exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	48bd7b3ea6	DB: 2020-10-30 4 changes to exploits/shellcodes Online Examination System 1.0 - 'name' Stored Cross Site Scripting Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS) WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot	2020-10-30 05:02:03 +00:00
Offensive Security	ccea007282	DB: 2020-05-01 81 changes to exploits/shellcodes WordPress 2.9 - Denial of Service WordPress Core 2.9 - Denial of Service Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC) Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC) IBM AIX 4.3.1 - 'adb' Denial of Service Jzip - Buffer Overflow (PoC) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) WordPress 4.0 - Denial of Service WordPress < 4.0.1 - Denial of Service WordPress Core 4.0 - Denial of Service WordPress Core < 4.0.1 - Denial of Service Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service PHPFreeChat 1.7 - Denial of Service XenForo 2 - CSS Loader Denial of Service MikroTik 6.41.4 - FTP daemon Denial of Service (PoC) Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Virgin Media Hub 3.0 Router - Denial of Service (PoC) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC) Windows PowerShell - Unsanitized Filename Command Execution Microsoft Windows PowerShell - Unsanitized Filename Command Execution QEMU - Denial of Service Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Tautulli 2.1.9 - Denial of Service (Metasploit) Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Cisco IP Phone 11.7 - Denial of service (PoC) PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass IBM AIX 4.3.1 - 'adb' Denial of Service Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC) AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Windows NTFS - Privileged File Access Enumeration Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) Microsoft Windows NTFS - Privileged File Access Enumeration Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit) Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit) Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) _GCafé 3.0 - 'gbClienService' Unquoted Service Path _GCafé 3.0 - 'gbClienService' Unquoted Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Bash 5.0 Patch 11 - SUID Priv Drop Exploit Bash 5.0 Patch 11 - SUID Priv Drop Exploit Windows - Shell COM Server Registrar Local Privilege Escalation Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation Windows Kernel - Information Disclosure Microsoft Windows Kernel - Information Disclosure NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress 5.0.0 - Crop-image Shell Upload (Metasploit) WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) Windows PowerShell ISE - Remote Code Execution Microsoft Windows PowerShell ISE - Remote Code Execution QEMU - Denial of Service Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) WordPress 1.2 - HTTP Splitting WordPress Core 1.2 - HTTP Splitting WordPress 1.5.1.1 - SQL Injection WordPress Core 1.5.1.1 - SQL Injection WordPress 1.5.1.1 - 'add new admin' SQL Injection WordPress Core 1.5.1.1 - 'add new admin' SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress 1.5.1.3 - Remote Code Execution WordPress 1.5.1.3 - Remote Code Execution (Metasploit) WordPress Core 1.5.1.3 - Remote Code Execution WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit) WordPress 2.0.5 - Trackback UTF-7 SQL Injection WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection WordPress 2.0.6 - 'wp-trackback.php' SQL Injection WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection WordPress 2.1.2 - 'xmlrpc' SQL Injection WordPress Core 2.1.2 - 'xmlrpc' SQL Injection WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress 2.2 - 'xmlrpc.php' SQL Injection WordPress Core 2.2 - 'xmlrpc.php' SQL Injection WordPress 2.2 - 'wp-app.php' Arbitrary File Upload WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress 2.3.1 - Charset SQL Injection WordPress Core 2.3.1 - Charset SQL Injection Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection WordPress 2.6.1 - SQL Column Truncation WordPress Core 2.6.1 - SQL Column Truncation WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress 2.8.1 - 'url' Cross-Site Scripting WordPress Core 2.8.1 - 'url' Cross-Site Scripting WordPress 2.8.3 - Remote Admin Reset Password WordPress Core 2.8.3 - Remote Admin Reset Password WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress 2.9 - Failure to Restrict URL Access WordPress Core 2.9 - Failure to Restrict URL Access Joomla! Component Joomla Flickr 1.0 - Local File Inclusion Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion WordPress 3.0.1 - 'do_trackbacks()' SQL Injection WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress 3.1.3 - SQL Injection WordPress Core 3.1.3 - SQL Injection WordPress 3.3.1 - Multiple Vulnerabilities WordPress Core 3.3.1 - Multiple Vulnerabilities WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress 1.2 - 'edit.php?s' Cross-Site Scripting WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'wp-login.php' HTTP Response Splitting WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress 1.5 - 'post.php' Cross-Site Scripting WordPress Core 1.5 - 'post.php' Cross-Site Scripting WordPress 2.0 - Comment Post HTML Injection WordPress Core 2.0 - Comment Post HTML Injection WordPress 2.0.5 - 'functions.php' Remote File Inclusion WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion WordPress 1.x/2.0.x - 'template.php' HTML Injection WordPress Core 1.x/2.0.x - 'template.php' HTML Injection WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress 2.1.1 - 'post.php' Cross-Site Scripting WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress 2.1.1 - Arbitrary Command Execution WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress Core 2.1.1 - Arbitrary Command Execution WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress 2.2 - 'Request_URI' Cross-Site Scripting WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress 2.3.1 - Unauthorized Post Access WordPress Core 2.3.1 - Unauthorized Post Access WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress 2.3.3 - 'cat' Directory Traversal WordPress Core 2.3.3 - 'cat' Directory Traversal WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 4.2 - Persistent Cross-Site Scripting WordPress Core 4.2 - Persistent Cross-Site Scripting WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress 3.4.2 - Cross-Site Request Forgery WordPress Core 3.4.2 - Cross-Site Request Forgery Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress 4.5.3 - Directory Traversal / Denial of Service WordPress Core 4.5.3 - Directory Traversal / Denial of Service PHPFreeChat 1.7 - Denial of Service WordPress 4.7.0/4.7.1 - Content Injection (Python) WordPress 4.7.0/4.7.1 - Content Injection (Ruby) WordPress Core 4.7.0/4.7.1 - Content Injection (Python) WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby) WordPress < 4.7.1 - Username Enumeration WordPress Core < 4.7.1 - Username Enumeration WordPress Multiple Plugins - Arbitrary File Upload Multiple WordPress Plugins - Arbitrary File Upload Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection WordPress 4.6 - Remote Code Execution WordPress < 4.7.4 - Unauthorized Password Reset WordPress Core 4.6 - Remote Code Execution WordPress Core < 4.7.4 - Unauthorized Password Reset XenForo 2 - CSS Loader Denial of Service Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion WordPress Plugin Site Editor 1.1.1 - Local File Inclusion Joomla Component Fields - SQLi Remote Code Execution (Metasploit) Joomla! Component Fields - SQLi Remote Code Execution (Metasploit) Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection) MikroTik 6.41.4 - FTP daemon Denial of Service PoC Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Joomla Component Ek Rishta 2.10 - SQL Injection Joomla! Component Ek Rishta 2.10 - SQL Injection Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection WordPress Plugin Ninja Forms 3.3.13 - CSV Injection Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Virgin Media Hub 3.0 Router - Denial of Service (PoC) Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress CherryFramework Themes 3.1.4 - Backup File Download WordPress Theme CherryFramework 3.1.4 - Backup File Download WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing Jenkins 2.150.2 - Remote Command Execution (Metasploit) Jenkins 2.150.2 - Remote Command Execution (Metasploit) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) phpBB 3.2.3 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution 60CycleCMS - 'news.php' SQL Injection 60CycleCMS - 'news.php' SQL Injection Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Intelbras IWR 3000N - Denial of Service (Remote Reboot) Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting Centreon 19.04 - Remote Code Execution Centreon 19.04 - Remote Code Execution WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress 5.2.3 - Cross-Site Host Modification WordPress Core 5.2.3 - Cross-Site Host Modification Joomla 3.4.6 - 'configuration.php' Remote Code Execution Joomla! 3.4.6 - 'configuration.php' Remote Code Execution WordPress Arforms 3.7.1 - Directory Traversal WordPress Plugin Arforms 3.7.1 - Directory Traversal WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution Joomla 3.9.13 - 'Host' Header Injection Joomla! 3.9.13 - 'Host' Header Injection Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) NopCommerce 4.2.0 - Privilege Escalation NopCommerce 4.2.0 - Privilege Escalation WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal ( Metasploit ) Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal (Metasploit) Tautulli 2.1.9 - Denial of Service ( Metasploit ) Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit) WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit) Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Cacti 1.2.8 - Authenticated Remote Code Execution Cacti 1.2.8 - Authenticated Remote Code Execution Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) Wordpress Plugin Search Meter 2.13.2 - CSV injection WordPress Plugin Search Meter 2.13.2 - CSV injection Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Cisco IP Phone 11.7 - Denial of service (PoC) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes)	2020-05-01 05:02:03 +00:00
Offensive Security	cae82bb178	DB: 2020-04-24 8 changes to exploits/shellcodes User Management System 2.0 - Persistent Cross-Site Scripting User Management System 2.0 - Authentication Bypass Complaint Management System 4.2 - Persistent Cross-Site Scripting Complaint Management System 4.2 - Authentication Bypass Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User) Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit) Sky File 2.1.0 iOS - Directory Traversal	2020-04-24 05:01:50 +00:00
