bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1009 commits 1 branch 0 tags 338 MiB
Commit graph

72 commits

Author SHA1 Message Date
Offensive Security
557f116d02 DB: 2016-10-19 
8 new exploits

TikiWiki 1.9 Sirius - (jhot.php) Remote Command Execution
TikiWiki 1.9 Sirius - 'jhot.php' Remote Command Execution

TikiWiki 1.9.5 Sirius - (sort_mode) Information Disclosure
TikiWiki 1.9.5 Sirius - 'sort_mode' Information Disclosure

TikiWiki 1.9.8 - tiki-graph_formula.php Command Execution
TikiWiki 1.9.8 - 'tiki-graph_formula.php' Command Execution

TikiWiki < 1.9.9 - tiki-listmovies.php Directory Traversal
TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal
TikiWiki Project 1.8 - tiki-switch_theme.php theme Parameter Cross-Site Scripting
TikiWiki Project 1.8 - img/wiki_up Arbitrary File Upload
TikiWiki Project 1.8 - tiki-map.phtml Traversal Arbitrary File / Directory Enumeration
TikiWiki Project 1.8 - 'tiki-switch_theme.php' theme Parameter Cross-Site Scripting
TikiWiki Project 1.8 - 'img/wiki_up' Arbitrary File Upload
TikiWiki Project 1.8 - 'tiki-map.phtml' Traversal Arbitrary File / Directory Enumeration
TikiWiki Project 1.8 - categorize.php Direct Request Full Path Disclosure
TikiWiki Project 1.8 - messu-mailbox.php Multiple Parameter Cross-Site Scripting
TikiWiki Project 1.8 - messu-read.php Multiple Parameter Cross-Site Scripting
TikiWiki Project 1.8 - tiki-read_article.php articleId Parameter Cross-Site Scripting
TikiWiki Project 1.8 - tiki-browse_categories.php parentId Parameter Cross-Site Scripting
TikiWiki Project 1.8 - tiki-index.php comments_threshold Parameter Cross-Site Scripting
TikiWiki Project 1.8 - tiki-print_article.php articleId Parameter Cross-Site Scripting
TikiWiki Project 1.8 - tiki-list_file_gallery.php galleryID Parameter Cross-Site Scripting
TikiWiki Project 1.8 - 'categorize.php' Direct Request Full Path Disclosure
TikiWiki Project 1.8 - 'messu-mailbox.php' Multiple Parameter Cross-Site Scripting
TikiWiki Project 1.8 - 'messu-read.php' Multiple Parameter Cross-Site Scripting
TikiWiki Project 1.8 - 'tiki-read_article.php' articleId Parameter Cross-Site Scripting
TikiWiki Project 1.8 - 'tiki-browse_categories.php' parentId Parameter Cross-Site Scripting
TikiWiki Project 1.8 - 'tiki-index.php' comments_threshold Parameter Cross-Site Scripting
TikiWiki Project 1.8 - 'tiki-print_article.php' articleId Parameter Cross-Site Scripting
TikiWiki Project 1.8 - 'tiki-list_file_gallery.php' galleryID Parameter Cross-Site Scripting
TikiWiki Project 1.8 - tiki-upload_file.php galleryID Parameter Cross-Site Scripting
TikiWiki Project 1.8 - tiki-view_faq.php faqId Parameter Cross-Site Scripting
TikiWiki Project 1.8 - tiki-view_chart.php chartId Parameter Cross-Site Scripting
TikiWiki Project 1.8 - tiki-usermenu.php sort_mode Parameter SQL Injection
TikiWiki Project 1.8 - tiki-list_file_gallery.php sort_mode Parameter SQL Injection
TikiWiki Project 1.8 - 'tiki-upload_file.php' galleryID Parameter Cross-Site Scripting
TikiWiki Project 1.8 - 'tiki-view_faq.php' faqId Parameter Cross-Site Scripting
TikiWiki Project 1.8 - 'tiki-view_chart.php' chartId Parameter Cross-Site Scripting
TikiWiki Project 1.8 - 'tiki-usermenu.php' sort_mode Parameter SQL Injection
TikiWiki Project 1.8 - 'tiki-list_file_gallery.php' sort_mode Parameter SQL Injection

Symantec pcAnywhere 12.5.0 Windows (x86) - Remote Code Execution
Symantec pcAnywhere 12.5.0 (Windows x86) - Remote Code Execution

Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)
Pluck CMS 4.7.3 - Cross-Site Request Forgery (Add Page)
LanSpy 2.0.0.155 - Local Buffer Overflow
ManageEngine ServiceDesk Plus 9.2 Build 9207 - Unauthorized Information Disclosure
Cgiemail 1.6 - Source Code Disclosure
Windows DFS Client Driver - Arbitrary Drive Mapping Privilege Escalation (MS16-123)
Windows DeviceApi CMApi PiCMOpenDeviceKey - Arbitrary Registry Key Write Privilege Escalation (MS16-124)
Windows DeviceApi CMApi - User Hive Impersonation Privilege Escalation (MS16-124)
 2016-10-19 05:01:18 +00:00
Offensive Security
d86bdf5f80 DB: 2016-09-29 
2 new exploits

