Offensive Security
ab6387922c
DB: 2019-08-16
...
23 changes to exploits/shellcodes
NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String
Adobe Acrobat CoolType (AFDKO) - Memory Corruption in the Handling of Type 1 Font load/store Operators
Adobe Acrobat CoolType (AFDKO) - Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts
Microsoft Font Subsetting - DLL Returning a Dangling Pointer via MergeFontPackage
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in GetGlyphIdx
Microsoft Font Subsetting - DLL Double Free in MergeFormat12Cmap / MakeFormat12MergedGlyphList
Microsoft Font Subsetting - DLL Heap Corruption in FixSbitSubTables
Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure
Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure
Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1
Adobe Acrobat Reader DC for Windows - Heap-Based Out-of-Bounds read due to Malformed JP2 Stream
Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow While Processing Malformed PDF
Adobe Acrobat Reader DC for Windows - Static Buffer Overflow due to Malformed Font Stream
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed Font Stream
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow in CoolType.dll
Adobe Acrobat Reader DC for Windows - Heap-Based Memory Corruption due to Malformed TTF Font
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream
Adobe Acrobat Reader DC for Windows - free() of Uninitialized Pointer due to Malformed JBIG2Globals Stream
Adobe Acrobat Reader DC for Windows - Double Free due to Malformed JP2 Stream
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities
2019-08-16 05:02:25 +00:00
Offensive Security
a32e028b88
DB: 2019-08-13
...
17 changes to exploits/shellcodes
VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
Linux - Use-After-Free Reads in show_numa_stats()
WebKit - UXSS via XSLT and Nested Document Replacements
Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Formula Injection
osTicket 1.12 - Persistent Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
2019-08-13 05:02:31 +00:00
Offensive Security
44a9c2cd04
DB: 2019-08-08
...
2 changes to exploits/shellcodes
Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability
WordPress Plugin JoomSport 3.3 - SQL Injection
2019-08-08 05:02:37 +00:00
Offensive Security
00f5094d48
DB: 2019-07-31
...
8 changes to exploits/shellcodes
macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects
WP Database Backup < 5.2 - Remote Code Execution (Metasploit)
WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit)
Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
2019-07-31 05:02:25 +00:00
Offensive Security
f671a16b46
DB: 2019-07-26
...
4 changes to exploits/shellcodes
WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads
Ovidentia 8.4.3 - Cross-Site Scripting
Ovidentia 8.4.3 - SQL Injection
2019-07-26 05:02:11 +00:00
Offensive Security
c4e67ef73c
DB: 2019-07-11
...
20 changes to exploits/shellcodes
Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes
Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes
Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar
Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Unbounded iFD
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator
Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index
Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table
Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Empty ROS Strings
2019-07-11 05:02:13 +00:00
Offensive Security
894b9e59aa
DB: 2019-07-10
...
3 changes to exploits/shellcodes
Firefox 67.0.4 - Denial of Service
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
2019-07-10 05:02:07 +00:00
Offensive Security
ee2531c421
DB: 2019-06-27
...
2 changes to exploits/shellcodes
Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
2019-06-27 05:01:52 +00:00
Offensive Security
8cbfa5df7f
DB: 2019-06-18
...
13 changes to exploits/shellcodes
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)
AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector
Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
2019-06-18 05:01:54 +00:00
Offensive Security
e76aee5eaf
DB: 2019-06-06
...
4 changes to exploits/shellcodes
Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
LibreNMS - addhost Command Injection (Metasploit)
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
2019-06-06 05:01:56 +00:00
Offensive Security
0a2b5fd16f
DB: 2019-05-30
...
7 changes to exploits/shellcodes
Free SMTP Server 2.5 - Denial of Service (PoC)
Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)
pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
2019-05-30 05:01:56 +00:00
Offensive Security
6d57564d7c
DB: 2019-05-22
...
12 changes to exploits/shellcodes
Deluge 1.3.15 - 'URL' Denial of Service (PoC)
Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)
macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
2019-05-22 05:01:55 +00:00
Offensive Security
945107caf5
DB: 2019-05-14
...
