bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1638 commits 1 branch 0 tags 264 MiB
Commit graph

7 commits

Author SHA1 Message Date
Offensive Security
1d21694058 DB: 2018-08-10 
13 changes to exploits/shellcodes

reSIProcate 1.10.2 - Heap Overflow

CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)

AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)

Linux Kernel  4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)

Responsive Filemanager 9.13.1 - Server-Side Request Forgery

Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection

Sitecore.Net 8.1 - Directory Traversal

Monstra 3.0.4 - Cross-Site Scripting
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
 2018-08-10 05:01:46 +00:00
Offensive Security
61159b7f3e DB: 2018-06-05 
5 changes to exploits/shellcodes

R 3.4.4 - Local Buffer Overflow
RGui 3.4.4 - Local Buffer Overflow
Zip-n-Go 4.9 - Buffer Overflow (SEH)
Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)

CyberArk < 10 - Memory Disclosure
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
SearchBlox 8.6.7 - XML External Entity Injection
EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting
 2018-06-05 05:01:52 +00:00
Offensive Security
17d2f47aad DB: 2018-03-14 
6 changes to exploits/shellcodes

Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC)

MicroTik RouterOS 3.13 - SNMP write (Set request)
MikroTik RouterOS 3.13 - SNMP write (Set request)

Mikrotik RouterOS sshd (ROSSSH) - Unauthenticated Remote Heap Corruption
MikroTik RouterOS - sshd (ROSSSH) Unauthenticated Remote Heap Corruption
MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution
MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
Tuleap 9.17.99.189 - Blind SQL Injection
 2018-03-14 05:01:48 +00:00
Offensive Security
d12dffd438 DB: 2018-02-03 
21 changes to exploits/shellcodes

Microsoft Windows Subsystem for Linux - 'execve()' Local Privilege Escalation
Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection
Event Manager 1.0 - SQL Injection
Fancy Clone Script - 'search_browse_product' SQL Injection
Real Estate Custom Script - 'route' SQL Injection
Advance Loan Management System - 'id' SQL Injection
IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting
Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection
Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection
Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection
Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload
Joomla! Component JMS Music 1.1.1 - SQL Injection
Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal
FiberHome AN5506 - Unauthenticated Remote DNS Change

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes)
Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes)
Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode
Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator)
Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode
 2018-02-03 05:01:48 +00:00
Offensive Security
bd1b51b595 DB: 2018-01-27 
9 changes to exploits/shellcodes

RAVPower 2.000.056 - Memory Disclosure

Acunetix WVS 10 - Local Privilege Escalation

NoMachine 5.3.9 - Local Privilege Escalation

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)

Acunetix WVS 10 - Remote Command Execution

Exodus Wallet (ElectronJS Framework) - Remote Code Execution

BMC BladeLogic 8.3.00.64 - Remote Command Execution

Vodafone Mobile Wifi - Reset Admin Password

Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution

ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload

Dodocool DC38 N300 - Cross-site Request Forgery

WordPress Plugin Learning Management System - 'course_id' SQL Injection

Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)
 2018-01-27 05:01:58 +00:00
Offensive Security
267f841bd8 DB: 2017-12-28 
9 changes to exploits/shellcodes

Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service
SysGauge Server 3.6.18 - Denial of Service
ALLMediaServer 0.95 - Buffer Overflow

Sony Playstation 4 4.05 FW - Local Kernel Loader
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
Easy!Appointments 1.2.1 - Cross-Site Scripting
Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery
Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download
 2017-12-28 05:02:19 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00