bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2149 commits 1 branch 0 tags 261 MiB
Commit graph

234 commits

Author SHA1 Message Date
Offensive Security
1979df6cb3 DB: 2020-06-19 
51 changes to exploits/shellcodes

Tor Browser < 0.3.2.10 - Use After Free (PoC)
Notepad++ < 7.7 (x64)  - Denial of Service
SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
InputMapper 1.6.10 - Denial of Service

SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)

XnConvert 1.82 - Denial of Service (PoC)

SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC)

SpotDialup 1.6.7 - 'Key' Denial of Service (PoC)

Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)

FreeBSD 12.0 - 'fd' Local Privilege Escalation
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH)

DeviceViewer 3.12.0.1 - Arbitrary Password Change

Winrar 5.80 - XML External Entity Injection

Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution

Siemens TIA Portal - Remote Command Execution

Android 7 < 9 - Remote Code Execution
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)
CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit)

MyBB < 1.8.21 - Remote Code Execution

Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation

Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)

Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery

Publisure Hybrid - Multiple Vulnerabilities

NetGain EM Plus 10.1.68 - Remote Command Execution

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection

WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion

DotNetNuke 9.3.2 - Cross-Site Scripting

VehicleWorkshop 1.0 - 'bookingid' SQL Injection
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload

WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion

WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting

WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
Joomla! 3.9.0 < 3.9.7 - CSV Injection
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
Wing FTP Server - Authenticated CSRF (Delete Admin)

WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification

UADMIN Botnet 1.0 - 'link' SQL Injection

Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload

Wordpress Plugin PicUploader 1.0 - Remote File Upload

PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution

WordPress Plugin Helpful 2.4.11 - SQL Injection

Prestashop 1.7.6.4 - Cross-Site Request Forgery

WordPress Plugin Simple File List 5.4 - Remote Code Execution

Library CMS Powerful Book Management System 2.2.0 - Session Fixation

Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection

Beauty Parlour Management System 1.0 - Authentication Bypass

Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)

Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes)

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
 2020-06-19 05:02:01 +00:00
Offensive Security
7312a8330d DB: 2020-06-18 
3 changes to exploits/shellcodes

Code Blocks 17.12 - 'File Name' Local Buffer Overflow (Unicode) (SEH) (PoC)
College-Management-System-Php 1.0 - Authentication Bypass
OpenCTI 3.3.1 - Directory Traversal
 2020-06-18 05:01:57 +00:00
Offensive Security
8fc6092de1 DB: 2020-06-17 
4 changes to exploits/shellcodes

NETGEAR SSL312 Router - Denial of Service
Netgear SSL312 Router - Denial of Service

NETGEAR WGR614v9 Wireless Router - Denial of Service
Netgear WGR614v9 Wireless Router - Denial of Service

NETGEAR DG632 Router - Remote Denial of Service
Netgear DG632 Router - Remote Denial of Service

NETGEAR ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service
Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service

NETGEAR ProSafe - Denial of Service
Netgear ProSafe - Denial of Service

NETGEAR WGR614 - Administration Interface Remote Denial of Service
Netgear WGR614 - Administration Interface Remote Denial of Service

NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation
Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation

Outline Service 1.3.3  - 'Outline Service ' Unquoted Service Path
Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path

Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path

NETGEAR WG102 - Leaks SNMP Write Password With Read Access
Netgear WG102 - Leaks SNMP Write Password With Read Access

NETGEAR DG632 Router - Authentication Bypass
Netgear DG632 Router - Authentication Bypass

NETGEAR WNR2000 FW 1.2.0.8 - Information Disclosure
Netgear WNR2000 FW 1.2.0.8 - Information Disclosure

NETGEAR WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)
Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)

NETGEAR FM114P Wireless Firewall - File Disclosure
Netgear FM114P Wireless Firewall - File Disclosure

NETGEAR FM114P ProSafe Wireless Router - UPnP Information Disclosure
Netgear FM114P ProSafe Wireless Router - UPnP Information Disclosure

NETGEAR FM114P ProSafe Wireless Router - Rule Bypass
Netgear FM114P ProSafe Wireless Router - Rule Bypass

NETGEAR RP114 3.26 - Content Filter Bypass
Netgear RP114 3.26 - Content Filter Bypass

NETGEAR DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit)
Netgear DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit)

NETGEAR DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit)
Netgear DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit)

NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow
Netgear MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Remote Buffer Overflow

NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow
Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow

NETGEAR ReadyNAS - Perl Code Evaluation (Metasploit)
Netgear ReadyNAS - Perl Code Evaluation (Metasploit)

NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting
Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting

NETGEAR WNR2000 - Multiple Information Disclosure Vulnerabilities
Netgear WNR2000 - Multiple Information Disclosure Vulnerabilities

