exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	679a62755b	DB: 2021-10-14 28 changes to exploits/shellcodes Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root (Telnet/SSH) Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated) Simple Payroll System 1.0 - SQLi Authentication Bypass Dolibarr ERP/CRM 14.0.1 - Privilege Escalation Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution (RCE) Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated) Budget and Expense Tracker System 1.0 - Arbitrary File Upload FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated) Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated) Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE) Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF) Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass Simple Issue Tracker System 1.0 - SQLi Authentication Bypass Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS) Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS) Sonicwall SonicOS 7.0 - Host Header Injection Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)	2021-10-14 05:02:11 +00:00
Offensive Security	1cf7d7364a	DB: 2021-10-13 176 changes to exploits/shellcodes Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC) Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC) Sandboxie 5.49.7 - Denial of Service (PoC) WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) iDailyDiary 4.30 - Denial of Service (PoC) RarmaRadio 2.72.8 - Denial of Service (PoC) DupTerminator 1.4.5639.37199 - Denial of Service (PoC) Color Notes 1.4 - Denial of Service (PoC) Macaron Notes great notebook 5.5 - Denial of Service (PoC) My Notes Safe 5.3 - Denial of Service (PoC) Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) NBMonitor 1.6.8 - Denial of Service (PoC) Nsauditor 3.2.3 - Denial of Service (PoC) Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) n+otes 1.6.2 - Denial of Service (PoC) Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC) Post-it 5.0.1 - Denial of Service (PoC) Notex the best notes 6.4 - Denial of Service (PoC) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3) MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution Visual Studio Code 1.47.1 - Denial of Service (PoC) DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE) Backup Key Recovery 2.2.7 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Dlink DSL2750U - 'Reboot' Command Injection E-Learning System 1.0 - Authentication Bypass & RCE POC Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit) ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation GetSimple CMS 3.3.16 - Reflected XSS to RCE House Rental and Property Listing 1.0 - Multiple Stored XSS Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection) EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC) Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated) Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated) CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated) WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC) Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE) Montiorr 1.7.6m - File Upload to XSS GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated) Markdown Explorer 0.1.1 - XSS to RCE Xmind 2020 - XSS to RCE Tagstoo 2.0.1 - Stored XSS to RCE SnipCommand 0.1.0 - XSS to RCE Moeditor 0.2.0 - XSS to RCE Marky 0.0.1 - XSS to RCE StudyMD 0.3.2 - XSS to RCE Freeter 1.2.1 - XSS to RCE Markright 1.0 - XSS to RCE Markdownify 1.2.0 - XSS to RCE Anote 1.0 - XSS to RCE Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated) Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated) Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) CHIYU IoT Devices - Denial of Service (DoS) Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated) WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS) Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated) Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection Dolibarr ERP/CRM 10.0.6 - Login Brute Force qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated) Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated) ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function Budget and Expense Tracker System 1.0 - Authenticated Bypass WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS) Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Phpwcms 1.9.30 - File Upload to XSS Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2) Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes) Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode	2021-10-13 05:02:15 +00:00
Offensive Security	a250e82458	DB: 2021-10-12 176 changes to exploits/shellcodes Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC) Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC) jQuery UI 1.12.1 - Denial of Service (DoS) AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC) Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) ProFTPD 1.3.7a - Remote Denial of Service glFTPd 2.11a - Remote Denial of Service Hasura GraphQL 1.3.3 - Denial of Service WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Telegram Desktop 2.9.2 - Denial of Service (PoC) SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC) GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC) GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC) Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2) Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC) Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm vsftpd 3.0.3 - Remote Denial of Service GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2) PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting Arteco Web Client DVR/NVR - 'SessionId' Brute Force Resumes Management and Job Application Website 1.0 - Multiple Stored XSS Library System 1.0 - Authentication Bypass Via SQL Injection MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated) Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Mini Mouse 9.3.0 - Local File inclusion / Path Traversal GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2) GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit) GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS) Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated) OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated) Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution (XSS/RCE) Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution (Authenticated) Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS) WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS) KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass Event Registration System with QR Code 1.0 - Authentication Bypass & RCE CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated) Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated) Compro Technology IP Camera - 'killps.cgi' Denial-of-Service (DoS) OpenSIS 8.0 'modname' - Directory/Path Traversal Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF) Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation PlaceOS 1.2109.1 - Open Redirection Blood Bank System 1.0 - SQL Injection / Authentication Bypass Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes) Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes) Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes) Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes) Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes) Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes) Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes) Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes) Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes) Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded) Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode (178 bytes) Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)	2021-10-12 05:02:16 +00:00
Offensive Security	68d01808ce	DB: 2021-09-30 6 changes to exploits/shellcodes Mitrastar GPT-2541GNAC-N1 - Privilege escalation Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated) WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS) OpenSIS 8.0 - 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS) Pet Shop Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)	2021-09-30 05:02:08 +00:00
Offensive Security	b104992c7d	DB: 2021-09-28 7 changes to exploits/shellcodes Ether_MP3_CD_Burner 1.3.8 - Buffer Overflow (SEH) Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC) XAMPP 7.4.3 - Local Privilege Escalation Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS) Library System 1.0 - 'student_id' SQL injection (Authenticated)	2021-09-28 05:02:15 +00:00
Offensive Security	1148d69c62	DB: 2021-09-22 5 changes to exploits/shellcodes Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC) VSAT Sailor 900 - Remote Overflow Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated) WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)	2021-09-22 05:02:16 +00:00
Offensive Security	629e350774	DB: 2021-09-14 18 changes to exploits/shellcodes Active WebCam 11.5 - Unquoted Service Path ECOA Building Automation System - Missing Encryption Of Sensitive Information Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai ECOA Building Automation System - Hard-coded Credentials SSH Access Men Salon Management System 1.0 - Multiple Vulnerabilities ECOA Building Automation System - Weak Default Credentials ECOA Building Automation System - Path Traversal Arbitrary File Upload ECOA Building Automation System - Directory Traversal Content Disclosure ECOA Building Automation System - 'multiple' Cross-Site Request Forgery (CSRF) ECOA Building Automation System - Cookie Poisoning Authentication Bypass ECOA Building Automation System - Configuration Download Information Disclosure ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function ECOA Building Automation System - Remote Privilege Escalation ECOA Building Automation System - Local File Disclosure ECOA Building Automation System - Arbitrary File Deletion Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)	2021-09-14 05:02:12 +00:00
Offensive Security	b4c96a5864	DB: 2021-09-03 28807 changes to exploits/shellcodes	2021-09-03 20:19:21 +00:00
Offensive Security	6cbe6ebbb6	DB: 2021-09-03 395 changes to exploits/shellcodes EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC) Electronics Workbench - '.ewb' Local Stack Overflow (PoC) BulletProof FTP Client 2.63 - Local Heap Overflow (PoC) Easy Web Password 1.2 - Local Heap Memory Consumption (PoC) Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC) Zortam MP3 Media Studio 9.40 - Multiple Memory Corruption Vulnerabilities ImTOO MPEG Encoder 3.1.53 - '.cue' / '.m3u' Local Buffer Overflow (PoC) ZoIPer 2.22 - Call-Info Remote Denial of Service PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service PHP - MultiPart Form-Data Denial of Service (PoC) PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service PHP - MultiPart Form-Data Denial of Service (PoC) Nuked KLan 1.7.7 & SP4 - Denial of Service AIC Audio Player 1.4.1.587 - Local Crash (PoC) Xerox 4595 - Denial of Service WinMerge 2.12.4 - Project File Handling Stack Overflow Acoustica Mixcraft 1.00 - Local Crash SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC) Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption Spotify 0.8.2.610 - search func Memory Exhaustion Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC) WaveSurfer 1.8.8p4 - Memory Corruption (PoC) DIMIN Viewer 5.4.0 - Crash (PoC) FreeVimager 4.1.0 - Crash (PoC) DIMIN Viewer 5.4.0 - Crash (PoC) FreeVimager 4.1.0 - Crash (PoC) CoolPlayer+ Portable 2.19.4 - Local Buffer Overflow Light Audio Player 1.0.14 - Memory Corruption (PoC) Image Transfer IOS - Remote Crash (PoC) Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH) VUPlayer 2.49 - '.cue' Universal Buffer Overflow Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflow (SEH) Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflow Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflow (SEH) Alleycode HTML Editor 2.2.1 - Local Buffer Overflow GPG2/Kleopatra 2.0.11 - Malformed Certificate Free WMA MP3 Converter 1.1 - '.wav' Local Buffer Overflow OtsTurntables Free 1.00.047 - '.olf' Universal Buffer Overflow Watermark Master 