Offensive Security	4ee0ce31e7	DB: 2020-04-11 3 changes to exploits/shellcodes AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service (PoC) Windscribe 1.83 - 'WindscribeService' Unquoted Service Path Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal	2020-04-11 05:01:50 +00:00
Offensive Security	169b528eaa	DB: 2020-03-31 6 changes to exploits/shellcodes Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service (PoC) 10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP) Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation Multiple DrayTek Products - Pre-authentication Remote Root Code Execution ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin) Joomla! com_fabrik 3.9.11 - Directory Traversal Zen Load Balancer 3.10.1 - Remote Code Execution	2020-03-31 05:01:48 +00:00
Offensive Security	ea7a01d8fb	DB: 2020-02-12 18 changes to exploits/shellcodes Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC) Sudo 1.8.25p - Buffer Overflow Torrent iPod Video Converter 1.51 - Stack Overflow DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path Disk Savvy Enterprise 12.3.18 - Unquoted Service Path Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow Sudo 1.8.25p - 'pwfeedback' Buffer Overflow OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution Microsoft SharePoint - Deserialization Remote Code Execution CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit)	2020-02-12 05:01:58 +00:00
Offensive Security	fcce3705a3	DB: 2019-09-10 9 changes to exploits/shellcodes WordPress 5.2.3 - Cross-Site Host Modification Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection Enigma NMS 65.0.0 - Cross-Site Request Forgery Enigma NMS 65.0.0 - OS Command Injection Enigma NMS 65.0.0 - SQL Injection Online Appointment - SQL Injection Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting Dolibarr ERP-CRM 10.0.1 - SQL Injection	2019-09-10 05:02:21 +00:00
Offensive Security	978c16266a	DB: 2019-07-13 9 changes to exploits/shellcodes Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation Xymon 4.3.25 - useradm Command Execution (Metasploit) Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting Sahi Pro 8.0.0 - Remote Command Execution Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)	2019-07-13 05:02:17 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	cd868436ff	DB: 2019-02-19 25 changes to exploits/shellcodes Realterm Serial Terminal 2.0.0.70 - Denial of Service Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH) NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC) Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers qdPM 9.1 - 'type' Cross-Site Scripting qdPM 9.1 - 'search[keywords]' Cross-Site Scripting Master IP CAM 01 3.3.4.2103 - Remote Command Execution MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module CMSsite 1.0 - 'post' SQL Injection M/Monit 3.7.2 - Privilege Escalation Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload Apache CouchDB 2.3.0 - Cross-Site Scripting ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)	2019-02-19 05:02:08 +00:00
Offensive Security	1982f33252	DB: 2019-02-13 16 changes to exploits/shellcodes AirDroid 4.2.1.6 - Denial of Service River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH) Android - binder Use-After-Free via fdget() Optimization Android - binder Use-After-Free of VMA via race Between reclaim and munmap Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH) runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution Ubuntu snapd < 2.37.1 - Local Privilege Escalation IPFire 2.21 - Cross-Site Scripting MyBB Bans List 1.0 - Cross-Site Scripting IPFire 2.21 - Cross-Site Scripting MyBB Bans List 1.0 - Cross-Site Scripting Webiness Inventory 2.3 - 'email' SQL Injection OPNsense < 19.1.1 - Cross-Site Scripting Jenkins 2.150.2 - Remote Command Execution (Metasploit) BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution LayerBB 1.1.2 - Cross-Site Scripting	2019-02-13 05:01:49 +00:00
Offensive Security	d622832ea0	DB: 2019-02-12 21 changes to exploits/shellcodes KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (PoC) (SEH) Jzip - Buffer Overflow (Denial of Service) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC) STIMS Buffer 1.1.20 - Buffer Overflow (PoC) (SEH Overwrite) Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service) Zortam Mp3 Media Studio 20.15 - Overflow (PoC) (SEH) Netatalk 3.1.12 - Authentication Bypass (PoC) IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC) Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC) IP-Tools 2.50 - Local Buffer Overflow (PoC) Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite) FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC) FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite) Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC) Remote Process Explorer 1.0.0.16 - Buffer Overflow (PoC) (SEH Overwrite) AirDroid 4.2.1.6 - Denial of Service FutureDj Pro 1.7.2.0 - Denial of Service NordVPN 6.19.6 - Denial of Service (PoC) River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH) IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter) River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH) Evince - CBT File Command Injection (Metasploit) Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure Netatalk - Bypass Authentication Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit) NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit) Indusoft Web Studio 8.1 SP2 - Remote Code Execution Smoothwall Express 3.1-SP4 - Cross-Site Scripting Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset IPFire 2.21 - Cross-Site Scripting MyBB Bans List 1.0 - Cross-Site Scripting VA MAX 8.3.4 - Authenticated Remote Code Execution CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting Webiness Inventory 2.3 - 'email' SQL Injection	2019-02-12 05:01:49 +00:00
Offensive Security	6e7548ed0d	DB: 2019-01-25 10 changes to exploits/shellcodes Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC) AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit) Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Joomla! Component J-CruisePortal 6.0.4 - SQL Injection Joomla! Component JHotelReservation 6.0.7 - SQL Injection SimplePress CMS 1.0.7 - SQL Injection SirsiDynix e-Library 3.5.x - Cross-Site Scripting Splunk Enterprise 7.2.3 - Authenticated Custom App RCE ImpressCMS 1.3.11 - 'bid' SQL Injection Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery	2019-01-25 05:01:41 +00:00
Offensive Security	40d3df51a4	DB: 2019-01-19 18 changes to exploits/shellcodes Watchr 1.1.0.0 - Denial of Service (PoC) One Search 1.1.0.0 - Denial of Service (PoC) Eco Search 1.0.2.0 - Denial of Service (PoC) 7 Tik 1.0.1.0 - Denial of Service (PoC) VPN Browser+ 1.1.0.0 - Denial of Service (PoC) FastTube 1.0.1.0 - Denial of Service (PoC) Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion Microsoft Edge Chakra - 'InitClass' Type Confusion Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free Webmin 1.900 - Remote Command Execution (Metasploit) SCP Client - Multiple Vulnerabilities (SSHtranger Things) SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion phpTransformer 2016.9 - SQL Injection phpTransformer 2016.9 - Directory Traversal Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload	2019-01-19 05:01:57 +00:00
Offensive Security	518c704a2f	DB: 2019-01-15 32 changes to exploits/shellcodes xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab) Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation Microsoft Windows 10 - COM Desktop Broker Privilege Escalation Hootoo HT-05 - Remote Code Execution (Metasploit) Across DR-810 ROM-0 - Backup File Disclosure i-doit CMDB 1.12 - Arbitrary File Download i-doit CMDB 1.12 - SQL Injection Horde Imp - 'imap_open' Remote Command Execution Modern POS 1.3 - Arbitrary File Download Modern POS 1.3 - SQL Injection Twilio WEB To Fax Machine System Application 1.0 - SQL Injection Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin) Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection Find a Place CMS Directory 1.5 - SQL Injection Cleanto 5.0 - SQL Injection Lenovo R2105 - Cross-Site Request Forgery (Command Execution) HealthNode Hospital Management System 1.0 - SQL Injection Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account) ThinkPHP 5.X - Remote Command Execution Real Estate Custom Script 2.0 - SQL Injection Job Portal Platform 1.0 - SQL Injection Umbraco CMS 7.12.4 - Authenticated Remote Code Execution Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection AudioCode 400HD - Command Injection	2019-01-15 05:01:52 +00:00
Offensive Security	deaee53895	DB: 2019-01-08 19 changes to exploits/shellcodes Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC) SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC) Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC) KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Mailcleaner - Authenticated Remote Code Execution (Metasploit) Embed Video Scripts - Persistent Cross-Site Scripting All in One Video Downloader 1.2 - Authenticated SQL Injection LayerBB 1.1.1 - Persistent Cross-Site Scripting MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)	2019-01-08 05:01:58 +00:00
Offensive Security	7cc86c322f	DB: 2018-12-01 8 changes to exploits/shellcodes Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free VBScript - 'rtFilter' Out-of-Bounds Read HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit) xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation Apache Spark - Unauthenticated Command Execution (Metasploit) Schneider Electric PLC - Session Calculation Authentication Bypass Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass	2018-12-01 05:01:40 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	2e282df4a8	DB: 2018-08-16 3 changes to exploits/shellcodes JioFi 4G M2S 1.0.2 - Denial of Service (PoC) ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass	2018-08-16 05:02:01 +00:00
Offensive Security	3aca47020d	DB: 2018-08-04 10 changes to exploits/shellcodes FTPShell Client 5.24 - Add to Favorites Buffer Overflow FTPShell Client 5.24 - 'Add to Favorites' Buffer Overflow FTPShell Client 5.24 - Create NewFolder Local Buffer Overflow FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow Wedding Slideshow Studio 1.36 - Buffer Overflow Linux Kernel - UDP Fragmentation Offset 'UFO' Privilege Escalation (Metasploit) Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting Auditor Website 2.0.1 - Cross-Site Scripting Basic B2B Script 2.0.0 - Cross-Site Scripting Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting PHP Template Store Script 3.0.6 - Cross-Site Scripting Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (128 Bytes)	2018-08-04 05:01:46 +00:00
