exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	f94c5966a1	DB: 2017-09-01 5 new exploits Git <= 2.7.5 - Command Injection (Metasploit) Linux/x86 - Fork Bomb Shellcode (9 bytes) Joomla Component Huge-IT Video Gallery 1.0.9 - SQL Injection Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection	2017-09-01 05:01:24 +00:00
Offensive Security	c7b4bfd8e6	DB: 2017-08-23 23 new exploits Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit) IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit) BSD - Passive Connection Shellcode (124 bytes) BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes) BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes) BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes) BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Random Port Shellcode (143 bytes) BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh Shellcode (27 bytes) BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes) BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes) BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes) BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes) BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes) BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes) BSD/x86 - execve /bin/cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes) FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes) BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes) FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - kill all processes Shellcode (12 bytes) FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes) FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes) FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes) FreeBSD/x86 - Kill All Processes Shellcode (12 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes) FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes) FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes) FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes) Linux/x86 - Bind Shellcode (Generator) Windows XP SP1 - Bind Shellcode (Generator) (Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode Linux/x86 - cmd Null-Free Shellcode (Generator) (Generator) - Alphanumeric Shellcode (Encoder/Decoder) Linux/x86 - Bind TCP Shellcode (Generator) Windows XP SP1 - Bind TCP Shell Shellcode (Generator) Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator) Linux/x86 - Command Null-Free Shellcode (Generator) Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator) Win32 - Multi-Format Encoding Tool Shellcode (Generator) iOS - Version-independent Shellcode Cisco IOS - Connectback 21/TCP Shellcode Windows x86 - Multi-Format Encoding Tool Shellcode (Generator) iOS Version-independent - Null-Free Shellcode Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes) Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes) Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes) Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes) Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes) Linux/x86 - killall5 polymorphic Shellcode (61 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes) Linux/x86 - reboot() polymorphic Shellcode (57 bytes) Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator (Generator) Linux/x86 - Shellcode Obfuscator Null-Free (Generator) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - /sbin/iptables -F Shellcode (40 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes) Linux/x86 - executes command after setreuid Shellcode (49+ bytes) Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + executes command (49+ bytes) Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes) Linux/x86 - Bind 2707/TCP Shellcode (84 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes) Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes) Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes) Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind 64713/TCP Shellcode (86 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - TCP Proxy Shellcode (236 bytes) Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes) Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes) Linux/x86 - snoop /dev/dsp Shellcode (172 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes) Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - chroot + standart Shellcode (66 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - setreuid/execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Shellcode (64 bytes) Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes) Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - iptables -F Shellcode (45 bytes) Linux/x86 - iptables -F Shellcode (58 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - connect Shellcode (120 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind 5074/TCP Shellcode (92 bytes) Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes) Linux/x86 - Add User (t00r) Shellcode (82 bytes) Linux/x86 - Add User Shellcode (104 bytes) Linux/x86 - break chroot Shellcode (34 bytes) Linux/x86 - break chroot Shellcode (46 bytes) Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - chroot()/execve() code Shellcode (80 bytes) Linux/x86 - Add User (z) Shellcode (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes) Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes) BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes) OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes) OSX/PPC - sync()_ reboot() Shellcode (32 bytes) OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes) OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes) OSX/PPC - sync() + reboot() Shellcode (32 bytes) OSX/PPC - Add user _r00t_ Shellcode (219 bytes) OSX/PPC - Add Root User (r00t) Shellcode (219 bytes) Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid/execve Shellcode (56 bytes) Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes) Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid + execve Shellcode (56 bytes) Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes) Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes) Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes) Win32 - SEH Omelet Shellcode Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes) Win32 - PEB!NtGlobalFlags Shellcode (14 bytes) Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes) Win32/XP SP2 - cmd.exe Shellcode (57 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Win32 - ConnectBack + Download A File + Save + Execute Shellcode Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes) Win32 - Download File + Execute Shellcode (192 bytes) Win32 - Download File + Execute Shellcode (124 bytes) Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box Shellcode (110 bytes) Win32 - WinExec() Command Parameter Shellcode (104+ bytes) Win32 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - SEH Omelet Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes) Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes) Windows x86 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP - Download File + Execute Shellcode Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes) Windows XP - Download File + Execute Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Win32 XP SP3 - ShellExecuteA Shellcode Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes) Win32/XP SP2 - calc.exe Shellcode (45 bytes) Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes) Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - break chroot Shellcode (79 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Win32 XP SP2 (FR) - calc Shellcode (19 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes) Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes) Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - disabled modsecurity Shellcode (64 bytes) Win32 - JITed Stage-0 Shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Linux/x86 - Disabled modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes) Win32 - MessageBox Shellcode (Metasploit) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Genearator With Customizable Text) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Generator) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes) Windows XP SP2 (FR) - Download File + Execute Shellcode Windows XP SP2 (French) - Download File + Execute Shellcode Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes) Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes) Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes) Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes) Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes) Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes) Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes) Linux/x86 - Bind Shell 64533 Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes) Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Win32 - Write-to-file Shellcode (278 bytes) Windows x86 - Write-to-file Null-Free Shellcode (278 bytes) Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 English - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes) Win32 - Checksum Routine Shellcode (18 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes) Windows x86 - Checksum Routine Shellcode (18 bytes) Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes) Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes) Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader Port 0x1337 Shellcode ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader (0x1337/TCP) Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes) Win32 - Speaking 'You got pwned!' Shellcode FreeBSD/x86 - connect back Shellcode (81 bytes) BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes) Win32 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes) Linux/x86 - ASLR deactivation Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator) BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes) Windows x86 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Linux/x86 - Disable ASLR Security Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes) Linux/x86 - Egghunter Shellcode (29 