exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	1bc852d2af	DB: 2020-07-07 7 changes to exploits/shellcodes Frigate 2.02 - Denial Of Service (PoC) Fire Web Server 0.1 - Remote Denial of Service (PoC) Grafana 7.0.1 - Denial of Service (PoC) File Management System 1.1 - Persistent Cross-Site Scripting RiteCMS 2.2.1 - Authenticated Remote Code Execution RSA IG&L Aveksa 7.1.1 - Remote Code Execution Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution	2020-07-07 05:01:57 +00:00
Offensive Security	b8629afe42	DB: 2020-06-24 4 changes to exploits/shellcodes Code Blocks 20.03 - Denial Of Service (PoC) Lansweeper 7.2 - Incorrect Access Control Responsive Online Blog 1.0 - 'id' SQL Injection Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)	2020-06-24 05:01:53 +00:00
Offensive Security	1979df6cb3	DB: 2020-06-19 51 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Notepad++ < 7.7 (x64) - Denial of Service SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service InputMapper 1.6.10 - Denial of Service SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH) XnConvert 1.82 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC) SpotDialup 1.6.7 - 'Key' Denial of Service (PoC) Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) FreeBSD 12.0 - 'fd' Local Privilege Escalation iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH) DeviceViewer 3.12.0.1 - Arbitrary Password Change Winrar 5.80 - XML External Entity Injection Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution Siemens TIA Portal - Remote Command Execution Android 7 < 9 - Remote Code Execution CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit) CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit) CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit) MyBB < 1.8.21 - Remote Code Execution Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit) Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery Publisure Hybrid - Multiple Vulnerabilities NetGain EM Plus 10.1.68 - Remote Command Execution Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion DotNetNuke 9.3.2 - Cross-Site Scripting VehicleWorkshop 1.0 - 'bookingid' SQL Injection WordPress Plugin Tutor.1.5.3 - Local File Inclusion WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting WordPress Plugin Wordfence.7.4.5 - Local File Disclosure WordPress Plugin contact-form-7 5.1.6 - Remote File Upload WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Joomla! 3.9.0 < 3.9.7 - CSV Injection PlaySMS 1.4.3 - Template Injection / Remote Code Execution Wing FTP Server - Authenticated CSRF (Delete Admin) WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification UADMIN Botnet 1.0 - 'link' SQL Injection Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload Wordpress Plugin PicUploader 1.0 - Remote File Upload PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution WordPress Plugin Helpful 2.4.11 - SQL Injection Prestashop 1.7.6.4 - Cross-Site Request Forgery WordPress Plugin Simple File List 5.4 - Remote Code Execution Library CMS Powerful Book Management System 2.2.0 - Session Fixation Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection Beauty Parlour Management System 1.0 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes) Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes) Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)	2020-06-19 05:02:01 +00:00
Offensive Security	6ec646f7e1	DB: 2020-06-11 10 changes to exploits/shellcodes Sync Breeze Enterprise 10.0.28 - Denial of-Service (PoC) Sync Breeze Enterprise 10.4.18 - Denial of-Service (PoC) Savant Web Server 3.1 - Denial of-Service (PoC) ALLPlayer 7.5 - Denial of-Service (PoC) 10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR) WinGate 9.4.1.5998 - Insecure Folder Permissions HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC) Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin) Joomla J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Virtual Airlines Manager 2.6.2 - 'id' SQL Injection	2020-06-11 05:02:06 +00:00
Offensive Security	5308efc65c	DB: 2020-05-23 8 changes to exploits/shellcodes Konica Minolta FTP Utility 1.0 - 'LIST' Denial of Service (PoC) Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service (PoC) Filetto 1.0 - 'FEAT' Denial of Service (PoC) Druva inSync Windows Client 6.6.3 - Local Privilege Escalation VUPlayer 2.49 .m3u - Local Buffer Overflow (DEP_ASLR) WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit) Dolibarr 11.0.3 - Persistent Cross-Site Scripting Gym Management System 1.0 - Unauthenticated Remote Code Execution	2020-05-23 05:01:53 +00:00
