive Security	6050f45223	DB: 2019-02-02 4 changes to exploits/shellcodes Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC) PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit SureMDM < 2018-11 Patch - Local / Remote File Inclusion Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (3)	2019-02-02 05:01:47 +00:00
Offensive Security	f700c5347d	DB: 2019-01-31 8 changes to exploits/shellcodes Advanced File Manager 3.4.1 - Denial of Service (PoC) iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC) Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC) Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass) HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass) HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH) 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass) PDF Signer 3.0 - SSTI to RCE via CSRF Cookie PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie) Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes)	2019-01-31 05:01:49 +00:00
Offensive Security	ed58accc5a	DB: 2019-01-30 5 changes to exploits/shellcodes MiniUPnPd 2.1 - Out-of-Bounds Read MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass) CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass) PDF Signer 3.0 - SSTI to RCE via CSRF Cookie Linux/x86 - execve() - Terminal Calculator (bc) Shellcode (53 bytes) Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes) Linux/ARM - Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes) Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/x86 - execve(/bin/sh) + RShift-1 Encoded Shellcode (29 bytes)	2019-01-30 05:01:46 +00:00
Offensive Security	b68cbec24d	DB: 2019-01-29 26 changes to exploits/shellcodes Sricam gSOAP 2.8 - Denial of Service Smart VPN 1.1.3.0 - Denial of Service (PoC) MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH) R 3.4.4 XP SP3 - Buffer Overflow (Non SEH) BEWARD Intercom 2.3.1 - Credentials Disclosure Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass) CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass) Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference CMSsite 1.0 - 'cat_id' SQL Injection CMSsite 1.0 - 'search' SQL Injection Cisco RV300 / RV320 - Information Disclosure Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting Newsbull Haber Script 1.0.0 - 'search' SQL Injection Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection Teameyo Project Management System 1.0 - SQL Injection Mess Management System 1.0 - SQL Injection MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting ResourceSpace 8.6 - 'collection_edit.php' SQL Injection Linux/x86 - exit(0) Shellcode (5 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2) Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes) Linux/ARM - Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)	2019-01-29 05:01:52 +00:00
Offensive Security	bb44caca27	DB: 2019-01-16 4 changes to exploits/shellcodes 1Password < 7.0 - Denial of Service Microsoft Windows VCF - Remote Code Execution ownDMS 4.7 - SQL Injection Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes)	2019-01-16 05:01:50 +00:00
Offensive Security	0495dc483e	DB: 2019-01-12 12 changes to exploits/shellcodes Selfie Studio 2.17 - Denial of Service (PoC) Tree Studio 2.17 - Denial of Service (PoC) Paint Studio 2.17 - Denial of Service (PoC) Pixel Studio 2.17 - Denial of Service (PoC) Liquid Studio 2.17 - Denial of Service (PoC) Blob Studio 2.17 - Denial of Service (PoC) Luminance Studio 2.17 - Denial of Service (PoC) Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode) Adapt Inventory Management System 1.0 - SQL Injection Joomla! Component JoomProject 1.1.3.2 - Information Disclosure Joomla! Component JoomCRM 1.1.1 - SQL Injection Windows/x86 - Download With TFTP And Execute Shellcode (51-60 bytes) (Generator)	2019-01-12 05:01:47 +00:00
Offensive Security	c2a1585898	DB: 2019-01-10 10 changes to exploits/shellcodes Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC) Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit) polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork Microsoft Windows - Windows Error Reporting Local Privilege Escalation Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion MDwiki < 0.6.2 - Cross-Site Scripting Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin) ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting BlogEngine 3.3 - XML External Entity Injection Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)	2019-01-10 05:01:43 +00:00
Offensive Security	1b31850a46	DB: 2018-12-25 15 changes to exploits/shellcodes Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC) Google Chrome 70 - SQLite Magellan Crash (PoC) Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read Keybase keybase-redirector - '$PATH' Local Privilege Escalation Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC) Netatalk - Bypass Authentication Kubernetes - (Unauthenticated) Arbitrary Requests Kubernetes - (Authenticated) Arbitrary Requests WSTMart 2.0.8 - Cross-Site Scripting WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin) FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read PhpSpreadsheet < 1.5.0 - XML External Entity (XXE) Linux/x86 - Kill All Processes Shellcode (14 bytes)	2018-12-25 05:01:44 +00:00