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes) Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator) Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes) Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes) Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes) Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes) Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes) Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes) Windows x64 - Bind TCP Shell Shellcode (508 bytes) Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes) Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes) Windows RT ARM - Bind Shell 4444/TCP Shellcode Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode Windows - Messagebox Shellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes) Windows - Add Administrator 'BroK3n' Shellcode (194 bytes) Windows - Messagebox Null-FreeShellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes) Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes) Linux/x86 - Disable ASLR Shellcode (84 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes) Win32/XP SP3 - Restart computer Shellcode (57 bytes) Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes) Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes) Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes) Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes) Linux/x86 - exec('/bin/dash') Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes) Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes) Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes) OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes) Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator) Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator) OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes) Linux/x86-64 - /bin/sh Shellcode (34 bytes) Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes) OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes) Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python) Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes) Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes) Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Win32 .Net Framework - Execute Native x86 Shellcode Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator) Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes) Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes) Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shellcode (64 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes) Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes) Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes) Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes) Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x64 - WinExec() Shellcode (93 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes) Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes) Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Windows x86 - Executable Directory Search Shellcode (130 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Linux/x86 - Bind Shell Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes) Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Disable ASLR Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux x86 - /bin/sh Shellcode (24 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86_64 - kill All Processes Shellcode (19 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Php Cloud mining Script - Authentication Bypass (Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass	2017-08-23 05:01:29 +00:00
Offensive Security	6ab9a26ee4	DB: 2017-06-27 10 new exploits PHP Exif Extension - 'exif_read_data()' Function Remote Denial of Service PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service PHP phar extension 1.1.1 - Heap Overflow PHP 'phar' Extension 1.1.1 - Heap Overflow PHP 5.2.1 GD Extension - '.WBMP' File Integer Overflow Vulnerabilities PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow Vulnerabilities PHP 5.3.1 - 'session_save_path()' 'Safe_mode' Restriction-Bypass PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot PHP 5.3.2 xmlrpc Extension - Multiple Remote Denial of Service Vulnerabilities PHP 5.3.2 'xmlrpc' Extension - Multiple Remote Denial of Service Vulnerabilities PHP 5.3.x - 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service PHP 5.3.x - 'Zip' Extension 'stream_get_contents()' Function Denial of Service PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service PHP < 5.3.6 OpenSSL Extension - openssl_encrypt Function Plaintext Data Memory Leak Denial of Service PHP < 5.3.6 OpenSSL Extension - openssl_decrypt Function Ciphertext Data Memory Leak Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write unrar 5.40 - 'VMSF_DELTA' Filter Arbitrary Memory Write NTFS 3.1 - Master File Table Denial of Service LAME 3.99.5 - 'II_step_one' Buffer Overflow LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow PHP COM extensions - (inconsistent Win32) Safe_mode Bypass Exploit PHP 'COM' Extensions - (inconsistent Win32) 'safe_mode' Bypass Exploit PHP 5.2.3 Tidy extension - Local Buffer Overflow PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow PHP 5.2.3 - Win32std ext. Safe_mode/disable_functions Protections Bypass PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass PHP 5.x - (Win32service) Local Safe Mode Bypass Exploit PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass Exploit PHP FFI Extension 5.0.5 - Local Safe_mode Bypass PHP Perl Extension - Safe_mode BypassExploit PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit PHP 'Perl' Extension - 'Safe_mode' Bypass Exploit PHP 4.4.7 / 5.2.3 - MySQL/MySQL Injection Safe Mode Bypass PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit PHP 5.2.4 ionCube extension - Safe_mode / disable_functions Bypass PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass PHP 5.x - COM functions Safe_mode and disable_function Bypass PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass PHP 5.2.6 - (error_log) Safe_mode Bypass PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit PHP - Safe_mode Bypass via proc_open() and custom Environment PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment PHP python extension safe_mode - Bypass Local PHP 'python' Extension - 'safe_mode' Local Bypass Exploit PHP 3 < 5 - Ini_Restore() Safe_mode and open_basedir Restriction Bypass PHP 3 < 5 - Ini_Restore() 'Safe_mode' / 'open_basedir' Restriction Bypass PHP 5.2 - Session.Save_Path() Safe_mode and open_basedir Restriction Bypass PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass PHP 5.2 - FOpen Safe_mode Restriction-Bypass PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Exploit PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities suPHP 0.7 - 'suPHP_ConfigPath' Safe Mode Restriction-Bypass suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit PHP 5.2.9 cURL - 'Safe_mode' and 'open_basedir' Restriction-Bypass PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit JAD Java Decompiler 1.5.8e - Buffer Overflow Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass/RCI Exploit Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection Exploit Network Tool 0.2 PHP-Nuke Addon - MetaCharacter Filtering Command Execution PHP-Nuke Network Tool 0.2 Addon - MetaCharacter Filtering Command Execution PHP 4.x/5.x - Html_Entity_Decode() Information Disclosure PHP 4.x/5.x - 'Html_Entity_Decode()' Information Disclosure PHP 4.x - copy() Function Safe Mode Bypass PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit PHP 5.2.5 - cURL 'safe mode' Security Bypass PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit PHP 5.x (5.3.x 5.3.2) - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit) Crypttech CryptoLog - Remote Code Execution (Metasploit) Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit) Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit) Linux/x86 - Bind Shell Shellcode (75 bytes) JiRos Banner Experience 1.0 - (Create Authentication Bypass) Remote Exploit JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit XOOPS myAds Module - (lid) SQL Injection XOOPS myAds Module - 'lid' SQL Injection PHP-Update 2.7 - extract() Authentication Bypass / Shell Inject Exploit PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit Kolang - proc_open PHP safe mode Bypass 4.3.10 - 5.3.0 Exploit Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit SmarterMail 7.x (7.2.3925) - Persistent Cross-Site Scripting SmarterMail 7.x (7.2.3925) - LDAP Injection SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting SmarterMail < 7.2.3925 - LDAP Injection MaticMarket 2.02 for PHP-Nuke - Local File Inclusion PHP-Nuke MaticMarket 2.02 - Local File Inclusion WordPress Plugin BuddyPress plugin 1.5.x < 1.5.5 - SQL Injection WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection Search Enhanced Module 1.1/2.0 for PHP-Nuke - HTML Injection PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection SonicWALL Gms 7.x - Filter Bypass & Persistent Exploit SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Exploit Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock) PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock) phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection pragmaMx 1.12.1 - modules.php URI Cross-Site Scripting pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting Glossaire Module for XOOPS - '/modules/glossaire/glossaire-aff.php' SQL Injection XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection ATutor LMS - install_modules.php Cross-Site Request Forgery / Remote Code Execution ATutor LMS - 'install_modules.php' Cross-Site Request Forgery / Remote Code Execution vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API Eltek SmartPack - Backdoor Account	2017-06-27 05:01:26 +00:00
Offensive Security	b002e06bf6	DB: 2017-06-08 9 new exploits Linux Kernel - 'ping' Local Denial of Service Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption Artifex MuPDF - Null Pointer Dereference Artifex MuPDF mujstest 1.10a - Null Pointer Dereference DC/OS Marathon UI - Docker Exploit (Metasploit) Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting Xavier 2.4 - SQL Injection Robert 0.5 - Multiple Vulnerabilities	2017-06-08 05:01:17 +00:00