Symantec Messaging Gateway 10.6.1 - Directory Traversal

VLC Media Player 2.2.1 - Buffer Overflow
 2016-09-29 05:01:16 +00:00
Offensive Security
c663f43049 DB: 2016-09-18 2016-09-18 05:06:48 +00:00
Offensive Security
751e61a6bf DB: 2016-09-16 
3 new exploits

Avaya IP Office Phone Manager - Local Password Disclosure

BT Voyager 2091 (Wireless ADSL) - Multiple Vulnerabilities

PA168 Chipset IP Phones - Weak Session Management Exploit

CUPS 1.3.7 - Cross-Site Request Forgery (add rss subscription) Remote Crash

phpMyAdmin - '/scripts/setup.php' PHP Code Injection

NScan 0.9.1 - (Target) Buffer Overflow
NScan 0.9.1 - 'Target' Buffer Overflow

Xerox WorkCentre - Multiple Models Denial of Service
Xerox WorkCentre  (Multiple Models) - Denial of Service
Cisco EPC 3925 - Multiple Vulnerabilities

httpdx 1.4 - h_handlepeer Buffer Overflow (Metasploit)

Novell eDirectory 8.8sp5 - Buffer Overflow

Uebimiau Webmail 3.2.0-2.0 - Email Disclosure

ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x32/x64) - LZH archive parsing (PoC)

Integard Home and Pro 2 - Remote HTTP Buffer Overflow

Multiple D-Link Router Models - Authentication Bypass
D-Link Router (Multiple Models) - Authentication Bypass

iSO Air Files 2.6 - Directory Traversal
iOS FtpDisc 1.0 - Directory Traversal
iOS SideBooks 1.0 - Directory Traversal
iOS FtpDisc 1.0 - Directory Traversal
iOS SideBooks 1.0 - Directory Traversal
iSO Filer Lite 2.1.0 - Directory Traversal
iOS iDocManager 1.0.0 - Directory Traversal
iOS myDBLite 1.1.10 - Directory Traversal
iSO Filer Lite 2.1.0 - Directory Traversal
iOS iDocManager 1.0.0 - Directory Traversal
iOS myDBLite 1.1.10 - Directory Traversal

iOS Share 1.0 - Directory Traversal

iOS TIOD 1.3.3 - Directory Traversal

Zapya Desktop 1.803 - (ZapyaService.exe) Privilege Escalation
Zapya Desktop 1.803 - 'ZapyaService.exe' Privilege Escalation

Dansie Shopping Cart - Server Error Message Installation Full Path Disclosure

Apache/mod_ssl 2.0.x - Remote Denial of Service

SPIP - CMS < 3.0.9 / 2.1.22 / 2.0.23 - Privilege Escalation

Airlive IP Cameras - Multiple Vulnerabilities

Monkey CMS - Multiple Vulnerabilities

NetBSD mail.local - Privilege Escalation (Metasploit)

Apache Mina 2.0.13 - Remote Command Execution

Apache Mina 2.0.13 - Remote Command Execution

DeepOfix SMTP Server 3.3 - Authentication Bypass

xEpan 1.0.4 - Multiple Vulnerabilities
Humhub 0.10.0-rc.1 - SQL Injection
Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Humhub 0.10.0-rc.1 - SQL Injection
Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness
Koha 3.20.1 - Multiple SQL Injections
Koha 3.20.1 - Directory Traversal
Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
Koha 3.20.1 - Multiple SQL Injections
Koha 3.20.1 - Directory Traversal
Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities

8 TOTOLINK Router Models - Backdoor and Remote Code Execution
8 TOTOLINK Router Models - Backdoor / Remote Code Execution

Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow

TestLink 1.9.14 - Cross-Site Request Forgery

PaKnPost Pro 1.14 - Multiple Vulnerabilities

zFTP Client 20061220 - (Connection Name) Local Buffer Overflow
zFTP Client 20061220 - 'Connection Name' Local Buffer Overflow

NUUO NVRmini 2 3.0.8 - (strong_user.php) Backdoor Remote Shell Access
NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access

