bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1673 commits 1 branch 0 tags 292 MiB
Commit graph

121 commits

Author SHA1 Message Date
Offensive Security
05328d91a4 DB: 2018-10-04 
5 changes to exploits/shellcodes

FTP Voyager 16.2.0 - Denial of Service (PoC)

OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
Zechat 1.5 - 'uname' SQL Injection
Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection
Airties AIR5342 1.0.0.18 - Cross-Site Scripting
RICOH MP C1803 JPN Printer - Cross-Site Scripting
 2018-10-04 05:01:54 +00:00
Offensive Security
716ece3cc6 DB: 2018-10-02 
13 changes to exploits/shellcodes

Snes9K 0.0.9z - Denial of Service (PoC)
Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
H2 Database 1.4.196 - Remote Code Execution
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
Fork CMS 5.4.0 - Cross-Site Scripting
Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection
Education Website 1.0 - 'subject' SQL Injection
Singleleg MLM Software 1.0 - 'msg_id' SQL Injection
Binary MLM Software 1.0 - 'pid' SQL Injection
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
WUZHICMS 2.0 - Cross-Site Scripting
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
 2018-10-02 05:01:58 +00:00
Offensive Security
6efd01d5b6 DB: 2018-09-27 
5 changes to exploits/shellcodes

TransMac 12.2 - Denial of Service (PoC)
CrossFont 7.5 - Denial of Service (PoC)

Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath

Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)
 2018-09-27 05:01:58 +00:00
Offensive Security
4e39fa0f91 DB: 2018-09-26 
35 changes to exploits/shellcodes

WebKit - 'WebCore::SVGAnimateElementBase::resetAnimatedType' Use-After-Free
WebKit - 'WebCore::AXObjectCache::handleMenuItemSelected' Use-After-Free
WebKit - 'WebCore::Node::ensureRareData' Use-After-Free
WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read
WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free
WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free
WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free
WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free
WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free
Easy PhoroResQ 1.0 - Buffer Overflow
Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit)
Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH)

Collectric CMU 1.0 - 'lang' SQL injection
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
RICOH MP C2003 Printer - Cross-Site Scripting
Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection
Super Cms Blog Pro 1.0 - SQL Injection
Joomla! Component Raffle Factory 3.5.2 - SQL Injection
Joomla! Component Music Collection 3.0.3 - SQL Injection
Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection
Joomla! Component Questions 1.4.3 - SQL Injection
Joomla! Component Jobs Factory 2.0.4 - SQL Injection
Joomla! Component Social Factory 3.8.3 - SQL Injection
RICOH MP C6503 Plus Printer - Cross-Site Scripting
Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component Swap Factory 2.2.1 - SQL Injection
Joomla! Component Collection Factory 4.1.9 - SQL Injection
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection
Joomla! Component Timetable Schedule 3.6.8 - SQL Injection
RICOH MP 305+ Printer - Cross-Site Scripting
RICOH MP C406Z Printer - Cross-Site Scripting
Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection

Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) + sigaction() Shellcode (52 Bytes)
 2018-09-26 05:02:43 +00:00
Offensive Security
ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
 2018-09-25 05:01:51 +00:00
Offensive Security
c7cec74ceb DB: 2018-09-20 
6 changes to exploits/shellcodes

Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
LG SuperSign EZ CMS 2.5 - Local File Inclusion
 2018-09-20 05:01:45 +00:00
Offensive Security
29542c36ab DB: 2018-09-19 
7 changes to exploits/shellcodes

Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)
Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion
Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion

Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution

HongCMS 3.0.0 - SQL Injection
HongCMS 3.0.0 - (Authenticated) SQL Injection

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting

WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting

Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)
 2018-09-19 05:01:45 +00:00
Offensive Security
f1d68507cd DB: 2018-09-18 
7 changes to exploits/shellcodes

XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
Notebook Pro 2.0 - Denial Of Service (PoC)
Oracle VirtualBox Manager 5.2.18 r124319  - 'Name Attribute' Denial of Service (PoC)
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)

CA Release Automation NiMi 6.5 - Remote Command Execution

Gitweb 1.7.3.3 - Cross-Site Scripting
gitWeb 1.7.3.3 - Cross-Site Scripting
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection

Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)
Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes)
Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes)
Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes)
Linux/x86 - Read File (/etc/passwd) + MSF Optimized Shellcode (61 bytes)
Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)
Linux/x86 - echo _Hello World_ + Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
 2018-09-18 05:01:45 +00:00
Offensive Security
b42759b8b8 DB: 2018-09-13 
15 changes to exploits/shellcodes

jiNa OCR Image to Text 1.0 - Denial of Service (PoC)
PixGPS 1.1.8 - Denial of Service (PoC)
RoboImport 1.2.0.72 - Denial of Service (PoC)
PicaJet FX 2.6.5 - Denial of Service (PoC)
iCash 7.6.5 - Denial of Service (PoC)
PDF Explorer 1.5.66.2 - Denial of Service (PoC)
Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC)
Apple macOS 10.13.4 - Denial of Service (PoC)
CirCarLife SCADA 4.3.0 - Credential Disclosure
Rubedo CMS 3.4.0 - Directory Traversal
SynaMan 4.0 build 1488 - Authenticated Cross-Site Scripting (XSS)
SynaMan 4.0 build 1488 - SMTP Credential Disclosure
IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection
MyBB 1.8.17 - Cross-Site Scripting
LG Smart IP Camera 1508190 - Backup File Download
 2018-09-13 05:01:52 +00:00
Offensive Security
87053f010c DB: 2018-09-11 
12 changes to exploits/shellcodes

SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH)
Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH)
Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Zenmap (Nmap) 7.70 - Denial of Service (PoC)
Ghostscript - Failed Restore Command Execution (Metasploit)
VirtualBox 5.2.6.r120293 - VM Escape

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities
RPi Cam Control < 6.3.14 - Multiple Vulnerabilities
LW-N605R 12.20.2.1486 - Remote Code Execution
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
 2018-09-11 05:01:54 +00:00
Offensive Security
76af808136 DB: 2018-09-08 
6 changes to exploits/shellcodes

DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH)
iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow (SEH)

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution

D-Link Dir-600M N150 - Cross-Site Scripting
MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection
Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
QNAP Photo Station 5.7.0 - Cross-Site Scripting
 2018-09-08 05:01:54 +00:00
Offensive Security
8379495e8e DB: 2018-09-07 
10 changes to exploits/shellcodes

Cisco Umbrella Roaming Client 2.0.168 - Privilege Escalation

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)

Tenda ADSL Router D152 - Cross-Site Scripting
Jorani Leave Management 0.6.5 - Cross-Site Scripting
Jorani Leave Management 0.6.5 - 'startdate' SQL Injection
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
Online Quiz Maker 1.0 - 'catid' SQL Injection
Logicspice FAQ Script 2.9.7 - Remote Code Execution
PHP File Browser Script 1 - Directory Traversal
Online Quiz Maker 1.0 - 'catid' SQL Injection
D-Link Dir-600M N150 - Cross-Site Scripting
Logicspice FAQ Script 2.9.7 - Remote Code Execution
PHP File Browser Script 1 - Directory Traversal
 2018-09-07 05:01:55 +00:00
Offensive Security
32f471140a DB: 2018-09-06 
18 changes to exploits/shellcodes

Microsoft people 10.1807.2131.0 - Denial of service (PoC)

GNU glibc < 2.27 - Local Buffer Overflow

UltraISO 9.7.1.3519 - Buffer Overflow (SEH)

JBoss 4.2.x/4.3.x - Information Disclosure

Git < 2.17.1 - Remote Code Execution

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

Monstra CMS 3.0.4 - Remote Code Execution

OpenDaylight - SQL Injection
Tenda ADSL Router D152 - Cross-Site Scripting

Pivotal Spring Java Framework < 5.0 - Remote Code Execution
 2018-09-06 05:01:55 +00:00
Offensive Security
925b2171f4 DB: 2018-09-04 
10 changes to exploits/shellcodes

VSAXESS V2.6.2.70 build20171226_053 - 'Nickname' Denial of Service (PoC)
Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC)
D-Link DIR-615 - Denial of Service (PoC)
Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC)
Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)
Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC)
Wikipedia 12.0 - Denial of Service (PoC)
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting
Vox TG790 ADSL Router - Cross-Site Scripting
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting
Vox TG790 ADSL Router - Cross-Site Scripting
FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection
Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)
Online Quiz Maker 1.0 - 'catid' SQL Injection
 2018-09-04 05:01:55 +00:00
Offensive Security
a0f0afa2de DB: 2018-09-01 
5 changes to exploits/shellcodes

Acunetix WVS Reporter 10.0 - Denial of Service (PoC)
Argus Surveillance DVR 4.0.0.0 - Privilege Escalation
Network Manager VPNC - Username Privilege Escalation (Metasploit)
Vox TG790 ADSL Router - Cross-Site Scripting
DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)
 2018-09-01 05:01:55 +00:00
Offensive Security
011bb3564a DB: 2018-08-31 
8 changes to exploits/shellcodes

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC)
Nord VPN 6.14.31 - Denial of Service (PoC)
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
DLink DIR-601 - Credential Disclosure
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting

Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
 2018-08-31 05:01:57 +00:00
Offensive Security
444206a6be DB: 2018-08-30 
21 changes to exploits/shellcodes

NASA openVSP 3.16.1 - Denial of Service (PoC)
Immunity Debugger 1.85 - Denial of Service (PoC)
ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)
Fathom 2.4 - Denial Of Service (PoC)
Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)
Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)
HD Tune Pro 5.70 - Denial of Service (PoC)
Drive Power Manager 1.10 - Denial Of Service (PoC)
Easy PhotoResQ 1.0 - Denial Of Service (PoC)
Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC)
SIPP 3.3 - Stack-Based Buffer Overflow
R 3.4.4 - Buffer Overflow (SEH)

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure
phpMyAdmin 4.7.x - Cross-Site Request Forgery
Episerver 7 patch 4 - XML External Entity Injection
Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes)
Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode
Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes)
Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)
 2018-08-30 05:01:54 +00:00
Offensive Security
18e2848633 DB: 2018-08-28 
25 changes to exploits/shellcodes