Offensive Security	4e3947178d	DB: 2017-05-10 10 new exploits LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflows wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One Microsoft Windows 8 / 8.1 / 10 / Windows Server / SCEP_ Microsoft Security Essentials - 'MsMpEng' Remotely Exploitable Type Confusion Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution Crypttech CryptoLog - Remote Code Execution (Metasploit) BSD/x86 - portbind port 31337 Shellcode (83 bytes) BSD/x86 - portbind port random Shellcode (143 bytes) BSD/x86 - Portbind Port 31337 Shellcode (83 bytes) BSD/x86 - Portbind Random Port Shellcode (143 bytes) BSD/x86 - execve /bin/sh Crypt /bin/sh Shellcode (49 bytes) BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes) BSD/x86 - reverse 6969 portbind Shellcode (129 bytes) BSD/x86 - Portbind Reverse 6969 Shellcode (129 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes) FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Rortbind Reverse 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - portbind 4883 with auth Shellcode (222 bytes) FreeBSD/x86 - Portbind Port 4883 with Auth Shellcode (222 bytes) FreeBSD/x86 - connect (Port 31337) Shellcode (102 bytes) FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes) Linux/x86 - execve Null Free Shellcode (Generator) Linux/x86 - Portbind Payload Shellcode (Generator) Windows XP SP1 - Portbind Payload Shellcode (Generator) Linux/x86 - execve Null-Free Shellcode (Generator) Linux/x86 - Portbind Shellcode (Generator) Windows XP SP1 - Portbind Shellcode (Generator) Linux/x86 - cmd Null Free Shellcode (Generator) Linux/x86 - cmd Null-Free Shellcode (Generator) Cisco IOS - Connectback (Port 21) Shellcode Cisco IOS - Connectback Port 21 Shellcode Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind Shellcode (276 bytes) Linux/MIPS (Linksys WRT54G/GL) - Bind Port 4919 Shellcode (276 bytes) Linux/SPARC - portbind port 8975 Shellcode (284 bytes) Linux/SPARC - Portbind Port 8975 Shellcode (284 bytes) Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes) Linux/x86 - Binding Port 4444 Shellcode (xor-encoded) (152 bytes) Linux/x86 - bindport 8000 & execve iptables -F Shellcode (176 bytes) Linux/x86 - bindport 8000 & add user with root access Shellcode (225+ bytes) Linux/x86 - 8000 Bind Port ASM Code Linux Shellcode (179 bytes) Linux/x86 - Bind Port 8000 & Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind Port 8000 & Add User with Root Access Shellcode (225+ bytes) Linux/x86 - Bind Port 8000 ASM Code Linux Shellcode (179 bytes) Linux/x86 - connect-back port UDP/54321 live packet capture Shellcode (151 bytes) Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Connectback Port 54321/UDP Live Packet Capture Shellcode (151 bytes) Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Connect Back Port 8192.send.exit /etc/shadow Shellcode (155 bytes) Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes) Linux/x86 - setuid/portbind (Port 31337) Shellcode (96 bytes) Linux/x86 - portbind (2707) Shellcode (84 bytes) Linux/x86 - setuid/portbind Port 31337 Shellcode (96 bytes) Linux/x86 - Portbind 2707 Shellcode (84 bytes) Linux/x86 - SET_PORT() portbind 31337/TCP Shellcode (100 bytes) Linux/x86 - SET_PORT() Portbind 31337/TCP Shellcode (100 bytes) Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes) Linux/x86 - portbind (port 64713) Shellcode (86 bytes) Linux/x86 - Password Authentication Portbind 64713 Shellcode (166 bytes) Linux/x86 - Portbind Port 64713 Shellcode (86 bytes) Linux/x86 - portbind port 5074 toupper Shellcode (226 bytes) Linux/x86 - Add user 't00r' encrypt Shellcode (116 bytes) Linux/x86 - Portbind Port 5074 toupper Shellcode (226 bytes) Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes) Linux/x86 - portbind port 5074 Shellcode (92 bytes) Linux/x86 - portbind port 5074 + fork() Shellcode (130 bytes) Linux/x86 - Add user 't00r' Shellcode (82 bytes) Linux/x86 - Portbind Port 5074 Shellcode (92 bytes) Linux/x86 - Portbind Port 5074 + fork() Shellcode (130 bytes) Linux/x86 - Add User 't00r' Shellcode (82 bytes) Linux/x86-64 - bindshell port 4444 Shellcode (132 bytes) Linux/x86-64 - Bindshell Port 4444 Shellcode (132 bytes) NetBSD/x86 - callback Shellcode (port 6666) (83 bytes) NetBSD/x86 - Callback Port 6666 Shellcode (83 bytes) OpenBSD/x86 - portbind port 6969 Shellcode (148 bytes) OpenBSD/x86 - Portbind Port 6969 Shellcode (148 bytes) Solaris/SPARC - portbind (port 6666) Shellcode (240 bytes) Solaris/SPARC - Portbind Port 6666 Shellcode (240 bytes) Solaris/SPARC - portbind port 6789 Shellcode (228 bytes) Solaris/SPARC - Portbind Port 6789 Shellcode (228 bytes) Solaris/SPARC - portbinding Shellcode (240 bytes) Solaris/x86 - portbind/TCP Shellcode (Generator) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free Shellcode (39 bytes) Solaris/SPARC - Portbind Shellcode (240 bytes) Solaris/x86 - Portbind TCP Shellcode (Generator) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null-Free Shellcode (39 bytes) Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 Shellcode Windows 5.0 < 7.0 x86 - Bind Shell Port 28876 Null-Free Shellcode Win32 - telnetbind by Winexec 23 port Shellcode (111 bytes) Win32 - Winexec Telnet Bind 23 Port Shellcode (111 bytes) Win32 XP SP2 FR - Sellcode cmd.exe Shellcode (32 bytes) Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes) Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Download & Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - download and execute Shellcode (124 bytes) Win32 - Download & Execute Shellcode (124 bytes) Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes) Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes) Windows XP - download and exec source Shellcode Windows XP SP1 - Portshell on port 58821 Shellcode (116 bytes) Windows XP - Download & Exec Shellcode Windows XP SP1 - Portshell Port 58821 Shellcode (116 bytes) Win64 - (URLDownloadToFileA) download and execute Shellcode (218+ bytes) Win64 - (URLDownloadToFileA) Download & Execute Shellcode (218+ bytes) Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 Shellcode FreeBSD/x86 - portbind (Port 1337) Shellcode (167 bytes) Win32 XP SP3 - Add Firewall Rule to Allow TCP Traffic on Port 445 Shellcode FreeBSD/x86 - Portbind Port 1337 Shellcode (167 bytes) Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes) Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes) Windows XP Professional SP2 (English) - Message Box Null-Free Shellcode (16 bytes) Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes) Win32 XP SP2 FR - calc Shellcode (19 bytes) Win32 XP SP2 (FR) - calc Shellcode (19 bytes) Win32 XP SP3 English - cmd.exe Shellcode (26 bytes) Win32 XP SP2 Turkish - cmd.exe Shellcode (26 bytes) Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes) Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes) Windows XP Home Edition SP2 English - calc.exe Shellcode (37 bytes) Windows XP Home Edition SP3 English - calc.exe Shellcode (37 bytes) Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) Windows XP Professional SP2 ITA - calc.exe Shellcode (36 bytes) Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes) Windows XP SP2 FR - Download and Exec Shellcode Windows XP SP2 (FR) - Download & Exec Shellcode Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes) Windows 7 Professional SP1 x64 (FR) - (Beep) Shellcode (39 bytes) Linux/x86 - netcat connect back port 8080 Shellcode (76 bytes) Linux/x86 - Netcat Connectback Port 8080 Shellcode (76 bytes) Linux/x86-64 - Add root user _shell-storm_ with password _leet_ Shellcode (390 bytes) Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86-64 - Add root user _shell-storm_ with password 'leet' Shellcode (390 bytes) Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86 - bind shell port 64533 Shellcode (97 bytes) Linux/x86 - Bind Shell Port 64533 Shellcode (97 bytes) Linux - 125 bind port to 6778 XOR encoded polymorphic Shellcode (125 bytes) Linux - _nc -lp 31337 -e /bin//sh_ polymorphic Shellcode (91 bytes) Linux - 125 Bind Port 6778 XOR Encoded Polymorphic Shellcode (125 bytes) Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes) Linux/x86 - netcat bindshell port 8080 Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes) Linux/x86 - Netcat BindShell Port 8080 Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes) BSD/x86 - bindshell on port 2525 Shellcode (167 bytes) BSD/x86 - Bindshell Port 2525 Shellcode (167 bytes) Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes) Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes) Win32/XP Pro SP3 (EN) x86 - Add new local administrator _secuid0_ Shellcode (113 bytes) Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes) ARM - Bindshell port 0x1337 Shellcode Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes) Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes) ARM - Bindshell Port 0x1337 Shellcode OSX/Intel (x86-64) - setuid shell Shellcode (51 bytes) OSX/Intel x86-64 - setuid shell Shellcode (51 bytes) Win32 - speaking Shellcode Win32 - Speaking 'You got pwned!' Shellcode BSD/x86 - 31337 portbind + fork Shellcode (111 bytes) BSD/x86 - 31337 Portbind + fork Shellcode (111 bytes) Linux/x86 - netcat bindshell port 6666 Shellcode (69 bytes) Linux/x86 - Netcat BindShell Port 6666 Shellcode (69 bytes) Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes) Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes) Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes) Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes) Linux/MIPS - connect back Shellcode (port 0x7a69) (168 bytes) Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes) Windows XP Pro SP3 - Full ROP calc Shellcode (428 bytes) Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes) Windows RT ARM - Bind Shell (Port 4444) Shellcode Windows RT ARM - Bind Shell Port 4444 Shellcode Windows - Add Admin User _BroK3n_ Shellcode (194 bytes) Windows - Add Administrator 'BroK3n' Shellcode (194 bytes) Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User 'ALI' & Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Bind Port 4444/TCP Shellcode (81 bytes / 96 bytes with password) Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x86 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download & execute Shellcode (Generator) Windows XP x86-64 - Download & Execute Shellcode (Generator) Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes) Linux/x86 - Bind Shell Port 33333/TCP Shellcode (96 bytes) Win32/XP SP3 - Create (_file.txt_) Shellcode (83 