NETGEAR WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities
Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities

NETGEAR D6300B - '/diag.cgi?IPAddr4' Remote Command Execution
Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution

NETGEAR NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit)
Netgear NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit)
NETGEAR JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure
Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
Netgear WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure

NETGEAR WNR2000v5 - Remote Code Execution
Netgear WNR2000v5 - Remote Code Execution

NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)
Netgear R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)

NETGEAR WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)
Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)

NETGEAR DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit)
Netgear DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit)

NETGEAR - 'TelnetEnable' Magic Packet (Metasploit)
Netgear - 'TelnetEnable' Magic Packet (Metasploit)

WordPress MU < 1.3.2 - active_plugins option Code Execution
WordPress MU < 1.3.2 - 'active_plugins' Code Execution

NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery
Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery

NETGEAR SPH200D - Multiple Vulnerabilities
Netgear SPH200D - Multiple Vulnerabilities

NETGEAR DGN1000B - Multiple Vulnerabilities
Netgear DGN1000B - Multiple Vulnerabilities

NETGEAR DGN2200B - Multiple Vulnerabilities
Netgear DGN2200B - Multiple Vulnerabilities

NETGEAR WNR1000 - Authentication Bypass
Netgear WNR1000 - Authentication Bypass

NETGEAR WPN824v3 - Unauthorized Configuration Download
Netgear WPN824v3 - Unauthorized Configuration Download

NETGEAR DGN1000 / DGN2200 - Multiple Vulnerabilities
Netgear DGN1000 / DGN2200 - Multiple Vulnerabilities

NETGEAR ProSafe - Information Disclosure
Netgear ProSafe - Information Disclosure

NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)
Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)

NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities
Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities

NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities
Netgear WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities

NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting

NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure

NETGEAR WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access
Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access

NETGEAR ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure
Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure

NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation

NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities

NETGEAR WNR1000v4 - Authentication Bypass
Netgear WNR1000v4 - Authentication Bypass

NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities
Netgear NMS300 ProSafe Network Management System - Multiple Vulnerabilities
NETGEAR R7000 - Command Injection
NETGEAR R7000 - Cross-Site Scripting
Netgear R7000 - Command Injection
Netgear R7000 - Cross-Site Scripting

NETGEAR Routers - Password Disclosure
Netgear Routers - Password Disclosure

NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution
Netgear DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution

NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution
Netgear DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution

NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery
Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery

Multiple  WordPress Plugins - Arbitrary File Upload
Multiple WordPress Plugins - Arbitrary File Upload

NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution
Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution

NETGEAR WiFi Router R6120 - Credential Disclosure
Netgear WiFi Router R6120 - Credential Disclosure

NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass

WordPress Plugin LearnDash  LMS 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting

School File Management System 1.0  - 'username' SQL Injection
School File Management System 1.0 - 'username' SQL Injection

ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection
WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection

Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection
WordPress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection

Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)
WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)

Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation
WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation

Joomla J2  Store 3.3.11 - 'filter_order_Dir'  SQL Injection (Authenticated)
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)
Netgear R7000 Router - Remote Code Execution
Gila CMS 1.11.8 - 'query' SQL Injection
 2020-06-17 05:02:00 +00:00
Offensive Security
bb9f12afc7 DB: 2020-06-16 
3 changes to exploits/shellcodes

SOS JobScheduler 1.13.3 - Stored Password Decryption

Linux/ARM - execve /bin/dash Shellcode (32 bytes)
Linux/ARM - Bind (0.0.0.0:1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (100 bytes)
 2020-06-16 05:01:56 +00:00
Offensive Security
d2b3291be5 DB: 2020-06-13 
3 changes to exploits/shellcodes

Joomla J2 Store 3.3.11 - 'filter_order_Dir'  SQL Injection (Authenticated)
Joomla J2  Store 3.3.11 - 'filter_order_Dir'  SQL Injection (Authenticated)
SmarterMail 16 - Arbitrary File Upload
Avaya IP Office 11 - Password Disclosure
Sysax MultiServer 6.90 - Reflected Cross Site Scripting
 2020-06-13 05:01:56 +00:00
Offensive Security
6ec646f7e1 DB: 2020-06-11 
10 changes to exploits/shellcodes

Sync Breeze Enterprise 10.0.28 - Denial of-Service (PoC)
Sync Breeze Enterprise 10.4.18 - Denial of-Service (PoC)
Savant Web Server 3.1 - Denial of-Service (PoC)
ALLPlayer 7.5 - Denial of-Service (PoC)
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)
WinGate 9.4.1.5998 - Insecure Folder Permissions

HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)
Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin)
Joomla J2 Store 3.3.11 - 'filter_order_Dir'  SQL Injection (Authenticated)
Virtual Airlines Manager 2.6.2 - 'id' SQL Injection
 2020-06-11 05:02:06 +00:00
Offensive Security
533f33f3f4 DB: 2020-06-05 
17 changes to exploits/shellcodes

IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path
AirControl 1.4.2 - PreAuth Remote Code Execution
Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated)
Clinic Management System 1.0 - Unauthenticated Remote Code Execution
Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated)
Oriol Espinal CMS 1.0 - 'id' SQL Injection
Clinic Management System 1.0 - Authenticated Arbitrary File Upload
Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin)
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution
Navigate CMS 2.8.7 - Authenticated Directory Traversal
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass
Online Marriage Registration System 1.0 - Remote Code Execution
Cayin Content Management Server 11.0 - Remote Command Injection (root)
SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User)
Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read
Cayin Signage Media Player 3.0 - Remote Command Injection (root)
Cayin Digital Signage System xPost 2.5 - Remote Command Injection
 2020-06-05 05:01:53 +00:00
Offensive Security
b68cd4f38a DB: 2020-06-02 
3 changes to exploits/shellcodes

Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation
VMware vCenter Server 6.7 - Authentication Bypass
QuickBox Pro 2.1.8 - Authenticated Remote Code Execution
 2020-06-02 05:01:56 +00:00
Offensive Security
326e1cc9df DB: 2020-05-30 
2 changes to exploits/shellcodes

WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)
Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass
 2020-05-30 05:01:57 +00:00
Offensive Security
99dc6c7c33 DB: 2020-05-29 
4 changes to exploits/shellcodes

NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection
Online-Exam-System 2015 - 'fid' SQL Injection
EyouCMS 1.4.6 - Persistent Cross-Site Scripting
QNAP QTS and Photo Station 6.0.3 - Remote Command Execution
 2020-05-29 05:02:05 +00:00
Offensive Security
d7ce1d69e6 DB: 2020-05-28 
7 changes to exploits/shellcodes

BIND - 'TSIG' Denial of Service
Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting
LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting
osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting
osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting
Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting
OXID eShop 6.3.4 - 'sorting' SQL Injection
 2020-05-28 05:02:11 +00:00
Offensive Security
5308efc65c DB: 2020-05-23 
8 changes to exploits/shellcodes

Konica Minolta FTP Utility 1.0 - 'LIST' Denial of Service (PoC)
Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service (PoC)
Filetto 1.0 - 'FEAT' Denial of Service (PoC)
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation
VUPlayer 2.49 .m3u - Local Buffer Overflow (DEP_ASLR)

WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)
Dolibarr 11.0.3 - Persistent Cross-Site Scripting
Gym Management System 1.0 - Unauthenticated Remote Code Execution
 2020-05-23 05:01:53 +00:00
Offensive Security
b6194a254f DB: 2020-05-22 
6 changes to exploits/shellcodes

AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)

CloudMe 1.11.2 - Buffer Overflow (SEH_DEP_ASLR)
forma.lms 5.6.40 - Cross-Site Request Forgery (Change Admin Email)
Composr CMS 10.0.30 - Persistent Cross-Site Scripting
PHPFusion 9.03.50 - Persistent Cross-Site Scripting
OpenEDX platform Ironwood 2.5 - Remote Code Execution
 2020-05-22 05:01:54 +00:00
Offensive Security
6aad755e5e DB: 2020-05-19 
10 changes to exploits/shellcodes

HP LinuxKI 6.01 - Remote Command Injection
Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection
Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection
Online Examination System 1.0 - 'eid' SQL Injection
Oracle Hospitality RES 3700 5.7 - Remote Code Execution
forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting
Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload
online Chatting System 1.0 - 'id' SQL Injection
Online Healthcare Patient Record Management System 1.0 - Authentication Bypass
Online Healthcare management system 1.0 - Authentication Bypass
 2020-05-19 05:01:51 +00:00
Offensive Security
7cb5d48647 DB: 2020-05-12 
14 changes to exploits/shellcodes

SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions
Pi-hole < 4.4 - Authenticated Remote Code Execution
Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation
Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection
Kartris 1.6 - Arbitrary File Upload
Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting
CuteNews 2.1.2 - Arbitrary File Deletion
OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting
Victor CMS 1.0 - 'post' SQL Injection
Complaint Management System 1.0 - Authentication Bypass
LibreNMS 1.46 - 'search' SQL Injection
 2020-05-12 05:01:50 +00:00
Offensive Security
cc95715dc2 DB: 2020-05-06 
10 changes to exploits/shellcodes

Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path

Saltstack 3000.1 - Remote Code Execution

BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection
Fishing Reservation System 7.5 - 'uid' SQL Injection
Online Scheduling System 1.0 - 'username' SQL Injection
webERP 4.15.1 - Unauthenticated Backup File Access
PhreeBooks ERP 5.2.5 - Remote Command Execution
SimplePHPGal 0.7 - Remote File Inclusion
NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration
 2020-05-06 05:01:49 +00:00
Offensive Security
9de5d20d13 DB: 2020-05-02 
9 changes to exploits/shellcodes

VirtualTablet Server 3.0.2 - Denial of Service (PoC)

Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)
ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting
Online Scheduling System 1.0 - Persistent Cross-Site Scripting
php-fusion 9.03.50 - Persistent Cross-Site Scripting
Super Backup 2.0.5 for iOS - Directory Traversal
HardDrive 2.1 for iOS - Arbitrary File Upload
Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover)
Online Scheduling System 1.0 - Authentication Bypass
 2020-05-02 05:01:58 +00:00
Offensive Security
ccea007282 DB: 2020-05-01 
81 changes to exploits/shellcodes

WordPress 2.9 - Denial of Service
WordPress Core 2.9 - Denial of Service

Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)

IBM AIX 4.3.1 - 'adb' Denial of Service

Jzip -  Buffer Overflow (PoC) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
WordPress 4.0 - Denial of Service
WordPress < 4.0.1 - Denial of Service
WordPress Core 4.0 - Denial of Service
WordPress Core < 4.0.1 - Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

PHPFreeChat 1.7 - Denial of Service

XenForo 2 - CSS Loader Denial of Service

MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)

Windows PowerShell - Unsanitized Filename Command Execution
Microsoft Windows PowerShell - Unsanitized Filename Command Execution

QEMU - Denial of Service

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

FTP Navigator 8.03 -  'Custom Command' Denial of Service (SEH)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

FTPGetter Professional 5.97.0.223 -  Denial of Service (PoC)
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)

Tautulli 2.1.9 - Denial of Service (Metasploit)

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Cisco IP Phone 11.7 - Denial of service (PoC)

PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions  Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass

IBM AIX 4.3.1 - 'adb' Denial of Service

Systrace 1.x (Linux Kernel  x64) - Aware Local Privilege Escalation
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation

Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation

Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Pronestor Health Monitoring < 8.1.11.0  - Privilege Escalation
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation

Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

Linux Kernel 4.8.0-34 < 4.8.0-45  (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation

Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows NTFS - Privileged File Access Enumeration
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
Microsoft Windows NTFS - Privileged File Access Enumeration
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

_GCafé 3.0  - 'gbClienService' Unquoted Service Path
_GCafé 3.0 - 'gbClienService' Unquoted Service Path

Wondershare Application Framework Service - _WsAppService_  Unquote Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)

Bash 5.0 Patch 11 -  SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit

Windows - Shell COM Server Registrar Local Privilege Escalation
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation

Windows Kernel  - Information Disclosure
Microsoft Windows Kernel - Information Disclosure
NVIDIA Update Service Daemon 1.0.21  - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service  1.0.64.7  - 'Andrea ST Filters Service ' Unquoted Service Path
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path

Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)

WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)

Windows PowerShell ISE - Remote Code Execution
Microsoft Windows PowerShell ISE - Remote Code Execution

QEMU - Denial of Service

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

WordPress 1.2 - HTTP Splitting
WordPress Core 1.2 - HTTP Splitting

WordPress 1.5.1.1 - SQL Injection
WordPress Core 1.5.1.1 - SQL Injection

WordPress 1.5.1.1 - 'add new admin' SQL Injection
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection

WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress 1.5.1.3 - Remote Code Execution
WordPress 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress Core 1.5.1.3 - Remote Code Execution
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)

WordPress 2.0.5 - Trackback UTF-7 SQL Injection
WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection

WordPress 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection

WordPress 2.1.2 - 'xmlrpc' SQL Injection
WordPress Core 2.1.2 - 'xmlrpc' SQL Injection

WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing

WordPress 2.2 - 'xmlrpc.php' SQL Injection
WordPress Core 2.2 - 'xmlrpc.php' SQL Injection

WordPress 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload

WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities

WordPress 2.3.1 - Charset SQL Injection
WordPress Core 2.3.1 - Charset SQL Injection

Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection
Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection

WordPress 2.6.1 - SQL Column Truncation
WordPress Core 2.6.1 - SQL Column Truncation

WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)

WordPress 2.8.1 - 'url' Cross-Site Scripting
WordPress Core 2.8.1 - 'url' Cross-Site Scripting