Firefox 55.0.3 - Denial of Service (PoC)
Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)
Libpango 1.40.8 - Denial of Service (PoC)
Adobe Flash - AVC Processing Out-of-Bounds Read

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
CuteFTP 5.0 - Buffer Overflow
Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

OpenSSH 7.7 - Username Enumeration
OpenSSH 2.3 < 7.7 - Username Enumeration
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (2)
Node.JS - 'node-serialize' Remote Code Execution
Electron WebPreferences - Remote Code Execution
HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

Auditor Website 2.0.1 - Cross-Site Scripting
Basic B2B Script 2.0.0 - Cross-Site Scripting
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting

Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
LiteCart 2.1.2 - Arbitrary File Upload
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
Responsive FileManager < 9.13.4 - Directory Traversal
WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection
 2018-08-28 05:01:59 +00:00
Offensive Security
1ebf504a96 DB: 2018-08-25 
2 changes to exploits/shellcodes

SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
 2018-08-25 05:01:56 +00:00
Offensive Security
b81a1d9d72 DB: 2018-08-23 
12 changes to exploits/shellcodes

Textpad 7.6.4 - Denial Of Service (PoC)
UltraISO 9.7.1.3519 - Denial Of Service (PoC)
Easyboot 6.6.0 - Denial Of Service (PoC)
Softdisk 3.0.3 - Denial Of Service (PoC)

Soroush IM Desktop App 0.17.0 - Authentication Bypass
Project64 2.3.2 - Buffer Overflow (SEH)
Ghostscript - Multiple Vulnerabilities
Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation

OpenSSH 2.3 < 7.4 - Username Enumeration (PoC)
OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)

Geutebrueck re_porter 7.8.974.20 - Credential Disclosure
ZyXEL VMG3312-B10B - Cross-Site Scripting
KingMedia 4.1 - Remote Code Execution
Geutebrueck re_porter 16 - Cross-Site Scripting
 2018-08-23 05:01:49 +00:00
Offensive Security
8750f2fdd7 DB: 2018-08-22 
6 changes to exploits/shellcodes

Project64 2.3.2 - Denial Of Service (PoC)

Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution
Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code Execution
OpenSSH 7.7 - Username Enumeration

WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
Twitter-Clone 1 - 'userid' SQL Injection
Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)
Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
 2018-08-22 05:01:45 +00:00
Offensive Security
16744756bc DB: 2018-08-18 
10 changes to exploits/shellcodes

TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
CEWE Photoshow 6.3.4 - Denial of Service (PoC)
Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl
Microsoft Edge Chakra JIT - Scope Parsing Type Confusion
Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion
Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion
Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion

OpenSSH 2.3 < 7.4 - Username Enumeration (PoC)

Mikrotik WinBox 6.42 - Credential Disclosure (golang)

Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)

Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection

ADM 3.1.2RHG1 - Remote Code Execution
 2018-08-18 05:01:47 +00:00
Offensive Security
0424dfc05b DB: 2018-08-17 
8 changes to exploits/shellcodes

TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC)
Central Management Software 1.4.13 - Denial of Service (PoC)

WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)

OpenEMR 5.0.1.3 - Arbitrary File Actions
Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection
Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
 2018-08-17 05:02:00 +00:00
Offensive Security
2e282df4a8 DB: 2018-08-16 
3 changes to exploits/shellcodes

JioFi 4G M2S 1.0.2 - Denial of Service (PoC)
ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection
ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass
 2018-08-16 05:02:01 +00:00
Offensive Security
1e34c2b6a5 DB: 2018-08-14 
11 changes to exploits/shellcodes

IP Finder 1.5 - Denial of Service (PoC)
Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)
PLC Wireless Router GPN2.4P21-C-CN - Denial of Service
Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow
PostgreSQL 9.4-0.5.3 - Privilege Escalation
Android - Directory Traversal over USB via Injection in blkid Output

Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution

Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)

Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking)
Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)

IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting

Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)
 2018-08-14 05:01:45 +00:00
Offensive Security
e5c23cdd53 DB: 2018-08-13 
4 changes to exploits/shellcodes

LG NAS 3718.510.a0 - Remote Command Execution
Monstra 3.0.4 - Cross-Site Scripting
Wavemaker Studio 6.6 - Server-Side Request Forgery
Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking)
 2018-08-13 05:01:45 +00:00
Offensive Security
1d21694058 DB: 2018-08-10 
13 changes to exploits/shellcodes

reSIProcate 1.10.2 - Heap Overflow

CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)

AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)

Linux Kernel  4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)

Responsive Filemanager 9.13.1 - Server-Side Request Forgery

Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection

Sitecore.Net 8.1 - Directory Traversal

Monstra 3.0.4 - Cross-Site Scripting
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
 2018-08-10 05:01:46 +00:00
Offensive Security
9d8170fd85 DB: 2018-08-09 
9 changes to exploits/shellcodes

TP-Link Wireless N Router WR840N - Denial of Service (PoC)