Offensive Security	b6194a254f	DB: 2020-05-22 6 changes to exploits/shellcodes AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC) CloudMe 1.11.2 - Buffer Overflow (SEH_DEP_ASLR) forma.lms 5.6.40 - Cross-Site Request Forgery (Change Admin Email) Composr CMS 10.0.30 - Persistent Cross-Site Scripting PHPFusion 9.03.50 - Persistent Cross-Site Scripting OpenEDX platform Ironwood 2.5 - Remote Code Execution	2020-05-22 05:01:54 +00:00
Offensive Security	c1eb769a98	DB: 2020-05-08 7 changes to exploits/shellcodes FlashGet 1.9.6 - Denial of Service (PoC) Car Park Management System 1.0 - Authentication Bypass Draytek VigorAP 1000C - Persistent Cross-Site Scripting School File Management System 1.0 - 'username' SQL Injection Online Clothing Store 1.0 - Arbitrary File Upload Pisay Online E-Learning System 1.0 - Remote Code Execution Online AgroCulture Farm Management System 1.0 - 'pid' SQL Injection	2020-05-08 05:01:51 +00:00
Offensive Security	9de5d20d13	DB: 2020-05-02 9 changes to exploits/shellcodes VirtualTablet Server 3.0.2 - Denial of Service (PoC) Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit) ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting Online Scheduling System 1.0 - Persistent Cross-Site Scripting php-fusion 9.03.50 - Persistent Cross-Site Scripting Super Backup 2.0.5 for iOS - Directory Traversal HardDrive 2.1 for iOS - Arbitrary File Upload Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover) Online Scheduling System 1.0 - Authentication Bypass	2020-05-02 05:01:58 +00:00
Offensive Security	ccea007282	DB: 2020-05-01 81 changes to exploits/shellcodes WordPress 2.9 - Denial of Service WordPress Core 2.9 - Denial of Service Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC) Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC) IBM AIX 4.3.1 - 'adb' Denial of Service Jzip - Buffer Overflow (PoC) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) WordPress 4.0 - Denial of Service WordPress < 4.0.1 - Denial of Service WordPress Core 4.0 - Denial of Service WordPress Core < 4.0.1 - Denial of Service Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service PHPFreeChat 1.7 - Denial of Service XenForo 2 - CSS Loader Denial of Service MikroTik 6.41.4 - FTP daemon Denial of Service (PoC) Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Virgin Media Hub 3.0 Router - Denial of Service (PoC) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC) Windows PowerShell - Unsanitized Filename Command Execution Microsoft Windows PowerShell - Unsanitized Filename Command Execution QEMU - Denial of Service Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Tautulli 2.1.9 - Denial of Service (Metasploit) Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Cisco IP Phone 11.7 - Denial of service (PoC) PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass IBM AIX 4.3.1 - 'adb' Denial of Service Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC) AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Windows NTFS - Privileged File Access Enumeration Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) Microsoft Windows NTFS - Privileged File Access Enumeration Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit) Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit) Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) _GCafé 3.0 - 'gbClienService' Unquoted Service Path _GCafé 3.0 - 'gbClienService' Unquoted Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Bash 5.0 Patch 11 - SUID Priv Drop Exploit Bash 5.0 Patch 11 - SUID Priv Drop Exploit Windows - Shell COM Server Registrar Local Privilege Escalation Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation Windows Kernel - Information Disclosure Microsoft Windows Kernel - Information Disclosure NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress 5.0.0 - Crop-image Shell Upload (Metasploit) WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) Windows PowerShell ISE - Remote Code Execution Microsoft Windows PowerShell ISE - Remote Code Execution QEMU - Denial of Service Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) WordPress 1.2 - HTTP Splitting WordPress Core 1.2 - HTTP Splitting WordPress 1.5.1.1 - SQL Injection WordPress Core 1.5.1.1 - SQL