WordPress 2.8.3 - Remote Admin Reset Password
WordPress Core 2.8.3 - Remote Admin Reset Password
WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

WordPress 2.9 - Failure to Restrict URL Access
WordPress Core 2.9 - Failure to Restrict URL Access

Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion

Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection

Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting

Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion

WordPress 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection

WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)

WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)

WordPress 3.1.3 - SQL Injection
WordPress Core 3.1.3 - SQL Injection

WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities

WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting

WordPress 1.5 - 'post.php' Cross-Site Scripting
WordPress Core 1.5 - 'post.php' Cross-Site Scripting

WordPress 2.0 - Comment Post HTML Injection
WordPress Core 2.0 - Comment Post HTML Injection

WordPress 2.0.5 - 'functions.php' Remote File Inclusion
WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion

WordPress 1.x/2.0.x - 'template.php' HTML Injection
WordPress Core 1.x/2.0.x - 'template.php' HTML Injection

WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress 2.1.1 - 'post.php' Cross-Site Scripting
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting
WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress 2.1.1 - Arbitrary Command Execution
WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress Core 2.1.1 - Arbitrary Command Execution
WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution

WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting

WordPress 2.2 - 'Request_URI' Cross-Site Scripting
WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting

WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting

WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting

WordPress 2.3.1 - Unauthorized Post Access
WordPress Core 2.3.1 - Unauthorized Post Access

WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting

WordPress 2.3.3 - 'cat' Directory Traversal
WordPress Core 2.3.3 - 'cat' Directory Traversal

WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 4.2 - Persistent Cross-Site Scripting
WordPress Core 4.2 - Persistent Cross-Site Scripting

WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities

WordPress 3.4.2 - Cross-Site Request Forgery
WordPress Core 3.4.2 - Cross-Site Request Forgery

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery

WordPress 4.5.3 - Directory Traversal / Denial of Service
WordPress Core 4.5.3 - Directory Traversal / Denial of Service

PHPFreeChat 1.7 - Denial of Service
WordPress 4.7.0/4.7.1 - Content Injection (Python)
WordPress 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)

WordPress < 4.7.1 - Username Enumeration
WordPress Core < 4.7.1 - Username Enumeration

WordPress Multiple Plugins - Arbitrary File Upload
Multiple  WordPress Plugins - Arbitrary File Upload

Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download

Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal

Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection

Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
WordPress 4.6 - Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
WordPress Core 4.6 - Remote Code Execution
WordPress Core < 4.7.4 - Unauthorized Password Reset

XenForo 2 - CSS Loader Denial of Service

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion

Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)

Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)

MikroTik 6.41.4 - FTP daemon Denial of Service PoC

Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting

Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla! Component Ek Rishta 2.10 - SQL Injection

Raisecom  XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection

Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection

Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection

Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting

WordPress CherryFramework Themes 3.1.4 - Backup File Download
WordPress Theme CherryFramework 3.1.4 - Backup File Download

WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting

Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing

Jenkins 2.150.2 -  Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Simple Online Hotel Reservation System  - SQL Injection
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

phpBB 3.2.3  - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution

60CycleCMS  - 'news.php' SQL Injection
60CycleCMS - 'news.php' SQL Injection

Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC

WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting

Centreon 19.04  - Remote Code Execution
Centreon 19.04 - Remote Code Execution

WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery

Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection

WordPress 5.2.3 - Cross-Site Host Modification
WordPress Core 5.2.3 - Cross-Site Host Modification

Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution

WordPress Arforms 3.7.1 - Directory Traversal
WordPress Plugin Arforms 3.7.1 - Directory Traversal
WordPress Plugin  FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin  Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin  Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0  - Remote Code Execution
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution

Joomla 3.9.13 - 'Host' Header Injection
Joomla! 3.9.13 - 'Host' Header Injection

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

NopCommerce 4.2.0 -  Privilege Escalation
NopCommerce 4.2.0 - Privilege Escalation

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Online Book Store 1.0 -  'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal ( Metasploit )
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal (Metasploit)

Tautulli 2.1.9 - Denial of Service ( Metasploit )
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass

LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash  LMS 3.1.2 - Reflective Cross-Site Scripting

WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)

Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting

Cacti 1.2.8 - Authenticated  Remote Code Execution
Cacti 1.2.8 - Authenticated Remote Code Execution

Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)

Wordpress Plugin Search Meter 2.13.2 - CSV injection
WordPress Plugin Search Meter 2.13.2 - CSV injection

Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection

Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion

Oracle WebLogic Server 12.2.1.4.0  -  Remote Code Execution
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution

Cisco IP Phone 11.7 - Denial of service (PoC)

Linux/ARM -  Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)