Splinterware System Scheduler Pro 5.12 - Privilege Escalation
iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow
iSmartViewPro 1.5 - 'Account' Buffer Overflow

OpenEMR < 5.0.1 - Remote Code Execution

Kirby CMS 2.5.12 - Cross-Site Scripting
osTicket 1.10.1 - Arbitrary File Upload
LG-Ericsson iPECS NMS 30M - Directory Traversal
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
Monstra 3.0.4 - Cross-Site Scripting
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
Monstra 3.0.4 - Cross-Site Scripting
 2018-08-09 05:01:53 +00:00
Offensive Security
addac3a875 DB: 2018-08-07 
9 changes to exploits/shellcodes

mySCADA myPRO 7 - Hard-Coded Credentials

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload

Open-AudIT Community 2.2.6 - Cross-Site Scripting
Subrion CMS 4.2.1 - Cross-Site Scripting
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
CMS ISWEB 3.5.3 - Directory Traversal
Monstra 3.0.4 - Cross-Site Scripting
 2018-08-07 05:01:44 +00:00
Offensive Security
9ea5e15796 DB: 2018-08-03 
13 changes to exploits/shellcodes

Sun Solaris 11.3 AVS - Local Kernel root Exploit

Allok Fast AVI MPEG Splitter 1.2 - Buffer Overflow (PoC)
AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)
Imperva SecureSphere 11.5 / 12.0 / 13.0 - Privilege Escalation
SecureSphere 12.0.0.50 - SealMode Shell Escape (Metasploit)

wityCMS 0.6.1 - Cross-Site Scripting

Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting
WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)
TI Online Examination System v2 - Arbitrary File Download
PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQL Injection
CoSoSys Endpoint Protector 4.5.0.1 - Authenticated Remote Root Command Injection
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection
ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution
Seq 4.2.476 - Authentication Bypass
 2018-08-03 05:01:46 +00:00
Offensive Security
cfbfaba0a7 DB: 2018-07-27 
3 changes to exploits/shellcodes

Core FTP 2.0 - 'XRMD' Denial of Service (PoC)

Inteno’s IOPSYS - (Authenticated) Local Privilege Escalation

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
 2018-07-27 05:01:45 +00:00
Offensive Security
1d504e24f2 DB: 2018-07-25 
3 changes to exploits/shellcodes

Nagios Core 4.4.1 - Denial of Service

Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)

D-link DAP-1360 - Path Traversal / Cross-Site Scripting

Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (100 bytes)
 2018-07-25 05:01:46 +00:00
Offensive Security
300aada6a5 DB: 2018-07-24 
7 changes to exploits/shellcodes

Windows Speech Recognition - Buffer Overflow

Knox Software Arkeia 4.0 - Backup Local Overflow
Knox Arkeia 4.0 Backup - Local Overflow

Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)

Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit)
Knox Arkeia Backup Client 5.3.3 Type 77 (OSX) - Overflow (Metasploit)

Microsoft Windows - 'dnslint.exe' Drive-By Download
NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution
Davolink DVW 3200 Router - Password Disclosure
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)

Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)
 2018-07-24 05:01:45 +00:00
Offensive Security
939bd7d9cd DB: 2018-07-23 
1 changes to exploits/shellcodes

GeoVision GV-SNVR0811 - Directory Traversal
 2018-07-23 05:01:45 +00:00
Offensive Security
350bb348ff DB: 2018-07-21 
3 changes to exploits/shellcodes

TP-Link TL-WR840N - Denial of Service

WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting
WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting
MSVOD 10 - 'cid' SQL Injection
Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass
 2018-07-21 05:01:50 +00:00
Offensive Security
a2ac269de5 DB: 2018-07-19 
8 changes to exploits/shellcodes

JavaScript Core - Arbitrary Code Execution
QNAP Q'Center - change_passwd Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs RCE (Metasploit)
QNAP Q'Center - 'change_passwd' Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit)
HomeMatic Zentrale CCU2 - Remote Code Execution

MailGust 1.9 - Board Takeover SQL Injection
MailGust 1.9 - Board Takeover (SQL Injection)

Cyphor 0.19 - Board Takeover SQL Injection
Cyphor 0.19 - Board Takeover (SQL Injection)

versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection
versatileBulletinBoard 1.00 RC2 - Board Takeover (SQL Injection)

WordPress 2.6.1 - SQL Column Truncation Admin Takeover
WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)

Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover
Invision Power Board 1.x?/2.x/3.x - Admin Takeover

Joomla! < 3.6.4 - Admin TakeOver
Joomla! < 3.6.4 - Admin Takeover
PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation
PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation
Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection
Open-AudIT Community 2.1.1 - Cross-Site Scripting
FTP2FTP 1.0 - Arbitrary File Download
Modx Revolution < 2.6.4 - Remote Code Execution
 2018-07-19 05:01:43 +00:00
Offensive Security
1f88d0a67a DB: 2018-07-18 
10 changes to exploits/shellcodes

Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass
Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials
QNAP Q'Center - change_passwd Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs RCE (Metasploit)
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root

Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)
 2018-07-18 05:01:47 +00:00
Offensive Security
a657b64301 DB: 2018-07-17 
7 changes to exploits/shellcodes

macOS/iOS - JavaScript Injection Bug in OfficeImporter
Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)
Hadoop YARN ResourceManager - Command Execution (Metasploit)

VelotiSmart WiFi B-380 Camera - Directory Traversal
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting

Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)
 2018-07-17 05:01:49 +00:00
Offensive Security
b374aca9a3 DB: 2018-07-14 
10 changes to exploits/shellcodes

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow

Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)

HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit)
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)

IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)
IBM QRadar SIEM - Remote Code Execution (Metasploit)
Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)
Apache CouchDB - Arbitrary Command Execution (Metasploit)
phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)
Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)

Dolibarr 3.2.0 < Alpha - File Inclusion
Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion

Dolibarr ERP/CRM - OS Command Injection
Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection

Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection
Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection

Dolibarr CMS 3.5.3 - Multiple Vulnerabilities
Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities

Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr ERP/CRM 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr ERP/CRM - '/user/index.php' Multiple SQL Injections
Dolibarr ERP/CRM - '/user/info.php?id' SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php?rowid' SQL Injection
Dolibarr ERP/CRM 3.1.0 - '/user/index.php' Multiple SQL Injections
Dolibarr ERP/CRM 3.1.0 - '/user/info.php?id' SQL Injection
Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection

Dolibarr CMS 3.x - '/adherents/fiche.php' SQL Injection
Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection

Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities

Dolibarr 7.0.0 - SQL Injection
Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection

Dolibarr ERP CRM  < 7.0.3 - PHP Code Injection
Dolibarr ERP/CRM  < 7.0.3 - PHP Code Injection

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution

WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure
Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery
 2018-07-14 05:01:50 +00:00
Offensive Security
52954b4751 DB: 2018-07-12 
5 changes to exploits/shellcodes

Nibbleblog - Arbitrary File Upload (Metasploit)
Nibbleblog 4.0.3 - Arbitrary File Upload (Metasploit)

IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)

Nibbleblog - Multiple SQL Injections
Nibbleblog 3 - Multiple SQL Injections
Instagram-Clone Script 2.0 - Cross-Site Scripting
Dicoogle PACS 2.5.0 - Directory Traversal
 2018-07-12 05:01:59 +00:00
Offensive Security
02fa7c70d3 DB: 2018-07-11 
9 changes to exploits/shellcodes

HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit)
HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit)
OpenSSH < 6.6 SFTP (x64) - Command Execution
OpenSSH < 6.6 SFTP - Command Execution

ModSecurity 3.0.0 - Cross-Site Scripting
Gitea 1.4.0 - Remote Code Execution
WolfSight CMS 3.2 - SQL Injection
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
Elektronischer Leitz-Ordner 10 - SQL Injection
D-Link DIR601 2.02 - Credential Disclosure
 2018-07-11 05:01:52 +00:00
Offensive Security
08110782dd DB: 2018-07-06 
4 changes to exploits/shellcodes

ADB Broadband Gateways / Routers - Local Root Jailbreak
ADB Broadband Gateways / Routers - Privilege Escalation

ADB Broadband Gateways / Routers - Authorization Bypass

SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection
 2018-07-06 05:01:46 +00:00
Offensive Security
e8a3702c6c DB: 2018-07-03 
11 changes to exploits/shellcodes

Core FTP LE 2.2 - Buffer Overflow (PoC)
SIPp 3.6 - Local Buffer Overflow (PoC)
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)

Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection
FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)
Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
Dolibarr ERP CRM  < 7.0.3 - PHP Code Injection

Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)
 2018-07-03 05:01:48 +00:00
Offensive Security
fdf8bfe785 DB: 2018-06-29 
5 changes to exploits/shellcodes

Microsoft Windows - WRITE_ANDX SMB command handling Kernel Denial of Service (Metasploit)
Microsoft Windows - 'WRITE_ANDX' SMB Command Handling Kernel Denial of Service (Metasploit)

freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - (Authenticated) SFTP 'rename' Remote Buffer Overflow (PoC)

freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - (Authenticated) SFTP 'realpath' Remote Buffer Overflow (PoC)

Novell Groupwise 8.0 - Malformed RCPT Command Off-by-One
Novell Groupwise 8.0 - 'RCPT' Off-by-One

WarFTPd 1.82.00-RC12 - LIST command Format String Denial of Service
WarFTPd 1.82.00-RC12 - 'LIST' Format String Denial of Service

Sysax Multi Server < 5.25 (SFTP Module) - Multiple Commands Denial of Service Vulnerabilities
Sysax Multi Server < 5.25 (SFTP Module) - Multiple Denial of Service Vulnerabilities
Novell Groupwise Internet Agent - IMAP LIST Command Remote Code Execution
Novell Groupwise Internet Agent - IMAP LIST LSUB Command Remote Code Execution
Novell Groupwise Internet Agent - IMAP 'LIST' Remote Code Execution
Novell Groupwise Internet Agent - IMAP 'LIST LSUB' Remote Code Execution