10 changes to exploits/shellcodes
SpotMSN 2.4.6 - Denial of Service (PoC)
DNSS 2.1.8 - Denial of Service (PoC)
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write
TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
SOCA Access Control System 180612 - Information Disclosure
SOCA Access Control System 180612 - SQL Injection
SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)
XOOPS 2.5.9 - SQL Injection
OpenProject 5.0.0 - 8.3.1 - SQL Injection
Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
2019-05-14 05:01:58 +00:00
Offensive Security
56498e7891
DB: 2019-04-23
...
10 changes to exploits/shellcodes
Ease Audio Converter 5.30 - '.mp4' Denial of Service (PoC)
QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service
Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)
LabF nfsAxe 3.7 Ping Client - 'Host IP' Buffer Overflow (Direct Ret)
ManageEngine Applications Manager 14.0 - Authentication Bypass / Remote Command Execution (Metasploit)
WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery / Local File Inclusion
74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)
Msvod 10 - Cross-Site Request Forgery (Change User Information)
UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting
Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes)
2019-04-23 05:02:04 +00:00
Offensive Security
ab955a9b5d
DB: 2019-04-19
...
5 changes to exploits/shellcodes
Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)
Evernote 7.9 - Code Execution via Path Traversal
LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)
ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)
2019-04-19 05:02:10 +00:00
Offensive Security
5e1aca383e
DB: 2019-04-18
...
5 changes to exploits/shellcodes
ASUS HG100 - Denial of Service
DHCP Server 2.5.2 - Denial of Service (PoC)
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID
MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow
2019-04-18 05:01:57 +00:00
Offensive Security
9d7b2f64d5
DB: 2019-04-04
...
18 changes to exploits/shellcodes
Canarytokens 2019-03-01 - Detection Bypass
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)
WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion
iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free
WebKitGTK+ - 'ThreadedCompositor' Race Condition
Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion
AIDA64 Business 5.99.4900 - SEH Buffer Overflow (EggHunter)
AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow
AIDA64 Extreme / Engineer / Network Audit 5.99.4900 - SEH Buffer Overflow (EggHunter)
TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit)
PhreeBooks ERP 5.2.3 - Remote Command Execution
Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
iScripts ReserveLogic - SQL Injection
Clinic Pro v4 - 'month' SQL Injection
Ashop Shopping Cart Software - SQL Injection
PhreeBooks ERP 5.2.3 - Arbitrary File Upload
2019-04-04 05:02:18 +00:00
Offensive Security
c09f5132f7
DB: 2019-03-27
...
9 changes to exploits/shellcodes
Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)
Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow
Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection
Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting
XooGallery - Multiple SQL Injection
XooDigital - 'p' SQL Injection
Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion
SJS Simple Job Script - SQL Injection / Cross-Site Scripting
2019-03-27 05:01:59 +00:00
Offensive Security
2afed97ceb
DB: 2019-03-20
...
16 changes to exploits/shellcodes
libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons
Google Chrome < M73 - Double-Destruction Race in StoragePartitionService
Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
Microsoft VBScript - VbsErase Memory Corruption
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject
Google Chrome < M73 - MidiManagerWin Use-After-Free
Google Chrome < M73 - FileSystemOperationRunner Use-After-Free
Advanced Host Monitor 11.92 beta - Local Buffer Overflow
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit)
TheCarProject v2 - Multiple SQL Injection
TheCarProject 2 - Multiple SQL Injection
Gila CMS 1.9.1 - Cross-Site Scripting
MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting
eNdonesia Portal 8.7 - Multiple Vulnerabilities
Netartmedia Event Portal 2.0 - 'Email' SQL Injection
Netartmedia PHP Mall 4.1 - SQL Injection
Netartmedia Real Estate Portal 5.0 - SQL Injection
2019-03-20 05:01:53 +00:00
Offensive Security
880bbe402e
DB: 2019-03-08
...