Offensive Security	a13c4ea572	DB: 2018-03-31 23 changes to exploits/shellcodes SysGauge 4.5.18 - Local Denial of Service Systematic SitAware - NVG Denial of Service Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH) Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow osTicket 1.10 - SQL Injection osTicket 1.10 - SQL Injection (PoC) Open-AuditIT Professional 2.1 - Cross-Site Request Forgery Homematic CCU2 2.29.23 - Arbitrary File Write MiniCMS 1.10 - Cross-Site Request Forgery WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection Homematic CCU2 2.29.23 - Remote Command Execution Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection Joomla! Component AcySMS 3.5.0 - CSV Macro Injection WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change osCommerce 2.3.4.1 - Remote Code Execution Tenda W316R Wireless Router 5.07.50 - Remote DNS Change D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit) Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC)	2018-03-31 05:01:49 +00:00
Offensive Security	cf96346519	DB: 2018-01-25 124 changes to exploits/shellcodes Airsensor M520 - HTTPD Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Samsung DVR SHR2040 - HTTPD Remote Denial of Service Denial of Service (PoC) Samsung DVR SHR2040 - HTTPd Remote Denial of Service Denial of Service (PoC) Novell ZenWorks 10/11 - TFTPD Remote Code Execution Novell ZENworks 10/11 - TFTPD Remote Code Execution Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi WhitSoft SlimServe HTTPd 1.1 - Get Denial of Service WhitSoft SlimServe HTTPd 1.1 - 'GET_ Denial of Service GoAhead Software GoAhead WebServer (Windows) 2.1 - Denial of Service GoAhead Web Server 2.1 (Windows) - Denial of Service Anti-Web HTTPD 2.2 Script - Engine File Opening Denial of Service Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service Rosiello Security Sphiro HTTPD 0.1B - Remote Heap Buffer Overflow Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow D-Link DWL-G700AP 2.00/2.01 - HTTPD Denial of Service D-Link DWL-G700AP 2.00/2.01 - HTTPd Denial of Service Lorex LH300 Series - ActiveX Buffer Overflow (PoC) Debut Embedded httpd 1.20 - Denial of Service Debut Embedded HTTPd 1.20 - Denial of Service Xorg 1.4 < 1.11.2 - File Permission Change X.Org xorg 1.4 < 1.11.2 - File Permission Change Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit) Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit) ICU library 52 < 54 - Multiple Vulnerabilities rooter VDSL Device - Goahead WebServer Disclosure FS4104-AW VDSL Device (Rooter) - GoAhead WebServer Disclosure Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal Simple HTTPd 1.42 - PUT Request Remote Buffer Overflow Simple HTTPd 1.42 - 'PUT' Remote Buffer Overflow Debian 2.1 - httpd Debian 2.1 - HTTPd Apache 0.8.x/1.0.x / NCSA httpd 1.x - test-cgi Directory Listing Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing Inso DynaWeb httpd 3.1/4.0.2/4.1 - Format String Inso DynaWeb HTTPd 3.1/4.0.2/4.1 - Format String W3C CERN httpd 3.0 Proxy - Cross-Site Scripting W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting ATP httpd 0.4 - Single Byte Buffer Overflow ATP HTTPd 0.4 - Single Byte Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - 'SOCKS4' Buffer Overflow Light HTTPd 0.1 - GET Buffer Overflow (1) Light HTTPd 0.1 - GET Buffer Overflow (2) Light HTTPd 0.1 - 'GET' Buffer Overflow (1) Light HTTPd 0.1 - 'GET' Buffer Overflow (2) Light HTTPD 0.1 (Windows) - Remote Buffer Overflow Light HTTPd 0.1 (Windows) - Remote Buffer Overflow Ultra Mini HTTPD 1.21 - Remote Stack Buffer Overflow Ultra Mini HTTPd 1.21 - Remote Stack Buffer Overflow Ultra Mini HTTPD - Remote Stack Buffer Overflow (Metasploit) Ultra Mini HTTPd - Remote Stack Buffer Overflow (Metasploit) BusyBox 1.01 - HTTPD Directory Traversal BusyBox 1.01 - HTTPd Directory Traversal Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1) Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (1) Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2) Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (2) Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection Apache mod_cgi - 'Shellshock' Remote Command Injection Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection Apache mod_cgi - 'Shellshock' Remote Command Injection IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit) GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit) GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit) Getsimple 2.01 - Local File Inclusion Getsimple CMS 2.01 - Local File Inclusion Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) Novell ZENworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) ManageEngine DesktopCentral 8.0.0 build < 80293 - Arbitrary File Upload ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File Upload ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution ManageEngine EventLog Analyzer - Multiple Vulnerabilities ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1) Bash CGI - 'Shellshock' Remote Command Injection (Metasploit) Bash CGI - 'Shellshock' Remote Command Injection (Metasploit) Getsimple 3.0 - 'set' Local File Inclusion Getsimple CMS 3.0 - 'set' Local File Inclusion ZENworks Configuration Management 11.3.1 - Remote Code Execution Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution Kaseya Virtual System Administrator - Multiple Vulnerabilities (1) Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1) Getsimple - 'path' Local File Inclusion Getsimple CMS 3.1.2 - 'path' Local File Inclusion Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit) SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit) ManageEngine Password Manager Pro and ManageEngine IT360 - SQL Injection ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection BMC Track-It! 11.4 - Multiple Vulnerabilities Billion / TrueOnline / ZyXEL Routers - Multiple Vulnerabilities SysAid Help Desk 14.4 - Multiple Vulnerabilities Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities GetSimple CMS 3.3.1 - Cross-Site Scripting CMS Made Simple 1.11.9 - Multiple Vulnerabilities ManageEngine Desktop Central - Create Administrator ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2) ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes) FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes) FreeBSD/x64 - exec /bin/sh Shellcode (31 bytes) FreeBSD/x64 - execve(/bin/sh) Shellcode (34 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x64 - execve(/bin/sh) Shellcode (33 bytes) NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes) Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes) UnixWare - execve(/bin/sh) Shellcode (95 bytes) Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes) UnixWare - execve(/bin/sh) Shellcode (95 bytes) Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Windows/x64 - URLDownloadToFileA(http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Windows/x86 (XP SP3) - ShellExecuteA Shellcode Windows/x86 (XP SP3) - ShellExecuteA() Shellcode Linux/x86 - Fork Bomb Shellcode (6 bytes) (1) Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Windows/x86 - JITed Stage-0 Shellcode Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes) Windows/x86 (XP SP2) - WinExec(write.exe) + ExitProcess Shellcode (16 bytes) Windows/x86 - MessageBox Shellcode (Metasploit) Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode Windows/x86 - MessageBox Shellcode (Generator) (Metasploit) Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes) Windows/x64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes) Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes) Windows/x64 (7) - cmd.exe Shellcode (61 bytes) Windows - MessageBoxA Shellcode (238 bytes) Windows - MessageBoxA() Shellcode (238 bytes) Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes) Linux/x64 - Disable ASLR Security Shellcode (143 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes) Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator) Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes) Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes) Windows (XP SP3) (Spanish) - URLDownloadToFileA() + CreateProcessA() + ExitProcess() Shellcode (176+ bytes) (Generator) Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) Windows - WinExec(cmd.exe) + ExitProcess Shellcode (195 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes) Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes) Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes) Windows (XP SP3) (English) - MessageBoxA() Shellcode (87 bytes) OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) OSX/x64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes) ARM - Add Root User Shellcode (66+ bytes) (Generator) (Metasploit) Windows/x86 - Eggsearch Shellcode (33 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes) Linux/x64 - execve(/bin/sh) Shellcode (52 bytes) Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes) Linux/x64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes) Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode Windows (2000/XP/7) - URLDownloadToFile(http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes) Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir() Shellcode (37 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir() Shellcode (37 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes) Linux/x64 - execve(/bin/sh) Via Push Shellcode (23 bytes) Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes) Linux/x64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes) Linux/x86-64 - execve() Encoded Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode Linux/x64 - execve() Encoded Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode (Generator) Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes) OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes) Windows/x86 - user32!MessageBox(Hello World!) + Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode (Generator) Windows/x64 (2003) - Token Stealing Shellcode (59 bytes) OSX/x64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes) OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes) OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Linux/x64 - execve(/bin/sh) Shellcode (34 bytes) Linux/x86-64 - execve() Shellcode (22 bytes) Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes) Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes) Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - execve() Shellcode (22 bytes) Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Egghunter (0x6b634068) Shellcode (24 bytes) Linux/x64 - execve() + Polymorphic Shellcode (31 bytes) Windows (XP < 10) - Command Generator WinExec() + Null-Free Shellcode (Generator) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x64 - Read /etc/passwd Shellcode (156 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes) Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1) Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - execve(/bin/sh) Shellcode (26 bytes) Linux/x64 - execve(/bin/sh) Shellcode (25 bytes) (1) Linux/x64 - execve(/bin/bash) Shellcode (33 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Read /etc/passwd Shellcode (65 