Offensive Security	aedf107ce9	DB: 2018-12-20 12 changes to exploits/shellcodes MiniShare Server 1.3.2 - Remote Denial of Service MiniShare 1.3.2 - Remote Denial of Service MiniShare 1.5.5 - Local Buffer Overflow (SEH) MiniShare 1.5.5 - 'users.txt' Local Buffer Overflow (SEH) Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure PassFab RAR 9.3.2 - Buffer Overflow (SEH) LanSpy 2.0.1.159 - Local Buffer Overflow PDF Explorer 1.5.66.2 - Buffer Overflow (SEH) MiniShare HTTP 1.5.5 - Remote Buffer Overflow MiniShare 1.5.5 - Remote Buffer Overflow MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password) Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit) Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting Integria IMS 5.0.83 - Cross-Site Request Forgery Bolt CMS < 3.6.2 - Cross-Site Scripting Yeswiki Cercopitheque - 'id' SQL Injection IBM Operational Decision Manager 8.x - XML External Entity Injection Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)	2018-12-20 05:01:43 +00:00
Offensive Security	25e5c32779	DB: 2018-12-13 2 changes to exploits/shellcodes Xlight FTP Server 1.25/1.41 - 'PASS' Remote Buffer Overflow Xlight FTP Server 1.25/1.41 - 'PASS' Remote Buffer Overflow HP Printer FTP Print Server 2.4.5 - 'LIST' Buffer Overflow HP Printer FTP Print Server 2.4.5 - 'LIST' Buffer Overflow Qbik WinGate 6.2.2 - 'LIST' Remote Denial of Service Qbik WinGate 6.2.2 - 'LIST' Remote Denial of Service Quick 'n Easy FTP Server 3.9.1 - 'USER' Remote Buffer Overflow Quick 'n Easy FTP Server 3.9.1 - 'USER' Remote Buffer Overflow Linux Kernel - 'AF_PACKET' Use-After-Free Linux Kernel - 'AF_PACKET' Use-After-Free (2) Linux Kernel - 'AF_PACKET' Use-After-Free Linux Kernel - 'AF_PACKET' Use-After-Free (1) WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC) Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC) Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation PonyOS 3.0 - TTY 'ioctl()' Local Kernel PonyOS 3.0 - TTY 'ioctl()' Kernel Local Privilege Escalation Microsoft Windows 10 (Build 1703 Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation Microsoft Windows 10 (Build 1703 Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read Microsoft Windows - JPEG GDI+ All-in-One Bind/Reverse/Admin/FileDownload Microsoft Windows - JPEG GDI+ Bind/Reverse/Admin/File Download Golden FTP Server 4.70 - 'PASS' Buffer Overflow Golden FTP Server 4.70 - 'PASS' Buffer Overflow EasyFTP Server 1.7.0.11 - 'LIST' Stack Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'LIST' Stack Buffer Overflow (Metasploit) Actfax FTP Server 4.27 - 'USER' Stack Buffer Overflow (Metasploit) Actfax FTP Server 4.27 - 'USER' Stack Buffer Overflow (Metasploit) Sami FTP Server 2.0.1 - 'LIST' Buffer Overflow Sami FTP Server 2.0.1 - 'LIST' Buffer Overflow Sami FTP Server - 'LIST' Buffer Overflow (Metasploit) Sami FTP Server - 'LIST' Buffer Overflow (Metasploit) Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) IGSuite 3.2.4 - Reverse Shell Blind SQL Injection IGSuite 3.2.4 - Reverse Shell / Blind SQL Injection Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection MTGAS MOGG Web Simulator Script - SQL Injection MTGAS MOGG Web Simulator Script - SQL Injection Tourism Website Blog - Remote Code Execution / SQL Injection Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery PrestaShop 1.6.x/1.7.x - Remote Code Execution DomainMOD 4.11.01 - Cross-Site Scripting Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery PrestaShop 1.6.x/1.7.x - Remote Code Execution DomainMOD 4.11.01 - Cross-Site Scripting TP-Link wireless router Archer C1200 - Cross-Site Scripting Huawei B315s-22 - Information Leak TP-Link wireless router Archer C1200 - Cross-Site Scripting Huawei B315s-22 - Information Leak HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection ThinkPHP 5.0.23/5.1.31 - Remote Code Execution HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection ThinkPHP 5.0.23/5.1.31 - Remote Code Execution Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes) Linux/x86 - Bind (1337/TCP) Ncat (/usr/bin/ncat) Shell (/bin/bash) + Null-Free Shellcode (95 bytes)	2018-12-13 05:01:45 +00:00
Offensive Security	a07949d1c7	DB: 2018-12-12 21 changes to exploits/shellcodes SmartFTP Client 9.0.2623.0 - Denial of Service (PoC) LanSpy 2.0.1.159 - Local Buffer Overflow (PoC) XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection McAfee True Key - McAfee.TrueKey.Service Privilege Escalation DomainMOD 4.11.01 - Cross-Site Scripting DomainMOD 4.11.01 - 'raid' Cross-Site Scripting Tourism Website Blog - Remote Code Execution / SQL Injection Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery PrestaShop 1.6.x/1.7.x - Remote Code Execution DomainMOD 4.11.01 - Cross-Site Scripting PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion TP-Link wireless router Archer C1200 - Cross-Site Scripting Huawei B315s-22 - Information Leak ZTE ZXHN H168N - Improper Access Restrictions Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting Apache OFBiz 16.11.05 - Cross-Site Scripting HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection ThinkPHP 5.0.23/5.1.31 - Remote Code Execution Adobe ColdFusion 2018 - Arbitrary File Upload Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)	2018-12-12 05:01:43 +00:00
Offensive Security	60710bbfd9	DB: 2018-12-05 19 changes to exploits/shellcodes Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption Wireshark - 'find_signature' Heap Out-of-Bounds Read Xorg X11 Server (AIX) - Local Privilege Escalation Emacs - movemail Privilege Escalation (Metasploit) OpenSSH < 7.7 - User Enumeration (2) HP Intelligent Management - Java Deserialization RCE (Metasploit) Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage KeyBase Botnet 1.5 - SQL Injection Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting NUUO NVRMini2 3.9.1 - Authenticated Command Injection DomainMOD 4.11.01 - Registrar Cross-Site Scripting FreshRSS 1.11.1 - Cross-Site Scripting Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)	2018-12-05 05:01:44 +00:00