Injection WordPress 1.5.1.1 - 'add new admin' SQL Injection WordPress Core 1.5.1.1 - 'add new admin' SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress 1.5.1.3 - Remote Code Execution WordPress 1.5.1.3 - Remote Code Execution (Metasploit) WordPress Core 1.5.1.3 - Remote Code Execution WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit) WordPress 2.0.5 - Trackback UTF-7 SQL Injection WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection WordPress 2.0.6 - 'wp-trackback.php' SQL Injection WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection WordPress 2.1.2 - 'xmlrpc' SQL Injection WordPress Core 2.1.2 - 'xmlrpc' SQL Injection WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress 2.2 - 'xmlrpc.php' SQL Injection WordPress Core 2.2 - 'xmlrpc.php' SQL Injection WordPress 2.2 - 'wp-app.php' Arbitrary File Upload WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress 2.3.1 - Charset SQL Injection WordPress Core 2.3.1 - Charset SQL Injection Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection WordPress 2.6.1 - SQL Column Truncation WordPress Core 2.6.1 - SQL Column Truncation WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress 2.8.1 - 'url' Cross-Site Scripting WordPress Core 2.8.1 - 'url' Cross-Site Scripting WordPress 2.8.3 - Remote Admin Reset Password WordPress Core 2.8.3 - Remote Admin Reset Password WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress 2.9 - Failure to Restrict URL Access WordPress Core 2.9 - Failure to Restrict URL Access Joomla! Component Joomla Flickr 1.0 - Local File Inclusion Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion WordPress 3.0.1 - 'do_trackbacks()' SQL Injection WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress 3.1.3 - SQL Injection WordPress Core 3.1.3 - SQL Injection WordPress 3.3.1 - Multiple Vulnerabilities WordPress Core 3.3.1 - Multiple Vulnerabilities WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress 1.2 - 'edit.php?s' Cross-Site Scripting WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'wp-login.php' HTTP Response Splitting WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress 1.5 - 'post.php' Cross-Site Scripting WordPress Core 1.5 - 'post.php' Cross-Site Scripting WordPress 2.0 - Comment Post HTML Injection WordPress Core 2.0 - Comment Post HTML Injection WordPress 2.0.5 - 'functions.php' Remote File Inclusion WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion WordPress 1.x/2.0.x - 'template.php' HTML Injection WordPress Core 1.x/2.0.x - 'template.php' HTML Injection WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress 2.1.1 - 'post.php' Cross-Site Scripting WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress 2.1.1 - Arbitrary Command Execution WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress Core 2.1.1 - Arbitrary Command Execution WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress 2.2 - 'Request_URI' Cross-Site Scripting WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress 2.3.1 - Unauthorized Post Access WordPress Core 2.3.1 - Unauthorized Post Access WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress 2.3.3 - 'cat' Directory Traversal WordPress Core 2.3.3 - 'cat' Directory Traversal WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 4.2 - Persistent Cross-Site Scripting WordPress Core 4.2 - Persistent Cross-Site Scripting WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress 3.4.2 - Cross-Site Request Forgery WordPress Core 3.4.2 - Cross-Site Request Forgery Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress 4.5.3 - Directory Traversal / Denial of Service WordPress Core 4.5.3 - Directory Traversal / Denial of Service PHPFreeChat 1.7 - Denial of Service WordPress 4.7.0/4.7.1 - Content Injection (Python) WordPress 4.7.0/4.7.1 - Content Injection (Ruby) WordPress Core 4.7.0/4.7.1 - Content Injection (Python) WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby) WordPress < 4.7.1 - Username Enumeration WordPress Core < 4.7.1 - Username Enumeration WordPress Multiple Plugins - Arbitrary File Upload Multiple WordPress Plugins - Arbitrary File Upload Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection WordPress 4.6 - Remote Code Execution WordPress < 4.7.4 - Unauthorized Password Reset WordPress Core 4.6 - Remote Code Execution WordPress Core < 4.7.4 - Unauthorized Password Reset XenForo 2 - CSS Loader Denial of