14991 changes to exploits/shellcodes
HTC Touch - vCard over IP Denial of Service
TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities
PeerBlock 1.1 - Blue Screen of Death
WS10 Data Server - SCADA Overflow (PoC)
Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
man-db 2.4.1 - 'open_cat_stream()' Local uid=man
CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation
CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
CCProxy 6.2 - 'ping' Remote Buffer Overflow
Savant Web Server 3.1 - Remote Buffer Overflow (2)
Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution
Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
2019-03-08 05:01:50 +00:00
Offensive Security
55fab34db7
DB: 2019-03-02
...
10 changes to exploits/shellcodes
Linux Kernel 3.10.0 (CentOS7) - Denial of Service
Linux Kernel 3.10.0 (CentOS 7) - Denial of Service
Google Chrome < M72 - PaymentRequest Service Use-After-Free
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost
Google Chrome < M72 - FileWriterImpl Use-After-Free
tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads
Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image
Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation
2019-03-02 05:01:54 +00:00
Offensive Security
e2ed64fffa
DB: 2019-02-23
...
5 changes to exploits/shellcodes
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter
Nuuo Central Management - Authenticated SQL Server SQL Injection (Metasploit)
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution
Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation
Teracue ENC-400 - Command Injection / Missing Authentication
2019-02-23 05:01:55 +00:00
Offensive Security
d622832ea0
DB: 2019-02-12
...
21 changes to exploits/shellcodes
KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflows (PoC) (SEH)
Jzip - Buffer Overflow (Denial of Service) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)
STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC)
STIMS Buffer 1.1.20 - Buffer Overflow (PoC) (SEH Overwrite)
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service)
Zortam Mp3 Media Studio 20.15 - Overflow (PoC) (SEH)
Netatalk 3.1.12 - Authentication Bypass (PoC)
IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)
Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)
IP-Tools 2.50 - Local Buffer Overflow (PoC)
Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite)
FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC)
FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite)
Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC)
Remote Process Explorer 1.0.0.16 - Buffer Overflow (PoC) (SEH Overwrite)
AirDroid 4.2.1.6 - Denial of Service
FutureDj Pro 1.7.2.0 - Denial of Service
NordVPN 6.19.6 - Denial of Service (PoC)
River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH)
Evince - CBT File Command Injection (Metasploit)
Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure
Netatalk - Bypass Authentication
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit)
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
Smoothwall Express 3.1-SP4 - Cross-Site Scripting
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
IPFire 2.21 - Cross-Site Scripting
MyBB Bans List 1.0 - Cross-Site Scripting
VA MAX 8.3.4 - Authenticated Remote Code Execution
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting
Webiness Inventory 2.3 - 'email' SQL Injection
2019-02-12 05:01:49 +00:00
Offensive Security
e965ded980
DB: 2019-02-07
...
5 changes to exploits/shellcodes
Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
osCommerce 2.3.4.1 - 'currency' SQL Injection
osCommerce 2.3.4.1 - 'products_id' SQL Injection
osCommerce 2.3.4.1 - 'reviews_id' SQL Injection
2019-02-07 05:01:45 +00:00
Offensive Security
68794471c9
DB: 2019-02-01
...
13 changes to exploits/shellcodes
Anyburn 4.3 - 'Convert image to file format' Denial of Service
Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC)
AMAC Address Change 5.4 - Denial of Service (PoC)
ASPRunner Professional 6.0.766 - Denial of Service (PoC)
FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC)
LanHelper 1.74 - Denial of Service (PoC)
macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File
macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass)
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) (DEP Bypass)
R 3.5.0 - Local Buffer Overflow (SEH)
UltraISO 9.7.1.3519 - 'Output FileName' Local Buffer Overflow (SEH)
2019-02-01 05:01:49 +00:00
Offensive Security
f700c5347d
DB: 2019-01-31
...
8 changes to exploits/shellcodes
Advanced File Manager 3.4.1 - Denial of Service (PoC)
iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure
IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)
Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)
HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass)
HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH)
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass)
PDF Signer 3.0 - SSTI to RCE via CSRF Cookie
PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)
Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection
Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes)
2019-01-31 05:01:49 +00:00
Offensive Security
5a69ff88a0
DB: 2019-01-26
...
6 changes to exploits/shellcodes
Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
GreenCMS 2.x - SQL Injection
GreenCMS 2.x - Arbitrary File Download
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
2019-01-26 05:01:42 +00:00
Offensive Security
fa261f0558
DB: 2019-01-17
...