Offensive Security	3a7153b2ac	DB: 2018-11-14 24 changes to exploits/shellcodes CuteFTP Mac 3.1 - Denial of Service (PoC) Evince 3.24.0 - Command Injection Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode) xorg-x11-server < 1.20.1 - Local Privilege Escalation Data Center Audit 2.6.2 - 'username' SQL Injection Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal Paroiciel 11.20 - 'tRecIdListe' SQL Injection Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting Paroiciel 11.20 - 'tRecIdListe' SQL Injection The Don 1.0.1 - 'login' SQL Injection Facturation System 1.0 - 'modid' SQL Injection The Don 1.0.1 - 'login' SQL Injection Facturation System 1.0 - 'modid' SQL Injection GPS Tracking System 2.12 - 'username' SQL Injection ServerZilla 1.0 - 'email' SQL Injection GPS Tracking System 2.12 - 'username' SQL Injection ServerZilla 1.0 - 'email' SQL Injection Nominas 0.27 - 'username' SQL Injection CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting Surreal ToDo 0.6.1.2 - SQL Injection Surreal ToDo 0.6.1.2 - Local File Inclusion Alienor Web Libre 2.0 - SQL Injection Musicco 2.0.0 - Arbitrary Directory Download Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin) Tina4 Stack 1.0.3 - SQL Injection / Database File Download Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin) Easyndexer 1.0 - Arbitrary File Download ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin) Gumbo CMS 0.99 - SQL Injection Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin) Webiness Inventory 2.3 - SQL Injection SIPve 0.0.2-R19 - SQL Injection Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)	2018-11-14 05:01:43 +00:00
Offensive Security	ef70ec156b	DB: 2018-10-31 22 changes to exploits/shellcodes ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC) SIPp 3.3.990 - Local Buffer Overflow (PoC) R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass) xorg-x11-server 1.20.3 - Privilege Escalation Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit) Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection Electricks eCommerce 1.0 - 'prodid' SQL Injection phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection Webiness Inventory 2.9 - Arbitrary File Upload NETGEAR WiFi Router R6120 - Credential Disclosure MyBB Downloads 2.0.3 - SQL Injection Expense Management 1.0 - Arbitrary File Upload University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin) Notes Manager 1.0 - Arbitrary File Upload Instagram Clone 1.0 - Arbitrary File Upload Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection CI User Login and Management 1.0 - Arbitrary File Upload Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)	2018-10-31 05:01:53 +00:00
Offensive Security	dac8dd4731	DB: 2018-10-25 15 changes to exploits/shellcodes Adult Filter 1.0 - Denial of Service (PoC) Microsoft Data Sharing - Local Privilege Escalation (PoC) Webmin 1.5 - Web Brute Force (CGI) exim 4.90 - Remote Code Execution School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection SG ERP 1.0 - 'info' SQL Injection Fifa Master XLS 2.3.2 - 'usw' SQL Injection Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Apache OFBiz 16.11.04 - XML External Entity Injection D-Link Routers - Command Injection D-Link Routers - Plaintext Password D-Link Routers - Directory Traversal Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes	2018-10-25 05:01:46 +00:00
Offensive Security	b311000a22	DB: 2018-10-09 16 changes to exploits/shellcodes net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC) net-snmp 5.7.3 - Authenticated Denial of Service (PoC) Linux - Kernel Pointer Leak via BPF Android - sdcardfs Changes current->fs Without Proper Locking 360 3.5.0.1033 - Sandbox Escape Git Submodule - Arbitrary Code Execution Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit) Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit) Cisco Prime Infrastructure - Unauthenticated Remote Code Execution Unitrends UEB - HTTP API Remote Code Execution (Metasploit) Navigate CMS - Unauthenticated Remote Code Execution (Metasploit) FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Imperva SecureSphere 13 - Remote Command Execution Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)	2018-10-09 05:01:44 +00:00
Offensive Security	21717894fe	DB: 2018-10-06 4 changes to exploits/shellcodes Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP) Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR & DEP Bypass) NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR) NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass) Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin) D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities ISPConfig < 3.1.13 - Remote Command Execution Chamilo LMS 1.11.8 - Cross-Site Scripting Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes) Linux/x86 - execve(/bin/sh) + ROT-N/Shift-N/XOR-N Encoded Shellcode (77 bytes) Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes) Linux/x86 - execve(/bin/sh) + ROT-13/RShift-2/XOR Encoded Shellcode (44 bytes) Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (50 byes) Linux/x86 - execve(/bin/sh) + NOT/SHIFT-N/XOR-N Encoded Shellcode (50 byes)	2018-10-06 05:01:59 +00:00