2.2.23 - '.wstyle' Local Buffer Overflow (SEH) Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (3) QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2) CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow quickshare file share 1.2.1 - Directory Traversal (1) SPlayer 3.7 (build 2055) - Remote Buffer Overflow Acunetix 8 build 20120704 - Remote Stack Overflow Omeka 2.2.1 - Remote Code Execution D-Link DSL-2740R - Remote DNS Change D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution TorrentTrader 1.0 RC2 - SQL Injection WEBInsta CMS 0.3.1 - 'templates_dir' Remote File Inclusion MiniPort@l 0.1.5 Beta - 'skiny' Remote File Inclusion PHP DocWriter 0.3 - 'script' Remote File Inclusion phpBB Journals System Mod 1.0.2 RC2 - Remote File Inclusion phpBB SpamBlocker Mod 1.0.2 - Remote File Inclusion RSSonate - 'xml2rss.php' Remote File Inclusion CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion RSSonate - 'xml2rss.php' Remote File Inclusion CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion QnECMS 2.5.6 - 'adminfolderpath' Remote File Inclusion BrewBlogger 1.3.1 - 'printLog.php' SQL Injection e-Ark 1.0 - '/src/ark_inc.php' Remote File Inclusion awrate.com Message Board 1.0 - 'search.php' Remote File Inclusion Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion Gizzar 03162002 - 'index.php' Remote File Inclusion SH-News 0.93 - 'misc.php' Remote File Inclusion JSBoard 2.0.10 - 'login.php?table' Local File Inclusion XOOPS Module WF-Links 1.03 - 'cid' SQL Injection Scorp Book 1.0 - 'smilies.php?config' Remote File Inclusion WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion mxBB Module FAQ & RULES 2.0.0 - Remote File Inclusion EQdkp 1.3.2 - 'listmembers.php' SQL Injection FlashBB 1.1.8 - 'sendmsg.php' Remote File Inclusion SimpleBlog 3.0 - 'comments_get.asp?id' SQL Injection Pakupaku CMS 0.4 - Arbitrary File Upload / Local File Inclusion CCMS 3.1 Demo - SQL Injection MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection AuraCMS 1.62 - Multiple SQL Injections sCssBoard (Multiple Versions) - 'pwnpack' Remote s EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion RevokeBB 1.0 RC11 - 'Search' SQL Injection Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection PHPortal 1.2 - Multiple Remote File Inclusions Libera CMS 1.12 - 'cookie' SQL Injection Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload WCMS 1.0b - Arbitrary Add Admin FOSS Gallery Admin 1.0 - Arbitrary File Upload MemHT Portal 4.0.1 - SQL Injection / Code Execution Mediatheka 4.2 - Blind SQL Injection Pligg 9.9.5b - Arbitrary File Upload / SQL Injection XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution Joomla! Component Casino 0.3.1 - Multiple SQL Injections s ZeusCart 2.3 - 'maincatid' SQL Injection ASP Football Pool 2.3 - Remote Database Disclosure LightNEasy sql/no-db 2.2.x - System Configuration Disclosure Zen Cart 1.3.8 - Remote Code Execution Joomla! Component com_pinboard - 'task' SQL Injection Joomla! Component com_bookflip - 'book_id' SQL Injection Messages Library 2.0 - Arbitrary Delete Message Arab Portal 2.2 - Blind Cookie Authentication Bypass Joomla! Plugin JD-WordPress 2.0 RC2 - Remote File Inclusion REZERVI 3.0.2 - Remote Command Execution Joomla! Component BF Quiz 1.0 - SQL Injection (2) E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection AJ Matrix DNA - SQL Injection Joomla! Component JE Story Submit - Local File Inclusion CF Image Hosting Script 1.3.82 - File Disclosure hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting CMSLogik 1.2.1 - Multiple Vulnerabilities C.P.Sub 4.5 - Authentication Bypass WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload PHPMailer < 5.2.20 - Remote Code Execution phpIPAM 1.4 - SQL Injection Joomla! 3.9.0 < 3.9.7 - CSV Injection	2021-09-03 14:58:20 +00:00
Offensive Security	36c084c351	DB: 2021-09-03 45419 changes to exploits/shellcodes 2 new exploits/shellcodes Too many to list!	2021-09-03 13:39:06 +00:00
Offensive Security	e7fc5a3e03	DB: 2021-07-29 3 changes to exploits/shellcodes Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution (RCE) PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection Event Registration System with QR Code 1.0 - Authentication Bypass & RCE TripSpark VEO Transportation - Blind SQL Injection	2021-07-29 05:01:55 +00:00
Offensive Security	e4e9d54ac6	DB: 2021-07-22 4 changes to exploits/shellcodes KevinLAB BEMS 1.0 - Undocumented Backdoor Account KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass KevinLAB BEMS 1.0 - File Path Traversal Information Disclosure (Authenticated) CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion	2021-07-22 05:01:53 +00:00
Offensive Security	29558b9c84	DB: 2021-07-17 6 changes to exploits/shellcodes Argus Surveillance DVR 4.0 - Weak Password Encryption Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation Aruba Instant 8.7.1.0 - Arbitrary File Modification Aruba Instant (IAP) - Remote Code Execution ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated) Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection	2021-07-17 05:01:54 +00:00
Offensive Security	eb316547aa	DB: 2021-06-19 5 changes to exploits/shellcodes Dlink DSL2750U - 'Reboot' Command Injection ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF) ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS) Node.JS - 'node-serialize' Remote Code Execution (3)	2021-06-19 05:01:57 +00:00
Offensive Security	a9fa314bbf	DB: 2021-06-04 14 changes to exploits/shellcodes BasicNote 1.1.9 - Denial of Service (PoC) ColorNote 4.1.9 - Denial of Service (PoC) Notepad notes 2.6.7 - Denial of Service (PoC) Blacknote 2.2.1 - Denial of Service (PoC) CHIYU IoT Devices - 'Telnet' Authentication Bypass PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution Seo Panel 4.8.0 - 'from_time' Reflected XSS CHIYU IoT Devices - Denial of Service (DoS) FUDForum 3.1.0 - 'srch' Reflected XSS FUDForum 3.1.0 - 'author' Reflected XSS Gitlab 13.9.3 - Remote Code Execution (Authenticated) 4Images 1.8 - 'redirect' Reflected XSS	2021-06-04 05:01:54 +00:00