bytes) Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes) Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes) OSX/x86-64 - /bin/sh Null Free Shellcode (34 bytes) OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes) OSX/x86-64 - 4444/TPC port bind Nullfree Shellcode (144 bytes) OSX/x86-64 - Bind Port 4444/TPC Null-free Shellcode (144 bytes) Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes) Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes) Linux/x86-64 - Bindshell 31173 port with Password Shellcode (92 bytes) Linux/x86-64 - Bindshell Port 31173 with Password Shellcode (92 bytes) Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator) Windows XP < 10 - WinExec Null-Free Shellcode (Python) (Generator) Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes) Linux/x86-64 - Bind Port 4444/TCP Shellcode (103 bytes) Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes) Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes) Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes) Windows x86 - Download & Run via WebDAV Null-Free Shellcode (96 bytes) Linux/x86-64 - bindshell (Port 5600) Shellcode (81 bytes) Linux/x86-64 - Bindshell Port 5600 Shellcode (81 bytes) Linux/x86-64 - bindshell (Port 5600) Shellcode (86 bytes) Linux/x86-64 - Bindshell Port 5600 Shellcode (86 bytes) Linux/x86 - Bind TCP Port 1472 (IPv6) Shellcode (1250 bytes) Linux/x86 - Bind Port 1472/TCP (IPv6) Shellcode (1250 bytes) Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes) Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes) Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes) Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes) Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes) Linux/x86-64 - Reverse TCP Shell Null-Free Shellcode (134 bytes) Linux/x86 - NetCat Bind Shellcode with Port (44 / 52 bytes) Linux/x86 - zsh TCP Port 9090 Bind Shellcode (96 bytes) Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes) Linux/x86 - Netcat Bind Shellcode with Port (44 / 52 bytes) Linux/x86 - zsh Bind Port 9090/TCP Shellcode (96 bytes) Linux/x86 - zsh Reverse Port 9090/TCP Shellcode (80 bytes) Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes) Linux/x86-64 - Bind Port 5600/TCP - Shellcode (87 bytes) LogRhythm Network Monitor - Authentication Bypass / Command Injection I_ Librarian 4.6 / 4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting	2017-05-10 05:01:16 +00:00
Offensive Security	72f98fab1c	DB: 2017-04-28 5 new exploits Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption Microsoft Office Word - Malicious Hta Execution (Metasploit) Microsoft Office Word - '.RTF' Malicious HTA Execution (Metasploit) Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit) TYPO3 News Module - SQL Injection Simple File Uploader - Arbitrary File Download Easy File Uploader - Arbitrary File Upload	2017-04-28 05:01:19 +00:00
Offensive Security	570f8aec26	DB: 2017-03-25 6 new exploits wifirxpower - Local Buffer Overflow Miele Professional PG 8528 - Directory Traversal NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow (Metasploit) Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit) Gr8 Tutorial Script - SQL Injection Gr8 Gallery Script - SQL Injection	2017-03-25 05:01:17 +00:00
Offensive Security	dab1517032	DB: 2016-11-22 13 new exploits Borland Interbase 2007 - ibserver.exe Buffer Overflow (PoC) Borland Interbase 2007 - 'ibserver.exe' Buffer Overflow (PoC) Linux Kernel (Ubuntu / RedHat) - 'keyctl' Null Pointer Dereference Linux Kernel 4.8.0-22 / 3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Microsoft Edge Scripting Engine - Memory Corruption (MS16-129) Microsoft Edge - 'CTextExtractor::GetBlockText' Out-of-Bounds Read (MS16-104) Microsoft Internet Explorer 8 jscript - 'RegExpBase::FBadHeader' Use-After-Free (MS15-018) NTP 4.2.8p8 - Denial of Service Tumbleweed SecureTransport FileTransfer - ActiveX Buffer Overflow Tumbleweed SecureTransport 4.6.1 FileTransfer - ActiveX Buffer Overflow Borland Interbase 2007 - PWD_db_aliased Buffer Overflow (Metasploit) Borland Interbase 2007 - 'PWD_db_aliased' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 sp2 - 'jrd8_create_database' Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - 'INET_connect' Buffer Overflow (Metasploit) Borland Interbase - isc_create_database() Buffer Overflow (Metasploit) Borland Interbase - 'isc_create_database()' Buffer Overflow (Metasploit) Borland Interbase - isc_attach_database() Buffer Overflow (Metasploit) Borland Interbase - 'isc_attach_database()' Buffer Overflow (Metasploit) Borland Interbase - SVC_attach() Buffer Overflow (Metasploit) Borland Interbase - 'SVC_attach()' Buffer Overflow (Metasploit) Borland Interbase - Create-Request Buffer Overflow (Metasploit) Borland Interbase - 'Create-Request' Buffer Overflow (Metasploit) Borland Interbase - PWD_db_aliased() Buffer Overflow (Metasploit) Borland Interbase - open_marker_file() Buffer Overflow (Metasploit) Borland Interbase - 'PWD_db_aliased()' Buffer Overflow (Metasploit) Borland Interbase - 'open_marker_file()' Buffer Overflow (Metasploit) Borland Interbase - jrd8_create_database() Buffer Overflow (Metasploit) Borland Interbase - INET_connect() Buffer Overflow (Metasploit) Borland Interbase - 'jrd8_create_database()' Buffer Overflow (Metasploit) Borland Interbase - 'INET_connect()' Buffer Overflow (Metasploit) Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) phpunity.postcard - (gallery_path) Remote File Inclusion phpunity.postcard - 'gallery_path' Parameter Remote File Inclusion CcMail 1.0.1 - (update.php functions_dir) Remote File Inclusion CcMail 1.0.1 - 'functions_dir' Parameter Remote File Inclusion 1024 CMS 0.7 - (download.php item) Remote File Disclosure 1024 CMS 0.7 - 'download.php' Remote File Disclosure cpCommerce 1.1.0 - (category.php id_category) SQL Injection CPCommerce 1.1.0 - 'id_category' Parameter SQL Injection 1024 CMS 1.3.1 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities 1024 CMS 1.3.1 - Local File Inclusion / SQL Injection Mole 2.1.0 - (viewsource.php) Remote File Disclosure ChartDirector 4.1 - (viewsource.php) File Disclosure 724CMS 4.01 Enterprise - (index.php ID) SQL Injection My Gaming Ladder 7.5 - (ladderid) SQL Injection Mole 2.1.0 - 'viewsource.php' Remote File Disclosure ChartDirector 4.1 - 'viewsource.php' File Disclosure 724CMS 4.01 Enterprise - 'index.php' SQL Injection My Gaming Ladder 7.5 - 'ladderid' Parameter SQL Injection exbb 0.22 - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities Pligg CMS 9.9.0 - (editlink.php id) SQL Injection ExBB 0.22 - Local / Remote File Inclusion Pligg CMS 9.9.0 - 'editlink.php' SQL Injection Prediction Football 1.x - (matchid) SQL Injection Prediction Football 1.x - 'matchid' Parameter SQL Injection Free Photo Gallery Site Script - (path) File Disclosure Free Photo Gallery Site Script - 'path' Parameter File Disclosure LiveCart 1.1.1 - (category id) Blind SQL Injection Ksemail - 'index.php language' Local File Inclusion LiveCart 1.1.1 - 'id' Parameter Blind SQL Injection Ksemail - Local File Inclusion RX Maxsoft - 'popup_img.php fotoID' SQL Injection PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection RX Maxsoft - 'fotoID' Parameter SQL Injection PHPKB Knowledge Base Software 1.5 - 'ID' Parameter SQL Injection Pollbooth 2.0 - (pollID) SQL Injection cpcommerce 1.1.0 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities Pollbooth 2.0 - 'pollID' Parameter SQL Injection CPCommerce 1.1.0 - Cross-Site Scripting / Local File Inclusion SmallBiz eShop - (content_id) SQL Injection SmallBiz eShop - 'content_id' Parameter SQL Injection lightneasy sqlite / no database 1.2.2 - Multiple Vulnerabilities LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities PostcardMentor - 'step1.asp cat_fldAuto' SQL Injection PostcardMentor - 'cat_fldAuto' Parameter SQL Injection Pligg CMS 9.9.0 - (story.php id) SQL Injection Pligg CMS 9.9.0 - 'story.php' SQL Injection LokiCMS 0.3.4 - writeconfig() Remote Command Execution LokiCMS 0.3.4 - 'writeconfig()' Remote Command Execution cpCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass CPCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass cpCommerce 1.2.8 - (id_document) Blind SQL Injection CPCommerce 1.2.8 - 'id_document' Parameter Blind SQL Injection cpCommerce 1.2.x - GLOBALS[prefix] Arbitrary File Inclusion CPCommerce 1.2.x - 'GLOBALS[prefix]' Arbitrary File Inclusion ChartDirector 5.0.1 - (cacheId) Arbitrary File Disclosure ChartDirector 5.0.1 - 'cacheId' Parameter Arbitrary File Disclosure Pligg CMS 1.0.4 - (story.php?id) SQL Injection Pligg CMS 1.0.4 - 'story.php' SQL Injection 724CMS 4.59 Enterprise - SQL Injection 724CMS Enterprise 4.59 - SQL Injection lightneasy 3.2.2 - Multiple Vulnerabilities LightNEasy 3.2.2 - Multiple Vulnerabilities My Postcards 6.0 - MagicCard.cgi Arbitrary File Disclosure My Postcards 6.0 - 'MagicCard.cgi' Arbitrary File Disclosure Mambo Open Source 4.0.14 - PollBooth.php Multiple SQL Injection Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injection PhotoKorn 1.53/1.54 - postcard.php id Parameter SQL Injection PhotoKorn 1.53/1.54 - 'id' Parameter SQL Injection CPCommerce 1.1 - Manufacturer.php SQL Injection CPCommerce 1.1 - 'manufacturer.php' SQL Injection LiveCart 1.0.1 - user/remindPassword return Parameter Cross-Site Scripting LiveCart 1.0.1 - category q Parameter Cross-Site Scripting LiveCart 1.0.1 - order return Parameter Cross-Site Scripting LiveCart 1.0.1 - user/remindComplete email Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'q' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting LiveCart 1.0.1 - 'email' Parameter Cross-Site Scripting Pligg CMS 1.x - module.php Multiple Parameter Cross-Site Scripting Pligg CMS 1.x - 'module.php' Multiple Parameter Cross-Site Scripting Pligg CMS 2.0.2 - (load_data_for_search.php) SQL Injection Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection CMS Made Simple 2.1.5 - Cross-Site Scripting Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery Mezzanine 4.2.0 - Cross-Site Scripting LEPTON 2.2.2 - SQL Injection LEPTON 2.2.2 - Remote Code Execution FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery FUDforum 3.0.6 - Local File Inclusion Wordpress Plugin Olimometer 2.56 - SQL Injection	2016-11-22 05:01:18 +00:00