Offensive Security	89530e070b	DB: 2018-10-05 5 changes to exploits/shellcodes virtualenv 16.0.0 - Sandbox Escape NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR) LayerBB Forum 1.1.1 - 'search_query' SQL Injection Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (50 byes)	2018-10-05 05:02:07 +00:00
Offensive Security	91ac09507e	DB: 2018-09-28 4 changes to exploits/shellcodes EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting Rausoft ID.prove 2.95 - 'Username' SQL injection Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes) Linux/x86 - Bind (5555/TCP) Shell (/bin/sh) Shellcode (98 bytes)	2018-09-28 05:01:59 +00:00
Offensive Security	6efd01d5b6	DB: 2018-09-27 5 changes to exploits/shellcodes TransMac 12.2 - Denial of Service (PoC) CrossFont 7.5 - Denial of Service (PoC) Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)	2018-09-27 05:01:58 +00:00
Offensive Security	4e39fa0f91	DB: 2018-09-26 35 changes to exploits/shellcodes WebKit - 'WebCore::SVGAnimateElementBase::resetAnimatedType' Use-After-Free WebKit - 'WebCore::AXObjectCache::handleMenuItemSelected' Use-After-Free WebKit - 'WebCore::Node::ensureRareData' Use-After-Free WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free Easy PhoroResQ 1.0 - Buffer Overflow Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit) Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH) Collectric CMU 1.0 - 'lang' SQL injection Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection RICOH MP C2003 Printer - Cross-Site Scripting Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection Super Cms Blog Pro 1.0 - SQL Injection Joomla! Component Raffle Factory 3.5.2 - SQL Injection Joomla! Component Music Collection 3.0.3 - SQL Injection Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection Joomla! Component Questions 1.4.3 - SQL Injection Joomla! Component Jobs Factory 2.0.4 - SQL Injection Joomla! Component Social Factory 3.8.3 - SQL Injection RICOH MP C6503 Plus Printer - Cross-Site Scripting Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Joomla! Component Swap Factory 2.2.1 - SQL Injection Joomla! Component Collection Factory 4.1.9 - SQL Injection Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection Joomla! Component Article Factory Manager 4.3.9 - SQL Injection Joomla! Component Timetable Schedule 3.6.8 - SQL Injection RICOH MP 305+ Printer - Cross-Site Scripting RICOH MP C406Z Printer - Cross-Site Scripting Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes) Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) + sigaction() Shellcode (52 Bytes)	2018-09-26 05:02:43 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	3bbc91c16a	DB: 2018-09-21 2 changes to exploits/shellcodes NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) Linux/x86 - Egghunter (0x50905090) + sigaction() Shellcode (27 bytes)	2018-09-21 05:01:43 +00:00
Offensive Security	29542c36ab	DB: 2018-09-19 7 changes to exploits/shellcodes Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC) Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit) NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet) Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution HongCMS 3.0.0 - SQL Injection HongCMS 3.0.0 - (Authenticated) SQL Injection Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)	2018-09-19 05:01:45 +00:00
Offensive Security	f1d68507cd	DB: 2018-09-18 7 changes to exploits/shellcodes XAMPP Control Panel 3.2.2 - Denial of Service (PoC) Notebook Pro 2.0 - Denial Of Service (PoC) Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC) Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC) CA Release Automation NiMi 6.5 - Remote Command Execution Gitweb 1.7.3.3 - Cross-Site Scripting gitWeb 1.7.3.3 - Cross-Site Scripting Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes) Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes) Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes) Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes) Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes) Linux/x86 - Read File (/etc/passwd) + MSF Optimized Shellcode (61 bytes) Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes) Linux/x86 - echo _Hello World_ + Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)	2018-09-18 05:01:45 +00:00
Offensive Security	c1b7aa12fc	DB: 2018-09-15 10 changes to exploits/shellcodes CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC) InfraRecorder 0.53 - '.txt' Denial of Service (PoC) Faleemi Plus 1.0.2 - Denial of Service (PoC) Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH) Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit) Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes) Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes) Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes) Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)	2018-09-15 05:01:52 +00:00
Offensive Security	59859ec4e8	DB: 2018-09-09	2018-09-09 05:01:54 +00:00
Offensive Security	14bdc56535	DB: 2018-09-05 6 changes to exploits/shellcodes iSmartViewPro 1.5 - 'DDNS' Buffer Overflow Logicspice FAQ Script 2.9.7 - Remote Code Execution PHP File Browser Script 1 - Directory Traversal Simple POS 4.0.24 - 'columns[0][search][value]' SQL Injection mooSocial Store Plugin 2.6 - SQL Injection Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes)	2018-09-05 05:01:52 +00:00
Offensive Security	011bb3564a	DB: 2018-08-31 8 changes to exploits/shellcodes NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC) Nord VPN 6.14.31 - Denial of Service (PoC) Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting DLink DIR-601 - Credential Disclosure WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)	2018-08-31 05:01:57 +00:00