Offensive Security	7fa85628bd	DB: 2021-04-22 19 changes to exploits/shellcodes Hasura GraphQL 1.3.3 - Denial of Service Tenda D151 & D301 - Configuration Download (Unauthenticated) rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access) Fast PHP Chat 1.3 - 'my_item_search' SQL Injection WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS) BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS) Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS) rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2) OpenEMR 5.0.2.1 - Remote Code Execution Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS) Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS) Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit) Hasura GraphQL 1.3.3 - Local File Read Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)	2021-04-22 05:01:54 +00:00
Offensive Security	7390cdc1c3	DB: 2021-03-23 10 changes to exploits/shellcodes ProFTPD 1.3.7a - Remote Denial of Service SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path Winpakpro 4.8 - 'GuardTourService' Unquoted Service Path Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal MyBB 1.8.25 - Chained Remote Command Execution	2021-03-23 05:01:58 +00:00
Offensive Security	d85f0c8d35	DB: 2021-03-20 20 changes to exploits/shellcodes KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path SOYAL 701 Server 9.0.1 - Insecure Permissions SOYAL 701 Client 9.0.1 - Insecure Permissions KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access Plone CMS 5.2.3 - 'Title' Stored XSS LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Boonex Dolphin 7.4.2 - 'width' Stored XSS Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated) VestaCP 0.9.8 - 'v_sftp_licence' Command Injection SOYAL Biometric Access Control System 5.0 - Master Code Disclosure SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) Online News Portal 1.0 - 'name' SQL Injection Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting	2021-03-20 05:01:58 +00:00
Offensive Security	cb83a6e2dd	DB: 2020-12-19 17 changes to exploits/shellcodes docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC) FRITZ!Box 7.20 - DNS Rebinding Protection Bypass SyncBreeze 10.0.28 - 'login' Denial of Service (Poc) Xeroneit Library Management System 3.1 - _Add Book Category _ Stored XSS Point of Sale System 1.0 - Authentication Bypass Alumni Management System 1.0 - Unrestricted File Upload To RCE Alumni Management System 1.0 - _Course Form_ Stored XSS Alumni Management System 1.0 - 'id' SQL Injection Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit) Smart Hospital 3.1 - _Add Patient_ Stored XSS Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)	2020-12-19 05:01:57 +00:00
Offensive Security	21fa83f241	DB: 2020-11-20 12 changes to exploits/shellcodes Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC) Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure Joomla! Component com_memorix - SQL Injection Joomla! Component com_informations - SQL Injection Joomla! Component com_memorix - SQL Injection Joomla! Component com_informations - SQL Injection PESCMS TEAM 2.3.2 - Multiple Reflected XSS Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification xuucms 3 - 'keywords' SQL Injection Gitlab 12.9.0 - Arbitrary File Read (Authenticated) TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution TestBox CFML Test Framework 4.1.0 - Directory Traversal Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection M/Monit 3.7.4 - Privilege Escalation M/Monit 3.7.4 - Password Disclosure Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting	2020-11-20 05:02:04 +00:00
Offensive Security	c7e37046e7	DB: 2020-11-17 12 changes to exploits/shellcodes KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path Logitech Solar Keyboard Service - 'L4301_Solar' Unquoted Service Path Atheros Coex Service Application 8.0.0.255 - 'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path Cisco 7937G - DoS/Privilege Escalation Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated) Water Billing System 1.0 - 'id' SQL Injection (Authenticated) Car Rental Management System 1.0 - 'id' SQL Injection (Authenticated) User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection PMB 5.6 - 'chemin' Local File Disclosure Car Rental Management System 1.0 - Remote Code Execution (Authenticated) Car Rental Management System 1.0 - 'car_id' Sql Injection	2020-11-17 05:01:57 +00:00
Offensive Security	6eb03eae23	DB: 2020-11-06 5 changes to exploits/shellcodes Amarok 2.8.0 - Denial-of-Service TP-Link WDR4300 - Remote Code Execution (Authenticated) iDS6 DSSPro Digital Signage System 6.2 - Cross-Site Request Forgery (CSRF) iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation	2020-11-06 05:01:58 +00:00
Offensive Security	17bbfdaf38	DB: 2020-10-28 6 changes to exploits/shellcodes TDM Digital Signage PC Player 4.1 - Insecure File Permissions Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse InoERP 0.7.2 - Remote Code Execution (Unauthenticated) Sentrifugo 3.2 - File Upload Restriction Bypass (Authenticated) Client Management System 1.0 - 'searchdata' SQL injection Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)	2020-10-28 05:02:08 +00:00
Offensive Security	f697a81a18	DB: 2020-10-02 12 changes to exploits/shellcodes Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery (Unauthenticated) BrightSign Digital Signage Diagnostic Web Server 8.2.26 - File Delete Path Traversal SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure SpinetiX Fusion Digital Signage 3.4.8 - Cross-Site Request Forgery (Add Admin) SpinetiX Fusion Digital Signage 3.4.8 - Username Enumeration MonoCMS Blog 1.0 - Arbitrary File Deletion (Authenticated) WebsiteBaker 2.12.2 - 'display_name' SQL Injection (authenticated) GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting (Authenticated) CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting (Authenticated) Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting Exhibitor Web UI 1.7.1 - Remote Code Execution	2020-10-02 05:02:08 +00:00
Offensive Security	c22ad85b57	DB: 2020-06-26 2 changes to exploits/shellcodes mySCADA myPRO 7 - Hardcoded Credentials FHEM 6.0 - Local File Inclusion	2020-06-26 05:01:58 +00:00