Service Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion WordPress Plugin Site Editor 1.1.1 - Local File Inclusion Joomla Component Fields - SQLi Remote Code Execution (Metasploit) Joomla! Component Fields - SQLi Remote Code Execution (Metasploit) Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection) MikroTik 6.41.4 - FTP daemon Denial of Service PoC Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Joomla Component Ek Rishta 2.10 - SQL Injection Joomla! Component Ek Rishta 2.10 - SQL Injection Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection WordPress Plugin Ninja Forms 3.3.13 - CSV Injection Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Virgin Media Hub 3.0 Router - Denial of Service (PoC) Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress CherryFramework Themes 3.1.4 - Backup File Download WordPress Theme CherryFramework 3.1.4 - Backup File Download WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing Jenkins 2.150.2 - Remote Command Execution (Metasploit) Jenkins 2.150.2 - Remote Command Execution (Metasploit) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) phpBB 3.2.3 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution 60CycleCMS - 'news.php' SQL Injection 60CycleCMS - 'news.php' SQL Injection Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Intelbras IWR 3000N - Denial of Service (Remote Reboot) Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting Centreon 19.04 - Remote Code Execution Centreon 19.04 - Remote Code Execution WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress 5.2.3 - Cross-Site Host Modification WordPress Core 5.2.3 - Cross-Site Host Modification Joomla 3.4.6 - 'configuration.php' Remote Code Execution Joomla! 3.4.6 - 'configuration.php' Remote Code Execution WordPress Arforms 3.7.1 - Directory Traversal WordPress Plugin Arforms 3.7.1 - Directory Traversal WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution Joomla 3.9.13 - 'Host' Header Injection Joomla! 3.9.13 - 'Host' Header Injection Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) NopCommerce 4.2.0 - Privilege Escalation NopCommerce 4.2.0 - Privilege Escalation WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal ( Metasploit ) Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal (Metasploit) Tautulli 2.1.9 - Denial of Service ( Metasploit ) Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit) WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit) Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Cacti 1.2.8 - Authenticated Remote Code Execution Cacti 1.2.8 - Authenticated Remote Code Execution Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) Wordpress Plugin Search Meter 2.13.2 - CSV injection WordPress Plugin Search Meter 2.13.2 - CSV injection Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Cisco IP Phone 11.7 - Denial of service (PoC) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes)	2020-05-01 05:02:03 +00:00
Offensive Security	4ee0ce31e7	DB: 2020-04-11 3 changes to exploits/shellcodes AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service (PoC) Windscribe 1.83 - 'WindscribeService' Unquoted Service Path Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal	2020-04-11 05:01:50 +00:00
Offensive Security	36c65f8dd4	DB: 2020-04-08 2 changes to exploits/shellcodes dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC) ZOC Terminal 7.25.5 - 'Script' Denial of Service (PoC)	2020-04-08 05:01:50 +00:00
Offensive Security	85bef6929f	DB: 2020-04-07 17 changes to exploits/shellcodes Product Key Explorer 4.2.2.0 - 'Key' Denial of Service (PoC) SpotAuditor 5.3.4 - 'Name' Denial of Service (PoC) Nsauditor 3.2.0.0 - 'Name' Denial of Service (PoC) Frigate 3.36 - Denial of Service (PoC) UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service (PoC) UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service (PoC) UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service (PoC) ZOC Terminal v7.25.5 - 'Private key file' Denial of Service (PoC) Memu Play 7.1.3 - Insecure Folder Permissions Triologic Media Player 8 - '.m3l' Buffer Overflow (Unicode) (SEH) Microsoft NET USE win10 - Insufficient Authentication Logic LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit) WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting Bolt CMS 3.7.0 - Authenticated Remote Code Execution LimeSurvey 4.1.11 - 'File Manager' Path Traversal pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting	2020-04-07 05:02:01 +00:00
