bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2802 commits 1 branch 0 tags 258 MiB
Commit graph

14 commits

Author SHA1 Message Date
Exploit-DB
bd09027499 DB: 2023-04-21 
18 changes to exploits/shellcodes/ghdb

Franklin Fueling Systems TS-550 - Default Password

Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information

Linux Kernel 6.2 -  Userspace Processes To Enable Mitigation

Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)
Bang Resto v1.0 - 'Multiple' SQL Injection
Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)

Chitor-CMS v1.1.2 - Pre-Auth SQL Injection

GDidees CMS 3.9.1 - Local File Disclosure

Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution (RCE)

Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)

ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)
Serendipity 2.4.0 - Cross-Site Scripting (XSS)
Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)

FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)

AspEmail v5.6.0.2 - Local Privilege Escalation

File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control
 2023-04-21 00:16:25 +00:00
Offensive Security
d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
 2022-11-10 16:39:50 +00:00
Offensive Security
b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
 2021-09-03 20:19:21 +00:00
Offensive Security
36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
 2021-09-03 13:39:06 +00:00
Offensive Security
0aa8d538e2 DB: 2020-10-10 
3 changes to exploits/shellcodes

Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting
DynPG 4.9.1 - Persistent Cross-Site Scripting (Authenticated)
openMAINT 1.1-2.4.2 - Arbitrary File Upload
 2020-10-10 05:02:11 +00:00
Offensive Security
7be5963105 DB: 2020-10-07 
3 changes to exploits/shellcodes

Qmail SMTP 1.03 - Bash Environment Variable Injection
Karel IP Phone IP1211 Web Management Panel - Directory Traversal
EasyPMS 1.0.0 - Authentication Bypass
 2020-10-07 05:02:06 +00:00
Offensive Security
1c5c38825d DB: 2020-04-22 
10 changes to exploits/shellcodes

Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation

WordPress 2.0.2 - 'cache' Remote Shell Injection
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption
WordPress Core 2.0.2 - 'cache' Remote Shell Injection
CSZ CMS 1.2.7 - Persistent Cross-Site Scripting
PMB 5.6 - 'logid' SQL Injection
CSZ CMS 1.2.7 - 'title' HTML Injection
IQrouter 3.3.1 Firmware - Remote Code Execution
NSClient++ 0.5.2.35 - Authenticated Remote Code Execution
jizhi CMS 1.6.7 - Arbitrary File Download
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)

Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
 2020-04-22 05:01:47 +00:00
Offensive Security
7d757326b8 DB: 2020-02-06 
8 changes to exploits/shellcodes

Socat 1.7.3.4 - Heap-Based Overflow (PoC)
xglance-bin 11.00 - Privilege Escalation

HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account
AVideo Platform 8.1 - Information Disclosure (User Enumeration)
Wago PFC200 - Authenticated Remote Code Execution (Metasploit)
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)
AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
 2020-02-06 05:02:08 +00:00
Offensive Security
caad53ed8d DB: 2019-10-31 
6 changes to exploits/shellcodes

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
Ajenti 2.1.31 - Remote Code Exection (Metasploit)
Citrix StoreFront Server 7.15 - XML External Entity Injection
iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure

Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
 2019-10-31 05:01:41 +00:00
Offensive Security
ba928141e7 DB: 2019-09-26 
10 changes to exploits/shellcodes

SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service

Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow
ABRT - sosreport Privilege Escalation (Metasploit)

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting
WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting
NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
YzmCMS 5.3 - 'Host' Header Injection
 2019-09-26 05:01:47 +00:00
Offensive Security
363500a603 DB: 2018-11-06 
13 changes to exploits/shellcodes

Softros LAN Messenger 9.2 - Denial of Service (PoC)
Microsoft Internet Explorer 11 - Null Pointer Dereference
LiquidVPN 1.36 / 1.37 - Privilege Escalation
Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
SiAdmin 1.1 - 'id' SQL Injection
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
WebVet 0.1a - 'id' SQL Injection
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
Mongo Web Admin 6.0 - Information Disclosure
PHP Proxy 3.0.3 - Local File Inclusion
Royal TS/X - Information Disclosure
Voovi Social Networking Script 1.0 - 'user' SQL Injection
 2018-11-06 05:01:40 +00:00
Offensive Security
c91cad5a90 DB: 2018-04-10 
19 changes to exploits/shellcodes

