bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2475 commits 1 branch 0 tags 258 MiB
Commit graph

117 commits

Author SHA1 Message Date
Offensive Security
1cf7d7364a DB: 2021-10-13 
176 changes to exploits/shellcodes

Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)
Sandboxie 5.49.7 - Denial of Service (PoC)
WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
iDailyDiary 4.30 - Denial of Service (PoC)
RarmaRadio 2.72.8 - Denial of Service (PoC)
DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
Color Notes 1.4 - Denial of Service (PoC)
Macaron Notes great notebook 5.5 - Denial of Service (PoC)
My Notes Safe 5.3 - Denial of Service (PoC)
Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
NBMonitor 1.6.8 - Denial of Service (PoC)
Nsauditor 3.2.3 - Denial of Service (PoC)
Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
n+otes 1.6.2 - Denial of Service (PoC)
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
Post-it 5.0.1 - Denial of Service (PoC)
Notex the best notes 6.4 - Denial of Service (PoC)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)

MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution

Visual Studio Code 1.47.1 - Denial of Service (PoC)

DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
Backup Key Recovery 2.2.7 - Denial of Service (PoC)
memono Notepad Version 4.2 - Denial of Service (PoC)

Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)

Dlink DSL2750U - 'Reboot' Command Injection
E-Learning System 1.0 - Authentication Bypass & RCE POC
Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)

ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation

GetSimple CMS 3.3.16 - Reflected XSS to RCE
House Rental and Property Listing 1.0 - Multiple Stored XSS
Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection)

EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting

Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)

Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)

Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)

CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)

WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution

Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover

Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)

Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC)

Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)

Montiorr 1.7.6m - File Upload to XSS

GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE

Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated)
Markdown Explorer 0.1.1 - XSS to RCE
Xmind 2020 - XSS to RCE
Tagstoo 2.0.1 - Stored XSS to RCE
SnipCommand 0.1.0 - XSS to RCE
Moeditor 0.2.0 - XSS to RCE
Marky 0.0.1 - XSS to RCE
StudyMD 0.3.2 - XSS to RCE
Freeter 1.2.1 - XSS to RCE
Markright 1.0 - XSS to RCE
Markdownify 1.2.0 - XSS to RCE
Anote 1.0 - XSS to RCE
Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated)
Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload

Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated)

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)

CHIYU IoT Devices - Denial of Service (DoS)

Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated)

TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal

Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)

Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution
ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection

Dolibarr ERP/CRM 10.0.6 - Login Brute Force

qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated)

Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated)

ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function

Budget and Expense Tracker System 1.0 - Authenticated Bypass
WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)
Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping
Phpwcms 1.9.30 - File Upload to XSS

Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes)
Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)
Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
 2021-10-13 05:02:15 +00:00
Offensive Security
a250e82458 DB: 2021-10-12 
176 changes to exploits/shellcodes

Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC)

Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)

jQuery UI 1.12.1 - Denial of Service (DoS)
AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)
ProFTPD 1.3.7a - Remote Denial of Service
glFTPd 2.11a - Remote Denial of Service
Hasura GraphQL 1.3.3 - Denial of Service
WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
Telegram Desktop 2.9.2 - Denial of Service (PoC)
SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service
Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC)
GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC)
GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC)

Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free

MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)

Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC)

Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
vsftpd 3.0.3 - Remote Denial of Service

GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2)

PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting

Arteco Web Client DVR/NVR - 'SessionId' Brute Force

Resumes Management and Job Application Website 1.0 - Multiple Stored XSS

Library System 1.0 - Authentication Bypass Via SQL Injection

MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF

SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)

Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting

Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting

Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution

MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS
Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS

rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)

Mini Mouse 9.3.0 - Local File inclusion / Path Traversal

GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE

Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass

rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2)

GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit)

GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE

Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS)

Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution

Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated)

OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass

VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated)

Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution (XSS/RCE)

Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated)

Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS)

WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS)

KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass

Event Registration System with QR Code 1.0 - Authentication Bypass & RCE

CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)

Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF

ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments

WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR

GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE

Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated)

Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated)

Compro Technology IP Camera - 'killps.cgi' Denial-of-Service (DoS)

OpenSIS 8.0 'modname' - Directory/Path Traversal

Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS

Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)

Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation

PlaceOS 1.2109.1 - Open Redirection

Blood Bank System 1.0 - SQL Injection / Authentication Bypass

Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass

Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read

Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes)
Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes)
Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes)
Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)
Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes)
Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes)

Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)
Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes)
Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)
 2021-10-12 05:02:16 +00:00
Offensive Security
44fc5e9b1a DB: 2021-10-06 
4 changes to exploits/shellcodes

Student Quarterly Grading System 1.0 - SQLi Authentication Bypass
Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read
Wordpress Plugin TheCartPress 1.5.3.6 - Privilege Escalation (Unauthenticated)
Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload
 2021-10-06 05:02:07 +00:00
Offensive Security
b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
 2021-09-03 20:19:21 +00:00
Offensive Security
36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
 2021-09-03 13:39:06 +00:00
Offensive Security
f3b60be22e DB: 2021-09-02 
4 changes to exploits/shellcodes

Telegram Desktop 2.9.2 - Denial of Service (PoC)
Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated)
Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection
 2021-09-02 05:01:57 +00:00
Offensive Security
4e7ab00187 DB: 2021-08-20 
204 changes to exploits/shellcodes

Charity Management System CMS 1.0 - Multiple Vulnerabilities
 2021-08-20 05:01:51 +00:00
Offensive Security
2bcb3e5c5e DB: 2021-08-05 
6 changes to exploits/shellcodes

WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting (XSS)
qdPM 9.1 - Remote Code Execution (RCE) (Authenticated)
qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated)
Client Management System 1.1 - 'cname' Stored Cross-site scripting (XSS)
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
 2021-08-05 05:01:56 +00:00
Offensive Security
dfe7376951 DB: 2021-08-03 
5 changes to exploits/shellcodes

Neo4j 3.4.18 - RMI based Remote Code Execution (RCE)
Men Salon Management System 1.0 - SQL Injection Authentication Bypass
Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS)
Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF
 2021-08-03 05:02:02 +00:00
Offensive Security
8461d963fa DB: 2021-07-30 
9 changes to exploits/shellcodes

Splinterware System Scheduler Professional 5.30 - Privilege Escalation
Denver IP Camera SHO-110 - Unauthenticated Snapshot
Longjing Technology BEMS API 1.21 - Remote Arbitrary File Download
IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration
Care2x Integrated Hospital Info System 2.7 - 'Multiple' SQL Injection
CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)
Oracle Fatwire 6.3 - Multiple Vulnerabilities
 2021-07-30 05:01:56 +00:00
Offensive Security
29558b9c84 DB: 2021-07-17 
6 changes to exploits/shellcodes

Argus Surveillance DVR 4.0 - Weak Password Encryption
Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation
Aruba Instant 8.7.1.0 - Arbitrary File Modification
Aruba Instant (IAP) - Remote Code Execution
ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection
 2021-07-17 05:01:54 +00:00
Offensive Security
db4eeaac41 DB: 2021-06-18 
9 changes to exploits/shellcodes

Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path
Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path
Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path
VX Search 13.5.28 - 'Multiple' Unquoted Service Path
Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path
Unified Office Total Connect Now 1.0 - 'data' SQL Injection
Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated)
 2021-06-18 05:01:58 +00:00
Offensive Security
b1cf12c4ea DB: 2021-05-28 
2 changes to exploits/shellcodes

Postbird 0.8.4 - Javascript Injection
 2021-05-28 05:01:57 +00:00
Offensive Security
bd9f3cd966 DB: 2021-05-25 
9 changes to exploits/shellcodes

iDailyDiary 4.30 - Denial of Service (PoC)
DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path
ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path

WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated)
Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated)
Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting (XSS)
Codiad 2.8.4 - Remote Code Execution (Authenticated) (2)
WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)
 2021-05-25 05:01:58 +00:00
Offensive Security
bccca11e26 DB: 2021-04-15 
8 changes to exploits/shellcodes

MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution
Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass)
CITSmart ITSM 9.1.2.22 - LDAP Injection
CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
jQuery 1.2 - Cross-Site Scripting (XSS)
jQuery 1.0.3 - Cross-Site Scripting (XSS)
 2021-04-15 05:01:57 +00:00
Offensive Security
e6cd1b38eb DB: 2021-03-30 
9 changes to exploits/shellcodes

