bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2484 commits 1 branch 0 tags 267 MiB
Commit graph

25 commits

Author SHA1 Message Date
Offensive Security
b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
 2021-09-03 20:19:21 +00:00
Offensive Security
36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
 2021-09-03 13:39:06 +00:00
Offensive Security
f564ddfd17 DB: 2020-05-13 
10 changes to exploits/shellcodes

LanSend 3.2 - Buffer Overflow (SEH)
MacOS 320.whatis Script - Privilege Escalation
Phase Botnet - Blind SQL Injection
Orchard Core RC1 - Persistent Cross-Site Scripting
ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection
CuteNews 2.1.2 - Authenticated Arbitrary File Upload
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting
qdPM 9.1 - Arbitrary File Upload
TylerTech Eagle 2018.3.11 - Remote Code Execution
 2020-05-13 05:01:48 +00:00
Offensive Security
0f5a9de36d DB: 2020-04-29 
8 changes to exploits/shellcodes

Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution
Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit)
NVIDIA Update Service Daemon 1.0.21  - 'nvUpdatusService' Unquoted Service Path

CloudMe 1.11.2 - Buffer Overflow (PoC)
School ERP Pro 1.0 - 'es_messagesid' SQL Injection
School ERP Pro 1.0 - Remote Code Execution
 2020-04-29 05:01:47 +00:00
Offensive Security
c3e827f657 DB: 2020-04-17 
8 changes to exploits/shellcodes

VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)
TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)
Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
Apache Solr - Remote Code Execution via Velocity Template (Metasploit)
 2020-04-17 05:01:48 +00:00
Offensive Security
d3992973f1 DB: 2020-03-21 
2 changes to exploits/shellcodes

VMware Fusion 11.5.2 - Privilege Escalation

Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
 2020-03-21 05:01:49 +00:00
Offensive Security
85cdf30cea DB: 2020-03-19 
7 changes to exploits/shellcodes

NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path
Microsoft VSCode Python Extension - Code Execution
VMWare Fusion - Local Privilege Escalation

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

Netlink GPON Router 1.0.11 - Remote Code Execution

Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
 2020-03-19 05:01:49 +00:00
Offensive Security
f1354b784a DB: 2019-11-23 
4 changes to exploits/shellcodes

Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback
ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path
LiteManager 4.5.0 - Insecure File Permissions
macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache
 2019-11-23 05:01:42 +00:00
Offensive Security
d6e0b04877 DB: 2019-09-20 
4 changes to exploits/shellcodes

macOS 18.7.0 Kernel - Local Privilege Escalation
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution
DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection
GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting
 2019-09-20 05:02:06 +00:00
Offensive Security
808010b53f DB: 2019-07-03 
2 changes to exploits/shellcodes

Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit)

Linux Mint 18.3-19.1 - 'yelp' Command Injection
Linux Mint 18.3-19.1 - 'yelp' Command Injection (Metasploit)

Centreon 19.04  - Remote Code Execution

Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-03 05:01:50 +00:00
Offensive Security
970f7b1104 DB: 2019-05-24 
18 changes to exploits/shellcodes

macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
NetAware 1.20 - 'Add Block' Denial of Service (PoC)
NetAware 1.20 - 'Share Name' Denial of Service (PoC)
Terminal Services Manager 3.2.1 - Denial of Service
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free
Microsoft Windows 10 (17763.379) - Install DLL
Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation
Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)
Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation
Microsoft Internet Explorer 11 - Sandbox Escape
Microsoft Windows - 'Win32k' Local Privilege Escalation

Axis Network Camera - .srv to parhand RCE (Metasploit)
Axis Network Camera - .srv to parhand Remote Code Execution (Metasploit)

HP Intelligent Management - Java Deserialization RCE (Metasploit)
HP Intelligent Management - Java Deserialization Remote Code Execution (Metasploit)

Erlang - Port Mapper Daemon Cookie RCE (Metasploit)
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)

CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit)
CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit)
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)
Pimcore < 5.71 - Unserialize RCE (Metasploit)
AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit)
Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit)

Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)

Nagios XI 5.6.1 - SQL injection

BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes)
BSD/x86 - setuid(0) + Bind (31337/TCP) Shell (/bin/sh) Shellcode (94 bytes)

Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes)
Linux/x86 - Flush IPTables Rules (execve(/sbin/iptables -F)) Shellcode (70 bytes)

Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables --flush) Shellcode (69 bytes)

Linux/x86 - iptables --flush Shellcode (43 bytes)
Linux/x86 - Flush IPTables Rules (iptables --flush) Shellcode (43 bytes)

Linux/x86 - iptables -F Shellcode (43 bytes)
Linux/x86 - Flush IPTables Rules (iptables -F) Shellcode (43 bytes)

Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)
Linux/x86 - Reverse (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)

Linux/x86 - Reverse TCP (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes)
Linux/x86 - Reverse (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes)

Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes)

Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes)
macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)
macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)
macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)
Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)
Apple macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)
Apple macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)

Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (63 bytes)

Linux/x86 - Add User (sshd/root) to Passwd File Shellcode (149 bytes)
Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes)
Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)
Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes)
Linux/x86 - Rabbit Shellcode Crypter (200 bytes)
Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper
Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes)
Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes)
Linux/ARM - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (S59!) + Null-Free Shellcode (100 bytes)
Linux/x86 - Rabbit Encoder Shellcode  (200 bytes)
Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes)
Linux/x86 - OpenSSL Encrypt (aes256cbc) Files (test.txt) Shellcode (185 bytes)
Linux/x86 - shred file Shellcode (72 bytes)
Linux/x86 - execve /bin/sh Shellcode (20 bytes)
Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
Linux x86_64 - Delete File Shellcode (28 bytes)
Linux/x86 - Shred file (test.txt) Shellcode (72 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (20 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (43 bytes)
Linux/x86_64 - Delete File (test.txt) Shellcode (28 bytes)
Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)
 2019-05-24 05:02:03 +00:00
Offensive Security
ab955a9b5d DB: 2019-04-19 
5 changes to exploits/shellcodes

Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)

Evernote 7.9 - Code Execution via Path Traversal

LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)

ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)
 2019-04-19 05:02:10 +00:00
Offensive Security
26efc559c7 DB: 2019-02-21 
8 changes to exploits/shellcodes

FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)
WinRAR 5.61 - '.lng' Denial of Service
FaceTime - Texture Processing Memory Corruption
Android Kernel < 4.8 - ptrace seccomp Filter Bypass
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - File Permissions SYSTEM Privilege Escalation
MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation
Apple macOS 10.13.5 - Local Privilege Escalation

mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers
mIRC < 7.55 - 'Custom URI Protocol Handlers' Remote Command Execution
Belkin Wemo UPnP - Remote Code Execution (Metasploit)

HotelDruid 2.3 - Cross-Site Scripting
 2019-02-21 05:01:57 +00:00
Offensive Security
62445895aa DB: 2018-11-30 
8 changes to exploits/shellcodes

WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object
Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit)
Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
PHP imap_open - Remote Code Execution (Metasploit)
TeamCity Agent - XML-RPC Command Execution (Metasploit)
 2018-11-30 05:01:41 +00:00
Offensive Security
1d25aee539 DB: 2018-11-15 
15 changes to exploits/shellcodes

AMPPS 2.7 - Denial of Service (PoC)
Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)
ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)
SwitchVPN for macOS 2.1012.03 - Privilege Escalation

Atlassian Jira - Authenticated Upload Code Execution (Metasploit)
iServiceOnline 1.0 - 'r' SQL Injection
Helpdezk 1.1.1 - 'query' SQL Injection
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
EdTv 2 - 'id' SQL Injection
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
Advanced Comment System 1.0 - SQL Injection
Rmedia SMS 1.0 - SQL Injection
Pedidos 1.0 - SQL Injection
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
 2018-11-15 05:01:40 +00:00
Offensive Security
363500a603 DB: 2018-11-06 
13 changes to exploits/shellcodes

Softros LAN Messenger 9.2 - Denial of Service (PoC)
Microsoft Internet Explorer 11 - Null Pointer Dereference
LiquidVPN 1.36 / 1.37 - Privilege Escalation
Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
SiAdmin 1.1 - 'id' SQL Injection
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
WebVet 0.1a - 'id' SQL Injection
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
Mongo Web Admin 6.0 - Information Disclosure
PHP Proxy 3.0.3 - Local File Inclusion
Royal TS/X - Information Disclosure
Voovi Social Networking Script 1.0 - 'user' SQL Injection
 2018-11-06 05:01:40 +00:00
Offensive Security
ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
 2018-09-25 05:01:51 +00:00
Offensive Security
b02440845e DB: 2018-07-31 
5 changes to exploits/shellcodes

fusermount - user_allow_other Restriction Bypass and SELinux Label Control
ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)
Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)