WebKit - WebAssembly Parsing Does not Correctly Check Section Order
CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure
H2 Database - 'Alias' Arbitrary Code Execution
GoldWave 5.70 - Local Buffer Overflow (SEH Unicode)
PMS 0.42 - Local Stack-Based Overflow (ROP)

Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution
WolfCMS 0.8.3.1 - Cross Site Request Forgery
Cobub Razor 0.7.2 - Add New Superuser Account
MyBB Plugin Recent Threads On Index - Cross-Site Scripting
WolfCMS 0.8.3.1 - Open Redirection
Yahei PHP Prober 0.4.7 - Cross-Site Scripting
WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution
CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection
KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit
Buddypress Xprofile Custom Fields Type 2.6.3  - Remote Code Execution
WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting
WordPress Plugin Google Drive 2.2 - Remote Code Execution
 2018-04-10 05:01:53 +00:00
Offensive Security
995a8906f1 DB: 2018-01-22 
27 changes to exploits/shellcodes

Oracle JDeveloper 11.1.x/12.x - Directory Traversal
Shopware 5.2.5/5.3 - Cross-Site Scripting
CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities
PHPFreeChat 1.7 - Denial of Service
OTRS 5.0.x/6.0.x - Remote Command Execution

DarkComet (C2 Server) - File Upload

BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)

FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode
HP-UX - execve(/bin/sh) Shellcode (58 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode
HP-UX - execve(/bin/sh) Shellcode (58 bytes)

Linux/x86 - execve(/bin/sh)  + Re-Use Of Strings In .rodata Shellcode (16 bytes)
Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes)

Windows/x86 (XP SP2)  (French) - cmd.exe Shellcode (32 bytes)
Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes)
Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes)
Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes)
Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode
Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + Alphanumeric Shellcode (67 bytes)
Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + ASCII Printable Shellcode (49 bytes)
Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode
Windows  (9x/NT/2000/XP) - PEB method Shellcode (29 bytes)
Windows  (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)
Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes)
Windows (9x/NT/2000/XP) - PEB Method Shellcode (29 bytes)
Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)
Windows (9x/NT/2000/XP) - PEB Method Shellcode (35 bytes)

Windows/x86 (XP SP2)  (English / Arabic) - cmd.exe Shellcode (23 bytes)
Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes)
Windows  (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)
Windows  (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes)
Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)
Windows  (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)

Windows/x86 (XP SP2)  (French) - calc Shellcode (19 bytes)
Windows/x86 (XP SP2) (French) - calc.exe Shellcode (19 bytes)

Windows/x86 (XP SP3)  (English) - cmd.exe Shellcode (26 bytes)
Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes)

Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes)

Windows/x86 (XP SP3)  (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows/x86 (XP SP3) (Russia) - WinExec(cmd.exe) + ExitProcess Shellcode (12 bytes)

Linux/x86 - chmod 0777 /etc/shadow +  sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes)

Windows/x86-64 (7) - cmd Shellcode (61 bytes)
Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes)

Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)
Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes)

Windows/ARM  (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode
Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode
Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
Windows/x86 (XP Professional SP3) (English) - Add Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows/x86 - Add Administrator User (secuid0/m0nk) Shellcode (326 bytes)

Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)
Windows - Add Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)

Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode
Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode
Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)

BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)

Linux/x86 - Reverse TCP (127.1.1.1:10)  Xterm Shell Shellcode (68 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes)

Linux/x86 - execve(/bin/sh_ -c_ ping localhost)  Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh_ -c_ ping localhost) Shellcode (55 bytes)

Linux/x86 - execve() Using  JMP-FSTENV Shellcode (67 bytes)
Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes)

Linux/x86 - execve() + ROT-7  Shellcode (Encoder/Decoder)  (74 bytes)
Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes)

Windows/x86 - Create Admin User (X) Shellcode (304 bytes)
Windows/x86 - Create Administrator User (X) Shellcode (304 bytes)
Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes)
Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes)
Windows/x86 (XP Professional SP2) (English) - Wordpad.exe Shellcode (15 bytes)
Windows/x86 (XP Professional SP2) - calc.exe Shellcode (57 bytes)

Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes)
Windows/x86 (XP SP3) (English) - calc.exe Shellcode (16 bytes)
Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes)
Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes)
Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes)

Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) +  Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
 2018-01-22 05:01:45 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00