Offensive Security	1979df6cb3	DB: 2020-06-19 51 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Notepad++ < 7.7 (x64) - Denial of Service SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service InputMapper 1.6.10 - Denial of Service SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH) XnConvert 1.82 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC) SpotDialup 1.6.7 - 'Key' Denial of Service (PoC) Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) FreeBSD 12.0 - 'fd' Local Privilege Escalation iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH) DeviceViewer 3.12.0.1 - Arbitrary Password Change Winrar 5.80 - XML External Entity Injection Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution Siemens TIA Portal - Remote Command Execution Android 7 < 9 - Remote Code Execution CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit) CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit) CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit) MyBB < 1.8.21 - Remote Code Execution Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit) Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery Publisure Hybrid - Multiple Vulnerabilities NetGain EM Plus 10.1.68 - Remote Command Execution Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion DotNetNuke 9.3.2 - Cross-Site Scripting VehicleWorkshop 1.0 - 'bookingid' SQL Injection WordPress Plugin Tutor.1.5.3 - Local File Inclusion WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting WordPress Plugin Wordfence.7.4.5 - Local File Disclosure WordPress Plugin contact-form-7 5.1.6 - Remote File Upload WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Joomla! 3.9.0 < 3.9.7 - CSV Injection PlaySMS 1.4.3 - Template Injection / Remote Code Execution Wing FTP Server - Authenticated CSRF (Delete Admin) WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification UADMIN Botnet 1.0 - 'link' SQL Injection Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload Wordpress Plugin PicUploader 1.0 - Remote File Upload PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution WordPress Plugin Helpful 2.4.11 - SQL Injection Prestashop 1.7.6.4 - Cross-Site Request Forgery WordPress Plugin Simple File List 5.4 - Remote Code Execution Library CMS Powerful Book Management System 2.2.0 - Session Fixation Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection Beauty Parlour Management System 1.0 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes) Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes) Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)	2020-06-19 05:02:01 +00:00
Offensive Security	4fbd3630c8	DB: 2020-05-26 6 changes to exploits/shellcodes GoldWave - Buffer Overflow (SEH Unicode) Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit) Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit) Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated) Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting Online Discussion Forum Site 1.0 - Remote Code Execution	2020-05-26 05:01:56 +00:00
Offensive Security	ccea007282	DB: 2020-05-01 81 changes to exploits/shellcodes WordPress 2.9 - Denial of Service WordPress Core 2.9 - Denial of Service Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC) Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC) IBM AIX 4.3.1 - 'adb' Denial of Service Jzip - Buffer Overflow (PoC) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) WordPress 4.0 - Denial of Service WordPress < 4.0.1 - Denial of Service WordPress Core 4.0 - Denial of Service WordPress Core < 4.0.1 - Denial of Service Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service PHPFreeChat 1.7 - Denial of Service XenForo 2 - CSS Loader Denial of Service MikroTik 6.41.4 - FTP daemon Denial of Service (PoC) Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Virgin Media Hub 3.0 Router - Denial of Service (PoC) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC) Windows PowerShell - Unsanitized Filename Command Execution Microsoft Windows PowerShell - Unsanitized Filename Command Execution QEMU - Denial of Service Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Tautulli 2.1.9 - Denial of Service (Metasploit) Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Cisco IP Phone 11.7 - Denial of service (PoC) PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass IBM AIX 4.3.1 - 'adb' Denial of Service Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC) AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Windows NTFS - Privileged File Access Enumeration Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) Microsoft Windows NTFS - Privileged File Access Enumeration Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit) Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit) Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) _GCafé 3.0 - 'gbClienService' Unquoted Service Path _GCafé 3.0 - 'gbClienService' Unquoted Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Bash 5.0 Patch 11 - SUID Priv Drop Exploit Bash 5.0 Patch 11 - SUID Priv Drop Exploit Windows - Shell COM Server Registrar Local Privilege Escalation Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation Windows Kernel - Information Disclosure Microsoft Windows Kernel - Information Disclosure NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress 5.0.0 - Crop-image Shell Upload (Metasploit) WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) Windows PowerShell ISE - Remote Code Execution Microsoft Windows PowerShell ISE - Remote Code Execution QEMU - Denial of Service Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) WordPress 1.2 - HTTP Splitting WordPress Core 1.2 - HTTP Splitting WordPress 1.5.1.1 - SQL Injection WordPress Core 1.5.1.1 - SQL Injection WordPress 1.5.1.1 - 'add new admin' SQL Injection WordPress Core 1.5.1.1 - 'add new admin' SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress 1.5.1.3 - Remote Code Execution WordPress 1.5.1.3 - Remote Code Execution (Metasploit) WordPress Core 1.5.1.3 - Remote Code Execution WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit) WordPress 2.0.5 - Trackback UTF-7 SQL Injection WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection WordPress 2.0.6 - 'wp-trackback.php' SQL Injection WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection WordPress 2.1.2 - 'xmlrpc' SQL Injection WordPress Core 2.1.2 - 'xmlrpc' SQL Injection WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress 2.2 - 'xmlrpc.php' SQL Injection WordPress Core 2.2 - 'xmlrpc.php' SQL Injection WordPress 2.2 - 'wp-app.php' Arbitrary File Upload WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress 2.3.1 - Charset SQL Injection WordPress Core 2.3.1 - Charset SQL Injection Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection WordPress 2.6.1 - SQL Column Truncation WordPress Core 2.6.1 - SQL Column Truncation WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress 2.8.1 - 'url' Cross-Site Scripting WordPress Core 2.8.1 - 'url' Cross-Site Scripting WordPress 2.8.3 - Remote Admin Reset Password WordPress Core 2.8.3 - Remote Admin Reset Password WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress 2.9 - Failure to Restrict URL Access WordPress Core 2.9 - Failure to Restrict URL Access Joomla! Component Joomla Flickr 1.0 - Local File Inclusion Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion WordPress 3.0.1 - 'do_trackbacks()' SQL Injection WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress 3.1.3 - SQL Injection WordPress Core 3.1.3 - SQL Injection WordPress 3.3.1 - Multiple Vulnerabilities WordPress Core 3.3.1 - Multiple Vulnerabilities WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress 1.2 - 'edit.php?s' Cross-Site Scripting WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'wp-login.php' HTTP Response Splitting WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress 1.5 - 'post.php' Cross-Site Scripting WordPress Core 1.5 - 'post.php' Cross-Site Scripting WordPress 2.0 - Comment Post HTML Injection WordPress Core 2.0 - Comment Post HTML Injection WordPress 2.0.5 - 'functions.php' Remote File Inclusion WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion WordPress 1.x/2.0.x - 'template.php' HTML Injection WordPress Core 1.x/2.0.x - 'template.php' HTML Injection WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress 2.1.1 - 'post.php' Cross-Site Scripting WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress 2.1.1 - Arbitrary Command Execution WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress Core 2.1.1 - Arbitrary Command Execution WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress 2.2 - 'Request_URI' Cross-Site Scripting WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress 2.3.1 - Unauthorized Post Access WordPress Core 2.3.1 - Unauthorized Post Access WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress 2.3.3 - 'cat' Directory Traversal WordPress Core 2.3.3 - 'cat' Directory Traversal WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 4.2 - Persistent Cross-Site Scripting WordPress Core 4.2 - Persistent Cross-Site Scripting WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress 3.4.2 - Cross-Site Request Forgery WordPress Core 3.4.2 - Cross-Site Request Forgery Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress 4.5.3 - Directory Traversal / Denial of Service WordPress Core 4.5.3 - Directory Traversal / Denial of Service PHPFreeChat 1.7 - Denial of Service WordPress 4.7.0/4.7.1 - Content Injection (Python) WordPress 4.7.0/4.7.1 - Content Injection (Ruby) WordPress Core 4.7.0/4.7.1 - Content Injection (Python) WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby) WordPress < 4.7.1 - Username Enumeration WordPress Core < 4.7.1 - Username Enumeration WordPress Multiple Plugins - Arbitrary File Upload Multiple WordPress Plugins - Arbitrary File Upload Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection WordPress 4.6 - Remote Code Execution WordPress < 4.7.4 - Unauthorized Password Reset WordPress Core 4.6 - Remote Code Execution WordPress Core < 4.7.4 - Unauthorized Password Reset XenForo 2 - CSS Loader Denial of Service Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion WordPress Plugin Site Editor 1.1.1 - Local File Inclusion Joomla Component Fields - SQLi Remote Code Execution (Metasploit) Joomla! Component Fields - SQLi Remote Code Execution (Metasploit) Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection) MikroTik 6.41.4 - FTP daemon Denial of Service PoC Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Joomla Component Ek Rishta 2.10 - SQL Injection Joomla! Component Ek Rishta 2.10 - SQL Injection Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection WordPress Plugin Ninja Forms 3.3.13 - CSV Injection Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Virgin Media Hub 3.0 Router - Denial of Service (PoC) Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress CherryFramework Themes 3.1.4 - Backup File Download WordPress Theme CherryFramework 3.1.4 - Backup File Download WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing Jenkins 2.150.2 - Remote Command Execution (Metasploit) Jenkins 2.150.2 - Remote Command Execution (Metasploit) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) phpBB 3.2.3 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution 60CycleCMS - 'news.php' SQL Injection 60CycleCMS - 'news.php' SQL Injection Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Intelbras IWR 3000N - Denial of Service (Remote Reboot) Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting Centreon 19.04 - Remote Code Execution Centreon 19.04 - Remote Code Execution WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress 5.2.3 - Cross-Site Host Modification WordPress Core 5.2.3 - Cross-Site Host Modification Joomla 3.4.6 - 'configuration.php' Remote Code Execution Joomla! 3.4.6 - 'configuration.php' Remote Code Execution WordPress Arforms 3.7.1 - Directory Traversal WordPress Plugin Arforms 3.7.1 - Directory Traversal WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution Joomla 3.9.13 - 'Host' Header Injection Joomla! 