Solar FTP Server 2.0 - Multiple Commands Denial of Service Vulnerabilities
Solar FTP Server 2.0 - Multiple Denial of Service Vulnerabilities

LiteServe 2.81 - PASV Command Denial of Service
LiteServe 2.81 - 'PASV' Denial of Service

Notepad++ NppFTP plugin - LIST command Remote Heap Overflow (PoC)
Notepad++ NppFTP Plugin - 'LIST' Remote Heap Overflow (PoC)

TYPSoft FTP Server 1.10 - Multiple Commands Denial of Service Vulnerabilities
TYPSoft FTP Server 1.10 - Multiple Denial of Service Vulnerabilities

WFTPD 2.4.1RC11 - STAT/LIST Command Denial of Service
WFTPD 2.4.1RC11 - 'STAT'/'LIST' Denial of Service

WFTPD 2.4.1RC11 - MLST Command Remote Denial of Service
WFTPD 2.4.1RC11 - 'MLST' Remote Denial of Service

Oracle 8i - dbsnmp Command Remote Denial of Service
Oracle 8i - 'dbsnmp' Remote Denial of Service

Mollensoft Software Enceladus Server Suite 3.9 - FTP Command Buffer Overflow
Mollensoft Software Enceladus Server Suite 3.9 - 'FTP' Buffer Overflow

GuildFTPd 0.999.8 - CWD Command Denial of Service
GuildFTPd 0.999.8 - 'CWD' Denial of Service

Xlight FTP Server 1.25/1.41 - PASS Command Remote Buffer Overflow
Xlight FTP Server 1.25/1.41 - 'PASS'  Remote Buffer Overflow

RobotFTP Server 1.0/2.0 - Remote Command Denial of Service
RobotFTP Server 1.0/2.0 - Remote Denial of Service
RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1)
RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2)
RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3)
RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow (1)
RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow (2)
RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow (3)

Opera Web Browser 7.54 - KDE KFMCLIENT Remote Command Execution
Opera Web Browser 7.54 - 'KDE KFMCLIENT' Remote Command Execution

MailEnable 1.x - SMTP HELO Command Remote Denial of Service
MailEnable 1.x - SMTP 'HELO' Remote Denial of Service

HP Printer FTP Print Server 2.4.5 - List Command Buffer Overflow
HP Printer FTP Print Server 2.4.5 - 'LIST'  Buffer Overflow

HP JetDirect FTP Print Server - RERT Command Denial of Service
HP JetDirect FTP Print Server - 'RERT' Denial of Service

FSD 2.052/3.000 - servinterface.cc servinterface::sendmulticast Function PIcallsign Command Remote Overflow
FSD 2.052/3.000 - 'servinterface.cc servinterface::sendmulticast' 'PIcallsign' Command Remote Overflow

freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service
freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Remote Denial of Service

Qbik WinGate 6.2.2 - LIST Command Remote Denial of Service
Qbik WinGate 6.2.2 - 'LIST'  Remote Denial of Service

Quick 'n Easy FTP Server 3.9.1 - USER Command Remote Buffer Overflow
Quick 'n Easy FTP Server 3.9.1 - 'USER'  Remote Buffer Overflow
Ability FTP Server 2.1.4 - 'afsmain.exe' USER Command Remote Denial of Service
Ability FTP Server 2.1.4 - Admin Panel AUTHCODE Command Remote Denial of Service
Ability FTP Server 2.1.4 - 'afsmain.exe' 'USER' Remote Denial of Service
Ability FTP Server 2.1.4 - Admin Panel 'AUTHCODE' Remote Denial of Service

Resolv+ (RESOLV_HOST_CONF) - Linux Library Command Execution
Resolv+ 'RESOLV_HOST_CONF' - Linux Library Command Execution

Platform Load Sharing Facility 4/5 - LSF_ENVDIR Local Command Execution
Platform Load Sharing Facility 4/5 - 'LSF_ENVDIR' Local Command Execution

Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Exeuction
Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Execution

Golden FTP Server 4.70 - PASS Command Buffer Overflow
Golden FTP Server 4.70 - 'PASS'  Buffer Overflow

EasyFTP Server 1.7.0.11 - MKD Command Stack Buffer Overflow (Metasploit)
EasyFTP Server 1.7.0.11 - 'MKD' Stack Buffer Overflow (Metasploit)

Vermillion FTP Daemon - PORT Command Memory Corruption (Metasploit)
Vermillion FTP Daemon - 'PORT' Memory Corruption (Metasploit)

EasyFTP Server 1.7.0.11 - LIST Command Stack Buffer Overflow (Metasploit)
EasyFTP Server 1.7.0.11 - 'LIST'  Stack Buffer Overflow (Metasploit)

EasyFTP Server 1.7.0.11 - CWD Command Stack Buffer Overflow (Metasploit)
EasyFTP Server 1.7.0.11 - 'CWD' Stack Buffer Overflow (Metasploit)

HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'connectedNodes.ovp'l Remote Command Execution (Metasploit)

Zabbix Agent - net.tcp.listen Command Injection (Metasploit)
Zabbix Agent - 'net.tcp.listen' Command Injection (Metasploit)