Offensive Security	5e2fc10125	DB: 2016-09-03	2016-09-03 13:13:25 +00:00
Offensive Security	31a21bb68d	DB: 2016-09-03 14 new exploits Too many to list!	2016-09-03 05:08:42 +00:00
Offensive Security	70d97f91c1	DB: 2016-07-28 2 new exploits Multiple AntiVirus (zip file) Detection Bypass Exploit Multiple AntiVirus - .zip Detection Bypass Exploit RealPlayer 10 - (.smil File) Local Buffer Overflow Exploit RealPlayer 10 - (.smil) Local Buffer Overflow Exploit Veritas Backup Exec - Remote File Access Exploit (Windows) Veritas Backup Exec - Remote File Access Exploit (Windows) (Metasploit) ZENworks 6.5 Desktop/Server Management Remote Stack Overflow MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow ZENworks 6.5 Desktop/Server Management - Remote Stack Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit (Metasploit) Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit) WebAdmin <= 2.0.4 - USER Buffer Overflow Exploit WebAdmin <= 2.0.4 - USER Buffer Overflow Exploit (Metasploit) Opera <= 8.02 - Remote Denial of Service Exploit Opera <= 8.02 - Remote Denial of Service Exploit (1) MailEnable 1.54 Pro - Universal IMAPD W3C Logging BoF Exploit Google Search Appliance - proxystylesheet XSLT Java Code Execution MailEnable 1.54 Pro - Universal IMAPD W3C Logging BoF Exploit (Metasploit) Google Search Appliance - proxystylesheet XSLT Java Code Execution (Metasploit) Oracle 9.2.0.1 - Universal XDB HTTP Pass Overflow Exploit Lyris ListManager - Read Message Attachment SQL Injection Exploit Oracle 9.2.0.1 - Universal XDB HTTP Pass Overflow Exploit (Metasploit) Lyris ListManager - Read Message Attachment SQL Injection Exploit (Metasploit) Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (Linux) Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (Linux) (Metasploit) Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (OSX) Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (OSX) (Metasploit) Mac OS X Safari Browser - (Safe File) Remote Code Execution Exploit Mac OS X Safari Browser - (Safe File) Remote Code Execution Exploit (Metasploit) Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote Exploit Kerio Personal Firewall <= 2.1.4 - Remote Authentication Packet Overflow Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote Exploit (Metasploit) Kerio Personal Firewall <= 2.1.4 - Remote Authentication Packet Overflow (Metasploit) Microsoft Visual Studio 6.0 sp6 - (Malformed .dbp File) Buffer Overflow Exploit Microsoft Visual Studio 6.0 sp6 - (.dbp) Buffer Overflow Exploit Novell Messenger Server 2.0 - (Accept-Language) Remote Overflow Exploit Symantec Sygate Management Server - (login) SQL Injection Exploit Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow Exploit Novell Messenger Server 2.0 - (Accept-Language) Remote Overflow Exploit (Metasploit) Symantec Sygate Management Server - (login) SQL Injection Exploit (Metasploit) Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow Exploit (Metasploit) Microsoft Windows RRAS - Remote Stack Overflow Exploit (MS06-025) Microsoft Windows RRAS - Remote Stack Overflow Exploit (MS06-025) (Metasploit) Microsoft Windows - RRAS RASMAN Registry Stack Overflow Exploit (MS06-025) Microsoft Windows - RRAS RASMAN Registry Stack Overflow Exploit (MS06-025) (Metasploit) eIQnetworks License Manager Remote Buffer Overflow Exploit (1262) eIQnetworks License Manager Remote Buffer Overflow Exploit (494) eIQnetworks License Manager - Remote Buffer Overflow Exploit (Metasploit) eIQnetworks License Manager - Remote Buffer Overflow Exploit (multi) (2) eIQnetworks License Manager - Remote Buffer Overflow Exploit (Metasploit) (2) Microsoft Windows - NetpIsRemote() Remote Overflow Exploit (MS06-040) Microsoft Windows - NetpIsRemote() Remote Overflow Exploit (MS06-040) (Metasploit) Microsoft Internet Explorer - (MDAC) Remote Code Execution Exploit (MS06-014) (2) Microsoft Internet Explorer - (MDAC) Remote Code Execution Exploit (MS06-014) (Metasploit) (2) IBM eGatherer <= 3.20.0284.0 - (ActiveX) Remote Code Execution Exploit IBM eGatherer <= 3.20.0284.0 - (ActiveX) Remote Code Execution Exploit (Metasploit) Microsoft Windows 2003 - NetpIsRemote() Remote Overflow Exploit (MS06-040) Microsoft Windows 2003 - NetpIsRemote() Remote Overflow Exploit (MS06-040) (Metasploit) Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow Exploit Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow Exploit (Metasploit) McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit (Metasploit) PrivateWire Gateway 3.7 - Remote Buffer Overflow Exploit (Win32) PrivateWire Gateway 3.7 - Remote Buffer Overflow Exploit (Win32) (Metasploit) Apple Airport - 802.11 Probe Response Kernel Memory Corruption Proof of Concept Apple Airport - 802.11 Probe Response Kernel Memory Corruption Proof of Concept (Metasploit) VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (Metasploit) VUPlayer 2.44 - (.m3u UNC Name) Buffer Overflow Exploit (Metasploit) VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit VUPlayer 2.44 - (.m3u UNC Name) Buffer Overflow Exploit Windows Media Player 9/10 - (MID File) Denial of Service Exploit Windows Media Player 9/10 - (.MID) Denial of Service Exploit NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow Exploit NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow Exploit (Metasploit) Oreon <= 1.2.3 RC4 - (lang/index.php file) Remote Inclusion Oreon <= 1.2.3 RC4 - (lang/index.php) Remote Inclusion Magic CMS 4.2.747 - (mysave.php file) Remote File Include Magic CMS 4.2.747 - (mysave.php) Remote File Include WebLog (index.php file) Remote File Disclosure WebLog (index.php) Remote File Disclosure Pathos CMS 0.92-2 - (warn.php file) Remote File Inclusion Pathos CMS 0.92-2 - (warn.php) Remote File Inclusion Zomplog 3.8 - (force_download.php file) Remote File Disclosure Zomplog 3.8 - (force_download.php) Remote File Disclosure Winamp <= 5.3 - (WMV File) Remote Denial of Service Exploit Winamp <= 5.3 - (.WMV) Remote Denial of Service Exploit Opera 9.2 - (torrent File) Remote Denial of Service Exploit Opera 9.2 - (.torrent) Remote Denial of Service Exploit JulmaCMS 1.4 - (file.php file) Remote File Disclosure JulmaCMS 1.4 - (file.php) Remote File Disclosure PStruh-CZ 1.3/1.5 - (download.asp File) File Disclosure PStruh-CZ 1.3/1.5 - (download.asp) File Disclosure Virtual DJ 5.0 - (m3u File) Local Buffer OverFlow Exploit OTSTurntables 1.00 - (m3u File) Local Buffer Overflow Exploit Virtual DJ 5.0 - (.m3u) Local Buffer OverFlow Exploit OTSTurntables 1.00 - (.m3u) Local Buffer Overflow Exploit AtomixMP3 2.3 - (pls File) Local Buffer OverFlow Exploit AtomixMP3 2.3 - (.pls) Local Buffer OverFlow Exploit helplink 0.1.0 - (show.php file) Remote File Inclusion helplink 0.1.0 - (show.php) Remote File Inclusion jetAudio 7.x - (m3u File) Local SEH Overwrite Exploit jetAudio 7.x - (m3u) Local SEH Overwrite Exploit FireConfig 0.5 - (dl.php file) Remote File Disclosure FireConfig 0.5 - (dl.php) Remote File Disclosure Sony CONNECT Player 4.x - (m3u File) Local Stack Overflow Exploit Sony CONNECT Player 4.x - (.m3u) Local Stack Overflow Exploit phpCMS 1.2.2 - (parser.php file) Remote File Disclosure phpCMS 1.2.2 - (parser.php) Remote File Disclosure ChartDirector 4.1 - (viewsource.php file) File Disclosure ChartDirector 4.1 - (viewsource.php) File Disclosure IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (Perl) IntelliTamper 2.07 - (.map) Local Arbitrary Code Execution Exploit (Perl) Acoustica Mixcraft <= 4.2 Build 98 - (mx4 file) Local BoF Exploit Acoustica Mixcraft <= 4.2 Build 98 - (mx4) Local BoF Exploit Acoustica MP3 CD Burner 4.51 Build 147 - (asx file) Local BoF Exploit Acoustica MP3 CD Burner 4.51 Build 147 - (.asx) Local BoF Exploit Acoustica Beatcraft 1.02 Build 19 - (bcproj file) Local BoF Exploit Acoustica Beatcraft 1.02 Build 19 - (.bcproj) Local BoF Exploit Microsoft Windows Explorer - (.zip File) Denial of Service Exploit Microsoft Windows Explorer - (.zip) Denial of Service Exploit Kusaba <= 1.0.4 - Remote Code Execution Exploit Kusaba <= 1.0.4 - Remote Code Execution Exploit (1) Cain & Abel 4.9.23 - (rdp file) Buffer Overflow PoC Cain & Abel 4.9.23 - (.rdp) Buffer Overflow PoC Electronics Workbench (EWB File) Local Stack Overflow PoC Electronics Workbench (.EWB) Local Stack Overflow PoC Cain & Abel 4.9.23 - (rdp file) Buffer Overflow Exploit Cain & Abel 4.9.23 - (.rdp) Buffer Overflow Exploit autositephp 2.0.3 - (LFI/CSRF/edit file) Multiple Vulnerabilities autositephp 2.0.3 - (LFI/CSRF/Edit file) Multiple Vulnerabilities CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit CoolPlayer 2.19 - (.Skin) Local Buffer Overflow Exploit CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (Python) CoolPlayer 2.19 - (.Skin) Local Buffer Overflow Exploit (Python) SAWStudio 3.9i (prf File) Local Buffer Overflow PoC SAWStudio 3.9i - (.prf) Local Buffer Overflow PoC IntelliTamper 2.07/2.08 - (MAP File) Local SEH Overwrite Exploit IntelliTamper 2.07/2.08 - (.MAP) Local SEH Overwrite Exploit Hex Workshop 5.1.4 - (Color Mapping File) Local Buffer Overflow PoC Hex Workshop 5.1.4 - Color Mapping File Local Buffer Overflow PoC Destiny Media Player 1.61 - (lst File) Local Buffer Overflow PoC Destiny Media Player 1.61 - (.lst) Local Buffer Overflow PoC Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (2) Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (3) Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (2) Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (3) Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (4) Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (5) Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (4) Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (5) VUPlayer <= 2.49 - (.PLS) Universal Buffer Overflow Exploit VUPlayer 2.49 - (.pls) Universal Buffer Overflow Exploit ExcelOCX ActiveX 3.2 - (Download File) Insecure Method Exploit ExcelOCX ActiveX 3.2 - Download File Insecure Method Exploit Zinf Audio Player 2.2.1 - (PLS File) Stack Overflow PoC Zinf Audio Player 2.2.1 - (PLS File) Local Buffer Overflow Exploit (univ) Zinf Audio Player 2.2.1 - (M3U FILE) Local Heap Overflow PoC Zinf Audio Player 2.2.1 - (gqmpeg File) Buffer Overflow PoC Zinf Audio Player 2.2.1 - (.pls) Stack Overflow PoC Zinf Audio Player 2.2.1 - (.pls) Local Buffer Overflow Exploit (univ) Zinf