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption

vsftpd 3.0.3 - Remote Denial of Service
WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)
Concrete5 8.5.4 - 'name' Stored XSS
Equipment Inventory System 1.0 - 'multiple' Stored XSS
Budget Management System 1.0 - 'Budget title' Stored XSS
Novel Boutique House-plus 3.5.1 - Arbitrary File Download
SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow
 2021-03-30 05:01:56 +00:00
Offensive Security
c031a43059 DB: 2021-03-06 
2 changes to exploits/shellcodes

CatDV 9.2 - RMI Authentication Bypass

Fluig 1.7.0 - Path Traversal
 2021-03-06 05:01:53 +00:00
Offensive Security
bbe36569c3 DB: 2021-02-18 
4 changes to exploits/shellcodes

Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquote Service Path
Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquoted Service Path

Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS
Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting
Billing Management System 2.0 - 'email' SQL injection Auth Bypass
 2021-02-18 05:01:56 +00:00
Offensive Security
f268b6f221 DB: 2021-01-28 
4 changes to exploits/shellcodes

Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)
STVS ProVision 5.9.10 - File Disclosure (Authenticated)
STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
 2021-01-28 05:01:55 +00:00
Offensive Security
9847785d4c DB: 2021-01-27 
5 changes to exploits/shellcodes

Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)
Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
Simple College Website 1.0 - 'full' Stored Cross Site Scripting
Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
 2021-01-27 05:01:58 +00:00
Offensive Security
3e80d07fdb DB: 2021-01-23 
15 changes to exploits/shellcodes

Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation
Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)
Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
Library System 1.0 - Authentication Bypass Via SQL Injection
CASAP Automated Enrollment System 1.0 - Authentication Bypass
ERPNext 12.14.0 - SQL Injection (Authenticated)
Atlassian Confluence Widget Connector Macro - SSTI

Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Socat Bind Shellcode (113 bytes)
Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes)

Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)
Linux/x86 - Egghunter (0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)

Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes)
 2021-01-23 05:01:59 +00:00
Offensive Security
206c9f4f7e DB: 2021-01-09 
9 changes to exploits/shellcodes

dnsrecon 0.10.0 - CSV Injection

PHP Handicapper - 'Process_signup.php' HTTP Response Splitting
PHP Handicapper (2005) - 'Process_signup.php' HTTP Response Splitting
Life Insurance Management System 1.0 - Multiple Stored XSS
Online Doctor Appointment System 1.0 - Multiple Stored XSS
Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)
Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)
 2021-01-09 05:01:55 +00:00
Offensive Security
e95d9f2c13 DB: 2021-01-07 
23 changes to exploits/shellcodes

dirsearch 0.4.1 - CSV Injection
IObit Uninstaller 10 Pro - Unquoted Service Path
WinAVR Version 20100110 - Insecure Folder Permissions
PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
H2 Database 1.4.199 - JNI Code Execution

Responsive ELearning System 1.0 - 'id' Sql Injection
Responsive E-Learning System 1.0 - 'id' Sql Injection
Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)
IPeakCMS 3.5 - Boolean-based blind SQLi
Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting
WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
Responsive E-Learning System 1.0 - Stored Cross Site Scripting
WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting
Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
Resumes Management and Job Application Website 1.0 - Multiple Stored XSS
Gitea 1.7.5 - Remote Code Execution
Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
 2021-01-07 05:01:58 +00:00
Offensive Security
fc0129fabf DB: 2020-12-12 
12 changes to exploits/shellcodes

Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass
Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011)
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting
Openfire 4.6.0 - 'groupchatJID' Stored XSS
Openfire 4.6.0 - 'users' Stored XSS
Openfire 4.6.0 - 'sql' Stored XSS
Medical Center Portal Management System 1.0 - Multiple Stored XSS
Jenkins 2.235.3 - 'Description' Stored XSS
Rukovoditel 2.6.1 - RCE
Supply Chain Management System - Auth Bypass SQL Injection
Dolibarr 12.0.3 - SQLi to RCE
Courier Management System 1.0 - 'First Name' Stored XSS
Courier Management System 1.0 - 'MULTIPART street ((custom) ' SQL Injection
Courier Management System 1.0 - 'ref_no' SQL Injection
 2020-12-12 05:01:57 +00:00
Offensive Security
3cad5bf9ad DB: 2020-11-03 
6 changes to exploits/shellcodes

Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)
Quick N Easy FTP Service 3.2 - Unquoted Service Path
Apache Flink 1.9.x - File Upload RCE (Unauthenticated)
WordPress Plugin Simple File List 5.4 - Arbitrary File Upload
Monitorr 1.7.6m - Remote Code Execution (Unauthenticated)
Monitorr 1.7.6m - Authorization Bypass
 2020-11-03 05:02:04 +00:00
Offensive Security
48bd7b3ea6 DB: 2020-10-30 
4 changes to exploits/shellcodes

Online Examination System 1.0 - 'name' Stored Cross Site Scripting
Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS)
WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request
Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot
 2020-10-30 05:02:03 +00:00
Offensive Security
5aa3bfc759 DB: 2020-10-21 
12 changes to exploits/shellcodes

Comtrend AR-5387un router - Persistent XSS (Authenticated)
Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)
Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure
Visitor Management System in PHP 1.0 - SQL Injection (Authenticated)
Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated)
WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload
User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS
RiteCMS 2.2.1 - Remote Code Execution (Authenticated)
Mobile Shop System v1.0 - SQL Injection Authentication Bypass
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection
WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)
 2020-10-21 05:02:11 +00:00
Offensive Security
ae14b71248 DB: 2020-10-20 
16 changes to exploits/shellcodes

Tourism Management System 1.0 - Arbitrary File Upload
Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting
Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection
Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection
Online Student's Management System 1.0 - Remote Code Execution (Authenticated)
Online Discussion Forum Site 1.0 - XSS in Messaging System
Online Job Portal 1.0 - Cross Site Scripting (Stored)
HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal
HiSilicon Video Encoders - RCE via unauthenticated command injection
HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware
HiSilicon Video Encoders - Full admin access via backdoor password
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)
Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in
Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)
Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated)
Textpattern CMS 4.6.2 - Cross-site Request Forgery
 2020-10-20 05:02:13 +00:00
Offensive Security
f697a81a18 DB: 2020-10-02 
12 changes to exploits/shellcodes

Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow
BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery (Unauthenticated)
BrightSign Digital Signage Diagnostic Web Server 8.2.26 - File Delete Path Traversal
SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure
SpinetiX Fusion Digital Signage 3.4.8 - Cross-Site Request Forgery (Add Admin)
SpinetiX Fusion Digital Signage 3.4.8 - Username Enumeration
MonoCMS Blog 1.0 - Arbitrary File Deletion (Authenticated)
WebsiteBaker 2.12.2 - 'display_name' SQL Injection (authenticated)
GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting (Authenticated)
CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting (Authenticated)
Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting

Exhibitor Web UI 1.7.1 - Remote Code Execution
 2020-10-02 05:02:08 +00:00
Offensive Security
73dd822b51 DB: 2020-09-10 
4 changes to exploits/shellcodes

Input Director 1.4.3 - 'Input Director' Unquoted Service Path
Audio Playback Recorder 3.2.2 - Local Buffer Overflow (SEH)
Tailor Management System - 'id' SQL Injection
Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery (change admin password)
 2020-09-10 05:02:04 +00:00
Offensive Security
f288c52ef9 DB: 2020-09-08 
3 changes to exploits/shellcodes

Cabot 0.11.12 - Persistent Cross-Site Scripting
grocy 2.7.1 - Persistent Cross-Site Scripting
ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)
 2020-09-08 05:02:07 +00:00
Offensive Security
ba30f5e257 DB: 2020-08-11 
3 changes to exploits/shellcodes

BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path
Warehouse Inventory System 1.0 - Cross-Site Request Forgery (Change Admin Password)
ManageEngine ADSelfService Build prior to 6003 - Remote Code Execution (Unauthenticated)
 2020-08-11 05:01:48 +00:00
Offensive Security
e46d9f65ff DB: 2020-07-27 
32 changes to exploits/shellcodes

Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH)
Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)
DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter)
Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter)
Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH)
Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)
docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)
GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)
ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution
UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin)
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)
Bludit 3.9.2 - Directory Traversal
LibreHealth 2.0.0 - Authenticated Remote Code Execution
Online Course Registration 1.0 - Unauthenticated Remote Code Execution
elaniin CMS - Authentication Bypass
Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated)
PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting
Bio Star 2.8.2 - Local File Inclusion
Webtareas 2.1p - Arbitrary File Upload (Authenticated)
F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)
Socket.io-file 2.0.31 - Arbitrary File Upload
pfSense 2.4.4-p3 - Cross-Site Request Forgery
Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting
Rails 5.0.1 - Remote Code Execution

Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes)
Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)
Windows/x86 - Download using mshta.exe Shellcode (100 bytes)
 2020-07-27 05:02:04 +00:00
Offensive Security
533f33f3f4 DB: 2020-06-05 
17 changes to exploits/shellcodes

IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path
AirControl 1.4.2 - PreAuth Remote Code Execution
Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated)
Clinic Management System 1.0 - Unauthenticated Remote Code Execution
Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated)
Oriol Espinal CMS 1.0 - 'id' SQL Injection
Clinic Management System 1.0 - Authenticated Arbitrary File Upload
Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin)
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution
Navigate CMS 2.8.7 - Authenticated Directory Traversal
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass
Online Marriage Registration System 1.0 - Remote Code Execution
Cayin Content Management Server 11.0 - Remote Command Injection (root)
SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User)
Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read
Cayin Signage Media Player 3.0 - Remote Command Injection (root)
Cayin Digital Signage System xPost 2.5 - Remote Command Injection
 2020-06-05 05:01:53 +00:00
Offensive Security
6aad755e5e DB: 2020-05-19 
10 changes to exploits/shellcodes

HP LinuxKI 6.01 - Remote Command Injection
Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection
Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection
Online Examination System 1.0 - 'eid' SQL Injection
Oracle Hospitality RES 3700 5.7 - Remote Code Execution
forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting
Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload
online Chatting System 1.0 - 'id' SQL Injection
Online Healthcare Patient Record Management System 1.0 - Authentication Bypass
Online Healthcare management system 1.0 - Authentication Bypass
 2020-05-19 05:01:51 +00:00
Offensive Security
a5ffe5baef DB: 2020-05-16 
2 changes to exploits/shellcodes

vBulletin 5.6.1 - 'nodeId' SQL Injection
ManageEngine Service Desk 10.0 - Cross-Site Scripting
 2020-05-16 05:01:47 +00:00
Offensive Security
522576cc79 DB: 2020-05-15 
6 changes to exploits/shellcodes

Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH)
Complaint Management System 1.0 - 'username' SQL Injection
Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution
E-Commerce System 1.0 - Unauthenticated Remote Code Execution
 2020-05-15 05:01:49 +00:00
Offensive Security
f564ddfd17 DB: 2020-05-13 
10 changes to exploits/shellcodes

LanSend 3.2 - Buffer Overflow (SEH)
MacOS 320.whatis Script - Privilege Escalation
Phase Botnet - Blind SQL Injection
Orchard Core RC1 - Persistent Cross-Site Scripting
ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection
CuteNews 2.1.2 - Authenticated Arbitrary File Upload
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting
qdPM 9.1 - Arbitrary File Upload
TylerTech Eagle 2018.3.11 - Remote Code Execution
 2020-05-13 05:01:48 +00:00
Offensive Security
9de5d20d13 DB: 2020-05-02 
9 changes to exploits/shellcodes

VirtualTablet Server 3.0.2 - Denial of Service (PoC)

Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)
ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting
Online Scheduling System 1.0 - Persistent Cross-Site Scripting
php-fusion 9.03.50 - Persistent Cross-Site Scripting
Super Backup 2.0.5 for iOS - Directory Traversal
HardDrive 2.1 for iOS - Arbitrary File Upload
Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover)
Online Scheduling System 1.0 - Authentication Bypass
 2020-05-02 05:01:58 +00:00
Offensive Security
7b87f30fbc DB: 2020-04-25 
5 changes to exploits/shellcodes

Popcorn Time 6.2 - 'Update service' Unquoted Service Path
EspoCRM 5.8.5 - Privilege Escalation
Edimax EW-7438RPn 1.13 - Remote Code Execution
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
 2020-04-25 05:01:51 +00:00
Offensive Security
c3e827f657 DB: 2020-04-17 
8 changes to exploits/shellcodes

VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)
TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)
Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
Apache Solr - Remote Code Execution via Velocity Template (Metasploit)
 2020-04-17 05:01:48 +00:00
Offensive Security
0137126a8e DB: 2020-04-15 
4 changes to exploits/shellcodes