Offensive Security	c4e0c06fd9	DB: 2020-04-02 2 changes to exploits/shellcodes DiskBoss 7.7.14 - Denial of Service (PoC) 10Strike LANState 9.32 - 'Force Check' Buffer Overflow (SEH)	2020-04-02 05:01:49 +00:00
Offensive Security	19615ff704	DB: 2020-04-01 7 changes to exploits/shellcodes FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC) Redis - Replication Code Execution (Metasploit) IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit) DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit) SharePoint Workflows - XOML Injection (Metasploit) Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection	2020-04-01 05:01:47 +00:00
Offensive Security	169b528eaa	DB: 2020-03-31 6 changes to exploits/shellcodes Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service (PoC) 10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP) Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation Multiple DrayTek Products - Pre-authentication Remote Root Code Execution ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin) Joomla! com_fabrik 3.9.11 - Directory Traversal Zen Load Balancer 3.10.1 - Remote Code Execution	2020-03-31 05:01:48 +00:00
Offensive Security	284325fbf5	DB: 2020-03-28 5 changes to exploits/shellcodes Everest 5.50.2100 - 'Open File' Denial of Service (PoC) Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH) ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin) Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution	2020-03-28 05:01:48 +00:00
Offensive Security	b84d953124	DB: 2020-03-24 10 changes to exploits/shellcodes ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC) Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC) CyberArk PSMP 10.9.1 - Policy Restriction Bypass PHPMailer < 5.2.18 - Remote Code Execution (Bash) FIBARO System Home Center 5.021 - Remote File Include rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)	2020-03-24 05:01:50 +00:00
Offensive Security	9bacc6784a	DB: 2020-03-15 2 changes to exploits/shellcodes Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC) Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution	2020-03-15 05:01:47 +00:00
Offensive Security	2d45ff4f39	DB: 2020-02-27 5 changes to exploits/shellcodes Core FTP LE 2.2 - Denial of Service (PoC) OpenSMTPD 6.6.3 - Arbitrary File Read OpenSMTPD < 6.6.3p1 - Local Privilege Escalation + Remote Code Execution GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection PhpIX 2012 Professional - 'id' SQL Injection	2020-02-27 05:02:27 +00:00
Offensive Security	17bb415ff8	DB: 2020-02-26 5 changes to exploits/shellcodes SpotFTP-FTP Password Recover 2.4.8 - Denial of Service (PoC) aSc TimeTables 2020.11.4 - Denial of Service (PoC) Odin Secure FTP Expert 7.6.3 - Denial of Service (PoC) WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass	2020-02-26 05:01:51 +00:00
Offensive Security	cf92ea269e	DB: 2020-02-25 22 changes to exploits/shellcodes Quick N Easy Web Server 3.3.8 - Denial of Service (PoC) Go SSH servers 0.0.2 - Denial of Service (PoC) Android Binder - Use-After-Free (Metasploit) Diamorphine Rootkit - Signal Privilege Escalation (Metasploit) Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit) Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Real Web Pentesting Tutorial Step by Step - [Persian] AMSS++ v 4.31 - 'id' SQL Injection SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin) AMSS++ 4.7 - Backdoor Admin Account SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure ATutor 2.2.4 - 'id' SQL Injection I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure ManageEngine EventLog Analyzer 10.0 - Information Disclosure eLection 2.0 - 'id' SQL Injection DotNetNuke 9.5 - Persistent Cross-Site Scripting DotNetNuke 9.5 - File Upload Restrictions Bypass Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure Cacti 1.2.8 - Remote Code Execution Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)	2020-02-25 05:01:52 +00:00
Offensive Security	ed6caf0837	DB: 2020-02-21 2 changes to exploits/shellcodes Core FTP Lite 1.3 - Denial of Service (PoC) Easy2Pilot 7 - Cross-Site Request Forgery (Add User)	2020-02-21 05:01:53 +00:00