Audio Player 2.2.1 - (.M3U) Local Heap Overflow PoC Zinf Audio Player 2.2.1 - (.gqmpeg) Buffer Overflow PoC Thomson mp3PRO Player/Encoder (M3U File) Crash PoC Thomson mp3PRO Player/Encoder - (.M3U) Crash PoC Spider Player 2.3.9.5 - (asx File) off by one Crash Exploit Spider Player 2.3.9.5 - (.asx) off by one Crash Exploit Elecard AVC HD PLAYER (m3u/xpl file) Local Stack Overflow PoC Elecard AVC HD PLAYER - (.m3u/.xpl) Local Stack Overflow PoC Nokia N95-8 - (.JPG File) Remote Crash PoC Nokia N95-8 - (.JPG) Remote Crash PoC Media Commands (m3u File) Local SEH Overwrite Exploit Media Commands (.m3u) Local SEH Overwrite Exploit Media Commands (m3u File) Universal SEH Overwrite Exploit Media Commands (.m3u) Universal SEH Overwrite Exploit MediaCoder 0.6.2.4275 - (m3u File) Universal Stack Overflow Exploit MediaCoder 0.6.2.4275 - (.m3u) Universal Stack Overflow Exploit VUPlayer <= 2.49 - (.cue) Universal Buffer Overflow Exploit VUPlayer 2.49 - (.cue) Universal Buffer Overflow Exploit Gretech GOM Encoder 1.0.0.11 - (Subtitle File) Buffer Overflow PoC Gretech GOM Encoder 1.0.0.11 - (.Subtitle) Buffer Overflow PoC Abee Chm Maker 1.9.5 - (CMP File) Stack Overflow Exploit PowerCHM 5.7 - (hhp File) Stack Overflow poC Abee Chm Maker 1.9.5 - (.CMP) Stack Overflow Exploit PowerCHM 5.7 - (.hhp) Stack Overflow poC Apollo 37zz (M3u File) Local Heap Overflow PoC Apollo 37zz - (.m3u) Local Heap Overflow PoC mpegable Player 2.12 - (YUV File) Local Stack Overflow PoC mpegable Player 2.12 - (.YUV) Local Stack Overflow PoC Rama CMS <= 0.9.8 - (download.php file) File Disclosure Rama CMS <= 0.9.8 - (download.php) File Disclosure compface <= 1.5.2 - (XBM File) Local Buffer Overflow PoC compface <= 1.5.2 - (.XBM) Local Buffer Overflow PoC MP3-Nator 2.0 - (plf File) Universal Buffer Overflow Exploit (SEH) MP3-Nator 2.0 - (.plf) Universal Buffer Overflow Exploit (SEH) PatPlayer 3.9 - (M3U File) Local Heap Overflow PoC PatPlayer 3.9 - (.M3U) Local Heap Overflow PoC QuickDev 4 - (download.php file) File Disclosure QuickDev 4 - (download.php) File Disclosure FoxPlayer 1.1.0 - (m3u File) Local Buffer Overflow PoC FoxPlayer 1.1.0 - (.m3u) Local Buffer Overflow PoC Microsoft Windows 2003 - (EOT File) BSOD Crash Exploit Microsoft Windows 2003 - (.EOT) BSOD Crash Exploit VUPlayer <= 2.49 - (.m3u) Universal Buffer Overflow Exploit VUPlayer 2.49 - (.m3u) Universal Buffer Overflow Exploit Audio Lib Player (m3u File) Buffer Overflow Exploit (SEH) Audio Lib Player (.m3u) Buffer Overflow Exploit (SEH) MP3 Collector 2.3 - (m3u File) Local Crash PoC MP3 Collector 2.3 - (.m3u) Local Crash PoC BigAnt Server 2.50 SP1 - (ZIP File) Local Buffer Overflow PoC BigAnt Server 2.50 SP1 - (.ZIP) Local Buffer Overflow PoC BigAnt Server <= 2.50 SP6 - Local (ZIP File) Buffer Overflow PoC (2) BigAnt Server <= 2.50 SP6 - (.ZIP) Local Buffer Overflow PoC (2) XM Easy Personal FTP Server <= 5.8.0 DoS XM Easy Personal FTP Server <= 5.8.0 DoS (Metasploit) Symantec ConsoleUtilities ActiveX Buffer Overflow Symantec ConsoleUtilities ActiveX Buffer Overflow (Metasploit) Nagios3 statuswml.cgi Command Injection Nagios3 statuswml.cgi Command Injection (Metasploit) httpdx 1.4 - h_handlepeer BoF httpdx 1.4 - h_handlepeer BoF (Metasploit) Mambo 4.6.4 - Cache Lite Output Remote File Inclusion Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit) BASE <= 1.2.4 - base_qry_common.php Remote File Inclusion AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection Cacti 0.8.6-d graph_view.php Command Injection AWStats 6.2-6.1 - configdir Command Injection ClamAV Milter <= 0.92.2 - Blackhole-Mode (sendmail) Code Execution SpamAssassin spamd <= 3.1.3 - Command Injection DistCC Daemon - Command Execution ContentKeeper Web Appliance < 125.10 Command Execution Solaris in.telnetd TTYPROMPT - Buffer Overflow Solaris 10 / 11 Telnet - Remote Authentication Bypass Solaris sadmind adm_build_path - Buffer Overflow Solaris <= 8.0 - LPD Command Execution BASE <= 1.2.4 - base_qry_common.php Remote File Inclusion (Metasploit) AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit) Cacti 0.8.6-d graph_view.php Command Injection (Metasploit) AWStats 6.2-6.1 - configdir Command Injection (Metasploit) ClamAV Milter <= 0.92.2 - Blackhole-Mode (sendmail) Code Execution (Metasploit) SpamAssassin spamd <= 3.1.3 - Command Injection (Metasploit) DistCC Daemon - Command Execution (Metasploit) ContentKeeper Web Appliance < 125.10 Command Execution (Metasploit) Solaris in.telnetd TTYPROMPT - Buffer Overflow (Metasploit) Solaris 10 / 11 Telnet - Remote Authentication Bypass (Metasploit) Solaris sadmind adm_build_path - Buffer Overflow (Metasploit) Solaris <= 8.0 - LPD Command Execution (Metasploit) Solaris 8 dtspcd - Heap Overflow Samba 2.2.0 < 2.2.8 - trans2open Overflow (OS X) Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X) Solaris 8 dtspcd - Heap Overflow (Metasploit) Samba 2.2.0 < 2.2.8 - trans2open Overflow (OS X) (Metasploit) Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X) (Metasploit) mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X) WebSTAR FTP Server <= 5.3.2 - USER Overflow (OS X) Mail.App 10.5.0 - Image Attachment Command Execution (OS X) Arkeia Backup Client <= 5.3.3 - Type 77 Overflow (OS X) AppleFileServer 10.3.3 - LoginEXT PathName Overflow (OS X) Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X) (Metasploit) WebSTAR FTP Server <= 5.3.2 - USER Overflow (OS X) (Metasploit) Mail.App 10.5.0 - Image Attachment Command Execution (OS X) (Metasploit) Arkeia Backup Client <= 5.3.3 - Type 77 Overflow (OS X) (Metasploit) AppleFileServer 10.3.3 - LoginEXT PathName Overflow (OS X) (Metasploit) Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow (Metasploit) Wyse Rapport Hagent Fake Hserver - Command Execution Subversion 1.0.2 - Date Overflow Samba 2.2.x - nttrans Overflow RealServer 7-9 Describe Buffer Overflow PHP < 4.5.0 - unserialize Overflow ntpd 4.0.99j-k readvar - Buffer Overflow Veritas NetBackup - Remote Command Execution HP OpenView OmniBack II A.03.50 - Command Executino Apple Quicktime for Java 7 - Memory Access Opera 9.50 / 9.61 historysearch - Command Execution Opera <= 9.10 Configuration Overwrite Mozilla Suite/Firefox < 1.5.0.5 - Navigator Object Code Execution Mozilla Suite/Firefox < 1.0.5 - compareTo Code Execution Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit Firefox 3.5 - escape Memory Corruption Exploit Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow Squid 2.5.x / 3.x - NTLM Buffer Overflow Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow MySQL <= 6.0 yaSSL <= 1.7.5 - Hello Message Buffer Overflow Borland InterBase 2007 - PWD_db_aliased Buffer Overflow Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) Subversion 1.0.2 - Date Overflow (Metasploit) Samba 2.2.x - nttrans Overflow (Metasploit) RealServer 7-9 Describe Buffer Overflow (Metasploit) PHP < 4.5.0 - unserialize Overflow (Metasploit) ntpd 4.0.99j-k readvar - Buffer Overflow (Metasploit) Veritas NetBackup - Remote Command Execution (Metasploit) HP OpenView OmniBack II A.03.50 - Command Execution (Metasploit) Apple Quicktime for Java 7 - Memory Access (Metasploit) Opera 9.50 / 9.61 historysearch - Command Execution (Metasploit) Opera <= 9.10 Configuration Overwrite (Metasploit) Mozilla Suite/Firefox < 1.5.0.5 - Navigator Object Code Execution (Metasploit) Mozilla Suite/Firefox < 1.0.5 - compareTo Code Execution (Metasploit) Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit (Metasploit) Firefox 3.5 - escape Memory Corruption Exploit (Metasploit) Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow (Metasploit) Squid 2.5.x / 3.x - NTLM Buffer Overflow (Metasploit) Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) MySQL <= 6.0 yaSSL <= 1.7.5 - Hello Message Buffer Overflow (Metasploit) Borland InterBase 2007 - PWD_db_aliased Buffer Overflow (Metasploit) HP Release Control Authenticated XXE HP Release Control Authenticated XXE (Metasploit) Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow Borland InterBase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow (Metasploit) Borland InterBase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow (Metasploit) Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow Madwifi < 0.9.2.1 - SIOCGIWSCAN Buffer Overflow University of Washington - imap LSUB Buffer Overflow Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit PeerCast <= 0.1216 Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Madwifi < 0.9.2.1 - SIOCGIWSCAN Buffer Overflow (Metasploit) University of Washington - imap LSUB Buffer Overflow (Metasploit) Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit (Metasploit) PeerCast <= 0.1216 (Metasploit) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow (Metasploit) Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 - masterCGI Command Injection Unreal Tournament 2004 - 'Secure' Overflow Irix LPD tagprinter - Command Execution HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution Xtacacsd <= 4.1.2 - report Buffer Overflow System V Derived /bin/login Extraneous Arguments Buffer Overflow (modem based) Mercantec SoftCart 4.00b - CGI Overflow Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 - masterCGI Command Injection (Metasploit) Unreal Tournament 2004 - 'Secure' Overflow (Metasploit) Irix LPD tagprinter - Command Execution (Metasploit) HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution (Metasploit) Xtacacsd <= 4.1.2 - report Buffer Overflow (Metasploit) System V Derived /bin/login Extraneous Arguments Buffer Overflow (modem based) (Metasploit) Mercantec SoftCart 4.00b - CGI Overflow (Metasploit) Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution (Metasploit) M3U To ASX-WPL 1.1 - (m3u Playlist file) Buffer Overflow Exploit HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit Audacity 1.2.6 - (gro File) Buffer Overflow Exploit M3U To ASX-WPL 1.1 - (.m3u) Buffer Overflow Exploit HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit Audacity 1.2.6 - (.gro) Buffer Overflow Exploit HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (Metasploit) HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (Metasploit) Millenium MP3 Studio 2.0 - (PLS File) Universal Stack Overflow (Metasploit) Millenium MP3 Studio 2.0 - (.pls) Universal Stack Overflow (Metasploit) Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (1) Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (Metasploit) (1) Audiotran 1.4.1 - (PLS File) Stack Overflow (Metasploit) Audiotran 1.4.1 - (.pls) Stack Overflow (Metasploit) OpenOffice - (.slk File) Parsing Null Pointer OpenOffice - (.slk) Parsing Null Pointer MediaCoder - (.lst file) Local Buffer Overflow Exploit MediaCoder - (.lst) Local Buffer Overflow Exploit VUPlayer <= 2.49 - (.m3u) Universal Buffer Overflow Exploit (DEP bypass) VUPlayer 2.49 - (.m3u) Universal Buffer Overflow Exploit (DEP bypass) ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS DEP and ASLR Bypass) ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS DEP and ASLR Bypass) (Metasploit) Mediacoder 0.7.3.4682 - (.m3u File) Universal Buffer Overflow Exploit Mediacoder 0.7.3.4682 - (.m3u) Universal Buffer Overflow Exploit Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit) Novell iPrint Client ActiveX Control 'debug' Buffer Overflow Exploit Novell iPrint Client ActiveX Control 'debug' Buffer Overflow Exploit (Metasploit) VUPlayer - M3U Buffer Overflow VUPlayer - (.m3u) Buffer Overflow (Metasploit) Audiotran 1.4.1 - (PLS File) Stack Buffer Overflow Audiotran 1.4.1 - (.pls) Stack Buffer Overflow HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (1) HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (1) Millenium MP3 Studio 2.0 - (PLS File) Stack Buffer Overflow Millenium MP3 Studio 2.0 - (.pls) Stack Buffer Overflow VariCAD 2010-2.05 EN (DWB File) Stack Buffer Overflow VariCAD 2010-2.05 EN - (.DWB) Stack Buffer Overflow HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (2) HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (2) ProShow Gold 4.0.2549 - (PSH File) Stack Buffer Overflow ProShow Gold 4.0.2549 - (.PSH) Stack Buffer Overflow VUPlayer - CUE Buffer Overflow VUPlayer - (.cue) Buffer Overflow (Metasploit) AstonSoft DeepBurner (DBR File) Path Buffer Overflow AstonSoft DeepBurner - (.DBR) Path Buffer Overflow HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (3) HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (3) Zinf Audio Player 2.2.1 - (PLS File) Stack Buffer Overflow Zinf Audio Player 2.2.1 - (.pls) Stack Buffer Overflow MikeyZip 1.1 - (.zip File) Buffer Overflow MikeyZip 1.1 - (.zip) Buffer Overflow Windows - DNS Reverse Download and Exec Shellcode Windows - DNS Reverse Download and Exec Shellcode (Metasploit) Magix Musik Maker 16 - (.mmm) Stack Buffer Overflow (without egg-hunter) Magix Musik Maker 16 - (.mmm) Stack Buffer Overflow (without egg-hunter) (Metasploit) Black Ice Cover Page SDK insecure method DownloadImageFileURL() Exploit Black Ice Cover Page SDK insecure method DownloadImageFileURL() Exploit (Metasploit) If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (2) If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (Metasploit) (2) Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS (MS09-053) Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS (MS09-053) (Metasploit) MicroP 0.1.1.1600 - (MPPL File) Stack Buffer Overflow MicroP 0.1.1.1600 - (.MPPL) Stack Buffer Overflow Firefox 3.6.16 - OBJECT mChannel Remote Code Execution Exploit (DEP Bypass) Firefox 3.6.16 - OBJECT mChannel Remote Code Execution Exploit (DEP Bypass) (Metasploit) HP JetDirect PJL Interface Universal Path Traversal HP JetDirect PJL Query Execution HP JetDirect PJL Interface Universal Path Traversal (Metasploit) HP JetDirect PJL Query Execution (Metasploit) Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution (Metasploit) LifeSize Room - Command Injection LifeSize Room - Command Injection (Metasploit) Opera 10/11 - (bad nesting with frameset tag) Memory Corruption Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit) Opera Browser 10/11/12 - (SVG layout) Memory Corruption (0Day) Opera Browser 10/11/12 - (SVG layout) Memory Corruption (0Day) (Metasploit) Cytel Studio 9.0 - (CY3 File) Stack Buffer Overflow Cytel Studio 9.0 - (.CY3) Stack Buffer Overflow NJStar Communicator 3.00 MiniSMTP Server Remote Exploit NJStar Communicator 3.00 MiniSMTP Server Remote Exploit (Metasploit) KnFTP 1.0 - Buffer Overflow Exploit (DEP Bypass) KnFTP 1.0 - Buffer Overflow Exploit (DEP Bypass) (Metasploit) AbsoluteFTP 1.9.6 < 2.2.10 - Remote Buffer Overflow (LIST) AbsoluteFTP 1.9.6 < 2.2.10 - Remote Buffer Overflow (LIST) (Metasploit) QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS (Metasploit) Free MP3 CD Ripper 1.1 - (WAV File) Stack Buffer Overflow Free MP3 CD Ripper 1.1 - (.WAV) Stack Buffer Overflow CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit (.m3u) CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit (.m3u) (Metasploit) AVID Media Composer Phonetic Indexer Remote Stack BoF Final Draft 8 - Multiple Stack Buffer Overflows AVID Media Composer Phonetic Indexer Remote Stack BoF (Metasploit) Final Draft 8 - Multiple Stack Buffer Overflows (Metasploit) StoryBoard Quick 6 - Stack Buffer Overflow StoryBoard Quick 6 - Stack Buffer Overflow (Metasploit) phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection (Metasploit) vBSEO <= 3.6.0 - 'proc_deutf()' Remote PHP Code Injection Exploit vBSEO <= 3.6.0 - 'proc_deutf()' Remote PHP Code Injection Exploit (Metasploit) The Uploader 2.0.4 - (Eng/Ita) Remote File Upload Remote Code Execution The Uploader 2.0.4 - (Eng/Ita) Remote File Upload Remote Code Execution (Metasploit) Liferay XSL - Command Execution Liferay XSL - Command Execution (Metasploit) CPE17 Autorun Killer <= 1.7.1 - Stack Buffer Overflow Exploit CPE17 Autorun Killer <= 1.7.1 - Stack Buffer Overflow Exploit (Metasploit) Wyse - Machine Remote Power off (DOS) without any privilege Wyse - Machine Remote Power off (DOS) without any privilege (Metasploit) TFM MMPlayer (m3u/ppl File) Buffer Overflow TFM MMPlayer (.m3u/.ppl) Buffer Overflow Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow (Metasploit) WANGKONGBAO CNS-1000 UTM IPS-FW Directory Traversal WANGKONGBAO CNS-1000 UTM IPS-FW Directory Traversal (Metasploit) ALLMediaServer 0.8 SEH Overflow Exploit ALLMediaServer 0.8 - SEH Overflow Exploit Siemens Simatic S7-300/400 CPU START/STOP Module Siemens Simatic S7-300 PLC Remote Memory Viewer Siemens Simatic S7-1200 CPU START/STOP Module Siemens Simatic S7-300/400 CPU START/STOP Module (Metasploit) Siemens Simatic S7-300 PLC Remote Memory Viewer (Metasploit) Siemens Simatic S7-1200 CPU START/STOP Module (Metasploit) Sysax Multi Server 5.64 - Create Folder Buffer Overflow Sysax Multi Server 5.64 - Create Folder Buffer Overflow (Metasploit) Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit (Metasploit) Jira Scriptrunner 2.0.7 - CSRF/RCE Exploit Jira Scriptrunner 2.0.7 - CSRF/RCE Exploit (Metasploit) NetWin SurgeFTP Authenticated Admin Command Injection NetWin SurgeFTP Authenticated Admin Command Injection (Metasploit) ActFax 5.01 - RAW Server Exploit ActFax 5.01 - RAW Server Exploit (Metasploit) Polycom HDX Telnet Authorization Bypass Polycom HDX Telnet Authorization Bypass (Metasploit) Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009) Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009) (Metasploit) Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit) Mikrotik Syslog Server for Windows 1.15 - Denial of Service Mikrotik Syslog Server for Windows 1.15 - Denial of Service (Metasploit) SAP ConfigServlet OS Command Execution SAP ConfigServlet OS Command Execution (Metasploit) SAP ConfigServlet Remote Unauthenticated Payload Execution SAP ConfigServlet Remote Unauthenticated Payload Execution (Metasploit) Microsoft Internet Explorer textNode Use-After-Free Microsoft Internet Explorer textNode Use-After-Free (Metasploit) Java Web Start Double Quote Injection Remote Code Execution Java Web Start Double Quote Injection Remote Code Execution (Metasploit) OpenEMR 4.1.1 Patch 14 - SQLi Privilege Escalation Remote Code Execution OpenEMR 4.1.1 Patch 14 - SQLi Privilege Escalation Remote Code Execution (Metasploit) Zabbix 2.0.8 - SQL Injection / Remote Code Execution Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit) SikaBoom - Remote Buffer Overflow SikaBoom - Remote Buffer Overflow (Metasploit) Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass (Metasploit) VUPlayer 2.49 - (.M3U) Universal Buffer Overflow (DEP Bypass) VUPlayer 2.49 - (.m3u) Universal Buffer Overflow (DEP Bypass) Netgear WNR1000v3 - Password Recovery Credential Disclosure Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit) Easy CD-DA Recorder - (PLS File) Buffer Overflow Easy CD-DA Recorder - (.pls) Buffer Overflow Fitnesse Wiki - Remote Command Execution Fitnesse Wiki - Remote Command Execution (Metasploit) EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read (Metasploit) AlienVault 4.5.0 - Authenticated SQL Injection AlienVault 4.5.0 - Authenticated SQL Injection (Metasploit) Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root RCE Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root RCE (Metasploit) F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation (Metasploit) AlienVault OSSIM 4.6.1 - Authenticated SQL Injection AlienVault OSSIM 4.6.1 - Authenticated SQL Injection (Metasploit) Raritan PowerIQ 4.1.0 - SQL Injection Raritan PowerIQ 4.1.0 - SQL Injection (Metasploit) Mthree Development MP3 to WAV Decoder - (.mp3 File) Remote Buffer Overflow Mthree Development MP3 to WAV Decoder - (.mp3) Remote Buffer Overflow ManageEngine Password Manager MetadataServlet.dat SQL Injection ManageEngine Password Manager MetadataServlet.dat SQL Injection (Metasploit) Ammyy Admin 3.5 - RCE Ammyy Admin 3.5 - RCE (Metasploit) Microsoft Exchange IIS HTTP Internal IP Address Disclosure Microsoft Exchange IIS HTTP Internal IP Address Disclosure (Metasploit) ManageEngine OpManager / Social IT Arbitrary File Upload ManageEngine OpManager / Social IT Arbitrary File Upload (Metasploit) DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload (Metasploit) Device42 WAN Emulator 2.3 - Traceroute Command Injection Device42 WAN Emulator 2.3 - Ping Command Injection Device42 WAN Emulator 2.3 - Traceroute Command Injection (Metasploit) Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit) Microsoft Windows Media Player 11.0.5721.5145 - (.avi File) Buffer Overflow Microsoft Windows Media Player 11.0.5721.5145 - (.avi) Buffer Overflow Varnish