Exploit-DB
|
3de26153c8
|
DB: 2023-04-02
23 changes to exploits/shellcodes/ghdb
ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS)
Hughes Satellite Router HX200 v8.3.1.14 - Remote File Inclusion
Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)
TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)
GeoVision Camera GV-ADR2701 - Authentication Bypass
AD Manager Plus 7122 - Remote Code Execution (RCE)
Enlightenment v0.25.3 - Privilege escalation
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
Apache 2.4.x - Buffer Overflow
perfSONAR v4.4.5 - Partial Blind CSRF
SugarCRM 12.2.0 - Remote Code Execution (RCE)
XCMS v1.83 - Remote Command Execution (RCE)
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)
GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS)
NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit
Splashtop 8.71.12001.0 - Unquoted Service Path
Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)
FlipRotation v1.0 decoder - Shellcode (146 bytes)
Linux/x86 - Polymorphic linux x86 Shellcode (92 Bytes)
macOS/x64 - Execve Caesar Cipher String Null-Free Shellcode
|
2023-04-02 00:16:21 +00:00 |
|
Offensive Security
|
d63de06c7a
|
DB: 2022-11-10
2776 changes to exploits/shellcodes/ghdb
|
2022-11-10 16:39:50 +00:00 |
|
Offensive Security
|
de260aeac6
|
DB: 2021-10-30
95 changes to exploits/shellcodes
Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)
WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
Sandboxie 5.49.7 - Denial of Service (PoC)
WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
iDailyDiary 4.30 - Denial of Service (PoC)
RarmaRadio 2.72.8 - Denial of Service (PoC)
DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
Color Notes 1.4 - Denial of Service (PoC)
Macaron Notes great notebook 5.5 - Denial of Service (PoC)
My Notes Safe 5.3 - Denial of Service (PoC)
n+otes 1.6.2 - Denial of Service (PoC)
Telegram Desktop 2.9.2 - Denial of Service (PoC)
Mini-XML 3.2 - Heap Overflow
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
MariaDB 10.2 - 'wsrep_provider' OS Command Execution
Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free
Visual Studio Code 1.47.1 - Denial of Service (PoC)
DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)
Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service (PoC)
GNU Wget < 1.18 - Arbitrary File Upload (2)
WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting (XSS)
E-Learning System 1.0 - Authentication Bypass
PEEL Shopping 9.3.0 - 'Comments' Persistent Cross-Site Scripting
GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Persistent Cross-Site Scripting
Selea Targa 512 IP OCR-ANPR Camera - Stream Disclosure (Unauthenticated)
Library System 1.0 - Authentication Bypass
Web Based Quiz System 1.0 - 'name' Persistent Cross-Site Scripting
Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)
GetSimple CMS My SMTP Contact Plugin 1.1.1 - Cross-Site Request Forgery
GravCMS 1.10.7 - Unauthenticated Arbitrary File Write (Metasploit)
Umbraco v8.14.1 - 'baseUrl' SSRF
Cacti 1.2.12 - 'filter' SQL Injection
GetSimple CMS Custom JS 0.1 - Cross-Site Request Forgery
Internship Portal Management System 1.0 - Remote Code Execution(Unauthenticated)
Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting
Xmind 2020 - Persistent Cross-Site Scripting
Tagstoo 2.0.1 - Persistent Cross-Site Scripting
SnipCommand 0.1.0 - Persistent Cross-Site Scripting
Moeditor 0.2.0 - Persistent Cross-Site Scripting
Marky 0.0.1 - Persistent Cross-Site Scripting
StudyMD 0.3.2 - Persistent Cross-Site Scripting
Freeter 1.2.1 - Persistent Cross-Site Scripting
Markright 1.0 - Persistent Cross-Site Scripting
Markdownify 1.2.0 - Persistent Cross-Site Scripting
Anote 1.0 - Persistent Cross-Site Scripting
Subrion CMS 4.2.1 - Arbitrary File Upload
Printable Staff ID Card Creator System 1.0 - 'email' SQL Injection
Schlix CMS 2.2.6-6 - Arbitary File Upload (Authenticated)
Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)
CHIYU IoT Devices - Denial of Service (DoS)
Zenario CMS 8.8.52729 - 'cID' SQL injection (Authenticated)
TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal
Atlassian Jira Server Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)
Scratch Desktop 3.17 - Remote Code Execution
Church Management System 1.0 - Arbitrary File Upload (Authenticated)
Phone Shop Sales Managements System 1.0 - Arbitrary File Upload
Zoo Management System 1.0 - 'Multiple' Persistent Cross-Site-Scripting (XSS)
WordPress Plugin Current Book 1.0.1 - 'Book Title' Persistent Cross-Site Scripting
ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
KevinLAB BEMS 1.0 - Authentication Bypass
Event Registration System with QR Code 1.0 - Authentication Bypass
CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF)
Panasonic Sanyo CCTV Network Camera 2.03-0x - Cross-Site Request Forgery (Change Password)
qdPM 9.2 - Password Exposure (Unauthenticated)
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE)
Movable Type 7 r.5002 - XMLRPC API OS Command Injection (Metasploit)
GeoVision Geowebserver 5.3.3 - Local FIle Inclusion
Simple Phone Book 1.0 - 'Username' SQL Injection (Unauthenticated)
Umbraco CMS 8.9.1 - Directory Traversal
Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Dolibarr ERP 14.0.1 - Privilege Escalation
Compro Technology IP Camera - 'killps.cgi' Denial of Service (DoS)
Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation
Phpwcms 1.9.30 - Arbitrary File Upload
Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes)
Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes)
Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)
Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes)
Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes)
Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes)
Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)
Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes)
Windows/x86 - MessageBoxA PEB & Export Address Table NullFree/Dynamic Shellcode (230 bytes)
|
2021-10-30 05:02:09 +00:00 |
|
Offensive Security
|
f33a724e0b
|
DB: 2021-10-29
58 changes to exploits/shellcodes
Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial of Service (PoC)
Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)
ProFTPD 1.3.7a - Remote Denial of Service
glFTPd 2.11a - Remote Denial of Service
Hasura GraphQL 1.3.3 - Denial of Service
Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
NBMonitor 1.6.8 - Denial of Service (PoC)
Nsauditor 3.2.3 - Denial of Service (PoC)
Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
Post-it 5.0.1 - Denial of Service (PoC)
Notex the best notes 6.4 - Denial of Service (PoC)
SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service (PoC)
Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial of Service (PoC)
GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service (PoC)
GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
GeoGebra CAS Calculator 6.0.631.0 - Denial of Service (PoC)
Backup Key Recovery 2.2.7 - Denial of Service (PoC)
memono Notepad Version 4.2 - Denial of Service (PoC)
Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path
Cyberfox Web Browser 52.9.1 - Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
vsftpd 3.0.3 - Remote Denial of Service
Dlink DSL2750U - 'Reboot' Command Injection
PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)
Netsia SEBA+ 0.16.1 - Add Root User (Metasploit)
Arteco Web Client DVR/NVR - 'SessionId' Brute Force
Resumes Management and Job Application Website 1.0 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
'customhs_js_content' - 'customhs_js_content' Cross-Site Request Forgery
Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting
rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)
Mini Mouse 9.3.0 - Local File inclusion
rconfig 3.9.6 - Arbitrary File Upload
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated)
OpenEMR 5.0.1.3 - Authentication Bypass
VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS)
Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting
Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection
Budget and Expense Tracker System 1.0 - Authenticated Bypass
Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)
WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
Blood Bank System 1.0 - Authentication Bypass
Lodging Reservation Management System 1.0 - Authentication Bypass
Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read
Linux/x64 - /sbin/halt -p Shellcode (51 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)
Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)
|
2021-10-29 05:02:12 +00:00 |
|
Offensive Security
|
1cf7d7364a
|
DB: 2021-10-13
176 changes to exploits/shellcodes
Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)
Sandboxie 5.49.7 - Denial of Service (PoC)
WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
iDailyDiary 4.30 - Denial of Service (PoC)
RarmaRadio 2.72.8 - Denial of Service (PoC)
DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
Color Notes 1.4 - Denial of Service (PoC)
Macaron Notes great notebook 5.5 - Denial of Service (PoC)
My Notes Safe 5.3 - Denial of Service (PoC)
Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
NBMonitor 1.6.8 - Denial of Service (PoC)
Nsauditor 3.2.3 - Denial of Service (PoC)
Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
n+otes 1.6.2 - Denial of Service (PoC)
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
Post-it 5.0.1 - Denial of Service (PoC)
Notex the best notes 6.4 - Denial of Service (PoC)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)
MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution
Visual Studio Code 1.47.1 - Denial of Service (PoC)
DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
Backup Key Recovery 2.2.7 - Denial of Service (PoC)
memono Notepad Version 4.2 - Denial of Service (PoC)
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
Dlink DSL2750U - 'Reboot' Command Injection
E-Learning System 1.0 - Authentication Bypass & RCE POC
Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)
ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation
GetSimple CMS 3.3.16 - Reflected XSS to RCE
House Rental and Property Listing 1.0 - Multiple Stored XSS
Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection)
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting
Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)
Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)
CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution
Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover
Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC)
Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)
Montiorr 1.7.6m - File Upload to XSS
GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE
Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated)
Markdown Explorer 0.1.1 - XSS to RCE
Xmind 2020 - XSS to RCE
Tagstoo 2.0.1 - Stored XSS to RCE
SnipCommand 0.1.0 - XSS to RCE
Moeditor 0.2.0 - XSS to RCE
Marky 0.0.1 - XSS to RCE
StudyMD 0.3.2 - XSS to RCE
Freeter 1.2.1 - XSS to RCE
Markright 1.0 - XSS to RCE
Markdownify 1.2.0 - XSS to RCE
Anote 1.0 - XSS to RCE
Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated)
Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload
Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated)
Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)
CHIYU IoT Devices - Denial of Service (DoS)
Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated)
TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal
Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)
Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution
ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection
Dolibarr ERP/CRM 10.0.6 - Login Brute Force
qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated)
Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated)
ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function
Budget and Expense Tracker System 1.0 - Authenticated Bypass
WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)
Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping
Phpwcms 1.9.30 - File Upload to XSS
Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes)
Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)
Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
|
2021-10-13 05:02:15 +00:00 |
|
Offensive Security
|
a250e82458
|
DB: 2021-10-12
176 changes to exploits/shellcodes
Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC)
Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
jQuery UI 1.12.1 - Denial of Service (DoS)
AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)
ProFTPD 1.3.7a - Remote Denial of Service
glFTPd 2.11a - Remote Denial of Service
Hasura GraphQL 1.3.3 - Denial of Service
WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
Telegram Desktop 2.9.2 - Denial of Service (PoC)
SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service
Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC)
GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service (PoC)
GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
GeoGebra CAS Calculator 6.0.631.0 - Denial of Service (PoC)
Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free
MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)
Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC)
Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
vsftpd 3.0.3 - Remote Denial of Service
GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2)
PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting
Arteco Web Client DVR/NVR - 'SessionId' Brute Force
Resumes Management and Job Application Website 1.0 - Multiple Stored XSS
Library System 1.0 - Authentication Bypass Via SQL Injection
MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)
Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting
Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting
Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution
MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS
Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS
rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)
Mini Mouse 9.3.0 - Local File inclusion / Path Traversal
GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE
Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass
rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2)
GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit)
GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE
Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS)
Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution
Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated)
OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass
VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated)
Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution (XSS/RCE)
Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated)
Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS)
WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS)
KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass
Event Registration System with QR Code 1.0 - Authentication Bypass & RCE
CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)
Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR
GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE
Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated)
Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated)
Compro Technology IP Camera - 'killps.cgi' Denial-of-Service (DoS)
OpenSIS 8.0 'modname' - Directory/Path Traversal
Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS
Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)
Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation
PlaceOS 1.2109.1 - Open Redirection
Blood Bank System 1.0 - SQL Injection / Authentication Bypass
Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass
Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read
Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes)
Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes)
Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes)
Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)
Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes)
Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes)
Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)
Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes)
Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)
|
2021-10-12 05:02:16 +00:00 |
|
Offensive Security
|
c9a65a1f7b
|
DB: 2021-09-03
52 changes to exploits/shellcodes
|
2021-09-03 21:04:54 +00:00 |
|
Offensive Security
|
b4c96a5864
|
DB: 2021-09-03
28807 changes to exploits/shellcodes
|
2021-09-03 20:19:21 +00:00 |
|
Offensive Security
|
36c084c351
|
DB: 2021-09-03
45419 changes to exploits/shellcodes
2 new exploits/shellcodes
Too many to list!