Offensive Security	8cbf7883c1	DB: 2020-02-11 11 changes to exploits/shellcodes Dota 2 7.23f - Denial of Service (PoC) usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand() Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow Ricoh Driver - Privilege Escalation (Metasploit) D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit) OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit) Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Linux/x86 - Bind Shell Generator Shellcode (114 bytes)	2020-02-11 05:02:02 +00:00
Offensive Security	923f53211e	DB: 2020-02-07 16 changes to exploits/shellcodes AbsoluteTelnet 11.12 - _license name_ Denial of Service (PoC) AbsoluteTelnet 11.12 - 'license name' Denial of Service (PoC) VIM 8.2 - Denial of Service (PoC) AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC) TapinRadio 2.12.3 - 'address' Denial of Service (PoC) TapinRadio 2.12.3 - 'username' Denial of Service (PoC) RarmaRadio 2.72.4 - 'username' Denial of Service (PoC) RarmaRadio 2.72.4 - 'server' Denial of Service (PoC) ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path Online Job Portal 1.0 - 'user_email' SQL Injection Online Job Portal 1.0 - Remote Code Execution Online Job Portal 1.0 - Cross Site Request Forgery (Add User) Ecommerce Systempay 1.0 - Production KEY Brute Force Cisco Data Center Network Manager 11.2 - Remote Code Execution Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection	2020-02-07 05:02:01 +00:00
Offensive Security	a497fe32ec	DB: 2020-01-25 6 changes to exploits/shellcodes Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) Ricoh Printer Drivers - Local Privilege Escalation TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Webtareas 2.0 - 'id' SQL Injection OLK Web Store 2020 - Cross-Site Request Forgery Genexis Platinum-4410 2.1 - Authentication Bypass	2020-01-25 05:02:04 +00:00
Offensive Security	a7338bf2c6	DB: 2020-01-24 4 changes to exploits/shellcodes BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC) Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit) Pachev FTP Server 1.0 - Path Traversal qdPM 9.1 - Remote Code Execution	2020-01-24 05:02:04 +00:00
Offensive Security	b8cbcf2571	DB: 2020-01-21 4 changes to exploits/shellcodes Sysax Multi Server 5.50 - Denial of Service (PoC) Easy XML Editor 1.7.8 - XML External Entity Injection Adive Framework 2.0.8 - Persistent Cross-Site Scripting Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)	2020-01-21 05:02:10 +00:00
Offensive Security	d907c78cad	DB: 2020-01-18 8 changes to exploits/shellcodes APKF Product Key Finder 2.5.8.0 - 'Name' Denial of Service (PoC) GTalk Password Finder 2.2.1 - 'Key' Denial of Service (PoC) Torrent FLV Converter 1.51 Build 117 - Stack Oveflow (SEH partial overwrite) Trend Micro Maximum Security 2019 - Arbitrary Code Execution Trend Micro Maximum Security 2019 - Privilege Escalation Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit) Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass	2020-01-18 05:02:08 +00:00
Offensive Security	83d2726c75	DB: 2020-01-14 14 changes to exploits/shellcodes SpotDialup 1.6.7 - 'Name' Denial of Service (PoC) SpotOutlook 1.2.6 - 'Name' Denial of Service (PoC) Top Password Software Dialup Password Recovery 1.30 - Denial of Service (PoC) Backup Key Recovery 2.2.5 - 'Name' Denial of Service (PoC) TaskCanvas 1.4.0 - 'Registration' Denial Of Service Top Password Firefox Password Recovery 2.8 - Denial of Service (PoC) Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions Allok Video Converter 4.6.1217 - Stack Overflow (SEH) Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow (SEH) Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass) Chevereto 3.13.4 Core - Remote Code Execution Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit) Digi AnywhereUSB 14 - Reflective Cross-Site Scripting	2020-01-14 05:02:00 +00:00
Offensive Security	de1e6651e0	DB: 2020-01-10 8 changes to exploits/shellcodes ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC) MSN Password Recovery 1.30 - XML External Entity Injection Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery Oracle Weblogic 10.3.6.0.0 - Remote Command Execution	2020-01-10 05:02:00 +00:00