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Windows/x86 - URLDownloadToFileA(http://192.168.86.130/sample.exe) + SetFileAttributesA(pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x86-64 - Bind TCP Shell Shellcode (Generator) Linux/x64 - Bind TCP Shell Shellcode (Generator) Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x64 - execve() + XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Windows/x86 - MessageBoxA Shellcode (242 bytes) Windows/x86 - MessageBoxA() Shellcode (242 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes) Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes) Linux/x64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes) Linux/x64 - Read /etc/passwd Shellcode (82 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - sethostname(Rooted !) + killall Shellcode (33 bytes) Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes) Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes) Windows/x64 - WinExec(cmd.exe) Shellcode (93 bytes) Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Windows/x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir() Shellcode (25 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes) Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x64 - mkdir() Shellcode (25 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x64 - execve(/bin/sh) Shellcode (22 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes) Linux/x64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes) Linux/x64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes) Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes) Linux/x64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes) FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x64 - execve(/bin/sh) Shellcode (28 bytes) FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x86-64 - shutdown -h now Shellcode (65 bytes) Linux/x86-64 - shutdown -h now Shellcode (64 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes) Linux/x64 - Execute /bin/sh Shellcode (27 bytes) Linux/x64 - Execute /bin/sh Shellcode (24 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes) Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes) Linux/x64 - shutdown -h now Shellcode (64 bytes) Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) Windows/x86-64 (10) - Egghunter Shellcode (45 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2) Windows/x64 (10) - Egghunter Shellcode (45 bytes) Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (2) Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1) Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Windows - cmd.exe Shellcode (718 bytes) Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (1) Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes) Linux/x64 - execve(/bin/sh) Shellcode (24 bytes) Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x64 - Kill All Processes Shellcode (19 bytes) Linux/x64 - Fork Bomb Shellcode (11 bytes) Linux/x86-64 - mkdir(evil) Shellcode (30 bytes) Linux/x64 - mkdir(evil) Shellcode (30 bytes) Windows/x86-64 - API Hooking Shellcode (117 bytes) Windows/x64 - API Hooking Shellcode (117 bytes)	2018-01-25 18:22:06 +00:00
Offensive Security	8a2e4ff27a	DB: 2018-01-19 58 changes to exploits/shellcodes Smiths Medical Medfusion 4000 - 'DHCP' Denial of Service WebKit - 'WebCore::InputType::element' Use-After-Free WebKit - 'WebCore::InputType::element' Use-After-Free (1) WebKit - 'WebCore::InputType::element' Use-After-Free WebKit - 'WebCore::InputType::element' Use-After-Free (2) Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (1) Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (2) Rosoft Media Player 4.2.1 - Local Buffer Overflow Rosoft Media Player 4.2.1 (Windows XP SP2/3 French) - Local Buffer Overflow GNU Screen 4.5.0 - Local Privilege Escalation GNU Screen 4.5.0 - Local Privilege Escalation (PoC) glibc - 'getcwd()' Local Privilege Escalation JAD java Decompiler 1.5.8e - Local Buffer Overflow JAD Java Decompiler 1.5.8e - Local Buffer Overflow JAD Java Decompiler 1.5.8e - Local Buffer Overflow JAD Java Decompiler 1.5.8e - Local Buffer Overflow (NX Enabled) Ability Server 2.34 - Remote APPE Buffer Overflow Ability Server 2.34 - 'APPE' Remote Buffer Overflow CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (1) Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1) Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (2) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (2) Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1) Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2) Invision Power Board 2.0.3 - 'login.php' SQL Injection Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial) FOSS Gallery Public 1.0 - Arbitrary File Upload FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC) Vastal I-Tech Agent Zone - SQL Injection Vastal I-Tech Agent Zone - 'view_listing.php' SQL Injection Netsweeper 4.0.8 - Authentication Bypass Netsweeper 4.0.8 - Authentication Bypass (via Disabling of IP Quarantine) Netsweeper 4.0.8 - Authentication Bypass Netsweeper 4.0.8 - Authentication Bypass (via New Profile Creation) Primefaces 5.x - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Metasploit) Vastal I-Tech Agent Zone - SQL Injection Vastal I-Tech Agent Zone - 'searchCommercial.php' / 'searchResidential.php' SQL Injection BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes) BSDi/x86 - execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes) FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes) FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) + Null-Free Shellcode (65 bytes) Linux/x86 - execve() Null-Free Shellcode (Generator) Linux/x86 - execve() + Null-Free Shellcode (Generator) Windows XP SP1 - Bind TCP Shell Shellcode (Generator) Windows (XP SP1) - Bind TCP Shell Shellcode (Generator) Linux/x86 - Command Generator Null-Free Shellcode (Generator) Linux/x86 - Command Generator + Null-Free Shellcode (Generator) (Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes) Windows x86 - Multi-Format Encoding Tool Shellcode (Generator) Linux/x86 - HTTP/1.x Requests Shellcode (18+/26+ bytes) (Generator) Windows/x86 - Multi-Format Encoding Tool Shellcode (Generator) Linux/x86 - PUSH reboot() Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator Null-Free (Generator) Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes) Linux/x86 - reboot() + PUSH Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator + Null-Free (Generator) Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) + Null-Free Shellcode (28 bytes) Linux/x86 - Reverse Connection (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - execve() Read Shellcode (92 bytes) Linux/x86 - execve() + Read Shellcode (92 bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() + Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid() + Executes Command Shellcode (49+ bytes) Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes) Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - execve() + Diassembly + Obfuscation Shellcode (32 bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() + Null-Free Shellcode (236 bytes) Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes) Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) + XORED Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) Shellcode + 1 Encoded (39 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes) Linux/x86 - execve(/bin/sh) + Anti-Debug Trick (INT 3h trap) Shellcode (39 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Eject CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) + exit() Shellcode (4 bytes) Linux/x86 - (eax != 0 and edx == 0) + exit() Shellcode (4 bytes) Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - Snoop /dev/dsp + Null-Free Shellcode (172 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Alphanumeric Encoded (IMUL Method) Shellcode (88 bytes) Linux/x86 - Alphanumeric Encoded + IMUL Method Shellcode (88 bytes) Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes) Linux/IA32 - execve(/bin/sh) + 0xff-Free Shellcode (45 bytes) Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes) Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) + XOR Encoded Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (55 bytes) OSX/PPC - Reboot Shellcode (28 bytes) OSX/PPC - Reboot() Shellcode (28 bytes) Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes) Solaris/SPARC - setreuid + Executes Command Shellcode (92+ bytes) Solaris/MIPS - Download File (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes) Solaris/SPARC - setreuid() + Executes Command Shellcode (92+ bytes) Solaris/SPARC - setreuid + execve() Shellcode (56 bytes) Solaris/SPARC - setreuid() + execve() Shellcode (56 bytes) Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) + Null-Free Shellcode (39 bytes) Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - Egg Omelet SEH Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - MessageBox Shellcode (110 bytes) Windows x86 - Command WinExec() Shellcode (104+ bytes) Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes) Windows XP/2000/2003 - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode Windows XP SP1 - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows/x86 (XP SP2) (English) - cmd.exe Shellcode (23 bytes) Windows/x86 - Egg Omelet SEH Shellcode Windows/x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows/x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes) Windows/x86 (XP SP2) - cmd.exe Shellcode (57 bytes) Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes) Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes) Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode Windows/x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows/x86 - Download File + Execute Shellcode (192 bytes) Windows/x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows/x86 (NT/XP) - IsDebuggerPresent Shellcode (39 bytes) Windows/x86 (SP1/SP2) - Beep Shellcode (35 bytes) Windows/x86 (XP SP2) - MessageBox Shellcode (110 bytes) Windows/x86 - Command WinExec() Shellcode (104+ bytes) Windows/x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows (NT/2000/XP) (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows (9x/NT/2000/XP) - Reverse Generic Without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows (9x/NT/2000/XP) - PEB method Shellcode (29 bytes) Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes) Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes) Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP/2000/2003) - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows (XP) - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) + Null-Free Shellcode Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + execve(/sbin/poweroff -f) Shellcode (47 bytes) Windows XP SP2 - PEB ISbeingdebugged Beep Shellcode (56 bytes) Windows (XP SP2) - PEB ISbeingdebugged Beep Shellcode (56 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode Windows/x86 (XP SP3) - ShellExecuteA Shellcode