Linux/x86 - Rabbit Encoder Shellcode  (200 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
 2020-05-01 05:02:03 +00:00
Offensive Security
7b87f30fbc DB: 2020-04-25 
5 changes to exploits/shellcodes

Popcorn Time 6.2 - 'Update service' Unquoted Service Path
EspoCRM 5.8.5 - Privilege Escalation
Edimax EW-7438RPn 1.13 - Remote Code Execution
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
 2020-04-25 05:01:51 +00:00
Offensive Security
c3e827f657 DB: 2020-04-17 
8 changes to exploits/shellcodes

VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)
TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)
Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
Apache Solr - Remote Code Execution via Velocity Template (Metasploit)
 2020-04-17 05:01:48 +00:00
Offensive Security
85bef6929f DB: 2020-04-07 
17 changes to exploits/shellcodes

Product Key Explorer 4.2.2.0 - 'Key' Denial of Service (PoC)
SpotAuditor 5.3.4 - 'Name' Denial of Service (PoC)
Nsauditor 3.2.0.0 - 'Name' Denial of Service (PoC)
Frigate 3.36 - Denial of Service (PoC)
UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service (PoC)
UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service (PoC)
UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service (PoC)
ZOC Terminal v7.25.5 - 'Private key file' Denial of Service (PoC)
Memu Play 7.1.3 - Insecure Folder Permissions
Triologic Media Player 8 - '.m3l' Buffer Overflow (Unicode) (SEH)
Microsoft NET USE win10 - Insufficient Authentication Logic
LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)
WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting
Bolt CMS 3.7.0 - Authenticated Remote Code Execution
LimeSurvey 4.1.11 - 'File Manager' Path Traversal
pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting
 2020-04-07 05:02:01 +00:00
Offensive Security
19615ff704 DB: 2020-04-01 
7 changes to exploits/shellcodes

FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)
Redis - Replication Code Execution (Metasploit)
IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)
DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit)
SharePoint Workflows - XOML Injection (Metasploit)
Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection
Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection
 2020-04-01 05:01:47 +00:00
Offensive Security
b84d953124 DB: 2020-03-24 
10 changes to exploits/shellcodes

ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)

CyberArk PSMP 10.9.1 - Policy Restriction Bypass

PHPMailer < 5.2.18 - Remote Code Execution (Bash)
FIBARO System Home Center 5.021 - Remote File Include
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection

Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
 2020-03-24 05:01:50 +00:00
Offensive Security
26b38131c0 DB: 2020-03-20 
1 changes to exploits/shellcodes

Broadcom Wi-Fi Devices - 'KR00K Information Disclosure
 2020-03-20 05:01:50 +00:00
Offensive Security
85cdf30cea DB: 2020-03-19 
7 changes to exploits/shellcodes

NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path
Microsoft VSCode Python Extension - Code Execution
VMWare Fusion - Local Privilege Escalation

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

Netlink GPON Router 1.0.11 - Remote Code Execution

Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
 2020-03-19 05:01:49 +00:00
Offensive Security
20e5ee2e94 DB: 2020-03-18 
2 changes to exploits/shellcodes

Rconfig 3.x - Chained Remote Code Execution (Metasploit)
ManageEngine Desktop Central - Java Deserialization (Metasploit)
 2020-03-18 05:01:50 +00:00
Offensive Security
0a0ad49d15 DB: 2020-03-11 
7 changes to exploits/shellcodes

Counter Strike: GO - '.bsp' Memory Control (PoC)
Nagios XI - Authenticated Remote Command Execution (Metasploit)
PHPStudy - Backdoor Remote Code execution (Metasploit)
Sysaid 20.1.11 b26 - Remote Command Execution
YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting
Persian VIP Download Script 1.0 - 'active' SQL Injection
 2020-03-11 05:01:47 +00:00
Offensive Security
4df22c7404 DB: 2020-03-10 
13 changes to exploits/shellcodes

Microsoft Windows - 'WizardOpium' Local Privilege Escalation
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)
PHP-FPM - Underflow Remote Code Execution (Metasploit)
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)

ManageEngine ServiceDesk Plus 9.3 - User Enumeration
60CycleCMS  - 'news.php' SQL Injection

Sahi pro 8.x - Directory Traversal

Sentrifugo HRMS 3.2 - 'id' SQL Injection
 2020-03-10 05:01:44 +00:00
Offensive Security
04881134cd DB: 2020-03-07 
5 changes to exploits/shellcodes

Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path
SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path
ASUS GiftBox Desktop 1.1.1.127 - 'ASUSGiftBoxDesktop' Unquoted Service Path
Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path