Cisco ASA 8.x - Authentication Bypass (EXTRABACON)
Cisco ASA 8.x - 'EXTRABACON' Authentication Bypass
Watchguard Firewalls - ifconfig Privilege Escalation (ESCALATEPLOWMAN)
Cisco ASA / PIX - Privilege Escalation (EPICBANANA)
TOPSEC Firewalls - Remote Code Execution (ELIGIBLECONTESTANT)
TOPSEC Firewalls - Remote Code Execution (ELIGIBLECANDIDATE)
TOPSEC Firewalls - Remote Code Execution (ELIGIBLEBOMBSHELL)
TOPSEC Firewalls - Remote Exploit (ELIGIBLEBACHELOR)
Fortigate Firewalls - Remote Code Execution (EGREGIOUSBLUNDER)
Watchguard Firewalls - 'ESCALATEPLOWMAN' ifconfig Privilege Escalation
Cisco ASA / PIX - 'EPICBANANA' Privilege Escalation
TOPSEC Firewalls - 'ELIGIBLECONTESTANT' Remote Code Execution
TOPSEC Firewalls - 'ELIGIBLECANDIDATE' Remote Code Execution
TOPSEC Firewalls - 'ELIGIBLEBOMBSHELL' Remote Code Execution
TOPSEC Firewalls - 'ELIGIBLEBACHELOR' Remote Exploit
Fortigate Firewalls - 'EGREGIOUSBLUNDER' Remote Code Execution

tcPbX - (tcpbx_lang) Local File Inclusion
tcPbX - 'tcpbx_lang' Local File Inclusion
 2016-09-16 05:08:37 +00:00
Offensive Security
5e2fc10125 DB: 2016-09-03 2016-09-03 13:13:25 +00:00
Offensive Security
31a21bb68d DB: 2016-09-03 
14 new exploits

Too many to list!
 2016-09-03 05:08:42 +00:00
Offensive Security
0be2139745 DB: 2016-08-23 
7 new exploits

Too many to list!
 2016-08-23 05:06:48 +00:00
Offensive Security
27bb5a6384 DB: 2016-08-12 
1 new exploits

WordPress Multiple Versions - Pwnpress Exploitation Tookit (0.2pub)
WordPress Core 1.5.1.1 <= 2.2.2  -  Multiple Vulnerabilities

WordPress and Pyrmont 2.x - SQL Injection
WordPress Pyrmont 2.x Plugin - SQL Injection

WordPress Copperleaf Photolog 0.16 - SQL injection
WordPress Copperleaf Photolog 0.16 Plugin - SQL injection

WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities

WordPress 2.x - PHP_Self Cross-Site Scripting
WordPress Core 2.x - PHP_Self Cross-Site Scripting

WordPress 2.2 - Request_URI Parameter Cross-Site Scripting
WordPress Core 2.2 - Request_URI Parameter Cross-Site Scripting

WordPress MailPoet - (wysija-newsletters) Unauthenticated File Upload
WordPress MailPoet Newsletters 2.6.8 Plugin - (wysija-newsletters) Unauthenticated File Upload

Drupal Core 7.32 - SQL Injection (1)
Drupal Core 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (1)

Drupal Core 7.32 - SQL Injection (2)
Drupal Core 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (2)

Drupal < 7.32 Pre Auth SQL Injection
Drupal Core < 7.32 - Pre Auth SQL Injection

Live Wire 2.3.1 For WordPress - Multiple Security Vulnerabilities
Wordpress Live Wire 2.3.1 Theme - Multiple Security Vulnerabilities

The Gazette Edition 2.9.4 For WordPress - Multiple Security Vulnerabilities
WordPress The Gazette Edition 2.9.4 Theme - Multiple Security Vulnerabilities

WordPress Webdorado Spider Event Calendar 1.4.9 - SQL Injection
WordPress Webdorado Spider Event Calendar 1.4.9 Plugin - SQL Injection

WordPress Trending 0.1 - 'cpage' Parameter Cross-Site Scripting
WordPress Trending 0.1 Theme - 'cpage' Parameter Cross-Site Scripting

WordPress WPML - Multiple Vulnerabilities
WordPress WPML 3.1.9 Plugin - Multiple Vulnerabilities

WordPress 4.2 - Stored XSS
WordPress Core 4.2 - Stored XSS

WordPress RevSlider File Upload and Execute
WordPress RevSlider 3.0.95 Plugin - File Upload and Execute

WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution
WordPress MailChimp Subscribe Forms 1.1 - Remote Code Execution

WordPress Track That Stat 1.0.8 Cross-Site Scripting
WordPress Track That Stat 1.0.8 - Cross-Site Scripting

WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload
WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta - Shell Upload

WordPress Wp-ImageZoom 'file' Parameter Remote File Disclosure
WordPress Wp-ImageZoom - 'file' Parameter Remote File Disclosure

WordPress Flip Book 'php.php' Arbitrary File Upload
WordPress Flip Book - 'php.php' Arbitrary File Upload

WordPress PHPFreeChat 'url' Parameter Cross-Site Scripting
WordPress PHPFreeChat - 'url' Parameter Cross-Site Scripting