Linux/x86 - setreuid(0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows/x86 (XP SP3) - Add Firewall Rule (Allow 445/TCP) Shellcode Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Windows/x86 (XP SP2) - calc.exe Shellcode (45 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes) Windows XP Professional SP2 (English) - MessageBox Null-Free Shellcode (16 bytes) Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes) Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes) Windows (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Windows/x86 (XP SP2) (French) - calc Shellcode (19 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes) Windows/x86 (XP SP2) (Turkish) - cmd.exe Shellcode (26 bytes) Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) Windows (XP Home SP2) (English) - calc.exe Shellcode (37 bytes) Windows (XP Home SP3) (English) - calc.exe Shellcode (37 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Windows - Egghunter JITed Stage-0 Shellcode Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode Windows/x86 - JITed Stage-0 Shellcode Windows/x86 - JITed exec notepad Shellcode Windows (XP Professional SP2) (Italian) - calc.exe Shellcode (36 bytes) Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes) Windows - Egghunter (0x07333531) JITed Stage-0 Shellcode Windows/x86 (XP SP3) (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows/x86 - MessageBox Shellcode (Metasploit) Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2) Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) Linux/x86 - execve(a->/bin/sh) + Local-only Shellcode (14 bytes) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86 - setreud(getuid()_ getuid()) + execve(/bin/sh) Shellcode (34 bytes) Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode Windows (XP SP2) (French) - Download File (http://www.site.com/nc.exe) + Execute (c:\backdor.exe) Shellcode Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes) Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - unlink /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh) Shellcode (39 bytes) Windows/x86-64 (7) - cmd Shellcode (61 bytes) Linux/x86 - unlink(/etc/shadow) Shellcode (33 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{shadow_passwd} Shellcode (390 bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes) Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator) Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) + XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) + Null-Free Shellcode Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes) Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic + Null-Free Shellcode (46 bytes) Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes) Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes) Windows/x86 - Egghunter Checksum Routine Shellcode (18 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode Windows Mobile 6.5 TR - Phone Call Shellcode Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Windows/x86 (XP SP3) (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode Windows/ARM (Mobile 6.5 TR) - Phone Call Shellcode Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode Windows/x86 (5.0 < 7.0) - Speaking 'You got pwned!' + Null-Free Shellcode Windows x86 - Eggsearch Shellcode (33 bytes) Windows/x86 - Eggsearch Shellcode (33 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter + Null-Free Shellcode (29 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password + Polymorphic Shellcode Windows x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows XP Professional SP3 - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes) Windows x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows (XP Professional SP3) - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes) Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows (2000/XP/7 x64/x86) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes) Cisco ASA - 'EXTRABACON' Authentication Bypass (Improved Shellcode) (69 bytes) Windows RT ARM - Bind TCP (4444/TCP) Shell Shellcode Linux/x86 - Egghunter Shellcode (31 bytes) Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode Linux/x86 - Egghunter (0x56767606) Using fstenv + Obfuscation Shellcode (31 bytes) Windows x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Windows - MessageBox Null-Free Shellcode (113 bytes) Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Windows - MessageBox + Null-Free Shellcode (113 bytes) Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes) Linux/x86 - rmdir Shellcode (37 bytes) Linux/x86 - rmdir() Shellcode (37 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (84 bytes) Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes) Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (40 bytes) Linux/x86 - Egghunter Shellcode (20 bytes) Linux/x86 - Egghunter (0x5159) Shellcode (20 bytes) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes) Linux/x86 - Create 'my.txt' In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(/sbin/halt) + exit(0) Shellcode (49 bytes) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Shellcode (57 bytes) Windows/x86 (XP SP3) - Create (file.txt) Shellcode (83 bytes) Windows/x86 (XP SP3) - Restart Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) + Push Method Shellcode (21 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes) Linux/x86 - Reboot Shellcode (28 bytes) Linux/x86 - Reboot() Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode Windows 2003 x64 - Token Stealing Shellcode (59 bytes) OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes) Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode Windows/x86 (XP SP3) (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter (0x50905090) Without Hardcoded Signature Shellcode (19 bytes) Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes) OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes) Windows XP < 10 - Command Generator WinExec Null-Free Shellcode (Generator) Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator) Linux/x86-64 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter Shellcode (13 bytes) Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x86 - Egghunter (0x4f904790) Shellcode (13 bytes) Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes) Windows/x86 (.Net Framework) - Execute Native x86 Shellcode Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes) Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes) Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes) Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes) Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Windows/x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Windows XP < 10 - Download File + Execute Shellcode Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Windows/x86 - system(systeminfo) Shellcode (224 bytes) Windows (XP < 10) - Download File + Execute Shellcode Windows/x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Windows/x86 (7) - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Windows x86 - MessageBoxA Shellcode (242 bytes) Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{shadow_passwd} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{shadow_passwd} Shellcode (273 bytes) Windows/x86 - MessageBoxA Shellcode (242 bytes) Windows/x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows/x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) OSX/PPC - Stager Sock Find MSG_PEEK Shellcode OSX/PPC - Stager Sock Find MSG_PEEK + Null-Free Shellcode OSX/PPC - execve(/bin/sh) Shellcode OSX/PPC - execve(/bin/sh) + Null-Free Shellcode Linux/x86 - socket-proxy Shellcode (372 bytes) (Generator) Linux/x86 - Socket-proxy Shellcode (372 bytes) (Generator) Linux/x86 - rmdir(_/tmp/willdeleted_) Shellcode (41 bytes) Linux/x86 - setdomainname(_th1s s3rv3r h4s b33n h1j4ck3d !!_) Shellcode (58 bytes) Linux/x86 - rmdir(/tmp/willdeleted) Shellcode (41 bytes) Linux/x86 - setdomainname(th1s s3rv3r h4s b33n h1j4ck3d !!) Shellcode (58 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (5) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes) Linux/x86 - Egghunter Shellcode (38 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Egghunter (0x50905090) + Null-Free Shellcode (38 bytes) Linux/x86 - execve(/bin/sh) + Null-Free Shellcode (21 bytes) (6) Linux/x86 - Read /etc/passwd file + Null-Free Shellcode (51 bytes) Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes) Linux/x86 - Fork Bomb + Mutated + Null-Free Shellcode (15 bytes) Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes) Linux/x86 - execve(/bin/sh) + Uzumaki Encoded + Null-Free Shellcode (50 bytes) Linux/x86 - Uzumaki Encryptor Shellcode (Generator) Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - /proc/sys/net/ipv4/ip_forward 0 + exit() Shellcode (83 bytes) Linux/x86 - Egghunter (0x5090) Shellcode (38 bytes) Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (30 bytes) Linux/x86 - Bind TCP Shell Shellcode (112 bytes) Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes) Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes) Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes) Linux/x86 - shift-bit execve() Encoder Shellcode (114 bytes) Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes) Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes) Linux/x86 - shutdown -h now Shellcode (56 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Linux/x86 - setreuid() + execve(/usr/bin/python) Shellcode (54 bytes) Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes) Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Windows/x86 - Create Admin User (X) Shellcode (304 bytes) Windows/x86 (XP SP3) (French) - Sleep 90 Seconds Shellcode (14 bytes) Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes) Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes) Windows/x86 (XP Professional SP3) (French) - calc.exe Shellcode (31 bytes) Windows/x86 - Download File (http://skypher.com/dll) + LoadLibrary + Null-Free Shellcode (164 bytes) Windows/x86 - calc.exe + Null-Free Shellcode (100 bytes) Windows/x86 - Message Box + Null-Free Shellcode (140 bytes) Windows/x86 (XP SP3) (Turkish) - MessageBoxA Shellcode (109 bytes) Windows/x86 (XP SP3) (Turkish) - calc.exe Shellcode (53 bytes) Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (52 bytes) Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (42 bytes) Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes) Windows/x86 (XP SP3) - MessageBox Shellcode (11 bytes) Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes) Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes) Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir Shellcode (25 bytes) Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution + Null-Free Shellcode (72 bytes) Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir() Shellcode (25 bytes) Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Windows/x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes) Windows/x86 - Executable Directory Search + Null-Free Shellcode (130 bytes) Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Windows x86 - Hide Console Window Shellcode (182 bytes) Windows/x86 - Hide Console Window Shellcode (182 bytes) Linux/ARM - chmod(_/etc/passwd__ 0777) Shellcode (39 bytes) Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes) Linux/SPARC - setreuid(0_0) + standard execve() Shellcode (72 bytes) Linux/SPARC - setreuid(0_0) + execve() Shellcode (72 bytes) Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - exceve(/bin/sh) + Encoded Shellcode (44 bytes) Linux/x86 - Insertion Decoder + Null-Free Shellcode (33+ bytes) Windows 10 x64 - Egghunter Shellcode (45 bytes) Windows/x86-64 (10) - Egghunter Shellcode (45 bytes) Linux/x86 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter (0x50905090) + /bin/sh Shellcode (18 bytes) Windows x86/x64 - cmd.exe Shellcode (718 bytes) Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) + XOR Encoded Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (4) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86-64 - mkdir(evil) Shellcode (30 bytes) Windows x64 - API Hooking Shellcode (117 bytes) Windows/x86-64 - API Hooking Shellcode (117 bytes)	2018-01-19 05:01:43 +00:00