Offensive Security	95c6eeab79	DB: 2020-01-07 33 changes to exploits/shellcodes NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC) SpotIE 2.9.5 - 'Key' Denial of Service (PoC) Dnss Domain Name Search Software - 'Key' Denial of Service (PoC) BlueAuditor 1.7.2.0 - 'Name' Denial of Service (PoC) ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service (PoC) NetShareWatcher 1.5.8.0 - 'Key' Denial of Service (PoC) Dnss Domain Name Search Software - 'Name' Denial of Service (PoC) TextCrawler Pro3.1.1 - Denial of Service (PoC) RemShutdown 2.9.0.0 - 'Key' Denial of Service (PoC) Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service (PoC) RemShutdown 2.9.0.0 - 'Name' Denial of Service (PoC) NBMonitor 1.6.6.0 - 'Key' Denial of Service (PoC) Office Product Key Finder 1.5.4 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service (PoC) SpotMSN 2.4.6 - 'Name' Denial of Service (PoC) SpotIM 2.2 - 'Name' Denial Of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Duplicate Cleaner Pro 4 - Denial of Service (PoC) Microsoft Outlook VCF cards - Denial of Service (PoC) Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path Windows - Shell COM Server Registrar Local Privilege Escalation Dairy Farm Shop Management System 1.0 - 'username' SQL Injection Complaint Management System 4.0 - 'cid' SQL injection IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin) Hostel Management System 2.0 - 'id' SQL Injection elaniin CMS 1.0 - Authentication Bypass Small CRM 2.0 - Authentication Bypass Voyager 1.3.0 - Directory Traversal Codoforum 4.8.3 - Persistent Cross-Site Scripting Django < 3.0 < 2.2 < 1.11 - Account Hijack Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)	2020-01-07 05:02:07 +00:00
Offensive Security	3b67743b55	DB: 2020-01-03 4 changes to exploits/shellcodes MSN Password Recovery 1.30 - Denial of Service (PoC) Hospital Management System 4.0 - 'searchdata' SQL Injection Hospital Management System 4.0 - Persistent Cross-Site Scripting BloodX 1.0 - Authentication Bypass	2020-01-03 05:02:00 +00:00
Offensive Security	e3e102da5b	DB: 2019-12-21 4 changes to exploits/shellcodes Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC) FreeSWITCH 1.10.1 - Command Execution phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting	2019-12-21 05:01:57 +00:00
Offensive Security	012657c6b9	DB: 2019-12-20 2 changes to exploits/shellcodes FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation	2019-12-20 05:02:03 +00:00
Offensive Security	b7471ba451	DB: 2019-12-19 9 changes to exploits/shellcodes XnView 2.49.1 - 'Research' Denial of Service (PoC) macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event() AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow OpenMRS - Java Deserialization RCE (Metasploit) Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown) Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin) Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting Telerik UI - Remote Code Execution via Insecure Deserialization	2019-12-19 05:01:59 +00:00
Offensive Security	176ff0c251	DB: 2019-12-13 3 changes to exploits/shellcodes Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC) OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit) Bullwark Momentum Series JAWS 1.0 - Directory Traversal	2019-12-13 05:01:56 +00:00
Offensive Security	6cf35b330f	DB: 2019-12-12 5 changes to exploits/shellcodes Product Key Explorer 4.2.0.0 - 'Name' Denial of Service (POC) Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC) AppXSvc 17763 - Arbitrary File Overwrite (DoS) Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font Apache Olingo OData 4.0 - XML External Entity Injection	2019-12-12 05:01:58 +00:00
Offensive Security	0f56f2f38c	DB: 2019-12-03 8 changes to exploits/shellcodes Nsauditor 3.1.8.0 - 'Name' Denial of Service (PoC) Nsauditor 3.1.8.0 - 'Key' Denial of Service (PoC) Visual Studio 2008 - XML External Entity Injection Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Anviz CrossChex 4.3.12 - Local Buffer Overflow Microsoft Excel 2016 1901 - XML External Entity Injection SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Dokuwiki 2018-04-22b - Username Enumeration	2019-12-03 05:01:42 +00:00
Offensive Security	8ae8522082	DB: 2019-11-30 8 changes to exploits/shellcodes SpotAuditor 5.3.2 - 'Key' Denial of Service SpotAuditor 5.3.2 - 'Name' Denial of Service TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path Bash 5.0 Patch 11 - SUID Priv Drop Exploit Mersive Solstice 2.8.0 - Remote Code Execution Online Inventory Manager 3.2 - Persistent Cross-Site Scripting	2019-11-30 05:01:42 +00:00
Offensive Security	a8008a9f3b	DB: 2019-11-28 2 changes to exploits/shellcodes Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC) SpotAuditor 5.3.2 - 'Base64' Denial Of Service (PoC)	2019-11-28 05:01:42 +00:00