Cache CLI Interface - Remote Code Execution Varnish Cache CLI Interface - Remote Code Execution (Metasploit) Lotus Mail Encryption Server (Protector for Mail) - LFI to RCE Lotus Mail Encryption Server (Protector for Mail) - LFI to RCE (Metasploit) OpenMyZip 0.1 - (.zip File) Buffer Overflow OpenMyZip 0.1 - (.zip) Buffer Overflow Persistent Systems Client Automation - Command Injection RCE Persistent Systems Client Automation - Command Injection RCE (Metasploit) Metasploit Project < 4.11.1 - Initial User Creation CSRF Metasploit Project < 4.11.1 - Initial User Creation CSRF (Metasploit) Exim GHOST (glibc gethostbyname) Buffer Overflow Exim GHOST (glibc gethostbyname) Buffer Overflow (Metasploit) QNAP - Admin Shell via Bash Environment Variable Code Injection QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection QNAP - Admin Shell via Bash Environment Variable Code Injection (Metasploit) QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection (Metasploit) WordPress Business Intelligence Plugin - SQL injection WordPress Business Intelligence Plugin - SQL injection (Metasploit) Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit (Metasploit) PDF Shaper 3.5 - Buffer Overflow PDF Shaper 3.5 - Buffer Overflow (Metasploit) Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit) Centreon <= 2.5.3 - Remote Command Execution Centreon 2.5.3 - Remote Command Execution Symantec Brightmail 10.6.0-7- LDAP Credentials Disclosure Symantec Brightmail 10.6.0-7- LDAP Credentials Disclosure (Metasploit) Meteocontrol WEB’log - Admin Password Disclosure Meteocontrol WEB’log - Admin Password Disclosure (Metasploit) VUPlayer 2.49 - .m3u Buffer Overflow Exploit (Win 7 DEP Bypass) VUPlayer 2.49 - (.m3u) Buffer Overflow Exploit (Win 7 DEP Bypass) VMWare - Setuid vmware-mount Popen lsb_release Privilege Escalation (VMSA-2013-0010) Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)	2016-07-28 05:03:16 +00:00
Offensive Security	ec03ab428f	DB: 2016-07-21 10 new exploits Microsoft Internet Explorer <= XP SP2 - HTML Help Control Local Zone Bypass Microsoft Internet Explorer XP SP2 - HTML Help Control Local Zone Bypass Mambo <= 4.5.3 & Joomla <= 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit Simplog <= 0.9.3 - (tid) Remote SQL Injection Exploit Simplog 0.9.3 - (tid) SQL Injection Skulltag <= 0.96f - (Version String) Remote Format String PoC OpenTTD <= 0.4.7 - Multiple Vulnerabilities/Denial of Service Exploit Skulltag 0.96f - (Version String) Remote Format String PoC OpenTTD 0.4.7 - Multiple Vulnerabilities Apple Mac OS X Safari <= 2.0.3 (417.9.2) - Multiple Vulnerabilities (PoC) Apple Mac OS X Safari 2.0.3 (417.9.2) - Multiple Vulnerabilities Apple Mac OS X Safari <= 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC Apple Mac OS X Safari 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC Aardvark Topsites PHP <= 4.2.2 - (path) Remote File Inclusion phpMyAgenda <= 3.0 Final (rootagenda) Remote Include Aardvark Topsites PHP <= 4.2.2 - (lostpw.php) Remote Include Exploit Aardvark Topsites PHP 4.2.2 - (path) Remote File Inclusion phpMyAgenda 3.0 Final - (rootagenda) Remote Include Aardvark Topsites PHP 4.2.2 - (lostpw.php) Remote File Inclusion X7 Chat <= 2.0 - (help_file) Remote Commands Execution Exploit X7 Chat 2.0 - (help_file) Remote Command Execution Auction <= 1.3m (phpbb_root_path) Remote File Include Exploit Auction 1.3m - (phpbb_root_path) Remote File Inclusion acFTP FTP Server <= 1.4 - (USER) Remote Buffer Overflow PoC Quake 3 Engine 1.32b R_RemapShader() Remote Client BoF Exploit acFTP FTP Server 1.4 - (USER) Remote Buffer Overflow PoC Quake 3 Engine 1.32b - R_RemapShader() Remote Client BoF Exploit AWStats <= 6.5 - (migrate) Remote Shell Command Injection Exploit AWStats 6.5 - (migrate) Remote Shell Command Injection acFTP FTP Server <= 1.4 - (USER) Remote Denial of Service Exploit acFTP FTP Server 1.4 - (USER) Remote Denial of Service PHP-Fusion <= 6.00.306 - Multiple Vulnerabilities Jetbox CMS <= 2.1 - (relative_script_path) Remote File Inclusion Exploit ACal <= 2.2.6 - (day.php) Remote File Inclusion EQdkp <= 1.3.0 - (dbal.php) Remote File Inclusion PHP-Fusion 6.00.306 - Multiple Vulnerabilities Jetbox CMS 2.1 - (relative_script_path) Remote File Inclusion ACal 2.2.6 - (day.php) Remote File Inclusion EQdkp 1.3.0 - (dbal.php) Remote File Inclusion Microsoft Internet Explorer <= 6.0.2900 SP2 - (CSS Attribute) Denial of Service Microsoft Internet Explorer 6.0.2900 SP2 - (CSS Attribute) Denial of Service Unclassified NewsBoard <= 1.6.1 patch 1 - Arbitrary Local Inclusion Exploit Unclassified NewsBoard 1.6.1 patch 1 - Local File Inclusion Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (1) Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (2) Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (3) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (1) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (2) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (3) Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (4) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (4) Linux Kernel <= 2.6.17.4 - (proc) Local Root Exploit Linux Kernel <= 2.6.17.4 - 'proc' Local Root Exploit Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Exploit Linux Kernel 2.4 / 2.6 x86_64) - System Call Emulation Exploit \o - Local File Inclusion (1st) Keller Web Admin CMS 0.94 Pro - Local File Inclusion (1) PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation PulseAudio setuid (Ubuntu 9.04 / Slackware 12.2.0) - Local Privilege Escalation Linux Kernel < 2.6.36-rc6 (Redhat/Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept Linux Kernel < 2.6.36-rc6 (Redhat / Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept Linux Kernel <= 2.2.18 (RH 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1) Linux Kernel <= 2.2.18 (RH 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1) Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Django CMS 3.3.0 - (Editor Snippet) Persistent XSS Drupal RESTWS Module 7.x - Remote PHP Code Execution (Metasploit) Linux/x86 - execve /bin/sh Shellcode (19 bytes) Wowza Streaming Engine 4.5.0 - Local Privilege Escalation Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation Wowza Streaming Engine 4.5.0 - Add Advanced Admin CSRF Wowza Streaming Engine 4.5.0 - Multiple XSS OpenSSHD <= 7.2p2 - Username Enumeration WordPress Video Player Plugin 1.5.16 - SQL Injection	2016-07-21 05:06:28 +00:00
Offensive Security	8fea20e59f	DB: 2016-05-17 12 new exploits Microsoft Windows WebDAV - (ntdll.dll) Remote Exploit Microsoft Windows WebDAV - Remote PoC Exploit Microsoft Windows IIS WebDAV - 'ntdll.dll' Remote Exploit Microsoft Windows IIS 5.0 WebDAV - Remote PoC Exploit Microsoft Windows WebDav II - Remote Root Exploit (2) Microsoft Windows WebDAV - Remote Root Exploit (2) Microsoft Windows WebDav III - Remote Root Exploit (xwdav) Microsoft Windows WebDAV IIS 5.0 - Remote Root Exploit (3) (xwdav) Dream FTP 1.2 - Remote Format String Exploit BolinTech Dream FTP Server 1.2 (1.02/TryFTP 1.0.0.1) - Remote User Name Format String Exploit Apache Tomcat (webdav) - Remote File Disclosure Exploit Apache Tomcat (WebDAV) - Remote File Disclosure Exploit Apache Tomcat (webdav) - Remote File Disclosure Exploit (ssl support) Apache Tomcat (WebDAV) - Remote File Disclosure Exploit (SSL) Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch) Microsoft IIS 6.0 WebDAV - Remote Authentication Bypass Exploit (Patch) Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (PHP) Microsoft IIS 6.0 WebDAV - Remote Authentication Bypass Exploit (PHP) Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC Windows 7 IIS 7.5 - FTPSVC UNAUTH'D Remote DoS PoC Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow Microsoft Windows IIS 5.0 WebDAV - ntdll.dll Path Overflow Liferay 6.0.x Webdav File Reading Vulnerability Liferay 6.0.x WebDAV - File Reading Vulnerability Microsoft iis 6.0 and 7.5 - Multiple Vulnerabilities Microsoft IIS 6.0 and 7.5 (+ PHP) - Multiple Vulnerabilities Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1) Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2) Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3) Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4) Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow Vulnerability (1) Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow Vulnerability (2) Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow Vulnerability (3) Microsoft Windows XP/2000/NT 4 IIS 5.0 WebDAV - ntdll.dll Buffer Overflow Vulnerability (4) BolinTech Dream FTP Server 1.0 User Name Format String Vulnerability (2) Sun Solaris 8/9 - Unspecified Passwd Local Root Compromise Vulnerability Invision Power Board 2.1.x IPSClass.PHP SQL Injection Vulnerability (1) Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness Apache HTTP Server (<= 1.3.35 / <= 2.0.58 / <= 2.2.2) - Arbitrary HTTP Request Headers Security Weakness Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness Apache HTTP Server <= 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting Weakness MediaWiki 1.22.1 PdfHandler - Remote Code Execution Exploit Apache Struts 2.x XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability EasyCafe Server <= 2.2.14 Remote File Read EasyCafe Server <= 2.2.14 - Remote File Read x86_64 Linux bind TCP port shellcode TCP Bindshell with Password Prompt - 162 bytes x86_64 Linux bind TCP port shellcode TCP Bindshell with Password Prompt - 162 bytes Microsoft Windows 7-10 & Server 2008-2012 - Local Privilege Escalation (x32/x64) (MS16-032) (C#) CakePHP Framework 3.2.4 - IP Spoofing Multiples Nexon Games - Unquoted Path Privilege Escalation eXtplorer 2.1.9 - Archive Path Traversal Web interface for DNSmasq / Mikrotik - SQL Injection Microsoft Excel 2010 - Crash PoC Hex : Shard of Fate 1.0.1.026 - Unquoted Path Privilege Escalation Web2py 2.14.5 - Multiple Vulnerabilities	2016-05-17 05:03:19 +00:00
Offensive Security	86d0c5fe16	DB: 2016-01-09 10 new exploits	2016-01-09 05:02:44 +00:00
Offensive Security	95a1b072fe	DB: 2015-11-18 7 new exploits	2015-11-18 05:02:21 +00:00
Offensive Security	0f12501e2c	DB: 2015-10-08 6 new exploits	2015-10-08 05:02:23 +00:00
Offensive Security	30734a6700	DB: 2015-08-19 16 new exploits	2015-08-19 05:01:48 +00:00

17 commits