WordPress Finder 'order' Parameter Cross-Site Scripting
WordPress Finder - 'order' Parameter Cross-Site Scripting

WordPress Multiple Path Dislosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Dislosure Vulnerabilities

WordPress Video Gallery 2.7 SQL Injection
WordPress Video Gallery 2.7 - SQL Injection

WordPress Cross Site Request Forgery
WordPress - Cross Site Request Forgery

WordPress CStar Design 'id' Parameter SQL Injection
WordPress CStar Design Theme - 'id' Parameter SQL Injection

WordPress White-Label Framework 2.0.6 - XSS
WordPress White-Label Framework 2.0.6 Theme - XSS

WordPress NextGEN Gallery 'upload.php' Arbitrary File Upload
WordPress NextGEN Gallery - 'upload.php' Arbitrary File Upload

WordPress Xorbin Digital Flash Clock 'widgetUrl' Parameter Cross-Site Scripting
WordPress Xorbin Digital Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting

WordPress Lead Octopus Power 'id' Parameter SQL Injection
WordPress Lead Octopus Power - 'id' Parameter SQL Injection
WordPress Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities
WordPress Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection
WordPress Booking Calendar Contact Form 1.1.24 Plugin - Multiple Vulnerabilities
WordPress Booking Calendar Contact Form 1.1.24 Plugin - addslashes SQL Injection

Wordpress Ultimate Product Catalog 3.9.8 - (do_shortcode via ajax) Blind SQL Injection
Wordpress Ultimate Product Catalog 3.9.8 Plugin - (do_shortcode via ajax) Blind SQL Injection
Wireshark 1.12.0 - 1.12.12 - NDS Dissector Denial of Service
Wireshark 2.0.0 to 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service
Wireshark 1.12.0-1.12.12 - NDS Dissector Denial of Service
Wireshark 2.0.0 - 2.0.4 - MMSE_ WAP_ WBXML_ and WSP Dissectors Denial of Service

Microsoft Office Word 2007_2010_2013_2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)
Microsoft Office Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)

WebNMS Framework Server 5.2 and 5.2 SP1 - Multiple Vulnerabilities
WebNMS Framework Server 5.2 /  5.2 SP1 - Multiple Vulnerabilities

ColoradoFTP 1.3 Prime Edition (Build 8) - Directory Traversal
 2016-08-12 05:09:55 +00:00
Offensive Security
d06dff59f9 DB: 2016-07-26 
16 new exploits

Ubuntu Breezy 5.10 - Installer Password Disclosure
Ubuntu 5.10 - Installer Password Disclosure

BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes)
BSD/x86 - setuid/portbind 31337/TCP shellcode (94 bytes)
Linux/x86 - shellcode that forks a HTTP Server on port tcp/8800 (166 bytes)
Linux/x86 - listens for shellcode on tcp/5555 and jumps to it (83 bytes)
Linux/x86 - Forks a HTTP Server on port 8800/TCP shellcode (166 bytes)
Linux/x86 - Listens for shellcode on 5555/TCP and jumps to it (83 bytes)

Linux/x86 - Shellcode Polymorphic chmod(_/etc/shadow__666) (54 bytes)
Linux/x86 - Polymorphic chmod(_/etc/shadow__666) Shellcode (54 bytes)

Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes)
Linux/x86 - Add root user 'r00t' with no password to /etc/passwd shellcode (69 bytes)

Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes)
Linux/x86 - SET_PORT() portbind 31337/TCP shellcode (100 bytes)

Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - Add User 'xtz' without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP + fork() shellcode (98 bytes)

Linux/x86 - connect-back shellcode 127.0.0.1:31337/tcp (74 bytes)
Linux/x86 - Connect-back shellcode 127.0.0.1:31337/TCP (74 bytes)

Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes)
Linux/x86 - Add user 't00r' encrypt shellcode (116 bytes)

Linux/x86 - Add user _t00r_ shellcode (82 bytes)
Linux/x86 - Add user 't00r' shellcode (82 bytes)

Linux/x86 - Add user _z_ shellcode (70 bytes)
Linux/x86 - Add User 'z' shellcode (70 bytes)

Solaris/x86 - portbind/tcp shellcode (Generator)
Solaris/x86 - portbind/TCP shellcode (Generator)

Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes)
Linux/x86 - append '/etc/passwd' & exit() shellcode (107 bytes)

Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes)
Linux/x86 - sends 'Phuck3d!' to all terminals shellcode (60 bytes)

Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall shellcode (39 bytes)

Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall shellcode (39 bytes)

Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes)
Linux/ARM - Add root user 'shell-storm' with password 'toor' shellcode (151 bytes)

OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes)
OS-X/Intel (x86_64) - reverse_tcp shell shellcode (131 bytes)

Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes)
Linux/SuperH (sh4) - Add root user 'shell-storm' with password 'toor' shellcode (143 bytes)

Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes)
Linux/MIPS - Add user(UID 0) 'rOOt' with password 'pwn3d' shellcode (164 bytes)

Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password)

Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes)
Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes)

OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes)
OS-X/x86-64 - 4444/TPC port bind Nullfree shellcode (144 bytes)
Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes)
Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bindshell 4444/TCP with Password Prompt shellcode (162 bytes)

Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes)
Linux/x86-64 - Bind 1472/TCP shellcode (IPv6) (199 bytes)

Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes)
Linux/x86 - Bind Shell Port 4444/TCP shellcode (656 bytes)

Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes)
Linux/x86 - Bind Shell Port 4444/TCP shellcode (98 bytes)

Rapid7 AppSpider 6.12 - Local Privilege Escalation
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)
Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)
MediaCoder 0.8.43.5852 - .m3u SEH Exploit
Drupal CODER Module 2.5 - Remote Command Execution (Metasploit)
CodoForum 3.2.1 - SQL Injection
CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter+ASLR bypass)
GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload
PHP gettext (gettext.php) 1.0.12 - Unauthenticated Code Execution
PHP 7.0.8_ 5.6.23 and 5.5.37 - bzread() Out-of-Bounds Write
Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities
Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities
Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities
Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities
Bellini/Supercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities
 2016-07-26 05:04:05 +00:00
Offensive Security
0fe9b46f79 DB: 2016-06-22 
14 new exploits

Linux Kernel <= 2.4.22 - 'do_brk' Local Root Exploit (2)
Linux Kernel <= 2.4.22 - 'do_brk()' Local Root Exploit (2)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap' Local Proof of Concept (1)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap' Local Proof of Concept (2)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (1)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (2)

Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit (3)

Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit
Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit (1)

Linux Kernel <= 2.4.29-rc2 - uselib() Privilege Elevation
Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Elevation (1)

Linux Kernel 2.4 - uselib() Privilege Elevation Exploit
Linux Kernel 2.4 - uselib() Privilege Elevation Exploit (2)

Linux Kernel 2.4.x / 2.6.x - uselib() Local Privilege Escalation Exploit
Linux Kernel 2.4.x / 2.6.x - uselib() Local Privilege Escalation Exploit (3)
Linux Kernel 2.6.17 <= 2.6.24.1 - vmsplice Local Root Exploit
Linux Kernel 2.6.23 <= 2.6.24 - vmsplice Local Root Exploit
Linux Kernel 2.6.17 <= 2.6.24.1 - 'vmsplice' Local Root Exploit (2)
Linux Kernel 2.6.23 <= 2.6.24 - vmsplice Local Root Exploit (1)

Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV Local Privilege Escalation Exploit
Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV Local Privilege Escalation Exploit (1)

Linux Kernel 2.6 UDEV < 141 (Gentoo / Ubuntu 8.10/9.04) - Local Privilege Escalation Exploit
Linux Kernel 2.6 (Gentoo / Ubuntu 8.10/9.04) - UDEV < 141 Local Privilege Escalation Exploit (2)
Linux Kernel 2.x (Redhat) - sock_sendpage() Ring0 Local Root Exploit (1)
Linux Kernel 2.x - sock_sendpage() Local Root Exploit (2)
Linux Kernel 2.x (Redhat) - 'sock_sendpage()' Ring0 Local Root Exploit (1)
Linux Kernel 2.x - 'sock_sendpage()' Local Root Exploit (2)

Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - sock_sendpage() ring0 Root Exploit (1)
Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' ring0 Root Exploit (3)

Linux Kernel <= 2.6.30 - atalk_getname() 8-bytes Stack Disclosure Exploit
Linux Kernel <= 2.6.30 - 'atalk_getname()' 8-bytes Stack Disclosure Exploit (1)
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit
Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit (1)
Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit (2)
Linux Kernel < 2.6.19 (x86/x64) - udp_sendmsg Local Root Exploit
Linux Kernel < 2.6.19 (Debian 4) - udp_sendmsg Local Root Exploit
Linux Kernel < 2.6.19 (x86/x64) - udp_sendmsg Local Root Exploit (2)
Linux Kernel < 2.6.19 (Debian 4) - 'udp_sendmsg' Local Root Exploit (3)

Linux Kernel 2.4 / 2.6 (Fedora 11) - sock_sendpage() Local Root Exploit (2)
Linux Kernel 2.4 / 2.6 (Fedora 11) - 'sock_sendpage()' Local Root Exploit (4)

Linux Kernel 2.4 / 2.6 - sock_sendpage() Local Root Exploit (3)
Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Local Root Exploit (5)

Linux Kernel 2.4.1-2.4.37 / 2.6.1-2.6.32-rc5 - Pipe.c Privilege Escalation
Linux Kernel 2.4.1-2.4.37 / 2.6.1-2.6.32-rc5 - Pipe.c Privilege Escalation (3)