Charles Proxy 4.2 - Local Privilege Escalation

H2 Database 1.4.197 - Information Disclosure
 2018-07-31 05:01:47 +00:00
Offensive Security
dd3b710ae8 DB: 2018-03-21 
14 changes to exploits/shellcodes

Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit Pool Memory Disclosure
Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit Stack Memory Disclosure
Microsoft Windows Kernel - 'nt!KiDispatchException' 64-bit Stack Memory Disclosure
Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure
Internet Explorer - 'RegExp.lastMatch' Memory Disclosure
Kamailio 5.1.1 / 5.1.0 / 5.0.0 - Off-by-One Heap Overflow
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) -  'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) -  'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) -  'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) -  'netfilter target_offset' Local Privilege Escalation
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
Microsoft Windows - Desktop Bridge VFS Privilege Escalation
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation
Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Escalation
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
Vehicle Sales Management System - Multiple Vulnerabilities

Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)
 2018-03-21 05:01:50 +00:00
Offensive Security
7cb274b763 DB: 2018-03-04 
6 changes to exploits/shellcodes

Microsoft Windows Windows 8.1/2012 R2 - SMB Denial of Service
Microsoft Windows 8.1/2012 R2 - SMBv3 Null Pointer Dereference Denial of Service
Apple macOS Sierra 10.12.1 - 'IOFireWireFamily' FireWire Port Denial of Service
Apple OS X Yosemite - 'flow_divert-heap-overflow' Kernel Panic
Apple macOS Sierra 10.12.3 - 'IOFireWireFamily-null-deref' FireWire Port Denial of Service

Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'namedobj ' Kernel Loader
Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'NamedObj ' Kernel Loader
Apple macOS High Sierra 10.13 - 'ctl_ctloutput-leak' Information Leak
Apple macOS Sierra 10.12.1 - 'physmem' Local Privilege Escalation
Apple OS X 10.10.5 - 'rootsh' Local Privilege Escalation

Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' WebKit 5.01 / 'bpf' Kernel Loader 4.55
Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' 'setAttributeNodeNS' WebKit 5.02 / 'bpf' Kernel Loader 4.55
 2018-03-04 05:01:52 +00:00
Offensive Security
ef96c0511b DB: 2018-01-30 
4 changes to exploits/shellcodes

macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding
Arq 5.10 - Local Privilege Escalation (1)
Arq 5.10 - Local Privilege Escalation (2)

Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80 bytes)
Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)
 2018-01-30 05:01:49 +00:00
Offensive Security
c35d9b35f7 DB: 2017-12-09 
14 changes to exploits/shellcodes

macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free
macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement
macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement
Apple macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free
Apple macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement
Apple macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement
macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption
macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free
macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free
Apple macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption
Apple macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free
Apple macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free
Wireshark 2.4.0 - 2.4.2 / 2.2.0 - 2.2.10 - CIP Safety Dissector Crash
Linux Kernel - DCCP Socket Use-After-Free
Wireshark 2.4.0 < 2.4.2 / 2.2.0 < 2.2.10 - CIP Safety Dissector Crash
Linux Kernel 4.10.5 / < 4.14.3 (Ubuntu) - DCCP Socket Use-After-Free

iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free
Apple iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free

macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation
Apple macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation

iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation
Apple iOS/macOS - 'xpc_data' Objects Sandbox Escape Privilege Escalation

macOS High Sierra - Local Privilege Escalation (Metasploit)
Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation (Metasploit)
Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation
Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation

LabF nfsAxe FTP Client 3.7 - Buffer Overflow (DEP Bypass)
DomainSale PHP Script 1.0 - 'id' SQL Injection
Simple Chatting System 1.0.0 - Arbitrary File Upload
Website Auction Marketplace 2.0.5 - 'cat_id' SQL Injection
Realestate Crowdfunding Script 2.7.2 - 'pid' SQL Injection
FS Thumbtack Clone 1.0 - 'cat' / 'sc' SQL Injection
FS Stackoverflow Clone 1.0 - 'keywords' SQL Injection
FS Shutterstock Clone 1.0 - 'keywords' SQL Injection
FS Quibids Clone 1.0 - SQL Injection
FS Olx Clone 1.0 - 'scat' / 'pid' SQL Injection
FS Monster Clone 1.0 - 'Employer_Details.php?id' SQL Injection
 2017-12-09 05:02:21 +00:00
Offensive Security
08d2346400 DB: 2017-12-07 
13 changes to exploits/shellcodes

Arq 5.9.7 - Local Privilege Escalation
Murus 1.4.11 - Local Privilege Escalation
Arq 5.9.6 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation
Sera 1.2 - Local Privilege Escalation / Password Disclosure
Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation
Proxifier for Mac 2.19 - Local Privilege Escalation
FS Makemytrip Clone - 'id' SQL Injection
WinduCMS 3.1 - Local File Disclosure
FS Shaadi Clone - 'token' SQL Injection
 2017-12-07 05:02:26 +00:00
Offensive Security
a24ecf72c3 DB: 2017-12-01 
82 changes to exploits/shellcodes

32 new exploits/shellcodes

Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC)
Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC)

CA BrightStor HSM r11.5 - Remote Stack Based Overflow / Denial of Service
CA BrightStor HSM r11.5 - Remote Stack Overflow / Denial of Service

Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC)
Rosoft Media Player 4.1.8 - RML Stack Buffer Overflow (PoC)

Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow
Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow

FontForge - '.BDF' Font File Stack Based Buffer Overflow
FontForge - '.BDF' Font File Stack Buffer Overflow

Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow
Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow

Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC)
Libmodplug 0.8.8.2 - '.abc' Stack Buffer Overflow (PoC)

Citrix XenApp / XenDesktop - Stack Based Buffer Overflow
Citrix XenApp / XenDesktop - Stack Buffer Overflow

Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflows
Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows

Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC)
Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC)

IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow
IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow

Oracle Outside-In - '.LWP' File Parsing Stack Based Buffer Overflow
Oracle Outside-In - '.LWP' File Parsing Stack Buffer Overflow

mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC)
mcrypt 2.6.8 - Stack Buffer Overflow (PoC)
MySQL (Linux) - Stack Based Buffer Overrun (PoC)
MySQL (Linux) - Heap Based Overrun (PoC)
MySQL (Linux) - Stack Buffer Overrun (PoC)
MySQL (Linux) - Heap Overrun (PoC)
Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow
Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow
Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow

DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Based Buffer Overflow
DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow

GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (1)
GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1)

Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow
Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow

Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service
Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service

Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow
Multiple Vendor Telnet Client - Env_opt_add Heap Buffer Overflow

SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow
SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow

Winamp 5.63 - Stack Based Buffer Overflow
Winamp 5.63 - Stack Buffer Overflow

Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow
Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow

Microsoft Internet Explorer 11 - MSHTML CPaste­Command::Convert­Bitmapto­Png Heap-Based Buffer Overflow (MS14-056)
Microsoft Internet Explorer 11 - MSHTML CPaste­Command::Convert­Bitmapto­Png Heap Buffer Overflow (MS14-056)

MPlayer 1.0 - AVIHeader.C Heap Based Buffer Overflow
MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow
ProWizard 4 PC 1.62 - Multiple Remote Stack Based Buffer Overflow Vulnerabilities
WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow
ProWizard 4 PC 1.62 - Multiple Remote Stack Buffer Overflow Vulnerabilities
WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow

Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow
Google Android Web Browser - '.GIF' File Heap Buffer Overflow

Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC)
Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC)

NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow
NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow

FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow
FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow

OpenVms 8.3 Finger Service - Stack Based Buffer Overflow
OpenVms 8.3 Finger Service - Stack Buffer Overflow

Free Download Manager - Stack Based Buffer Overflow
Free Download Manager - Stack Buffer Overflow

Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow
Sonique 2.0 - '.xpl' Remote Stack Buffer Overflow

eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow
eXPert PDF 7.0.880.0 - '.pj' Heap Buffer Overflow
Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec
Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec
Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File

Valhala Honeypot 1.8 - Stack Based Buffer Overflow
Valhala Honeypot 1.8 - Stack Buffer Overflow

Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow
Microsoft Office 2007 - Malformed Document Stack Buffer Overflow

Xion Audio Player 1.5 build 155 - Stack Based Buffer Overflow
Xion Audio Player 1.5 build 155 - Stack Buffer Overflow

Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Based Buffer Overflow
Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow

Last PassBroker 3.2.16 - Stack Based Buffer Overflow
Last PassBroker 3.2.16 - Stack Buffer Overflow

FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads
FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads
FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read
FBZX 2.10 - Local Stack Based Buffer Overflow
TACK 1.07 - Local Stack Based Buffer Overflow
FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Out-of-Bounds Read
FBZX 2.10 - Local Stack Buffer Overflow
TACK 1.07 - Local Stack Buffer Overflow

Gnome Nautilus 3.16 - Denial of Service
Wireshark - iseries_parse_packet Heap Based Buffer Overflow
Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow
Wireshark - iseries_parse_packet Heap Buffer Overflow
Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow

Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow
Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Buffer Overflow
Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow
Wireshark - find_signature Stack Based Out-of-Bounds Read
Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow
Wireshark - getRate Stack Based Out-of-Bounds Read
Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow
Wireshark - find_signature Stack Out-of-Bounds Read
Wireshark - AirPDcapPacketProcess Stack Buffer Overflow
Wireshark - getRate Stack Out-of-Bounds Read
Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1)
Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (1)
pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read
pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read
pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read
pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read

pdfium - CPDF_Function::Call Stack Based Buffer Overflow
pdfium - CPDF_Function::Call Stack Buffer Overflow
pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read
pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read
Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read
Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow
pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read
pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read
Wireshark - 'iseries_check_file_type' Stack Out-of-Bounds Read
Wireshark - dissect_nhdr_extopt Stack Buffer Overflow
Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read
Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read
Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Out-of-Bounds Read
Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read

glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC)
glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)
Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow
libxml2 - xmlDictAddString Heap Based Buffer Overread
libxml2 - xmlParseEndTag2 Heap Based Buffer Overread
libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread
libxml2 - htmlCurrentChar Heap Based Buffer Overread
Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow
libxml2 - xmlDictAddString Heap Buffer Overread
libxml2 - xmlParseEndTag2 Heap Buffer Overread
libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread
libxml2 - htmlCurrentChar Heap Buffer Overread
Kamailio 4.3.4 - Heap Based Buffer Overflow
Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read
Kamailio 4.3.4 - Heap Buffer Overflow
Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read

Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow
Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow

Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2)
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2)

Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow
Graphite2 - GlyphCache::Loader Heap Based Overreads
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread
Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads
Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow
Graphite2 - GlyphCache::Loader Heap Overreads
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread
Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads

Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption
Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption

Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)
Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074)

Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097)

Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure
Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure

Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow
Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow
Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011)
Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011)

Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011)
Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)

Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013)
Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013)

SAP SAPCAR 721.510 - Heap-Based Buffer Overflow
SAP SAPCAR 721.510 - Heap Buffer Overflow

Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption
Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption

LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow
LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow

OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow
OpenJPEG - 'mqc.c' Heap Buffer Overflow

tcprewrite - Heap-Based Buffer Overflow
tcprewrite - Heap Buffer Overflow
Dnsmasq < 2.78 - 2-byte Heap-Based Overflow
Dnsmasq < 2.78 - Heap-Based Overflow
Dnsmasq < 2.78 - Stack-Based Overflow
Dnsmasq < 2.78 - 2-byte Heap Overflow
Dnsmasq < 2.78 - Heap Overflow
Dnsmasq < 2.78 - Stack Overflow

binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow
binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow

PHP 7.1.8 - Heap-Based Buffer Overflow
PHP 7.1.8 - Heap Buffer Overflow
QEMU - NBD Server Long Export Name Stack Buffer Overflow
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page

TerminatorX 3.81 - Local Stack Overflow / Privilege Escalation
TerminatorX 3.81 - Local Stack Overflow / Local Privilege Escalation

BSDi 3.0 inc - Local Buffer Overflow / Privilege Escalation
BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation

RedHat 6.1 - 'man' Local Overflow / Privilege Escalation
RedHat 6.1 - 'man' Local Overflow / Local Privilege Escalation

IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Local Privilege Escalation

AIX lquerylv - Local Buffer Overflow / Privilege Escalation
AIX lquerylv - Local Buffer Overflow / Local Privilege Escalation

IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Privilege Escalation
IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Local Privilege Escalation

libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC)
libxml 2.6.12 nanoftp - Buffer Overflow (PoC)

Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Privilege Escalation
Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Local Privilege Escalation

Gopher 3.0.9 - '+VIEWS' Remote Client-Side Buffer Overflow
Gopher 3.0.9 - '+VIEWS' Client-Side Buffer Overflow

XMail 1.21 - '-t' Command Line Option Buffer Overflow / Privilege Escalation
XMail 1.21 - '-t' Command Line Option Local Buffer Overflow / Local Privilege Escalation

Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation
Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation

Microsoft Excel - Remote Code Execution
Microsoft Excel - Code Execution
HP-UX 11i - 'swpackage' Local Stack Overflow / Privilege Escalation
HP-UX 11i - 'swmodify' Local Stack Overflow / Privilege Escalation
HP-UX 11i - 'swpackage' Local Stack Overflow / Local Privilege Escalation
HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation

Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation
Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation

News Rover 12.1 Rev 1 - Remote Stack Overflow (1)
News Rover 12.1 Rev 1 - Stack Overflow (1)

News Rover 12.1 Rev 1 - Remote Stack Overflow (2)
News Rover 12.1 Rev 1 - Stack Overflow (2)

FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Privilege Escalation
FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation

Apple Mac OSX - mount_smbfs Stack Based Buffer Overflow
Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow

VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow
VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow

Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit)
Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit)

MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows
MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Buffer Overflows

Libmodplug - 's3m' Remote Buffer Overflow
Libmodplug - 's3m' Buffer Overflow

Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin)
Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin)

EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC)
EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC)

Microsoft Visio 2002 - '.DXF' File Stack based Overflow
Microsoft Visio 2002 - '.DXF' Local Stack Overflow

AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit)
AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit)

CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (SEH) (Metasploit)
CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (SEH) (Metasploit)

CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (Metasploit)
CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (Metasploit)

Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit)
Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit)

Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation
Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Local Privilege Escalation

BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1)
BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Local Privilege Escalation (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (3)

S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation
S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Local Privilege Escalation

Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption

SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation
SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Local Privilege Escalation

Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation
Solaris 7.0 - 'kcms_configure' Local Overflow / Local Privilege Escalation

Internet Download Manager - Stack Based Buffer Overflow
Internet Download Manager - Local Stack Buffer Overflow

AFD 1.2.x - Working Directory Local Buffer Overflow / Privilege Escalation
AFD 1.2.x - Working Directory Local Buffer Overflow / Local Privilege Escalation

mcrypt 2.5.8 - Stack Based Overflow
mcrypt 2.5.8 - Local Stack Overflow

Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun

Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow / Privilege Escalation (MS04-020)
Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020)

Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities

Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation (1)
Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1)

Winamp 5.12 - '.m3u' Stack Based Buffer Overflow
Winamp 5.12 - '.m3u' Local Stack Buffer Overflow

RealNetworks RealOne Player/RealPlayer - '.RM' Local Stack Buffer Overflow

KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite
KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite

BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow
BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow

Super Player 3500 - '.m3u' Local Stack Based Buffer Overflow
Super Player 3500 - '.m3u' Local Stack Buffer Overflow

IBM AIX 5.2/5.3 - Capture Command Local Stack Based Buffer Overflow
IBM AIX 5.2/5.3 - Capture Command Local Stack Buffer Overflow
MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color()
GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Based Buffer Overflow
MuPDF 1.3 - Stack Buffer Overflow in xps_parse_color()
GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow

MicroP 0.1.1.1600 - '.mppl' Local Stack Based Buffer Overflow
MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow

Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation
Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Local Privilege Escalation

BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP
BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP

Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Privilege Escalation
Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation

BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RET Buffer Overflow
BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow

BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow

Sim Editor 6.6 - Stack Based Buffer Overflow
Sim Editor 6.6 - Local Stack Buffer Overflow

Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022)
Microsoft Word - Local Machine Zone Code Execution (MS15-022)