|
2021-09-03 13:39:06 +00:00 |
|
Offensive Security
|
4e7ab00187
|
DB: 2021-08-20
204 changes to exploits/shellcodes
Charity Management System CMS 1.0 - Multiple Vulnerabilities
|
2021-08-20 05:01:51 +00:00 |
|
Offensive Security
|
c385c8068c
|
DB: 2021-07-20
6 changes to exploits/shellcodes
WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated)
WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS)
Dolibarr ERP/CRM 10.0.6 - Login Brute Force
PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection
Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
|
2021-07-20 05:01:52 +00:00 |
|
Offensive Security
|
906bbc4943
|
DB: 2021-07-14
8 changes to exploits/shellcodes
Apache Tomcat 9.0.0.M1 - Open Redirect
WordPress Plugin WPFront Notification Bar 1.9.1.04012 - Stored Cross-Site Scripting (XSS)
Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)
Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated) (2)
Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload
Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)
Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)
|
2021-07-14 05:01:54 +00:00 |
|
Offensive Security
|
eaff7043e2
|
DB: 2021-06-11
6 changes to exploits/shellcodes
Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
n+otes 1.6.2 - Denial of Service (PoC)
memono Notepad Version 4.2 - Denial of Service (PoC)
Student Result Management System 1.0 - 'class' SQL Injection
TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)
Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)
|
2021-06-11 05:01:56 +00:00 |
|
Offensive Security
|
599b380301
|
DB: 2021-05-11
7 changes to exploits/shellcodes
DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path
BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path
TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution
Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution
PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: May 3rd 2021
PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection
PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)
Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)
Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes)
|
2021-05-11 05:01:57 +00:00 |
|
Offensive Security
|
53c15c17c6
|
DB: 2021-04-16
6 changes to exploits/shellcodes
glFTPd 2.11a - Remote Denial of Service
Horde Groupware Webmail 5.2.22 - Stored XSS
Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
|
2021-04-16 05:02:00 +00:00 |
|
Offensive Security
|
d65226277c
|
DB: 2021-01-21
4 changes to exploits/shellcodes
ChurchRota 2.6.4 - RCE (Authenticated)
Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS
Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
Linux/x86 - Socat Bind Shellcode (113 bytes)
|
2021-01-21 05:01:57 +00:00 |
|
Offensive Security
|
cb83a6e2dd
|
DB: 2020-12-19
17 changes to exploits/shellcodes
docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)
TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)
FRITZ!Box 7.20 - DNS Rebinding Protection Bypass
SyncBreeze 10.0.28 - 'login' Denial of Service (Poc)
Xeroneit Library Management System 3.1 - _Add Book Category _ Stored XSS
Point of Sale System 1.0 - Authentication Bypass
Alumni Management System 1.0 - Unrestricted File Upload To RCE
Alumni Management System 1.0 - _Course Form_ Stored XSS
Alumni Management System 1.0 - 'id' SQL Injection
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)
Smart Hospital 3.1 - _Add Patient_ Stored XSS
Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)
Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)
|
2020-12-19 05:01:57 +00:00 |
|
Offensive Security
|
720fabd066
|
DB: 2020-07-28
114 changes to exploits/shellcodes
Notepad++ < 7.7 (x64) - Denial of Service
winrar 5.80 64bit - Denial of Service
WinRAR 5.80 (x64) - Denial of Service
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter 'target_offset' Out-of-Bounds Privilege Escalation
TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Windows 7 SP1 (x86) - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Word 2007 (x86) - Information Disclosure
IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation
ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution
Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation
MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation
Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)
Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path
DEWESoft X3 SP1 (64-bit) - Remote Command Execution
DEWESoft X3 SP1 (x64) - Remote Command Execution
CompleteFTP Professional 12.1.3 - Remote Code Execution
TeamCity Agent XML-RPC 10.0 - Remote Code Execution
eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution
FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x86 - Kill All Processes Shellcode (14 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
|
2020-07-28 05:01:59 +00:00 |
|
Offensive Security
|
e46d9f65ff
|
DB: 2020-07-27
32 changes to exploits/shellcodes
Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH)
Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)
DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter)
Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter)
Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH)
Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)
docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)
GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)
ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution
UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin)
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)
Bludit 3.9.2 - Directory Traversal
LibreHealth 2.0.0 - Authenticated Remote Code Execution
Online Course Registration 1.0 - Unauthenticated Remote Code Execution
elaniin CMS - Authentication Bypass
Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated)
PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting
Bio Star 2.8.2 - Local File Inclusion
Webtareas 2.1p - Arbitrary File Upload (Authenticated)
F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)
Socket.io-file 2.0.31 - Arbitrary File Upload
pfSense 2.4.4-p3 - Cross-Site Request Forgery
Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting
Rails 5.0.1 - Remote Code Execution
Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes)
Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)
Windows/x86 - Download using mshta.exe Shellcode (100 bytes)
|
2020-07-27 05:02:04 +00:00 |
|
Offensive Security
|
0486c1c8ad
|
DB: 2019-10-05
4 changes to exploits/shellcodes
Android - Binder Driver Use-After-Free
PHP 7.1 < 7.3 - disable_functions Bypass
PHP 7.1 < 7.3 - 'json serializer' Disable Functions Bypass
LabCollector 5.423 - SQL Injection
PHP 7.0 < 7.3 (Unix) - 'gc' Disable Functions Bypass
Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)
|
2019-10-05 05:01:46 +00:00 |
|
Offensive Security
|
432e1efb44
|
DB: 2019-09-18
1 changes to exploits/shellcodes
Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes)
|
2019-09-18 05:02:14 +00:00 |
|
Offensive Security
|
835218237b
|
DB: 2019-09-06
2 changes to exploits/shellcodes
AwindInc SNMP Service - Command Injection (Metasploit)
Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
|
2019-09-06 05:02:26 +00:00 |
|
Offensive Security
|
998fb1eeec
|
DB: 2019-08-14
6 changes to exploits/shellcodes
Steam Windows Client - Local Privilege Escalation
Agent Tesla Botnet - Arbitrary Code Execution
AZORult Botnet - SQL Injection
Linux/Tru64 alpha - execve(/bin/sh) Shellcode (108 bytes)
Linux/x86 - execve(_/bin/sh_) + tolower() Shellcode
Linux/x86 - Multiple In-Memory Modules (Prompt + Privilege Restore + Break Chroot Jail + Backdoor) + Signature Evasion Shellcode
|
2019-08-14 05:02:24 +00:00 |
|
Offensive Security
|
2b7a0122f2
|
DB: 2019-08-02
6 changes to exploits/shellcodes
Ultimate Loan Manager 2.0 - Cross-Site Scripting
WebIncorp ERP - SQL injection
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes)
Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)
Linux/x86 - Force Reboot Shellcode (51 bytes)
|
2019-08-02 05:02:24 +00:00 |
|
Offensive Security
|
978c16266a
|
DB: 2019-07-13
9 changes to exploits/shellcodes
Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData
SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow
Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation
Xymon 4.3.25 - useradm Command Execution (Metasploit)
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
Sahi Pro 8.0.0 - Remote Command Execution
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution
Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)
|
2019-07-13 05:02:17 +00:00 |
|
Offensive Security
|
1a13989f12
|
DB: 2019-07-04
5 changes to exploits/shellcodes
Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)
Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)
AZADMIN CMS 1.0 - SQL Injection
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
Symantec DLP 15.5 MP1 - Cross-Site Scripting
Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
|
2019-07-04 05:01:54 +00:00 |
|
Offensive Security
|
4afcc04eda
|
DB: 2019-07-02
24 changes to exploits/shellcodes
Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
|
2019-07-02 05:01:50 +00:00 |
|
Offensive Security
|
70484f5916
|
DB: 2019-06-29
3 changes to exploits/shellcodes
LibreNMS 1.46 - 'addhost' Remote Code Execution
Windows/x86 - Start iexplore.exe Shellcode (191 Bytes)
Linux/x86 - chmod + execute + hide output via /usr/bin/wget Shellcode (129 bytes)
|
2019-06-29 05:01:51 +00:00 |
|
Offensive Security
|
5632d13fea
|
DB: 2019-06-28
2 changes to exploits/shellcodes
Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
Linux/x86_64 - Reverse (0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
Linux/x86 - ASCII AND_ SUB_ PUSH_ POPAD Encoder Shellcode
Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe _c:\evil.exe_) Shellcode (210 Bytes)
|
2019-06-28 05:01:52 +00:00 |
|
Offensive Security
|
8cbfa5df7f
|
DB: 2019-06-18
13 changes to exploits/shellcodes
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)
AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector
Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
|
2019-06-18 05:01:54 +00:00 |
|
Offensive Security
|