Offensive Security	5543ae6e2e	DB: 2019-11-27 2 changes to exploits/shellcodes iNetTools for iOS 8.20 - 'Whois' Denial of Service (PoC) InduSoft Web Studio 8.1 SP1 - _Atributos_ Denial of Service (PoC)	2019-11-27 05:01:43 +00:00
Offensive Security	8162754975	DB: 2019-11-26 9 changes to exploits/shellcodes SMPlayer 19.5.0 - Denial of Service (PoC) InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC) ClamAV < 0.102.0 - 'bytecode_vm' Code Execution Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation VMware WorkStation 12.5.5 - Virtual Machine Escape VMware WorkStation 12.5.3 - Virtual Machine Escape	2019-11-26 05:01:44 +00:00
Offensive Security	f1354b784a	DB: 2019-11-23 4 changes to exploits/shellcodes Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path LiteManager 4.5.0 - Insecure File Permissions macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache	2019-11-23 05:01:42 +00:00
Offensive Security	72cddaee51	DB: 2019-11-20 13 changes to exploits/shellcodes ipPulse 1.92 - 'Enter Key' Denial of Service (PoC) Centova Cast 3.2.12 - Denial of Service (PoC) scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC) XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable' Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution Apache Httpd mod_proxy - Error Page Cross-Site Scripting Apache Httpd mod_rewrite - Open Redirects WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts	2019-11-20 05:01:41 +00:00
Offensive Security	3e9ff5a927	DB: 2019-11-19 13 changes to exploits/shellcodes iSmartViewPro 1.3.34 - Denial of Service (PoC) Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC) Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC) Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path MobileGo 8.5.0 - Insecure File Permissions NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths nipper-ng 0.11.10 - Remote Buffer Overflow (PoC) Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal Crystal Live HTTP Server 6.01 - Directory Traversal Centova Cast 3.2.11 - Arbitrary File Download TemaTres 3.0 - Cross-Site Request Forgery (Add Admin) TemaTres 3.0 - 'value' Persistent Cross-site Scripting	2019-11-19 05:01:40 +00:00
Offensive Security	7e9d444235	DB: 2019-11-12 8 changes to exploits/shellcodes iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC) iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table) _GCafé 3.0 - 'gbClienService' Unquoted Service Path Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path XML Notepad 2.8.0.4 - XML External Entity Injection	2019-11-12 05:01:40 +00:00
Offensive Security	52ab59aad8	DB: 2019-11-06 12 changes to exploits/shellcodes FileOptimizer 14.00.2524 - Denial of Service (PoC) JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common() Blue Stacks App Player 2.4.44.62.57 - _BstHdLogRotatorSvc_ Unquote Service Path Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path thejshen Globitek CMS 1.4 - 'id' SQL Injection thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting html5_snmp 1.11 - 'Router_ID' SQL Injection SD.NET RIM 4.7.3c - 'idtyp' SQL Injection	2019-11-06 05:01:40 +00:00
Offensive Security	caad53ed8d	DB: 2019-10-31 6 changes to exploits/shellcodes WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service JavaScriptCore - GetterSetter Type Confusion During DFG Compilation Ajenti 2.1.31 - Remote Code Exection (Metasploit) Citrix StoreFront Server 7.15 - XML External Entity Injection iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure Linux/x86 - (NOT\|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)	2019-10-31 05:01:41 +00:00
Offensive Security	e4e566f5ff	DB: 2019-10-22 7 changes to exploits/shellcodes winrar 5.80 64bit - Denial of Service Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2) sudo 1.2.27 - Security Bypass sudo 1.8.27 - Security Bypass winrar 5.80 - XML External Entity Injection Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Solaris 11.4 - xscreensaver Privilege Escalation CyberArk Password Vault 10.6 - Authentication Bypass	2019-10-22 05:01:40 +00:00
Offensive Security	7c5ad20e72	DB: 2019-10-15 6 changes to exploits/shellcodes SpotAuditor 5.3.1.0 - Denial of Service ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service Uplay 92.0.0.6280 - Local Privilege Escalation Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting Ajenti 2.1.31 - Remote Code Execution Kirona-DRS 5.5.3.5 - Information Disclosure	2019-10-15 05:01:47 +00:00

1 2 3 4 5

220 commits