Linux Kernel <= 2.6.32 - 'pipe.c' Local Privilege Escalation Vulnerability
Linux Kernel <= 2.6.32 - 'pipe.c' Local Privilege Escalation Vulnerability (4)

Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full Nelson' Local Privilege Escalation
Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation

Linux Kernel <= 2.6.37 - Local Kernel Denial of Service
Linux Kernel <= 2.6.37 - Local Kernel Denial of Service (1)

Linux Kernel < 2.6.37-rc2 - TCP_MAXSEG Kernel Panic DoS
Linux Kernel < 2.6.37-rc2 - TCP_MAXSEG Kernel Panic DoS (2)

Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - Econet Privilege Escalation Exploit
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation Exploit

Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - Mempodipper Local Root (1)
Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Local Root (1)

Linux Kernel 2.0/2.1_ Digital UNIX <= 4.0 D_ FreeBSD <= 2.2.4_ HP HP-UX 10.20/11.0_ IBM AIX <= 3.2.5_ NetBSD 1.2_ Solaris <= 2.5.1 - Smurf Denial of Service Vulnerability
Linux Kernel 2.0/2.1 (Digital UNIX <= 4.0 D / FreeBSD <= 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX <= 3.2.5 / NetBSD 1.2 / Solaris <= 2.5.1) - Smurf Denial of Service Vulnerability

Linux Kernel <= 2.3_ BSD/OS <= 4.0_ FreeBSD <= 3.2_ NetBSD <= 1.4 - Shared Memory Denial of Service Vulnerability
Linux Kernel <= 2.3 (BSD/OS <= 4.0 / FreeBSD <= 3.2 / NetBSD <= 1.4) - Shared Memory Denial of Service Vulnerability

Linux Kernel 2.2.12/2.2.14/2.3.99_ RedHat 6.x - Socket Denial of Service
Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1)
Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2)
Linux Kernel 2.2.x <= 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Local Root 'sendmail' Vulnerability (1)
Linux Kernel 2.2.x <= 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2)

Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86_64) - sock_diag_handlers[] Local Root
Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86_64) - 'sock_diag_handlers[]' Local Root (1)

Linux Kernel <= 3.7.10 (Ubuntu 12.10 x64) - sock_diag_handlers Local Root Exploit
Linux Kernel <= 3.7.10 (Ubuntu 12.10 x64) - 'sock_diag_handlers' Local Root Exploit (2)

Linux Kernel 2.6.x - SYS_EPoll_Wait Local Integer Overflow Local Root Vulnerability (1)
Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow Local Root Vulnerability (1)

Linux Kernel 2.6.32 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit
Linux Kernel 2.6.32 <= 3.x.x (CentOS) - 'PERF_EVENTS' Local Root Exploit (1)

Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit
Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit (2)

Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat - Proof of Concept
Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat - Proof of Concept (1)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - Arbitrary Write with CONFIG_X86_X32 Exploit
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Local Root Exploit
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - Arbitrary Write with 'CONFIG_X86_X32' Exploit (2)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Local Root Exploit (3)

Linux Kernel 2.6.x - 'fput()' NULL Pointer Dereference Local Denial of Service Vulnerabilty

Linux Kernel 3.3 < 3.8 (Ubuntu/Fedora 18) - SOCK_DIAG Local Root Exploit
Linux Kernel 3.3 < 3.8 (Ubuntu/Fedora 18) - SOCK_DIAG Local Root Exploit (3)
Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.(0_1_2) x64) - perf_swevent_init Local Root Exploit
Linux Kernel 2.6.x - 'fasync_helper()' Local Privilege Escalation Vulnerability
Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.0/1/2 x64) - perf_swevent_init Local Root Exploit (3)
Linux Kernel < 2.6.28 - 'fasync_helper()' Local Privilege Escalation Vulnerability

Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - Mempodipper Local Root (2)
Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - 'Mempodipper.c' Local Root (2)

Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root Shell
Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Local Root Shell

Linux Kernel <= 4.3.3 (Ubuntu 14.04/15.10) - overlayfs Local Root Exploit
Linux Kernel <= 4.3.3 (Ubuntu 14.04/15.10) - 'overlayfs' Local Root Exploit (1)