Offensive Security	444206a6be	DB: 2018-08-30 21 changes to exploits/shellcodes NASA openVSP 3.16.1 - Denial of Service (PoC) Immunity Debugger 1.85 - Denial of Service (PoC) ipPulse 1.92 - 'TCP Port' Denial of Service (PoC) Fathom 2.4 - Denial Of Service (PoC) Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC) Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC) HD Tune Pro 5.70 - Denial of Service (PoC) Drive Power Manager 1.10 - Denial Of Service (PoC) Easy PhotoResQ 1.0 - Denial Of Service (PoC) Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC) SIPP 3.3 - Stack-Based Buffer Overflow R 3.4.4 - Buffer Overflow (SEH) Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure phpMyAdmin 4.7.x - Cross-Site Request Forgery Episerver 7 patch 4 - XML External Entity Injection Argus Surveillance DVR 4.0.0.0 - Directory Traversal Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes) Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes) Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)	2018-08-30 05:01:54 +00:00
Offensive Security	1e34c2b6a5	DB: 2018-08-14 11 changes to exploits/shellcodes IP Finder 1.5 - Denial of Service (PoC) Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC) PLC Wireless Router GPN2.4P21-C-CN - Denial of Service Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC) Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow PostgreSQL 9.4-0.5.3 - Privilege Escalation Android - Directory Traversal over USB via Injection in blkid Output Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit) Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking) Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking) IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)	2018-08-14 05:01:45 +00:00
Offensive Security	3aca47020d	DB: 2018-08-04 10 changes to exploits/shellcodes FTPShell Client 5.24 - Add to Favorites Buffer Overflow FTPShell Client 5.24 - 'Add to Favorites' Buffer Overflow FTPShell Client 5.24 - Create NewFolder Local Buffer Overflow FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow Wedding Slideshow Studio 1.36 - Buffer Overflow Linux Kernel - UDP Fragmentation Offset 'UFO' Privilege Escalation (Metasploit) Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting Auditor Website 2.0.1 - Cross-Site Scripting Basic B2B Script 2.0.0 - Cross-Site Scripting Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting PHP Template Store Script 3.0.6 - Cross-Site Scripting Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (128 Bytes)	2018-08-04 05:01:46 +00:00
Offensive Security	903bf974eb	DB: 2018-08-02 10 changes to exploits/shellcodes ipPulse 1.92 - 'Licence Key' Denial of Service (PoC) Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC) WebRTC - VP8 Block Decoding Use-After-Free WebRTC - FEC Processing Overflow WebRTC - H264 NAL Packet Processing Type Confusion Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH) Axis Network Camera - .srv to parhand RCE (Metasploit) SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit) Synology DiskStation Manager 4.1 - Directory Traversal Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)	2018-08-02 05:02:43 +00:00
Offensive Security	1d504e24f2	DB: 2018-07-25 3 changes to exploits/shellcodes Nagios Core 4.4.1 - Denial of Service Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit) D-link DAP-1360 - Path Traversal / Cross-Site Scripting Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (100 bytes)	2018-07-25 05:01:46 +00:00
Offensive Security	300aada6a5	DB: 2018-07-24 7 changes to exploits/shellcodes Windows Speech Recognition - Buffer Overflow Knox Software Arkeia 4.0 - Backup Local Overflow Knox Arkeia 4.0 Backup - Local Overflow Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH) Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) Knox Arkeia Backup Client 5.3.3 Type 77 (OSX) - Overflow (Metasploit) Microsoft Windows - 'dnslint.exe' Drive-By Download NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution Davolink DVW 3200 Router - Password Disclosure Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router) Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)	2018-07-24 05:01:45 +00:00
Offensive Security	1f88d0a67a	DB: 2018-07-18 10 changes to exploits/shellcodes Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials QNAP Q'Center - change_passwd Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs RCE (Metasploit) Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)	2018-07-18 05:01:47 +00:00
Offensive Security	a657b64301	DB: 2018-07-17 7 changes to exploits/shellcodes macOS/iOS - JavaScript Injection Bug in OfficeImporter Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Microsoft Enterprise Mode Site List Manager - XML External Entity Injection Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit) Hadoop YARN ResourceManager - Command Execution (Metasploit) VelotiSmart WiFi B-380 Camera - Directory Traversal Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)	2018-07-17 05:01:49 +00:00
Offensive Security	727943f775	DB: 2018-07-10 8 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH) Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow HP VAN SDN Controller - Root Command Injection (Metasploit) HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit) GitList 0.6.0 - Argument Injection (Metasploit) Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Linux/x86 - Kill Process Shellcode (20 bytes)	2018-07-10 05:01:55 +00:00