970f7b1104
|
DB: 2019-05-24
18 changes to exploits/shellcodes
macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
NetAware 1.20 - 'Add Block' Denial of Service (PoC)
NetAware 1.20 - 'Share Name' Denial of Service (PoC)
Terminal Services Manager 3.2.1 - Denial of Service
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free
Microsoft Windows 10 (17763.379) - Install DLL
Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation
Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)
Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation
Microsoft Internet Explorer 11 - Sandbox Escape
Microsoft Windows - 'Win32k' Local Privilege Escalation
Axis Network Camera - .srv to parhand RCE (Metasploit)
Axis Network Camera - .srv to parhand Remote Code Execution (Metasploit)
HP Intelligent Management - Java Deserialization RCE (Metasploit)
HP Intelligent Management - Java Deserialization Remote Code Execution (Metasploit)
Erlang - Port Mapper Daemon Cookie RCE (Metasploit)
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit)
CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit)
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)
Pimcore < 5.71 - Unserialize RCE (Metasploit)
AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit)
Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit)
Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)
Nagios XI 5.6.1 - SQL injection
BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes)
BSD/x86 - setuid(0) + Bind (31337/TCP) Shell (/bin/sh) Shellcode (94 bytes)
Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes)
Linux/x86 - Flush IPTables Rules (execve(/sbin/iptables -F)) Shellcode (70 bytes)
Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables --flush) Shellcode (69 bytes)
Linux/x86 - iptables --flush Shellcode (43 bytes)
Linux/x86 - Flush IPTables Rules (iptables --flush) Shellcode (43 bytes)
Linux/x86 - iptables -F Shellcode (43 bytes)
Linux/x86 - Flush IPTables Rules (iptables -F) Shellcode (43 bytes)
Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)
Linux/x86 - Reverse (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)
Linux/x86 - Reverse TCP (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes)
Linux/x86 - Reverse (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes)
Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes)
macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)
macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)
macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)
Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)
Apple macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)
Apple macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)
Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (63 bytes)
Linux/x86 - Add User (sshd/root) to Passwd File Shellcode (149 bytes)
Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes)
Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)
Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes)
Linux/x86 - Rabbit Shellcode Crypter (200 bytes)
Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper
Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes)
Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes)
Linux/ARM - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (S59!) + Null-Free Shellcode (100 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes)
Linux/x86 - OpenSSL Encrypt (aes256cbc) Files (test.txt) Shellcode (185 bytes)
Linux/x86 - shred file Shellcode (72 bytes)
Linux/x86 - execve /bin/sh Shellcode (20 bytes)
Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
Linux x86_64 - Delete File Shellcode (28 bytes)
Linux/x86 - Shred file (test.txt) Shellcode (72 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (20 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (43 bytes)
Linux/x86_64 - Delete File (test.txt) Shellcode (28 bytes)
Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)
|
2019-05-24 05:02:03 +00:00 |
|
Offensive Security
|
945107caf5
|
DB: 2019-05-14
10 changes to exploits/shellcodes
SpotMSN 2.4.6 - Denial of Service (PoC)
DNSS 2.1.8 - Denial of Service (PoC)
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write
TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
SOCA Access Control System 180612 - Information Disclosure
SOCA Access Control System 180612 - SQL Injection
SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)
XOOPS 2.5.9 - SQL Injection
OpenProject 5.0.0 - 8.3.1 - SQL Injection
Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
|
2019-05-14 05:01:58 +00:00 |
|
Offensive Security
|
5a4d21a1cf
|
DB: 2019-05-09
9 changes to exploits/shellcodes
jetAudio 8.1.7.20702 Basic - 'Enter URL' Denial of Service (PoC)
MiniFtp - 'parseconf_load_setting' Buffer Overflow
Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)
Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)
PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)
Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)
NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass
Linux/x86 - execve /bin/sh Shellcode (20 bytes)
|