ManageEngine Desktop Central - 'FileStorage getChartImage' Deserialization / Unauthenticated Remote Code Execution
 2020-03-07 05:01:49 +00:00
Offensive Security
7531fa6a21 DB: 2020-03-06 
3 changes to exploits/shellcodes

Exchange Control Panel - Viewstate Deserialization (Metasploit)
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
netkit-telnet-0.17 telnetd (Fedora 31) - 'BraveStarr' Remote Code Execution
 2020-03-06 05:01:47 +00:00
Offensive Security
afe5797b88 DB: 2020-03-03 
12 changes to exploits/shellcodes

Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
Wing FTP Server 6.2.3 - Privilege Escalation
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
Joplin Desktop 1.0.184 - Cross-Site Scripting
Netis WF2419 2.2.36123 - Remote Code Execution
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
Wing FTP Server 6.2.5 - Privilege Escalation
TP LINK TL-WR849N - Remote Code Execution
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
 2020-03-03 05:01:48 +00:00
Offensive Security
016ad02a70 DB: 2020-02-29 
1 changes to exploits/shellcodes

qdPM < 9.1 - Remote Code Execution
 2020-02-29 05:01:46 +00:00
Offensive Security
02aee6c80e DB: 2020-02-28 
5 changes to exploits/shellcodes

Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
Comtrend VR-3033 - Command Injection
Apache Tomcat - AJP 'Ghostcat File Read/Inclusion
Cacti 1.2.8 - Authenticated  Remote Code Execution
Cacti 1.2.8 - Unauthenticated Remote Code Execution
 2020-02-28 05:01:52 +00:00
Offensive Security
cf92ea269e DB: 2020-02-25 
22 changes to exploits/shellcodes

Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)
Go SSH servers 0.0.2 - Denial of Service (PoC)
Android Binder - Use-After-Free (Metasploit)
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)

Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
Real Web Pentesting Tutorial Step by Step - [Persian]
AMSS++ v 4.31 - 'id' SQL Injection
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
AMSS++ 4.7 - Backdoor Admin Account
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
ATutor 2.2.4 - 'id' SQL Injection
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
eLection 2.0 - 'id' SQL Injection
DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 - File Upload Restrictions Bypass
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
Cacti 1.2.8 - Remote Code Execution

Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
 2020-02-25 05:01:52 +00:00
Offensive Security
875c0a9396 DB: 2020-02-13 
11 changes to exploits/shellcodes

xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation

SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow
MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow
MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow
HP System Event Utility - Local Privilege Escalation
 2020-02-13 05:02:00 +00:00
Offensive Security
8cbf7883c1 DB: 2020-02-11 
11 changes to exploits/shellcodes

Dota 2 7.23f - Denial of Service (PoC)
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
Ricoh Driver - Privilege Escalation (Metasploit)
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting

Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
 2020-02-11 05:02:02 +00:00
Offensive Security
54935a7883 DB: 2020-02-08 
7 changes to exploits/shellcodes

Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit)
QuickDate 1.3.2 - SQL Injection
VehicleWorkshop 1.0 - 'bookingid' SQL Injection
PackWeb Formap E-learning 1.0 - 'NumCours' SQL Injection
EyesOfNetwork 5.3 - Remote Code Execution
ExpertGPS 6.38 - XML External Entity Injection
Google Invisible RECAPTCHA 3 - Spoof Bypass
 2020-02-08 05:01:59 +00:00
Offensive Security
0cd38b15b8 DB: 2020-01-29 
5 changes to exploits/shellcodes

macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image

Pachev FTP Server 1.0 - Path Traversal

ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection
Webtareas 2.0 - 'id' SQL Injection
OLK Web Store 2020 - Cross-Site Request Forgery
Webtareas 2.0 - 'id' SQL Injection
OLK Web Store 2020 - Cross-Site Request Forgery
Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)
Octeth Oempro 4.8 - 'CampaignID' SQL Injection
Centreon 19.10.5 - Database Credentials Disclosure
Centreon 19.10.5 - Remote Command Execution
 2020-01-29 05:02:04 +00:00
Offensive Security
82e6691834 DB: 2020-01-23 
4 changes to exploits/shellcodes

KeePass 2.44 - Denial of Service (PoC)

Citrix XenMobile Server 10.8 - XML External Entity Injection

Windows/7 - Screen Lock Shellcode (9 bytes)
 2020-01-23 05:02:01 +00:00
Offensive Security
1a9ce31a5f DB: 2020-01-17 
12 changes to exploits/shellcodes

SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP)

Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution

VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities

ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting

ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting

VICIDIAL Call Center Suite - Multiple SQL Injections

Online Book Store 1.0 -  'bookisbn' SQL Injection
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
Online Book Store 1.0 - Arbitrary File Upload
Tautulli 2.1.9 - Denial of Service ( Metasploit )
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal
Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection
Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection
 2020-01-17 05:02:10 +00:00
Offensive Security
83d2726c75 DB: 2020-01-14 
14 changes to exploits/shellcodes