Offensive Security	e8a3702c6c	DB: 2018-07-03 11 changes to exploits/shellcodes Core FTP LE 2.2 - Buffer Overflow (PoC) SIPp 3.6 - Local Buffer Overflow (PoC) Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC) Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit) Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit) VMware NSX SD-WAN Edge < 3.1.2 - Command Injection DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)	2018-07-03 05:01:48 +00:00
Offensive Security	0381c4c519	DB: 2018-06-09 11 changes to exploits/shellcodes Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service WebKit - WebAssembly Compilation Info Leak Google Chrome - Integer Overflow when Processing WebAssembly Locals WebKit - Use-After-Free when Resuming Generator WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass MantisBT XmlImportExport Plugin - PHP Code Injection (Metasploit) Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2) Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure MantisBT 1.2.3 (db_type) - Local File Inclusion Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion Mantis 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution Mantis 0.19 - Remote Server-Side Script Execution Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x - New Account Signup Mass Emailing Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis Bug Tracker 0.x - New Account Signup Mass Emailing Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting MantisBT 1.1.8 - Cross-Site Scripting / SQL Injection Mantis Bug Tracker 1.1.8 - Cross-Site Scripting / SQL Injection MantisBT 1.2.19 - Host Header Mantis Bug Tracker 1.2.19 - Host Header MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit) Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1) Monstra CMS < 3.0.4 - Cross-Site Scripting Automation Monstra CMS < 3.0.4 - Cross-Site Scripting XiongMai uc-httpd 1.0.0 - Buffer Overflow Splunk < 7.0.1 - Information Disclosure Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes) Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes) Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)	2018-06-09 05:01:42 +00:00
Offensive Security	22ba7ab5f3	DB: 2018-06-02 5 changes to exploits/shellcodes Epiphany 3.28.2.1 - Denial of Service Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader Sony Playstation 4 (PS4) 5.1 - Kernel (PoC) Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP) Git < 2.17.1 - Remote Code Execution Wordpress Plugin Events Calendar - SQL Injection WordPress Plugin Events Calendar - SQL Injection Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes) Linux/x86 - Egghunter + Null-Free Shellcode (11 Bytes) Linux/x86 - EggHunter + access() Shellcode (38 bytes) Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes) Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes) Linux/x86 - Egghunter (0xdeadbeef) + access() + execve(/bin/sh) Shellcode (38 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (105 bytes) Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)	2018-06-02 05:01:45 +00:00
Offensive Security	0f18636d14	DB: 2018-06-01 9 changes to exploits/shellcodes Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion TAC Xenta 511/911 - Directory Traversal New STAR 2.1 - SQL Injection / Cross-Site Scripting PHP Dashboards NEW 5.5 - 'email' SQL Injection CSV Import & Export 1.1.0 - SQL Injection / Cross-Site Scripting Grid Pro Big Data 1.0 - SQL Injection Linux/x86 - EggHunter + access() Shellcode (38 bytes) Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes) Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes)	2018-06-01 05:01:45 +00:00
Offensive Security	9fd8680103	DB: 2018-05-29 11 changes to exploits/shellcodes ALFTP 5.31 - Local Buffer Overflow (SEH Bypass) CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass) Wordpress Plugin Events Calendar - SQL Injection / Cross-Site Scripting Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass DomainMod 4.09.03 - 'oid' Cross-Site Scripting DomainMod 4.09.03 - 'sslpaid' Cross-Site Scripting Wordpress Plugin Events Calendar - SQL Injection Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery wityCMS 0.6.1 - Cross-Site Scripting Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes)	2018-05-29 05:01:46 +00:00
Offensive Security	c0126aa27f	DB: 2018-05-25 16 changes to exploits/shellcodes DynoRoot DHCP - Client Command Injection DynoRoot DHCP Client - Command Injection Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution Flash ActiveX 18.0.0.194 - Code Execution Microsoft Internet Explorer 11 - javascript Code Execution Flash ActiveX 28.0.0.137 - Code Execution (1) Flash ActiveX 28.0.0.137 - Code Execution (2) GNU glibc < 2.27 - Local Buffer Overflow NewsBee CMS 1.4 - Cross-Site Request Forgery ASP.NET jVideo Kit - 'query' SQL Injection PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting OpenDaylight - SQL Injection Timber 1.1 - Cross-Site Request Forgery Honeywell XL Web Controller - Cross-Site Scripting EU MRV Regulatory Complete Solution 1 - Authentication Bypass Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes) Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)	2018-05-25 05:01:45 +00:00