2019-05-09 05:02:02 +00:00 |
|
Offensive Security
|
79a9df09f0
|
DB: 2019-05-07
13 changes to exploits/shellcodes
iOS 12.1.3 - 'cfprefsd' Memory Corruption
Windows PowerShell ISE - Remote Code Execution
NSClient++ 0.5.2.35 - Privilege Escalation
Windows PowerShell ISE - Remote Code Execution
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
PHPads 2.0 - 'click.php3?bannerID' SQL Injection
microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection
Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)
Linux/x86 - shred file Shellcode (72 bytes)
|
2019-05-07 05:01:58 +00:00 |
|
Offensive Security
|
2ae6cf2b7f
|
DB: 2019-05-04
9 changes to exploits/shellcodes
SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service
Windows PowerShell ISE - Remote Code Execution
Blue Angel Software Suite - Command Execution
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
Instagram Auto Follow - Authentication Bypass
Zotonic < 0.47.0 mod_admin - Cross-Site Scripting
Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution
Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper
Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes)
|
2019-05-04 05:02:03 +00:00 |
|
Offensive Security
|
0d739de6f9
|
DB: 2019-04-16
13 changes to exploits/shellcodes
UltraVNC Viewer 1.2.2.4 - 'VNC Server' Denial of Service (PoC)
UltraVNC Launcher 1.2.2.4 - 'Path' Denial of Service (PoC)
MailCarrier 2.51 - 'RCPT TO' Buffer Overflow
RemoteMouse 3.008 - Arbitrary Remote Command Execution
CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit)
MailCarrier 2.51 - POP3 'USER' Buffer Overflow
MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow
MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow
Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)
Manage Engine ServiceDesk Plus 10.0 - Privilege Escalation
DirectAdmin 1.561 - Multiple Vulnerabilities
Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes)
Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)
|
2019-04-16 05:02:04 +00:00 |
|
Offensive Security
|
fd2946662d
|
DB: 2019-04-13
7 changes to exploits/shellcodes
CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
Microsoft Internet Explorer 11 - XML External Entity Injection
Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)
Linux/x86 - Add User to Passwd File Shellcode (149 bytes)
|
2019-04-13 05:02:03 +00:00 |
|
Offensive Security
|
ce1901fc4f
|
DB: 2019-03-12
10 changes to exploits/shellcodes
Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak
Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)
NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode)
Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)
OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)
PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution
Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution
Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)
Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)
|
2019-03-12 05:01:58 +00:00 |
|
Offensive Security
|
790ba4b35e
|
DB: 2019-03-09
5 changes to exploits/shellcodes
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
phpBB 3.2.3 - Remote Code Execution
OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting
McAfee ePO 5.9.1 - Registered Executable Local Access Bypass
DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery
Linux/x86 - INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes)
|
2019-03-09 05:02:48 +00:00 |
|
Offensive Security
|
880bbe402e
|
DB: 2019-03-08
14991 changes to exploits/shellcodes
HTC Touch - vCard over IP Denial of Service
TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities
PeerBlock 1.1 - Blue Screen of Death
WS10 Data Server - SCADA Overflow (PoC)
Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
man-db 2.4.1 - 'open_cat_stream()' Local uid=man
CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation
CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
CCProxy 6.2 - 'ping' Remote Buffer Overflow
Savant Web Server 3.1 - Remote Buffer Overflow (2)
Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution
Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
|
2019-03-08 05:01:50 +00:00 |
|
Offensive Security
|
dd4f02248d
|
DB: 2019-03-06
2 changes to exploits/shellcodes
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)
Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload)
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor / Custom Binary)
elFinder 2.1.47 - Command Injection vulnerability in the PHP connector
elFinder 2.1.47 - 'PHP connector' Command Injection
OpenDocMan 1.3.4 - 'search.php where' SQL Injection
Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes)
Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes)
Linux/x86 - XOR Encoder / Decoder execve() /bin/sh Shellcode (45 bytes)
|
2019-03-06 05:01:57 +00:00 |
|
Offensive Security
|
a37e3008e5
|
DB: 2019-03-05
20 changes to exploits/shellcodes
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
FileZilla 3.40.0 - 'Local search' / 'Local site' Denial of Service (PoC)
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1)