Actfax FTP Server 4.27 - USER Command Stack Buffer Overflow (Metasploit)
Actfax FTP Server 4.27 - 'USER'  Stack Buffer Overflow (Metasploit)
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - rpc.ypupdated Command Execution (1)
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - rpc.ypupdated Command Execution (2)
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - 'rpc.ypupdated' Command Execution (1)
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - 'rpc.ypupdated' Command Execution (2)

Majordomo 1.89/1.90 - lists Command Execution
Majordomo 1.89/1.90 - 'lists' Command Execution

PALS Library System WebPALS 1.0 - pals-cgi Arbitrary Command Execution
PALS Library System WebPALS 1.0 - 'pals-cgi' Arbitrary Command Execution

SGI IRIX 6.x - rpc.xfsmd Remote Command Execution
SGI IRIX 6.x - 'rpc.xfsmd' Remote Command Execution

HP-UX FTPD 1.1.214.4 - REST Command Memory Disclosure
HP-UX FTPD 1.1.214.4 - 'REST' Memory Disclosure

Sami FTP Server 2.0.1 - LIST Command Buffer Overflow
Sami FTP Server 2.0.1 - 'LIST'  Buffer Overflow

Sami FTP Server - LIST Command Buffer Overflow (Metasploit)
Sami FTP Server - 'LIST'  Buffer Overflow (Metasploit)

PineApp Mail-SeCure - livelog.html Arbitrary Command Execution (Metasploit)
PineApp Mail-SeCure - 'livelog.html' Arbitrary Command Execution (Metasploit)

FSD 2.052/3.000 - sysuser.cc sysuser::exechelp Function HELP Command Remote Overflow
FSD 2.052/3.000 - 'sysuser.cc sysuser::exechelp' 'HELP' Remote Overflow

HP Data Protector - EXEC_BAR Remote Command Execution
HP Data Protector - 'EXEC_BAR' Remote Command Execution

IPtools 0.1.4 - Remote Command Server Buffer Overflow
IPtools 0.1.4 - Remote Buffer Overflow

TWiki 20030201 - search.pm Remote Command Execution
TWiki 20030201 - 'search.pm' Remote Command Execution
AWStats 6.0 < 6.2 - configdir Remote Command Execution (C)
AWStats 6.0 < 6.2 - configdir Remote Command Execution (Perl)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (C)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (Perl)

Guppy 4.5.9 - 'REMOTE_ADDR' Remote Commands Execution
Guppy 4.5.9 - 'REMOTE_ADDR' Remote Command Execution

SimpleBBS 1.1 - Remote Commands Execution
SimpleBBS 1.1 - Remote Command Execution

SimpleBBS 1.1 - Remote Commands Execution (C)
SimpleBBS 1.1 - Remote Command Execution (C)

Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution
Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution
phpBB 2.0.17 - 'signature_bbcode_uid' Remote Command
phpDocumentor 1.3.0 rc4 - Remote Commands Execution
phpBB 2.0.17 - 'signature_bbcode_uid' Remot Command
phpDocumentor 1.3.0 rc4 - Remote Command Execution
CPGNuke Dragonfly 9.0.6.1 - Remote Commands Execution
SPIP 1.8.2g - Remote Commands Execution
CPGNuke Dragonfly 9.0.6.1 - Remote Command Execution
SPIP 1.8.2g - Remote Command Execution

DocMGR 0.54.2 - 'file_exists' Remote Commands Execution
DocMGR 0.54.2 - 'file_exists' Remote Command Execution
EnterpriseGS 1.0 rc4 - Remote Commands Execution
FlySpray 0.9.7 - 'install-0.9.7.php' Remote Commands Execution
EnterpriseGS 1.0 rc4 - Remote Command Execution
FlySpray 0.9.7 - 'install-0.9.7.php' Remote Command Execution

PHPKIT 1.6.1R2 - 'filecheck' Remote Commands Execution
PHPKIT 1.6.1R2 - 'filecheck' Remote Command Execution

Coppermine Photo Gallery 1.4.3 - Remote Commands Execution
Coppermine Photo Gallery 1.4.3 - Remote Command Execution

GeekLog 1.x - 'error.log' (gpc = Off) Remote Commands Execution
GeekLog 1.x - 'error.log' Remote Command Execution

PHP-Stats 0.1.9.1 - Remote Commands Execution
PHP-Stats 0.1.9.1 - Remote Commans Execution

Gallery 2.0.3 - stepOrder[] Remote Commands Execution
Gallery 2.0.3 - 'stepOrder[]' Remote Command Execution

phpList 2.10.2 - GLOBALS[] Remote Code Execution
phpList 2.10.2 - 'GLOBALS[]' Remote Code Execution

Simplog 0.9.2 - 's' Remote Commands Execution
Simplog 0.9.2 - 's' Remote Command Execution

phpWebSite 0.10.2 - 'hub_dir' Remote Commands Execution
phpWebSite 0.10.2 - 'hub_dir' Remote Command Execution

phpGroupWare 0.9.16.010 - GLOBALS[] Remote Code Execution
phpGroupWare 0.9.16.010 - 'GLOBALS[]' Remote Code Execution