18 changes to exploits/shellcodes
Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
Roxy Fileman 1.4.5 - Arbitrary File Download
doorGets CMS 7.0 - Arbitrary File Download
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
2019-01-17 05:01:45 +00:00
Offensive Security
c2a1585898
DB: 2019-01-10
...
10 changes to exploits/shellcodes
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
MDwiki < 0.6.2 - Cross-Site Scripting
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
BlogEngine 3.3 - XML External Entity Injection
Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
2019-01-10 05:01:43 +00:00
Offensive Security
0b8f4f786a
DB: 2019-01-09
...
3 changes to exploits/shellcodes
Wireshark - 'get_t61_string' Heap Out-of-Bounds Read
CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation
Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection
2019-01-09 05:01:54 +00:00
Offensive Security
e8dcb9f022
DB: 2019-01-03
...
12 changes to exploits/shellcodes
EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
WebKit JSC - 'AbstractValue::set' Use-After-Free
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write
Ayukov NFTP FTP Client 2.0 - Buffer Overflow
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection
Frog CMS 0.9.5 - Cross-Site Scripting
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
WSTMart 2.0.8 - Cross-Site Scripting
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
WSTMart 2.0.8 - Cross-Site Scripting
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection
Craft CMS 3.0.25 - Cross-Site Scripting
bludit Pages Editor 3.0.0 - Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
bludit Pages Editor 3.0.0 - Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
Vtiger CRM 7.1.0 - Remote Code Execution
2019-01-03 05:01:43 +00:00
Offensive Security
1b31850a46
DB: 2018-12-25
...
15 changes to exploits/shellcodes
Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)
Google Chrome 70 - SQLite Magellan Crash (PoC)
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
Keybase keybase-redirector - '$PATH' Local Privilege Escalation
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
Netatalk - Bypass Authentication
Kubernetes - (Unauthenticated) Arbitrary Requests
Kubernetes - (Authenticated) Arbitrary Requests
WSTMart 2.0.8 - Cross-Site Scripting
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)
Linux/x86 - Kill All Processes Shellcode (14 bytes)
2018-12-25 05:01:44 +00:00
Offensive Security
04a490a7c2
DB: 2018-12-14
...
3 changes to exploits/shellcodes
Linux - 'userfaultfd' Bypasses tmpfs File Permissions
WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains
CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
2018-12-14 05:01:46 +00:00
Offensive Security
60710bbfd9
DB: 2018-12-05
...
19 changes to exploits/shellcodes
Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
Wireshark - 'find_signature' Heap Out-of-Bounds Read
Xorg X11 Server (AIX) - Local Privilege Escalation
Emacs - movemail Privilege Escalation (Metasploit)
OpenSSH < 7.7 - User Enumeration (2)
HP Intelligent Management - Java Deserialization RCE (Metasploit)
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
KeyBase Botnet 1.5 - SQL Injection
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting
Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
2018-12-05 05:01:44 +00:00
Offensive Security
62445895aa
DB: 2018-11-30
...
8 changes to exploits/shellcodes
WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object
Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit)
Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
PHP imap_open - Remote Code Execution (Metasploit)
TeamCity Agent - XML-RPC Command Execution (Metasploit)
2018-11-30 05:01:41 +00:00
Offensive Security
defa138d04
DB: 2018-10-23
...
17 changes to exploits/shellcodes
Modbus Poll 7.2.2 - Denial of Service (PoC)
AudaCity 2.3 - Denial of Service (PoC)
Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking
Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas
Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
Countly - Persistent Cross-Site Scripting
Countly - Cross-Site Scripting
MySQL Edit Table 1.0 - 'id' SQL Injection
School ERP Ultimate 2018 - Arbitrary File Download
Oracle Siebel CRM 8.1.1 - CSV Injection
The Open ISES Project 3.30A - 'tick_lat' SQL Injection
School ERP Ultimate 2018 - 'fid' SQL Injection
eNdonesia Portal 8.7 - 'artid' SQL Injection
The Open ISES Project 3.30A - Arbitrary File Download
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
2018-10-23 05:01:48 +00:00
Offensive Security
4e39fa0f91
DB: 2018-09-26
...