3.9.13 - 'Host' Header Injection Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) NopCommerce 4.2.0 - Privilege Escalation NopCommerce 4.2.0 - Privilege Escalation WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal ( Metasploit ) Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal (Metasploit) Tautulli 2.1.9 - Denial of Service ( Metasploit ) Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit) WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit) Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Cacti 1.2.8 - Authenticated Remote Code Execution Cacti 1.2.8 - Authenticated Remote Code Execution Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) Wordpress Plugin Search Meter 2.13.2 - CSV injection WordPress Plugin Search Meter 2.13.2 - CSV injection Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Cisco IP Phone 11.7 - Denial of service (PoC) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes)	2020-05-01 05:02:03 +00:00
Offensive Security	19615ff704	DB: 2020-04-01 7 changes to exploits/shellcodes FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC) Redis - Replication Code Execution (Metasploit) IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit) DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit) SharePoint Workflows - XOML Injection (Metasploit) Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection	2020-04-01 05:01:47 +00:00
Offensive Security	85cdf30cea	DB: 2020-03-19 7 changes to exploits/shellcodes NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Microsoft VSCode Python Extension - Code Execution VMWare Fusion - Local Privilege Escalation Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) Netlink GPON Router 1.0.11 - Remote Code Execution Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)	2020-03-19 05:01:49 +00:00
Offensive Security	79fee2e601	DB: 2020-03-14 4 changes to exploits/shellcodes AnyBurn 4.8 - Buffer Overflow (SEH) Drobo 5N2 4.1.1 - Remote Command Injection Centos WebPanel 7 - 'term' SQL Injection	2020-03-14 05:01:46 +00:00
Offensive Security	7d757326b8	DB: 2020-02-06 8 changes to exploits/shellcodes Socat 1.7.3.4 - Heap-Based Overflow (PoC) xglance-bin 11.00 - Privilege Escalation HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account AVideo Platform 8.1 - Information Disclosure (User Enumeration) Wago PFC200 - Authenticated Remote Code Execution (Metasploit) Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC) AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)	2020-02-06 05:02:08 +00:00
Offensive Security	1a9ce31a5f	DB: 2020-01-17 12 changes to exploits/shellcodes SunOS 5.10 Generic_147148-26 - Local Privilege Escalation Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP) Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting VICIDIAL Call Center Suite - Multiple SQL Injections Online Book Store 1.0 - 'bookisbn' SQL Injection WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Online Book Store 1.0 - Arbitrary File Upload Tautulli 2.1.9 - Denial of Service ( Metasploit ) Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection	2020-01-17 05:02:10 +00:00
Offensive Security	c7085a57b4	DB: 2020-01-09 9 changes to exploits/shellcodes Cisco DCNM JBoss 10.4 - Credential Leakage EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow ASTPP VoIP 4.0.1 - Remote Code Execution JetBrains TeamCity 2018.2.4 - Remote Code Execution Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting Online Book Store 1.0 - Unauthenticated Remote Code Execution Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)	2020-01-09 05:02:04 +00:00
Offensive Security	c8181201fd	DB: 2019-11-13 38 changes to exploits/shellcodes Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH) Wondershare Application Framework Service - _WsAppService_ Unquote Service Path eMerge E3 Access Controller 4.6.07 - Remote Code Execution eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit) CBAS-Web 19.0.0 - Information Disclosure Prima FlexAir Access Control 2.3.38 - Remote Code Execution Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting eMerge E3 1.00-06 - Unauthenticated Directory Traversal eMerge E3 1.00-06 - Privilege Escalation eMerge E3 1.00-06 - Remote Code Execution eMerge E3 1.00-06 - Cross-Site Request Forgery Atlassian Confluence 6.15.1 - Directory Traversal eMerge E3 1.00-06 - Arbitrary File Upload eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting eMerge50P 5000P 4.6.07 - Remote Code Execution CBAS-Web 19.0.0 - Remote Code Execution CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin) CBAS-Web 19.0.0 - Username Enumeration CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection Joomla 3.9.13 - 'Host' Header Injection Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Prima Access Control 2.3.35 - Arbitrary File Upload Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit) Optergy 2.3.0a - Remote Code Execution FlexAir Access Control 2.4.9api3 - Remote Code Execution Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin) Optergy 2.3.0a - Username Disclosure Optergy 2.3.0a - Remote Code Execution (Backdoor) Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting FlexAir Access Control 2.3.35 - Authentication Bypass Bematech Printer MP-4200 - Denial of Service	2019-11-13 05:01:43 +00:00
Offensive Security	c99b957a9f	DB: 2019-11-01 3 changes to exploits/shellcodes WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow (SEH) MikroTik RouterOS 6.45.6 - DNS Cache Poisoning CommSy 8.6.5 - SQL injection Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection	2019-11-01 05:01:39 +00:00
Offensive Security	a464ad083a	DB: 2019-10-23 5 changes to exploits/shellcodes winrar 5.80 - XML External Entity Injection Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit) Moxa EDR-810 - Command Injection / Information Disclosure Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)	2019-10-23 05:01:41 +00:00
Offensive Security	21c1b71372	DB: 2019-10-01 6 changes to exploits/shellcodes GoAhead 2.5.0 - Host Header Injection Cisco Small Business 220 Series - Multiple Vulnerabilities vBulletin 5.x - Remote Command Execution (Metasploit) phpIPAM 1.4 - SQL Injection thesystem 1.0 - Cross-Site Scripting TheSystem 1.0 - Command Injection	2019-10-01 05:01:46 +00:00