Linux Kernel <= 4.3.3 - overlayfs Local Privilege Escalation
Linux Kernel <= 4.3.3 - 'overlayfs' Local Privilege Escalation (2)
DarkComet Server Remote File Download Exploit (msf)
Banshee 2.6.2 - .mp3 Crash PoC
IonizeCMS 1.0.8 - (Add Admin) CSRF
Yona CMS - (Add Admin) CSRF
Joomla Publisher Pro (com_publisher) Component - SQL Injection
Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap-Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)
Windows Kernel - ATMFD.DLL NamedEscape 0x250C Pool Corruption (MS16-074)
Linux - ecryptfs and /proc/$pid/environ Privilege Escalation
Windows - Custom Font Disable Policy Bypass
Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063)
SAP NetWeaver AS JAVA 7.1 - 7.5 - ctcprotocol Servlet XXE
SAP NetWeaver AS JAVA 7.1 - 7.5 - Directory Traversal
Radiant CMS 1.1.3 - Mutiple Persistent XSS Vulnerabilities
YetiForce CRM < 3.1 - Persistent XSS
 2016-06-22 05:06:31 +00:00
Offensive Security
62962d90b0 DB: 2016-06-07 
16 new exploits

Linux Kernel < 2.6.34 (Ubuntu 11.10 x86 & x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)
Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)

Linux Kernel  2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit)
Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit)

Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings
Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root

WordPress Simple Backup Plugin 2.7.11 - Multiple Vulnerabilities
Dream Gallery 1.0 - CSRF Add Admin Exploit
Apache Continuum 1.4.2 - Multiple Vulnerabilities
Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - ShellShock Exploit
Valve Steam 3.42.16.13 - Local Privilege Escalation
ArticleSetup 1.00 - CSRF Change Admin Password
Electroweb Online Examination System 1.0 - SQL Injection
WordPress WP Mobile Detector Plugin 3.5 - Arbitrary File Upload
WordPress Creative Multi-Purpose Theme 9.1.3 - Stored XSS
WordPress WP PRO Advertising System Plugin 4.6.18 - SQL Injection
WordPress Newspaper Theme 6.7.1 - Privilege Escalation
WordPress Uncode Theme 1.3.1 - Arbitrary File Upload
WordPress Double Opt-In for Download Plugin 2.0.9 - SQL Injection
Notilus Travel Solution Software 2012 R3 - SQL Injection
rConfig 3.1.1 - Local File Inclusion
Nagios XI 5.2.7 - Multiple Vulnerabilities
 2016-06-07 05:07:41 +00:00
Offensive Security
6dc4d46521 DB: 2016-05-18 
16 new exploits

Meteocontrol WEB’log - Admin Password Disclosure
Cisco ASA Software 8.x / 9.x - IKEv1 and IKEv2 Buffer Overflow
Adobe Flash - JXR Processing Out-of-Bounds Read
Adobe Flash - Out-of-Bounds Read when Placing Object
Adobe Flash - Overflow in Processing Raw 565 Textures
Adobe Flash - Heap Overflow in ATF Processing (Image Reading)
Adobe Flash - MP4 File Stack Corruption
Adobe Flash - Type Confusion in FileReference Constructor
Adobe Flash - addProperty Use-After-Free
Adobe Flash - SetNative Use-After-Free
Windows - gdi32.dll Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055)
Windows - gdi32.dll Multiple Issues in the EMF COMMENT_MULTIFORMATS Record Handling (MS16-055)
Windows - gdi32.dll Heap-Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Symantec/Norton Antivirus - ASPack Remote Heap/Pool Memory Corruption Vulnerability
Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
SAP xMII 15.0 - Directory Traversal
 2016-05-18 05:02:15 +00:00
Offensive Security
22a4c5d4cc DB: 2016-04-22 
5 new exploits

freePBX 2.1.3 (upgrade.php) Remote File Include Vulnerability
FreePBX 2.1.3 - (upgrade.php) Remote File Include Vulnerability

FreePBX <= 2.8.0 Recordings Interface Allows Remote Code Execution
FreePBX <= 2.8.0 - Recordings Interface Allows Remote Code Execution

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution
FreePBX 2.10.0 / 2.9.0 - callmenum Remote Code Execution

FreePBX 2.2 SIP Packet Multiple HTML Injection Vulnerabilities
FreePBX 2.2 - SIP Packet Multiple HTML Injection Vulnerabilities