35 changes to exploits/shellcodes
WebKit - 'WebCore::SVGAnimateElementBase::resetAnimatedType' Use-After-Free
WebKit - 'WebCore::AXObjectCache::handleMenuItemSelected' Use-After-Free
WebKit - 'WebCore::Node::ensureRareData' Use-After-Free
WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read
WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free
WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free
WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free
WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free
WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free
Easy PhoroResQ 1.0 - Buffer Overflow
Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit)
Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH)
Collectric CMU 1.0 - 'lang' SQL injection
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
RICOH MP C2003 Printer - Cross-Site Scripting
Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection
Super Cms Blog Pro 1.0 - SQL Injection
Joomla! Component Raffle Factory 3.5.2 - SQL Injection
Joomla! Component Music Collection 3.0.3 - SQL Injection
Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection
Joomla! Component Questions 1.4.3 - SQL Injection
Joomla! Component Jobs Factory 2.0.4 - SQL Injection
Joomla! Component Social Factory 3.8.3 - SQL Injection
RICOH MP C6503 Plus Printer - Cross-Site Scripting
Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component Swap Factory 2.2.1 - SQL Injection
Joomla! Component Collection Factory 4.1.9 - SQL Injection
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection
Joomla! Component Timetable Schedule 3.6.8 - SQL Injection
RICOH MP 305+ Printer - Cross-Site Scripting
RICOH MP C406Z Printer - Cross-Site Scripting
Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) + sigaction() Shellcode (52 Bytes)
2018-09-26 05:02:43 +00:00
Offensive Security
ed0e1e4d44
DB: 2018-09-25
...
1979 changes to exploits/shellcodes
Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)
Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection
Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities
Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass
Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection
Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload
Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection
Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure
Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)
Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting
Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
2018-09-25 05:01:51 +00:00
Offensive Security
4d86f9e781
DB: 2018-09-22
...
2 changes to exploits/shellcodes
WebRTC - VP9 Processing Use-After-Free
WebRTC - FEC Out-of-Bounds Read
2018-09-22 05:01:43 +00:00
Offensive Security
1d21694058
DB: 2018-08-10
...
13 changes to exploits/shellcodes
reSIProcate 1.10.2 - Heap Overflow
CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)
AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read
Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)
Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)
Responsive Filemanager 9.13.1 - Server-Side Request Forgery
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection
Sitecore.Net 8.1 - Directory Traversal
Monstra 3.0.4 - Cross-Site Scripting
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
2018-08-10 05:01:46 +00:00
Offensive Security
903bf974eb
DB: 2018-08-02
...
10 changes to exploits/shellcodes
ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)
Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)
WebRTC - VP8 Block Decoding Use-After-Free
WebRTC - FEC Processing Overflow
WebRTC - H264 NAL Packet Processing Type Confusion
Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH)
Axis Network Camera - .srv to parhand RCE (Metasploit)
SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit)
Synology DiskStation Manager 4.1 - Directory Traversal
Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)
2018-08-02 05:02:43 +00:00
Offensive Security
582d8f748e
DB: 2018-07-28
...
6 changes to exploits/shellcodes
QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)
NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC)
Skia - Heap Overflow in SkScan::FillPath due to Precision Error
WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)
Wordpress Background Takeover < 4.1.4 - Directory Traversal
WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal
Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion
WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion
WordPress Form Maker Plugin 1.12.24 - SQL Injection
WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection
WordPress Plugin Form Maker 1.12.24 - SQL Injection
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection
Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
Online Trade 1 - Information Disclosure
SoftNAS Cloud < 4.0.3 - OS Command Injection
2018-07-28 05:01:47 +00:00
Offensive Security
bf0a56a02f
DB: 2018-07-20
...
6 changes to exploits/shellcodes
Google Chrome - Swiftshader Texture Allocation Integer Overflow
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors
Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak
Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)
WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting
MyBB New Threads Plugin 1.1 - Cross-Site Scripting
2018-07-20 05:01:44 +00:00
Offensive Security
a657b64301
DB: 2018-07-17
...