Symantec Encryption Desktop 10 - Local Buffer Overflow / Privilege Escalation
Symantec Encryption Desktop 10 - Local Buffer Overflow / Local Privilege Escalation

AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow
AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow

EasyCafe Server 2.2.14 - Remote File Read
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (1)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (2)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2)

Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042)
Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)

TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow
TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow

NRSS Reader 0.3.9 - Local Stack Based Overflow
NRSS Reader 0.3.9 - Local Stack Overflow

Linux - ecryptfs and /proc/$pid/environ Privilege Escalation
Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation

Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution

Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)
Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)

NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow Callback / Privilege Escalation
NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation

Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout)

Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution
Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution

Man-db 2.6.7.1 - Local Privilege Escalation (PoC)

Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit)
Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution (Metasploit)

Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit)
Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit)

PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution
PDF-XChange Viewer 2.5 Build 314.0 - Code Execution

Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (1)
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1)

Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (2)
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2)
UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation
UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape
UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation
UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape
Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
macOS High Sierra - Root Privilege Escalation (Metasploit)

lftp 2.6.9 - Remote Stack based Overflow
lftp 2.6.9 - Remote Stack Overflow

BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack/SEH Overflow
BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack Overflow (SEH)

KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC)
KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC)

HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow
HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow

Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit)
Microsoft MPEG Layer-3 Audio - Stack Overflow (MS10-026) (Metasploit)

Citrix Gateway - ActiveX Control Stack Based Buffer Overflow (Metasploit)
Citrix Gateway - ActiveX Control Stack Buffer Overflow (Metasploit)

Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit)
Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack Buffer Overflow (Metasploit)

Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption

Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (1)
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (2)
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (3)
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (1)
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (2)
Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (3)

GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (2)
GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2)

Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities

RealNetworks RealOne Player/RealPlayer - '.RM' File Remote Stack Based Buffer Overflow

Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow
Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Buffer Overflow

Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Based Buffer Overflow
Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Buffer Overflow

AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow
AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Buffer Overflow

Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities
Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities

Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow
Vim - 'mch_expand_wildcards()' Heap Buffer Overflow

Acunetix 8 build 20120704 - Remote Stack Based Overflow
Acunetix 8 build 20120704 - Remote Stack Overflow

Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Based Buffer Overflow
Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow

TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Based Buffer Overflow Stub
TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub

glibc - 'getaddrinfo' Stack Based Buffer Overflow
glibc - 'getaddrinfo' Remote Stack Buffer Overflow

BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow

Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities
Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities

R2/Extreme 1.65 - Stack Based Buffer Overflow / Directory Traversal
R2/Extreme 1.65 - Stack Buffer Overflow / Directory Traversal

Alligra Calligra - Heap Based Buffer Overflow
Alligra Calligra - Heap Buffer Overflow

Aloaha PDF Suite - Stack Based Buffer Overflow
Aloaha PDF Suite - Remote Stack Buffer Overflow

EasyCafe Server 2.2.14 - Remote File Read

Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution

ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit)
ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit)

Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit)
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit)

pfSense - Authenticated Group Member Remote Command Execution (Metasploit)

Almnzm - 'COOKIE: customer' SQL Injection

Tutorialms 1.4 (show) - SQL Injection
Tutorialms 1.4 - 'show' SQL Injection

osCommerce 2.3.4.1 - Arbitrary File Upload

Knowledge Base Enterprise Edition 4.62.00 - SQL Injection
Knowledge Base Enterprise Edition 4.62.0 - SQL Injection

WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload

phpDolphin 2.0.5 - Multiple Vulnerabilities

OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities

AbanteCart 1.2.7 - Cross-Site Scripting

MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution
EyesOfNetwork (EON) 5.0 - Remote Code Execution
EyesOfNetwork (EON) 5.0 - SQL Injection
EyesOfNetwork (EON) 5.0 - Remote Code Execution
EyesOfNetwork (EON) 5.0 - SQL Injection

ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities

Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution
Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution
phpCollab 2.5.1 - Arbitrary File Upload
phpCollab 2.5.1 - SQL Injection
phpCollab 2.5.1 - Arbitrary File Upload
phpCollab 2.5.1 - SQL Injection

Synology StorageManager 5.2 - Remote Root Command Execution
Synology StorageManager 5.2 - Root Remote Command Execution
WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal
 2017-12-01 10:57:46 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00