FreePBX config.php Remote Code Execution
FreePBX - config.php Remote Code Execution
FreePBX 2.5.2 admin/config.php tech Parameter XSS
FreePBX 2.5.2 Zap Channel Addition Description Parameter XSS
FreePBX 2.5.2 - admin/config.php tech Parameter XSS
FreePBX 2.5.2 - Zap Channel Addition Description Parameter XSS
phpLiteAdmin 1.9.6 - Multiple Vulnerabilities
Symantec Brightmail 10.6.0-7- LDAP Credentials Disclosure
Gemtek CPE7000 / WLTCS-106 - Multiple Vulnerabilities
Linux/x86_64 - bindshell (Port 5600) - 86 bytes
Microsoft Windows 7-10 & Server 2008-2012 - Local Privilege Escalation (x32/x64) (MS16-032) (Powershell)
 2016-04-22 05:03:45 +00:00
Offensive Security
f7b6199767 DB: 2016-02-23 
7 new exploits
 2016-02-23 05:02:07 +00:00
Offensive Security
6e68aad606 DB: 2016-02-15 
2 new exploits
 2016-02-15 05:04:08 +00:00
Offensive Security
0d39670c20 DB: 2016-02-13 
1 new exploits
 2016-02-13 05:03:17 +00:00
Offensive Security
2ec2bcdde4 DB: 2016-02-02 
11 new exploits
 2016-02-02 05:02:47 +00:00
Offensive Security
a5b96c2067 DB: 2016-01-28 
11 new exploits
 2016-01-28 05:02:01 +00:00
Offensive Security
67dd87a6f5 DB: 2016-01-27 
15 new exploits
 2016-01-27 05:03:06 +00:00
Offensive Security
97940c47e2 DB: 2016-01-08 
10 new exploits
 2016-01-08 05:03:43 +00:00
Offensive Security
95a1b072fe DB: 2015-11-18 
7 new exploits
 2015-11-18 05:02:21 +00:00
Offensive Security
f98ebec3d2 DB: 2015-11-11 
11 new exploits
 2015-11-11 05:02:52 +00:00
Offensive Security
9005d315b8 DB: 2015-10-29 
12 new exploits
 2015-10-29 05:02:34 +00:00
Offensive Security
aa57287847 DB: 2015-10-16 
17 new exploits
 2015-10-16 05:02:10 +00:00
Offensive Security
7fcce7a954 DB: 2015-10-01 
14 new exploits
 2015-10-01 05:02:54 +00:00
Offensive Security
42b241205e DB: 2015-09-11 
20 new exploits
 2015-09-11 05:01:46 +00:00
Offensive Security
d891c95c0e DB: 2015-08-29 
11 new exploits
 2015-08-29 05:01:51 +00:00
Offensive Security
5d9a8808ca DB: 2015-07-14 
30 new exploits
 2015-07-14 05:03:24 +00:00
Offensive Security
e8f22fe4b6 DB: 2015-07-11 
26 new exploits
 2015-07-11 05:03:28 +00:00
Offensive Security
7c733046b7 DB: 2015-06-30 
9 new exploits
 2015-06-30 05:03:19 +00:00
Offensive Security
441db36a16 DB: 2015-06-26 
5 new exploits
 2015-06-26 05:02:53 +00:00
Offensive Security
8a28155962 DB: 2015-05-27 
15 new exploits
 2015-05-27 05:02:00 +00:00
Offensive Security
2be48e03b5 DB: 2015-05-18 
8 new exploits
 2015-05-18 05:03:27 +00:00
Offensive Security
b3321b3426 DB: 2015-05-15 
17 new exploits
 2015-05-15 05:02:32 +00:00
Offensive Security
5acc3a9713 DB: 2015-05-10 
1 new exploits
 2015-05-10 05:02:35 +00:00
Offensive Security
01ba689949 DB: 2015-05-08 
19 new exploits
 2015-05-08 05:02:43 +00:00
Offensive Security
67447e4b29 DB: 2015-04-28 
16 new exploits
 2015-04-28 05:01:34 +00:00
Offensive Security
cc553d1147 DB: 2015-04-20 
11 new exploits
 2015-04-20 12:44:13 +00:00
Offensive Security
223a30662a DB: 2015-04-11 
12 new exploits
 2015-04-11 08:36:20 +00:00
Offensive Security
0607d0429f DB: 2015-04-09 
19 new exploits
 2015-04-09 08:36:09 +00:00
Offensive Security
1f826038cf DB: 2015-03-31 
25 new exploits
 2015-03-31 08:35:36 +00:00
Offensive Security
9a428f40c9 DB: 2015-03-20 
19 new exploits
 2015-03-20 08:36:08 +00:00
Offensive Security
5924dde297 DB: 2015-03-19 
2 new exploits
 2015-03-19 09:39:10 +00:00
Offensive Security
51e5e42e74 Update: 2015-03-17 
49 new exploits
 2015-03-17 08:36:10 +00:00
Offensive Security
65bae5bbd0 Update: 2015-03-08 
9 new exploits
 2015-03-08 08:37:21 +00:00
Offensive Security
6b868b6b79 Update: 2015-01-17 
14 new exploits
 2015-01-17 08:35:34 +00:00
Offensive Security
e112b990da Update: 2015-01-05 
9 new exploits
 2015-01-05 08:36:21 +00:00
Offensive Security
6b6daa5f97 Updated 08_17_2014 2014-08-17 04:41:15 +00:00
Offensive Security
0dee5d67ec Updated 08_10_2014 2014-08-10 04:40:43 +00:00
Offensive Security
79bbca8527 Updated 07_20_2014 2014-07-20 04:38:35 +00:00