Offensive Security	afd22dbcb0	DB: 2019-09-24 3 changes to exploits/shellcodes Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure Gila CMS < 1.11.1 - Local File Inclusion	2019-09-24 05:03:03 +00:00
Offensive Security	b6378fddcc	DB: 2019-09-17 6 changes to exploits/shellcodes Windows NTFS - Privileged File Access Enumeration AppXSvc - Privilege Escalation docPrint Pro 8.0 - SEH Buffer Overflow Inteno IOPSYS Gateway - Improper Access Restrictions Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection	2019-09-17 05:02:21 +00:00
Offensive Security	a26ef1328e	DB: 2019-09-04 6 changes to exploits/shellcodes ktsuss 1.4 - suid Privilege Escalation (Metasploit) ptrace - Sudo Token Privilege Escalation (Metasploit) Cisco UCS Director - default scpuser password (Metasploit) Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit) Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit) FileThingie 2.5.7 - Arbitrary File Upload	2019-09-04 05:02:30 +00:00
Offensive Security	bc4836bfc1	DB: 2019-09-03 12 changes to exploits/shellcodes ChaosPro 2.0 - SEH Buffer Overflow ChaosPro 2.1 - SEH Buffer Overflow ChaosPro 3.1 - SEH Buffer Overflow Kaseya VSA agent 9.5 - Privilege Escalation Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read Opencart 3.x - Cross-Site Scripting Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection Alkacon OpenCMS 10.5.x - Cross-Site Scripting Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2) Alkacon OpenCMS 10.5.x - Local File inclusion Craft CMS 2.7.9/3.2.5 - Information Disclosure	2019-09-03 05:02:22 +00:00
Offensive Security	4afcc04eda	DB: 2019-07-02 24 changes to exploits/shellcodes Linux Mint 18.3-19.1 - 'yelp' Command Injection FaceSentry Access Control System 6.4.8 - Remote SSH Root WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection PowerPanel Business Edition - Cross-Site Scripting ZoneMinder 1.32.3 - Cross-Site Scripting SAP Crystal Reports - Information Disclosure Sahi pro 8.x - Directory Traversal CyberPanel 1.8.4 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Command Injection FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Root Exploit Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes) Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes) Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes) Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes) Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes) Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes) Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)	2019-07-02 05:01:50 +00:00
Offensive Security	a90736625a	DB: 2019-06-26 7 changes to exploits/shellcodes SuperDoctor5 - 'NRPE' Remote Code Execution SAPIDO RB-1732 - Remote Command Execution Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution AZADMIN CMS 1.0 - SQL Injection BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting	2019-06-26 05:01:53 +00:00
Offensive Security	76be51b7d6	DB: 2019-06-05 8 changes to exploits/shellcodes DVD X Player 5.5 Pro - Local Buffer Overflow (SEH) NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow Cisco RV130W 1.0.3.44 - Remote Stack Overflow IceWarp 10.4.4 - Local File Inclusion Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting	2019-06-05 05:01:56 +00:00
Offensive Security	79a9df09f0	DB: 2019-05-07 13 changes to exploits/shellcodes iOS 12.1.3 - 'cfprefsd' Memory Corruption Windows PowerShell ISE - Remote Code Execution NSClient++ 0.5.2.35 - Privilege Escalation Windows PowerShell ISE - Remote Code Execution LG Supersign EZ CMS - Remote Code Execution (Metasploit) Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter) ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution PHPads 2.0 - 'click.php3?bannerID' SQL Injection microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes) Linux/x86 - shred file Shellcode (72 bytes)	2019-05-07 05:01:58 +00:00
Offensive Security	0d739de6f9	DB: 2019-04-16 13 changes to exploits/shellcodes UltraVNC Viewer 1.2.2.4 - 'VNC Server' Denial of Service (PoC) UltraVNC Launcher 1.2.2.4 - 'Path' Denial of Service (PoC) MailCarrier 2.51 - 'RCPT TO' Buffer Overflow RemoteMouse 3.008 - Arbitrary Remote Command Execution CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit) MailCarrier 2.51 - POP3 'USER' Buffer Overflow MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit) Manage Engine ServiceDesk Plus 10.0 - Privilege Escalation DirectAdmin 1.561 - Multiple Vulnerabilities Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes) Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)	2019-04-16 05:02:04 +00:00
Offensive Security	be8aa5121b	DB: 2019-04-10 7 changes to exploits/shellcodes Microsoft Windows - AppX Deployment Service Privilege Escalation PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow Apache Axis 1.4 - Remote Code Execution Ashop Shopping Cart Software - 'bannedcustomers.php?blacklistitemid' SQL Injection Linux/x64 - XANAX Encoder Shellcode (127 bytes) Linux/x64 - XANAX Decoder Shellcode (127 bytes)	2019-04-10 05:02:03 +00:00
Offensive Security	9d7b2f64d5	DB: 2019-04-04 18 changes to exploits/shellcodes Canarytokens 2019-03-01 - Detection Bypass SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion) WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free WebKitGTK+ - 'ThreadedCompositor' Race Condition Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion AIDA64 Business 5.99.4900 - SEH Buffer Overflow (EggHunter) AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow AIDA64 Extreme / Engineer / Network Audit 5.99.4900 - SEH Buffer Overflow (EggHunter) TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit) PhreeBooks ERP 5.2.3 - Remote Command Execution Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit) iScripts ReserveLogic - SQL Injection Clinic Pro v4 - 'month' SQL Injection Ashop Shopping Cart Software - SQL Injection PhreeBooks ERP 5.2.3 - Arbitrary File Upload	2019-04-04 05:02:18 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00

1 2

95 commits