SpotDialup 1.6.7 - 'Name' Denial of Service (PoC)
SpotOutlook 1.2.6 - 'Name' Denial of Service (PoC)
Top Password Software Dialup Password Recovery 1.30 - Denial of Service (PoC)
Backup Key Recovery 2.2.5 - 'Name' Denial of Service (PoC)
TaskCanvas 1.4.0 - 'Registration' Denial Of Service
Top Password Firefox Password Recovery 2.8 - Denial of Service (PoC)
Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions
Allok Video Converter 4.6.1217 - Stack Overflow (SEH)
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow (SEH)
Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass)
Chevereto 3.13.4 Core - Remote Code Execution
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
 2020-01-14 05:02:00 +00:00
Offensive Security
d3ca859971 DB: 2020-01-11 
6 changes to exploits/shellcodes

TotalAV 2020 4.14.31 - Privilege Escalation
Pandora 7.0NG - Remote Code Execution
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution
ASTPP 4.0.1 VoIP Billing - Database Backup Download
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution
 2020-01-11 05:02:00 +00:00
Offensive Security
fcc50f8a35 DB: 2020-01-02 
5 changes to exploits/shellcodes

Microsoft Windows .Group File - Code Execution

nostromo 1.9.6 - Remote Code Execution
Shopping Portal ProVersion 3.0 - Authentication Bypass
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal
Hospital Management System 4.0 - Authentication Bypass
 2020-01-02 05:01:56 +00:00
Offensive Security
cacee46726 DB: 2019-11-21 
11 changes to exploits/shellcodes

Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs
iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Xorg X11 Server - Local Privilege Escalation (Metasploit)
FusionPBX - Operator Panel exec.php Command Execution (Metasploit)
FreeSWITCH - Event Socket Command Execution (Metasploit)
Bludit - Directory Traversal Image File Upload (Metasploit)
Pulse Secure VPN - Arbitrary Command Execution (Metasploit)

OpenNetAdmin 18.1.1 - Remote Code Execution
 2019-11-21 05:01:49 +00:00
Offensive Security
72cddaee51 DB: 2019-11-20 
13 changes to exploits/shellcodes

ipPulse 1.92 - 'Enter Key' Denial of Service (PoC)
Centova Cast 3.2.12 - Denial of Service (PoC)
scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC)
XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service
BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path
Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation
DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable'
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
Apache Httpd mod_rewrite - Open Redirects
WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
 2019-11-20 05:01:41 +00:00
Offensive Security
7e9d444235 DB: 2019-11-12 
8 changes to exploits/shellcodes

iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)
_GCafé 3.0  - 'gbClienService' Unquoted Service Path
Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path
XML Notepad 2.8.0.4 - XML External Entity Injection
 2019-11-12 05:01:40 +00:00
Offensive Security
52ab59aad8 DB: 2019-11-06 
12 changes to exploits/shellcodes

FileOptimizer 14.00.2524 - Denial of Service (PoC)
JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive
macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()
Blue Stacks App Player 2.4.44.62.57 - _BstHdLogRotatorSvc_ Unquote Service Path
Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path
thejshen Globitek CMS 1.4 - 'id' SQL Injection
thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting
rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection
html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting
html5_snmp 1.11 - 'Router_ID' SQL Injection
SD.NET RIM 4.7.3c - 'idtyp' SQL Injection
 2019-11-06 05:01:40 +00:00
Offensive Security
47d2a76f4f DB: 2019-11-02 
7 changes to exploits/shellcodes

OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path

Nostromo - Directory Traversal Remote Command Execution (Metasploit)
TheJshen contentManagementSystem 1.04 - 'id' SQL Injection
ownCloud 10.3.0 stable - Cross-Site Request Forgery
Apache Solr 8.2.0 - Remote Code Execution
 2019-11-02 05:01:41 +00:00
Offensive Security
caad53ed8d DB: 2019-10-31 
6 changes to exploits/shellcodes

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
Ajenti 2.1.31 - Remote Code Exection (Metasploit)
Citrix StoreFront Server 7.15 - XML External Entity Injection
iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure

Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
 2019-10-31 05:01:41 +00:00
Offensive Security
d4a236d578 DB: 2019-10-29 
9 changes to exploits/shellcodes

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed
JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path
ChaosPro 2.0 - Buffer Overflow (SEH)
Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection
Part-DB 0.4 - Authentication Bypass
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting
delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection
PHP-FPM + Nginx - Remote Code Execution
 2019-10-29 05:01:40 +00:00