B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)
Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution
WSO2 3.1.0 - Persistent Cross-Site Scripting
Oracle WebLogic Server 12.2.1.4.0  -  Remote Code Execution
 2020-04-15 05:01:49 +00:00
Offensive Security
be2aa5d840 DB: 2020-04-14 
7 changes to exploits/shellcodes

Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)
Huawei HG630 2 Router - Authentication Bypass
TVT NVMS 1000 - Directory Traversal
Webtateas 2.0 - Arbitrary File Read
WSO2 3.1.0 - Arbitrary File Delete
Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
 2020-04-14 05:01:51 +00:00
Offensive Security
284325fbf5 DB: 2020-03-28 
5 changes to exploits/shellcodes

Everest 5.50.2100 - 'Open File' Denial of Service (PoC)

Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH)
ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)
Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution
 2020-03-28 05:01:48 +00:00
Offensive Security
153c392dd9 DB: 2020-03-13 
9 changes to exploits/shellcodes

ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path
Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection
WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution
rConfig 3.9 - 'searchColumn' SQL Injection
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
 2020-03-13 05:01:50 +00:00
Offensive Security
0a0ad49d15 DB: 2020-03-11 
7 changes to exploits/shellcodes

Counter Strike: GO - '.bsp' Memory Control (PoC)
Nagios XI - Authenticated Remote Command Execution (Metasploit)
PHPStudy - Backdoor Remote Code execution (Metasploit)
Sysaid 20.1.11 b26 - Remote Command Execution
YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting
Persian VIP Download Script 1.0 - 'active' SQL Injection
 2020-03-11 05:01:47 +00:00
Offensive Security
4df22c7404 DB: 2020-03-10 
13 changes to exploits/shellcodes

Microsoft Windows - 'WizardOpium' Local Privilege Escalation
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)
PHP-FPM - Underflow Remote Code Execution (Metasploit)
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)

ManageEngine ServiceDesk Plus 9.3 - User Enumeration
60CycleCMS  - 'news.php' SQL Injection

Sahi pro 8.x - Directory Traversal

Sentrifugo HRMS 3.2 - 'id' SQL Injection
 2020-03-10 05:01:44 +00:00
Offensive Security
cf92ea269e DB: 2020-02-25 
22 changes to exploits/shellcodes

Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)
Go SSH servers 0.0.2 - Denial of Service (PoC)
Android Binder - Use-After-Free (Metasploit)
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)

Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
Real Web Pentesting Tutorial Step by Step - [Persian]
AMSS++ v 4.31 - 'id' SQL Injection
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
AMSS++ 4.7 - Backdoor Admin Account
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
ATutor 2.2.4 - 'id' SQL Injection
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
eLection 2.0 - 'id' SQL Injection
DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 - File Upload Restrictions Bypass
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
Cacti 1.2.8 - Remote Code Execution

Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
 2020-02-25 05:01:52 +00:00
Offensive Security
228a37da9c DB: 2020-02-18 
15 changes to exploits/shellcodes

HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path
TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path
Cuckoo Clock v5.0 - Buffer Overflow

Anviz CrossChex - Buffer Overflow (Metasploit)
SOPlanning 1.45 - 'by' SQL Injection
Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
Avaya Aura Communication Manager 5.2 - Remote Code Execution
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
SOPlanning 1.45 - 'users' SQL Injection
LabVantage 8.3 - Information Disclosure
 2020-02-18 05:01:54 +00:00
Offensive Security
923f53211e DB: 2020-02-07 
16 changes to exploits/shellcodes

AbsoluteTelnet 11.12 - _license name_ Denial of Service (PoC)
AbsoluteTelnet 11.12 - 'license name' Denial of Service (PoC)
VIM 8.2 - Denial of Service (PoC)
AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC)
TapinRadio 2.12.3 - 'address' Denial of Service (PoC)
TapinRadio 2.12.3 - 'username' Denial of Service (PoC)
RarmaRadio 2.72.4 - 'username' Denial of Service (PoC)
RarmaRadio 2.72.4 - 'server' Denial of Service (PoC)

ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path
Online Job Portal 1.0 - 'user_email' SQL Injection
Online Job Portal 1.0 - Remote Code Execution
Online Job Portal 1.0 - Cross Site Request Forgery (Add User)
Ecommerce Systempay 1.0 - Production KEY Brute Force
Cisco Data Center Network Manager 11.2 - Remote Code Execution
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection
 2020-02-07 05:02:01 +00:00