Offensive Security	54b5ed8407	DB: 2018-05-24 31 changes to exploits/shellcodes WordPress Core - 'load-scripts.php' Denial of Service WordPress Core - 'load-scripts.php' Denial of Service Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free FTPShell Server 6.80 - Denial of Service Siemens SCALANCE S613 - Remote Denial of Service Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH) Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH) WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service FTPShell Server 6.80 - Buffer Overflow (SEH) SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting EasyService Billing 1.0 - 'p1' SQL Injection MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection PHP Dashboards 4.5 - 'email' SQL Injection Mobile Card Selling Platform 1 - Cross-Site Request Forgery PHP Dashboards 4.5 - SQL Injection Online Store System CMS 1.0 - SQL Injection Gigs 2.0 - 'username' SQL Injection GPSTracker 1.0 - 'id' SQL Injection Shipping System CMS 1.0 - SQL Injection Wecodex Store Paypal 1.0 - SQL Injection SAT CFDI 3.3 - SQL Injection School Management System CMS 1.0 - 'username' SQL Injection Library CMS 1.0 - SQL Injection Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection eWallet Online Payment Gateway 2 - Cross-Site Request Forgery Mcard Mobile Card Selling Platform 1 - SQL Injection Honeywell Scada System - Information Disclosure NewsBee CMS 1.4 - Cross-Site Request Forgery SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change WordPress Plugin Peugeot Music - Arbitrary File Upload BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Bind (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) BSD/x86 - Reverse (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Reverse (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Bind (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) FreeBSD/x86 - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Bind TCP Shell Shellcode (Generator) Windows (XP SP1) - Bind TCP Shell Shellcode (Generator) Linux/x86 - Bind (/TCP) Shell Shellcode (Generator) Windows (XP SP1) - Bind (/TCP) Shell Shellcode (Generator) Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Windows - Reverse (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/x64 - Reverse (/TCP) Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/PPC - Reverse (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/SPARC - Reverse (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Bind (/TCP) Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Bind (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Reverse (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) Linux/x86 - Bind (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Reverse (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Reverse (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse (/TCP) Shell Shellcode (90 bytes) (Generator) Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Bind (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Reverse (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - Reverse (/TCP) Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x86 - Bind (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x64 - Bind (4444/TCP) Shell Shellcode (132 bytes) NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes) NetBSD/x86 - Reverse (6666/TCP) Shell Shellcode (83 bytes) OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes) OpenBSD/x86 - Bind (6969/TCP) Shell Shellcode (148 bytes) Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) Solaris/MIPS - Reverse (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shell Shellcode (Generator) Solaris/SPARC - Bind (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/SPARC - Bind (/TCP) Shell Shellcode (240 bytes) Solaris/x86 - Bind (/TCP) Shell Shellcode (Generator) Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows/x86 (5.0 < 7.0) - Bind (28876/TCP) Shell + Null-Free Shellcode Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode Windows/x86 - Reverse (/TCP) + Download File + Save + Execute Shellcode Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP/2000/2003) - Reverse (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) Windows (XP SP1) - Bind (58821/TCP) Shell Shellcode (116 bytes) FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) FreeBSD/x86 - Bind (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode Linux/x86 - Bind (13377/TCP) Netcat Shell Shellcode Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Reverse (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux/x86 - Bind (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) Linux/x86 - Bind (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes) BSD/x86 - Bind (2525/TCP) Shell Shellcode (167 bytes) Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind (0x1337/TCP) Shell Shellcode Linux/ARM - Bind (68/UDP) Listener + Reverse (192.168.0.1:67/TCP) Shell Shellcode Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) FreeBSD/x86 - Reverse (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/x86 - Reverse (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode OSX/x64 - Universal ROP + Reverse (/TCP) Shell Shellcode Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/MIPS - Reverse (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows/x86 - Bind (/TCP) Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x64 - Bind (4444/TCP) Shell Shellcode (508 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Linux/x86 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode Windows/ARM (RT) - Bind (4444/TCP) Shell Shellcode Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows/x86 - Reverse (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Linux/MIPS (Little Endian) - Reverse (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows/x86 (7) - Bind (4444/TCP) Shell Shellcode (357 bytes) Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Reverse (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Reverse (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes) Linux/x86 - Bind (5555/TCP) Netcat Shell Shellcode (60 bytes) Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) Mainframe/System Z - Bind (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) OSX/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Google Android - Bind (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Bind (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x64 - Reverse (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind (4444/TCP) Shell Shellcode (251 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/ARM - Reverse (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - Reverse (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (86 bytes) Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x64 - Bind TCP Shell Shellcode (Generator) Linux/x86 - Reverse (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x64 - Bind (/TCP) Shell Shellcode (Generator) Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x64 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x86 - Bind (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x64 - Reverse (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind (/TCP) Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x64 - Bind (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86 - Reverse (127.1.1.1:10/TCP) Xterm Shell Shellcode (68 bytes) Linux/x64 - Bind (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x64 - Reverse (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x86 - Bind (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Linux/x86 - Bind (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Bind (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode OSX/PPC - Reverse (/TCP) Shell (/bin/csh) Shellcode OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) OSX/PPC - Bind (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes) BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind (2222/TCP) Shell Shellcode (133 bytes) BSD/x86 - Bind (2222/TCP) Shell Shellcode (100 bytes) Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode Solaris/SPARC - Bind TCP Shell Shellcode Solaris/SPARC - Bind (2001/TCP) Shell (/bin/sh) Shellcode Solaris/SPARC - Bind (/TCP) Shell Shellcode Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) Linux/x86 - Bind (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - Reverse (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Bind (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - Bind (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - Bind TCP Shell Shellcode (112 bytes) Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Bind (/TCP) Shell Shellcode (112 bytes) Linux/x86 - Reverse (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Bind (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Windows/x86 (NT/XP/2000/2003) - Bind (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes) Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes) Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Windows/x86 - Reverse (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Windows/x64 - Reverse (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - Reverse (/TCP) Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x64 - Bind (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (87 bytes) Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse (/TCP) Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind (/TCP) Shell + Dual/Multi Mode Shellcode (156 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x64 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows/x86 - Reverse (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/x86 - Reverse (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) Linux/ARM (Raspberry Pi) - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x64 - Bind (/TCP) Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) FreeBSD/x86 - Bind (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes) IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes) Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Android/ARM - Reverse (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes) Linux/StrongARM - Bind (/TCP) Shell (/bin/sh) Shellcode (203 bytes) Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/SuperH (sh4) - Bind (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - Bind (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/x86 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes) Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes) Linux/x86 - Reverse (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x64 - Reverse (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86 - Reverse (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x64 - Reverse (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x64 - Reverse (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes) Linux/ARM (Raspberry Pi) - Bind (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - Reverse (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes) Linux/x86 - Bind (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (113 bytes)	2018-05-24 05:01:50 +00:00
Offensive Security	daa3579622	DB: 2018-05-16 1 changes to exploits/shellcodes JasperReports - Authenticated File Read Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell Shellcode (96 Bytes) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)	2018-05-16 05:01:47 +00:00

1 2 3 4

182 commits