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)
symphony CMS 2.3 - Multiple Vulnerabilities
Symphony CMS 2.3 - Multiple Vulnerabilities
Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload)
Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)
OOP CMS BLOG 1.0 - Multiple SQL Injection
OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery
CMSsite 1.0 - Multiple Cross-Site Request Forgery
elFinder 2.1.47 - Command Injection vulnerability in the PHP connector
MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal
Bolt CMS 3.6.4 - Cross-Site Scripting
Craft CMS 3.1.12 Pro - Cross-Site Scripting
WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities
Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting
Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes)
Linux/x64 - Kill All Processes Shellcode (11 bytes)
Linux/x86 - iptables -F Shellcode (43 bytes)
|
2019-03-05 05:01:50 +00:00 |
|
Offensive Security
|
d667cf901c
|
DB: 2019-02-06
11 changes to exploits/shellcodes
Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC)
River Past Audio Converter 7.7.16 - Denial of Service (PoC)
ResourceSpace 8.6 - 'watched_searches.php' SQL Injection
SuiteCRM 7.10.7 - 'parentTab' SQL Injection
SuiteCRM 7.10.7 - 'record' SQL Injection
ResourceSpace 8.6 - 'watched_searches.php' SQL Injection
SuiteCRM 7.10.7 - 'parentTab' SQL Injection
SuiteCRM 7.10.7 - 'record' SQL Injection
BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery
devolo dLAN 550 duo+ Starter Kit - Remote Code Execution
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)
|
2019-02-06 05:01:42 +00:00 |
|
Offensive Security
|
6050f45223
|
DB: 2019-02-02
4 changes to exploits/shellcodes
Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC)
PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit
SureMDM < 2018-11 Patch - Local / Remote File Inclusion
Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (3)
|
2019-02-02 05:01:47 +00:00 |
|
Offensive Security
|
ed58accc5a
|
DB: 2019-01-30
5 changes to exploits/shellcodes
MiniUPnPd 2.1 - Out-of-Bounds Read
MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation
MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation
HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)
PDF Signer 3.0 - SSTI to RCE via CSRF Cookie
Linux/x86 - execve() - Terminal Calculator (bc) Shellcode (53 bytes)
Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes)
Linux/ARM - Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/x86 - execve(/bin/sh) + RShift-1 Encoded Shellcode (29 bytes)
|
2019-01-30 05:01:46 +00:00 |
|
Offensive Security
|
b68cbec24d
|
DB: 2019-01-29
26 changes to exploits/shellcodes
Sricam gSOAP 2.8 - Denial of Service
Smart VPN 1.1.3.0 - Denial of Service (PoC)
MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)
BEWARD Intercom 2.3.1 - Credentials Disclosure
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference
CMSsite 1.0 - 'cat_id' SQL Injection
CMSsite 1.0 - 'search' SQL Injection
Cisco RV300 / RV320 - Information Disclosure
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
Newsbull Haber Script 1.0.0 - 'search' SQL Injection
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection
Teameyo Project Management System 1.0 - SQL Injection
Mess Management System 1.0 - SQL Injection
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection
Linux/x86 - exit(0) Shellcode (5 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2)
Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes)
Linux/ARM - Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
|
2019-01-29 05:01:52 +00:00 |
|
Offensive Security
|
fa261f0558
|
DB: 2019-01-17
18 changes to exploits/shellcodes
Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
Roxy Fileman 1.4.5 - Arbitrary File Download
doorGets CMS 7.0 - Arbitrary File Download
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
|
2019-01-17 05:01:45 +00:00 |
|
Offensive Security
|
bb44caca27
|
DB: 2019-01-16
4 changes to exploits/shellcodes
1Password < 7.0 - Denial of Service
Microsoft Windows VCF - Remote Code Execution
ownDMS 4.7 - SQL Injection
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes)
|
2019-01-16 05:01:50 +00:00 |
|
Offensive Security
|
c2a1585898
|
DB: 2019-01-10
10 changes to exploits/shellcodes
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
MDwiki < 0.6.2 - Cross-Site Scripting
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
BlogEngine 3.3 - XML External Entity Injection
Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
|
2019-01-10 05:01:43 +00:00 |
|
Offensive Security
|
a07949d1c7
|
DB: 2018-12-12
21 changes to exploits/shellcodes
SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting
Tourism Website Blog - Remote Code Execution / SQL Injection
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
ZTE ZXHN H168N - Improper Access Restrictions
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting
Apache OFBiz 16.11.05 - Cross-Site Scripting
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
Adobe ColdFusion 2018 - Arbitrary File Upload
Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
|
2018-12-12 05:01:43 +00:00 |
|