GuppY 4.5.16 - Remote Commands Execution
GuppY 4.5.16 - Remote Command Execution

AWStats 6.1 < 6.2 - configdir Remote Command Execution (Metasploit)
AWStats 6.1 < 6.2 - 'configdir' Remote Command Execution (Metasploit)

Achievo 0.7/0.8/0.9 - Remote File Inclusion Command Execution
Achievo 0.7/0.8/0.9 - Remote File Inclusion / Command Execution

SiteInteractive Subscribe Me - Setup.pl Arbitrary Command Execution
SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution
BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)
HongCMS 3.0.0 - SQL Injection
hycus CMS 1.0.4 - Authentication Bypass
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal
 2018-06-29 05:01:52 +00:00
Offensive Security
2c912f897c DB: 2018-06-27 
3 changes to exploits/shellcodes

PoDoFo 0.9.5 - Buffer Overflow

Liferay Portal < 7.0.4 - Server-Side Request Forgery
 2018-06-27 05:01:48 +00:00
Offensive Security
d8206fb5eb DB: 2018-06-26 
13 changes to exploits/shellcodes

KVM (Nested Virtualization) - L1 Guest Privilege Escalation

DIGISOL DG-BR4000NG - Buffer Overflow (PoC)

Foxit Reader 9.0.1.1049 - Remote Code Execution

WordPress Plugin iThemes Security < 7.0.3 - SQL Injection

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)

phpMyAdmin 4.8.1 - Local File Inclusion
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Intex Router N-150 - Cross-Site Request Forgery (Add Admin)
DIGISOL DG-BR4000NG - Cross-Site Scripting
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)
Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Intex Router N-150 - Arbitrary File Upload
WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
 2018-06-26 05:01:46 +00:00
Offensive Security
ac267cb298 DB: 2018-06-21 
11 changes to exploits/shellcodes

Redis 5.0 - Denial of Service
ntp 4.2.8p11 - Local Buffer Overflow (PoC)
Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Mirasys DVMS Workstation 5.12.6 - Path Traversal
MaDDash 2.0.2 - Directory Listing
NewMark CMS 2.1 - 'sec_id' SQL Injection
TP-Link TL-WA850RE - Remote Command Execution
Apache CouchDB < 2.1.0 - Remote Code Execution
IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
VideoInsight WebClient 5 - SQL Injection
 2018-06-21 05:01:44 +00:00
Offensive Security
086cfb2c76 DB: 2018-06-19 
16 changes to exploits/shellcodes

Nikto 2.1.6 - CSV Injection
Pale Moon Browser < 27.9.3 - Use After Free (PoC)
Audiograbber 1.83 - Local Buffer Overflow (SEH)
Redis-cli < 5.0 - Buffer Overflow (PoC)
Microsoft COM for Windows - Privilege Escalation
Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass
Canon MF210/MF220 - Authenticaton Bypass
Canon LBP7110Cw - Authentication Bypass
Canon LBP6030w - Authentication Bypass
Joomla! Component jomres 9.11.2 - Cross-Site Request Forgery
RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery
Redatam Web Server < 7 - Directory Traversal
 2018-06-19 05:01:47 +00:00
Offensive Security
6d3190ddfa DB: 2018-06-13 
9 changes to exploits/shellcodes

WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' DoS
WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit)
Joomla! Component EkRishta 2.10 - 'username' SQL Injection
Siaberry 1.2.2 - Command Injection
OX App Suite 7.8.4 - Multiple Vulnerabilities
Canon PrintMe EFI - Cross-Site Scripting
WordPress Google Map Plugin < 4.0.4 - SQL Injection
WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection
Canon LBP7110Cw - Authentication Bypass
Canon LBP6030w - Authentication Bypass
 2018-06-13 05:01:52 +00:00
Offensive Security
0381c4c519 DB: 2018-06-09 
11 changes to exploits/shellcodes

Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service
WebKit - WebAssembly Compilation Info Leak
Google Chrome - Integer Overflow when Processing WebAssembly Locals
WebKit - Use-After-Free when Resuming Generator
WebRTC - VP9 Frame Processing  Out-of-Bounds Memory Access
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access

TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass

MantisBT XmlImportExport Plugin - PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2)

Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure
MantisBT 1.2.3 (db_type) - Local File Inclusion
Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure
Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion

Mantis 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis 0.19 - Remote Server-Side Script Execution
Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x - New Account Signup Mass Emailing
Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution
Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x - New Account Signup Mass Emailing

Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities

Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion
Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion

Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting

MantisBT 1.1.8 - Cross-Site Scripting / SQL Injection
Mantis Bug Tracker 1.1.8 - Cross-Site Scripting / SQL Injection

MantisBT 1.2.19 - Host Header
Mantis Bug Tracker 1.2.19 - Host Header

MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)

Monstra CMS < 3.0.4 - Cross-Site Scripting Automation
Monstra CMS < 3.0.4 - Cross-Site Scripting
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Splunk < 7.0.1 - Information Disclosure

Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)
 2018-06-09 05:01:42 +00:00