7 changes to exploits/shellcodes
macOS/iOS - JavaScript Injection Bug in OfficeImporter
Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass
Microsoft Enterprise Mode Site List Manager - XML External Entity Injection
Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)
Hadoop YARN ResourceManager - Command Execution (Metasploit)
VelotiSmart WiFi B-380 Camera - Directory Traversal
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting
Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)
2018-07-17 05:01:49 +00:00
Offensive Security
0381c4c519
DB: 2018-06-09
...
11 changes to exploits/shellcodes
Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service
WebKit - WebAssembly Compilation Info Leak
Google Chrome - Integer Overflow when Processing WebAssembly Locals
WebKit - Use-After-Free when Resuming Generator
WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass
MantisBT XmlImportExport Plugin - PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2)
Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure
MantisBT 1.2.3 (db_type) - Local File Inclusion
Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure
Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion
Mantis 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis 0.19 - Remote Server-Side Script Execution
Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x - New Account Signup Mass Emailing
Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution
Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x - New Account Signup Mass Emailing
Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities
Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion
Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion
Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
MantisBT 1.1.8 - Cross-Site Scripting / SQL Injection
Mantis Bug Tracker 1.1.8 - Cross-Site Scripting / SQL Injection
MantisBT 1.2.19 - Host Header
Mantis Bug Tracker 1.2.19 - Host Header
MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)
Monstra CMS < 3.0.4 - Cross-Site Scripting Automation
Monstra CMS < 3.0.4 - Cross-Site Scripting
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Splunk < 7.0.1 - Information Disclosure
Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)
2018-06-09 05:01:42 +00:00
Offensive Security
0909e63d9e
DB: 2018-06-07
...
6 changes to exploits/shellcodes
PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow
macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver
macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist
XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP
Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass
Canon MF210/MF220 - Authenticaton Bypass
2018-06-07 05:01:47 +00:00
Offensive Security
22ba7ab5f3
DB: 2018-06-02
...
5 changes to exploits/shellcodes
Epiphany 3.28.2.1 - Denial of Service
Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader
Sony Playstation 4 (PS4) 5.1 - Kernel (PoC)
Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP)
Git < 2.17.1 - Remote Code Execution
Wordpress Plugin Events Calendar - SQL Injection
WordPress Plugin Events Calendar - SQL Injection
Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes)
Linux/x86 - Egghunter + Null-Free Shellcode (11 Bytes)
Linux/x86 - EggHunter + access() Shellcode (38 bytes)
Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)
Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes)
Linux/x86 - Egghunter (0xdeadbeef) + access() + execve(/bin/sh) Shellcode (38 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (105 bytes)
Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)
2018-06-02 05:01:45 +00:00
Offensive Security
608176a851
DB: 2018-05-26
...
8 changes to exploits/shellcodes
Microsoft Edge Chakra - Cross Context Use-After-Free
Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write
D-Link DSL-2750B - OS Command Injection (Metasploit)
KomSeo Cart 1.3 - 'my_item_search' SQL Injection
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting
SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
Oracle WebCenter FatWire Content Server < 7 - Improper Access Control
Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting
2018-05-26 05:01:44 +00:00
Offensive Security
be89b7c04a
DB: 2018-05-03
...
11 changes to exploits/shellcodes
WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free
LibreOffice/Open Office - '.odt' Information Disclosure
Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH)
ASUS infosvr - Auth Bypass Command Execution (Metasploit)
ASUS infosvr - Authentication Bypass Command Execution (Metasploit)
Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)
xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit)
Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit)
Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)
Exim < 4.90.1 - 'base64d' Remote Code Execution
Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)
Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery
2018-05-03 05:01:45 +00:00
Offensive Security
df4d831719
DB: 2018-05-01
...
6 changes to exploits/shellcodes
Navicat < 12.0.27 - Oracle Connection Overflow
macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules
macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules
Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)
WordPress Plugin Form Maker 1.12.20 - CSV Injection
Nagios XI 5.2.[6-9]_ 5.3_ 5.4 - Chained Remote Root
2018-05-01 05:01:45 +00:00