Offensive Security	2d8b561a5d	DB: 2018-01-09 26 changes to exploits/shellcodes Need for Speed 2 - Remote Client Buffer Overflow Need for Speed 2 - Remote Client Buffer Overflow (PoC) Red Faction 1.20 - Server Reply Remote Buffer Overflow Red Faction 1.20 - Server Reply Remote Buffer Overflow (PoC) Medal of Honor - Remote Buffer Overflow Medal of Honor - Remote Buffer Overflow (PoC) Monolith Games - Local Buffer Overflow Monolith Games - Local Buffer Overflow (PoC) BaSoMail - Multiple Buffer Overflow Denial of Service Vulnerabilities BaSoMail - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities Orbz Game 2.10 - Remote Buffer Overflow Orbz Game 2.10 - Remote Buffer Overflow (PoC) Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow (PoC) KNet Web Server 1.04c - Buffer Overflow Denial of Service KNet Web Server 1.04c - Buffer Overflow (Denial of Service) (PoC) ProRat Server 1.9 (Fix-2) - Buffer Overflow Crash ProRat Server 1.9 (Fix-2) - Buffer Overflow / Crash (PoC) Mozilla Products - 'Host:' Buffer Overflow Denial of Service String Mozilla Products - 'Host:' Buffer Overflow (Denial of Service) (PoC) String Virtools Web Player 3.0.0.100 - Buffer Overflow Denial of Service Virtools Web Player 3.0.0.100 - Buffer Overflow (Denial of Service) (PoC) FlatFrag 0.3 - Buffer Overflow / Denial of Service FlatFrag 0.3 - Buffer Overflow (Denial of Service) (PoC) zawhttpd 0.8.23 - GET Remote Buffer Overflow Denial of Service zawhttpd 0.8.23 - GET Remote Buffer Overflow (Denial of Service) (PoC) TinyFTPD 1.4 - 'USER' Remote Buffer Overflow Denial of Service TinyFTPD 1.4 - 'USER' Remote Buffer Overflow (Denial of Service) (PoC) Genecys 0.2 - Buffer Overflow / NULL pointer Denial of Service Genecys 0.2 - Buffer Overflow / NULL Pointer (Denial of Service) PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow Denial of Service PunkBuster < 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC) FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow Denial of Service FlashFXP 3.4.0 build 1145 - Remote Buffer Overflow (Denial of Service) (PoC) Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow Denial of Service Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC) TFTP Server 1.3 - Remote Buffer Overflow Denial of Service TFTP Server 1.3 - Remote Buffer Overflow (Denial of Service) (PoC) LeadTools Raster - Dialog File_D Object Remote Buffer Overflow LeadTools Raster - Dialog File_D Object Remote Buffer Overflow (PoC) LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow LeadTools Raster ISIS Object 'LTRIS14e.DLL 14.5.0.44' - Remote Buffer Overflow (PoC) Xserver 0.1 Alpha - POST Remote Buffer Overflow Xserver 0.1 Alpha - 'POST' Remote Buffer Overflow (PoC) Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow (PoC) Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow / Denial of Service Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow (Denial of Service) (PoC) Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow Denial of Service Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC) Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) (PoC) Printoxx - Local Buffer Overflow Picpuz 2.1.1 - Buffer Overflow Denial of Service (PoC) Printoxx - Local Buffer Overflow (PoC) Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC) Apollo Player 37.0.0.0 - '.aap' Buffer Overflow Denial of Service Apollo Player 37.0.0.0 - '.aap' Buffer Overflow (Denial of Service) (PoC) Switch Sound File Converter - '.mpga' Buffer Overflow Denial of Service Switch Sound File Converter - '.mpga' Buffer Overflow (Denial of Service) (PoC) Wireshark 1.2.5 - LWRES getaddrbyname Stack Buffer Overflow Xerox Workcenter 4150 - Remote Buffer Overflow Wireshark 1.2.5 - 'LWRES getaddrbyname' Stack Buffer Overflow (PoC) Xerox Workcenter 4150 - Remote Buffer Overflow (PoC) iPhone / iTouch FtpDisc 1.0 - Buffer Overflow / Denial of Service iPhone / iTouch FtpDisc 1.0 - Buffer Overflow (Denial of Service) (PoC) Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow (PoC) Mocha LPD 1.9 - Remote Buffer Overflow Denial of Service (PoC) FontForge - '.BDF' Font File Stack Buffer Overflow Mocha LPD 1.9 - Remote Buffer Overflow (Denial of Service) (PoC) FontForge - '.BDF' Font File Stack Buffer Overflow (PoC) Multiple Vendor AgentX++ - Stack Buffer Overflow Multiple Vendor AgentX++ - Stack Buffer Overflow (PoC) Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow (PoC) Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow (PoC) FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow FTP Client 0.17-19build1 ACCT (Ubuntu 10.04) - Buffer Overflow (PoC) LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow (PoC) Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow Altova DatabaseSpy 2011 - Project File Handling Buffer Overflow (PoC) Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow (PoC) Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow (PoC) Hanso Player 1.4.0.0 - Buffer Overflow Skinfile (Denial of Service) Hanso Player 1.4.0.0 - 'Skinfile' Buffer Overflow (Denial of Service) Real player 14.0.2.633 - Buffer Overflow / Denial of Service GOM Media Player 2.1.6.3499 - Buffer Overflow / Denial of Service Real player 14.0.2.633 - Buffer Overflow (Denial of Service) (PoC) GOM Media Player 2.1.6.3499 - Buffer Overflow (Denial of Service) (PoC) BulletProof FTP Client 2010 - Buffer Overflow BulletProof FTP Client 2010 - Buffer Overflow (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC) Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows (PoC) CSF Firewall - Buffer Overflow CSF Firewall - Buffer Overflow (PoC) Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) (PoC) Edraw Diagram Component 5 - ActiveX Buffer Overflow Denial of Service Edraw Diagram Component 5 - ActiveX Buffer Overflow (Denial of Service) (PoC) Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow (PoC) Asterisk - 'ast_parse_digest()' Stack Buffer Overflow Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC) GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow (PoC) Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC) Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow Denial of Service Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow (Denial of Service) (PoC) Lattice Diamond Programmer 1.4.2 - Buffer Overflow Lattice Diamond Programmer 1.4.2 - Buffer Overflow (PoC) Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow Denial of Service Ipswitch IMail 5.0 - Imapd Buffer Overflow Denial of Service Ipswitch IMail 5.0 - LDAP Buffer Overflow Denial of Service Ipswitch IMail 5.0 - IMonitor Buffer Overflow Denial of Service Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow Denial of Service Ipswitch IMail 5.0 - Whois32 Daemon Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - Imapd Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - LDAP Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0 - IMonitor Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0/6.0 - Web Service Buffer Overflow (Denial of Service) (PoC) Netscape Enterprise Server 3.6 - SSL Buffer Overflow Denial of Service Netscape Enterprise Server 3.6 - SSL Buffer Overflow (Denial of Service) (PoC) Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Denial of Service / Buffer Overflow (PoC) Gene6 G6 FTP Server 2.0 - Buffer Overflow Denial of Service Gene6 G6 FTP Server 2.0 - Buffer Overflow (Denial of Service) (PoC) RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow RedHat Linux 6.x - X Font Server Buffer Overflow (Denial of Service) Computalynx CProxy Server 3.3 SP2 - Buffer Overflow Denial of Service Computalynx CProxy Server 3.3 SP2 - Buffer Overflow (Denial of Service) (PoC) Cerberus FTP Server 1.x - Buffer Overflow Denial of Service Cerberus FTP Server 1.x - Buffer Overflow (Denial of Service) (PoC) Microsoft SQL Server 2000 - SQLXML Buffer Overflow Microsoft SQL Server 2000 - 'SQLXML' Buffer Overflow (PoC) Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC) Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow Intellicom 1.3 - 'NetBiterConfig.exe Hostname' Data Remote Stack Buffer Overflow (PoC) Hotfoon Dialer 4.0 - Buffer Overflow Hotfoon Dialer 4.0 - Buffer Overflow (PoC) IISPop 1.161/1.181 - Remote Buffer Overflow Denial of Service IISPop 1.161/1.181 - Remote Buffer Overflow (Denial of Service) (PoC) Linksys Devices 1.42/1.43 - GET Buffer Overflow Linksys Devices 1.42/1.43 - 'GET' Buffer Overflow (PoC) iCal 3.7 - Remote Buffer Overflow iCal 3.7 - Remote Buffer Overflow (PoC) Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow (PoC) Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow (PoC) Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow (PoC) Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow (PoC) Zoner Photo Studio 15 b3 - Buffer Overflow Zoner Photo Studio 15 b3 - Buffer Overflow (PoC) Novell Netware Enterprise Web Server 5.1/6.0 - CGI2Perl.NLM Buffer Overflow Novell Netware Enterprise Web Server 5.1/6.0 - 'CGI2Perl.NLM' Buffer Overflow (PoC) IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow IBM U2 UniVerse 10.0.0.9 - 'uvrestore' Buffer Overflow (PoC) Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow (PoC) NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC) myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow myServer 0.4.x - 'cgi-lib.dll' Remote Buffer Overflow (PoC) EffectOffice Server 2.6 - Remote Service Buffer Overflow EffectOffice Server 2.6 - Remote Service Buffer Overflow (PoC) Surfboard HTTPd 1.1.9 - Remote Buffer Overflow Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC) 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow (PoC) Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow (PoC) Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow Mcafee FreeScan CoMcFreeScan Browser - Object Buffer Overflow (PoC) Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow Foxit Reader 5.4.4.1128 Firefox Plugin - 'npFoxitReaderPlugin.dll' Stack Buffer Overflow (PoC) DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow (PoC) VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC) aGSM 2.35 Half-Life Server - Info Response Buffer Overflow aGSM 2.35 Half-Life Server - Info Response Buffer Overflow (PoC) cURL - Buffer Overflow cURL - Buffer Overflow (PoC) TagScanner 5.1 - Stack Buffer Overflow TagScanner 5.1 - Stack Buffer Overflow (PoC) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow (PoC) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow (Denial of Service) (PoC) QwikMail 0.3 - HELO Command Buffer Overflow QwikMail 0.3 - 'HELO' Buffer Overflow (PoC) NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow (PoC) Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities (PoC) Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow (PoC) AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow (PoC) Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of Service Serva 32 TFTP 2.1.0 - Buffer Overflow (Denial of Service) (PoC) Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow Orenosv HTTP/FTP Server 0.8.1 - 'CGISSI.exe' Remote Buffer Overflow (PoC) Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow Linux Kernel 2.2.x/2.3.x/2.4.x/2.5.x/2.6.x - ELF Core Dump Local Buffer Overflow (PoC) PlanetDNS PlanetFileServer - Remote Buffer Overflow PlanetDNS PlanetFileServer - Remote Buffer Overflow (PoC) Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC) Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC) LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow LeapFTP Client 2.7.3/2.7.4 - '.LSQ' File Remote Buffer Overflow (PoC) VbsEdit 5.9.3 - '.smi' Buffer Overflow VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC) Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC) AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow (PoC) DSocks 1.3 - 'Name' Buffer Overflow DSocks 1.3 - 'Name' Buffer Overflow (PoC) IcoFX 2.5.0.0 - '.ico' Buffer Overflow IcoFX 2.5.0.0 - '.ico' Buffer Overflow (PoC) Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow Microsoft Windows XP - 'cmd.exe' Buffer Overflow Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow (PoC) Microsoft Windows XP - 'cmd.exe' Buffer Overflow (PoC) Packeteer PacketShaper 8.0 - Multiple Buffer Overflow Denial of Service Vulnerabilities Packeteer PacketShaper 8.0 - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities Bochs 2.3 - Buffer Overflow / Denial of Service Bochs 2.3 - Buffer Overflow (Denial of Service) (PoC) Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow (PoC) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (1) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (2) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1) Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (2) T1lib - intT1_Env_GetCompletePath Buffer Overflow T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC) Foxmail Email Client 6.5 - 'mailto' Buffer Overflow Foxmail Email Client 6.5 - 'mailto' Buffer Overflow (PoC) Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow Denial of Service Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow (PoC) Yahoo! Toolbar 1.4.1 Helper - Class ActiveX Control Remote Buffer Overflow (Denial of Service) (PoC) Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow (PoC) Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow (PoC) MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow (PoC) MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow (PoC) Trend Micro OfficeScan - Buffer Overflow / Denial of Service Trend Micro OfficeScan - Buffer Overflow (Denial of Service) (PoC) ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow (PoC) Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow (PoC) Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow (PoC) ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC) A10 Networks ACOS 2.7.0-P2 (build: 53) - Buffer Overflow A10 Networks ACOS 2.7.0-P2 (Build 53) - Buffer Overflow (PoC) Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow (PoC) Jzip - Buffer Overflow (SEH Unicode) (Denial of Service) Jzip - Buffer Overflow (Denial of Service) (SEH Unicode) Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow (PoC) BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow (PoC) Adobe Flash Player 10.0.22 and AIR - URI Parsing Heap Buffer Overflow Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC) Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow (PoC) Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow Sun Java System Web Server 6.1/7.0 - 'TRACE' Heap Buffer Overflow (PoC) Xerox WorkCentre - PJL Daemon Buffer Overflow Xerox WorkCentre - PJL Daemon Buffer Overflow (PoC) Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow (PoC) Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow (PoC) Mocha W32 LPD 1.9 - Remote Buffer Overflow Mocha W32 LPD 1.9 - Remote Buffer Overflow (PoC) Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC) BulletProof FTP Client 2010 - Buffer Overflow (SEH) BulletProof FTP Client 2010 - Buffer Overflow (SEH) (PoC) Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow (PoC) D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow D-Link WBR-2310 1.0.4 - 'GET' Remote Buffer Overflow (PoC) HTML Help Workshop 1.4 - Buffer Overflow (SEH) HTML Help Workshop 1.4 - Buffer Overflow (SEH) (PoC) Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow / Denial of Service EIP Overwrite Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow (Denial of Service) (PoC) EIP Overwrite TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC) G-WAN 2.10.6 - Buffer Overflow / Denial of Service G-WAN 2.10.6 - Buffer Overflow (Denial of Service) (PoC) Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow Denial of Service Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC) TestDisk 6.14 - Check_OS2MB Stack Buffer Overflow TestDisk 6.14 - 'Check_OS2MB' Stack Buffer Overflow (PoC) ZOC SSH Client - Buffer Overflow (SEH) ZOC SSH Client - Buffer Overflow (SEH) (PoC) WebDrive 12.2 (B4172) - Buffer Overflow WebDrive 12.2 (B4172) - Buffer Overflow (PoC) PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) (PoC) Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow (PoC) IKEView.exe Fox Beta 1 - Stack Buffer Overflow IKEView.exe R60 - Stack Buffer Overflow IKEView.exe Fox Beta 1 - Stack Buffer Overflow (PoC) IKEView.exe R60 - Stack Buffer Overflow (PoC) Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow (PoC) Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow (PoC) LanSpy 2.0.0.155 - Buffer Overflow LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow LanSpy 2.0.0.155 - Buffer Overflow (PoC) LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow (PoC) Last PassBroker 3.2.16 - Stack Buffer Overflow (PoC) Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC) TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) TECO TP3-PCLINK 2.1 - '.tpc' File Handling Buffer Overflow TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) (PoC) TECO TP3-PCLINK 2.1 - '.tpc' Handling Buffer Overflow (PoC) TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow (PoC) IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_SetConfFileChunk Stack Buffer Overflow IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer Overflow IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_SetConfFileChunk' Stack Buffer Overflow (PoC) IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_GetConfFileChunk' Stack Buffer Overflow (PoC) Advanced Encryption Package Buffer Overflow - Denial of Service Advanced Encryption Package - Buffer Overflow (Denial of Service) (PoC) InfraRecorder - '.m3u' File Buffer Overflow InfraRecorder - '.m3u' File Buffer Overflow (PoC) Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution (PoC) Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow yTree 1.94-1.1 - Local Buffer Overflow Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow (PoC) yTree 1.94-1.1 - Local Buffer Overflow (PoC) NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow (PoC) CyberCop Scanner Smbgrind 5.5 - Buffer Overflow CyberCop Scanner Smbgrind 5.5 - Buffer Overflow (PoC) STIMS Buffer 1.1.20 - Buffer Overflow (SEH) (Denial of Service) STIMS Cutter 1.1.3.20 - Buffer Overflow Denial of Service STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC) STIMS Cutter 1.1.3.20 - Buffer Overflow (Denial of Service) (PoC) 4digits 1.1.4 - Local Buffer Overflow 4digits 1.1.4 - Local Buffer Overflow (PoC) Websockify (C Implementation) 0.8.0 - Buffer Overflow Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC) Google Android - '/system/bin/sdcard' Stack Buffer Overflow Google Android - '/system/bin/sdcard' Stack Buffer Overflow (PoC) Oracle Orakill.exe 11.2.0 - Buffer Overflow Oracle Orakill.exe 11.2.0 - Buffer Overflow (PoC) Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow (PoC) Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow Core FTP LE 2.2 - Path Field Local Buffer Overflow Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow (PoC) Core FTP LE 2.2 - Path Field Local Buffer Overflow (PoC) Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC) ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow ConQuest DICOM Server 1.4.17d - Stack Buffer (PoC) QNAP NVR/NAS - Buffer Overflow QNAP NVR/NAS - Buffer Overflow (PoC) Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow CDex 1.96 - Buffer Overflow Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow (PoC) CDex 1.96 - Buffer Overflow (PoC) Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC) D3DGear 5.00 Build 2175 - Buffer Overflow D3DGear 5.00 Build 2175 - Buffer Overflow (PoC) VX Search Enterprise 10.1.12 - Denial of Service Disk Pulse Enterprise 10.1.18 - Denial of Service Sync Breeze Enterprise 10.1.16 - Denial of Service DiskBoss Enterprise 8.5.12 - Denial of Service BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC) APNGDis 2.8 - 'filename' Stack Buffer Overflow APNGDis 2.8 - 'filename' Stack Buffer Overflow (PoC) wifirxpower - Local Buffer Overflow wifirxpower - Local Buffer Overflow (PoC) pinfo 0.6.9 - Local Buffer Overflow Dmitry 1.3a - Local Buffer Overflow pinfo 0.6.9 - Local Buffer Overflow (PoC) Dmitry 1.3a - Local Buffer Overflow (PoC) Mapscrn 2.03 - Local Buffer Overflow Mapscrn 2.03 - Local Buffer Overflow (PoC) Stunnel 3.24/4.00 - Daemon Hijacking (PoC) Stunnel 3.24/4.00 - Daemon Hijacking Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (PoC) Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (PoC) (2) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (1) Linux Kernel 2.4.23/2.6.0 - 'do_mremap()' Bound Checking Validator (2) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator (PoC) Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator WinZip - MIME Parsing Overflow (PoC) WinZip - MIME Parsing Overflow glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow (PoC) GNU Sharutils 4.2.1 - Local Format String (PoC) glFTPd (Slackware 9.0/9.1/10.0) - Local Stack Overflow GNU Sharutils 4.2.1 - Local Format String GD Graphics Library - Local Heap Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) GD Graphics Library - Local Heap Overflow libxml 2.6.12 nanoftp - Buffer Overflow WinRAR 3.4.1 - Corrupt '.ZIP' File (PoC) WinRAR 3.4.1 - Corrupt '.ZIP' File Exim 4.41 - 'dns_build_reverse' Local (PoC) Exim 4.41 - 'dns_build_reverse' Local tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow (PoC) Microsoft Windows - NtClose DeadLock (PoC) (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (PoC) (MS06-030) tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow Microsoft Windows - NtClose DeadLock (MS06-030) Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030) Microsoft Word 2000/2003 - Hlink Local Buffer Overflow (PoC) Microsoft Word 2000/2003 - Hlink Local Buffer Overflow Cheese Tracker 0.9.9 - Local Buffer Overflow (PoC) Cheese Tracker 0.9.9 - Local Buffer Overflow PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow (PoC) PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow (PoC) BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST (PoC) Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow (PoC) PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow (PoC) PHP 4.4.6 - 'crack_opendict()' Local Buffer Overflow PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure (PoC) PHP 4.4.6 - 'cpdf_open()' Local Source Code Disclosure WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation (PoC) Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak (PoC) WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation Linux Kernel < 2.6.20.2 - 'IPv6_Getsockopt_Sticky' Memory Leak Kodak Image Viewer - TIF/TIFF Code Execution (PoC) (MS07-055) Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055) Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow (PoC) Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow (PoC) Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC) DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak XnView 1.93.6 - '.taac' Local Buffer Overflow (PoC) XnView 1.93.6 - '.taac' Local Buffer Overflow OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow (PoC) Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution (PoC) OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution Microsoft Windows Server 2003 - Token Kidnapping Local (PoC) Microsoft Windows Server 2003 - Token Kidnapping Local Debian - Symlink In Login Arbitrary File Ownership (PoC) Debian - Symlink In Login Arbitrary File Ownership Trend Micro Internet Security Pro 2009 - Priviliege Escalation (PoC) Trend Micro Internet Security Pro 2009 - Priviliege Escalation Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (PoC) (SEH) Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (SEH) Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure (PoC) Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow (PoC) Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow GPG2/Kleopatra 2.0.11 - Malformed Certificate (PoC) GPG2/Kleopatra 2.0.11 - Malformed Certificate Alleycode 2.21 - Local Overflow (SEH) (PoC) Alleycode 2.21 - Local Overflow (SEH) GPG4Win GNU - Privacy Assistant (PoC) GPG4Win GNU - Privacy Assistant VMware Fusion 2.0.5 - vmx86 kext Local (PoC) VMware Fusion 2.0.5 - vmx86 kext Local Mozilla Codesighs - Memory Corruption (PoC) Mozilla Codesighs - Memory Corruption Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow LDAP - Injection (PoC) LDAP - Injection QuickZip 4.x - '.zip' Local Universal Buffer Overflow (PoC) QuickZip 4.x - '.zip' Local Universal Buffer Overflow ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow (PoC) Crimson Editor r3.70 - Overwrite (SEH) (PoC) Kenward Zipper 1.4 - Local Stack Buffer Overflow (PoC) ZippHo 3.0.6 - '.zip' Local Stack Buffer Overflow Crimson Editor r3.70 - Overwrite (SEH) Kenward Zipper 1.4 - Local Stack Buffer Overflow Stud_PE 2.6.05 - Local Stack Overflow (PoC) Stud_PE 2.6.05 - Local Stack Overflow Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow (PoC) Zip Unzip 6.0 - '.zip' Local Stack Buffer Overflow EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow (PoC) Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow PhotoFiltre Studio X - '.tif' Local Buffer Overflow (PoC) Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow (PoC) PhotoFiltre Studio X - '.tif' Local Buffer Overflow Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow (PoC) Shellzip 3.0 Beta 3 - '.zip' Local Stack Buffer Overflow Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) Audio Converter 8.1 - Local Stack Buffer Overflow Audio Converter 8.1 - Local Stack Buffer Overflow (PoC) ROP/WPM SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC) Audio Converter 8.1 - Local Stack Buffer Overflow ROP/WPM SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (PoC) (ASLR + DEP Bypass) BlazeDVD 5.1 (Windows 7) - '.plf' File Stack Buffer Overflow (ASLR + DEP Bypass) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow (PoC) Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC) Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow (PoC) Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow PHP 5.3.6 - Local Buffer Overflow (ROP) (PoC) PHP 5.3.6 - Local Buffer Overflow (ROP) Xorg 1.4 < 1.11.2 - File Permission Change (PoC) Xorg 1.4 < 1.11.2 - File Permission Change Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 - LSA Secrets Linux Kernel 2.2.x - 'sysctl()' Memory Reading (PoC) Linux Kernel 2.2.x - 'sysctl()' Memory Reading Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) (PoC) Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation (PoC) Linux Kernel 2.2.x/2.3/2.4.x - 'd_path()' Path Truncation HT Editor 2.0.20 - Local Buffer Overflow (ROP) (PoC) HT Editor 2.0.20 - Local Buffer Overflow (ROP) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read (PoC) Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read Linux Kernel 2.6 - Console Keymap Local Command Injection (PoC) Linux Kernel 2.6 - Console Keymap Local Command Injection ACE Stream Media 2.1 - 'acestream://' Format String (PoC) ACE Stream Media 2.1 - 'acestream://' Format String Linux Kernel 3.13 - SGID Privilege Escalation (PoC) Linux Kernel 3.13 - SGID Privilege Escalation Comodo Internet Security - HIPS/Sandbox Escape (PoC) Comodo Internet Security - HIPS/Sandbox Escape Palringo 2.8.1 - Local Stack Buffer Overflow (PoC) Palringo 2.8.1 - Local Stack Buffer Overflow Linux Kernel (x86-64) - Rowhammer Privilege Escalation (PoC) Rowhammer - NaCl Sandbox Escape (PoC) Linux Kernel (x86-64) - Rowhammer Privilege Escalation Rowhammer - NaCl Sandbox Escape Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation (PoC) Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (PoC) (MS15-052) Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass (MS15-052) Linux (x86) - Memory Sinkhole Privilege Escalation (PoC) Linux (x86) - Memory Sinkhole Privilege Escalation Core FTP Server 1.2 - Local Buffer Overflow (PoC) Core FTP Server 1.2 - Local Buffer Overflow Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051) Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051) VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC) VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method) GNU Screen 4.5.0 - Local Privilege Escalation (PoC) GNU Screen 4.5.0 - Local Privilege Escalation Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation (PoC) Man-db 2.6.7.1 - Local Privilege Escalation Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation (PoC) Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Local Privilege Escalation TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC) TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change Multiple CPUs - 'Spectre' Information Disclosure (PoC) Multiple CPUs - 'Spectre' Information Disclosure Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation glibc ld.so - Memory Leak / Buffer Overflow GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow Microsoft IIS 5.0 - WebDAV Remote (PoC) Microsoft IIS 5.0 - WebDAV Remote Microsoft Windows Server 2000 - RSVP Server Authority Hijacking (PoC) Microsoft Windows Server 2000 - RSVP Server Authority Hijacking ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow (4) Titan FTP Server - Long Command Heap Overflow (PoC) Titan FTP Server - Long Command Heap Overflow SLX Server 6.1 - Arbitrary File Creation (PoC) SLX Server 6.1 - Arbitrary File Creation zgv 5.5 - Multiple Arbitrary Code Executions (PoC) zgv 5.5 - Multiple Arbitrary Code Executions Microsoft Internet Explorer - Remote Code Execution (PoC) Microsoft Internet Explorer - Remote Code Execution Exim 4.43 - 'auth_spa_server()' Remote (PoC) Exim 4.43 - 'auth_spa_server()' Remote Microsoft Windows - DTC Remote (PoC) (MS05-051) (2) Microsoft Windows - DTC Remote (MS05-051) (2) Watchfire AppScan QA 5.0.x - Remote Code Execution (PoC) Watchfire AppScan QA 5.0.x - Remote Code Execution KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (MS06-005) (2) RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow (PoC) RevilloC MailServer 1.21 - 'USER' Remote Buffer Overflow AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow (PoC) AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution (PoC) Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution Easy File Sharing FTP Server 2.0 - 'PASS' Remote (PoC) Easy File Sharing FTP Server 2.0 - 'PASS' Remote BulletProof FTP Client 2.45 - Remote Buffer Overflow (PoC) BulletProof FTP Client 2.45 - Remote Buffer Overflow Intel Centrino ipw2200BG - Wireless Driver Remote Overflow (PoC) Intel Centrino ipw2200BG - Wireless Driver Remote Overflow WebMod 0.48 - Content-Length Remote Buffer Overflow (PoC) WebMod 0.48 - Content-Length Remote Buffer Overflow OpenBSD - ICMPv6 Fragment Remote Execution (PoC) OpenBSD - ICMPv6 Fragment Remote Execution Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027) Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027) Apple Safari 3 for Windows Beta - Remote Command Execution (PoC) Apple Safari 3 for Windows Beta - Remote Command Execution Flash Player/Plugin Video - File Parsing Remote Code Execution (PoC) Flash Player/Plugin Video - File Parsing Remote Code Execution Apple QuickTime (Multiple Browsers) - Command Execution (PoC) Apple QuickTime (Multiple Browsers) - Command Execution Apple QuickTime /w IE .qtl Version XAS - Remote (PoC) Apple QuickTime /w IE .qtl Version XAS - Remote QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow (PoC) QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod (PoC) ImageShack Toolbar 4.5.7 - 'FileUploader' Class InsecureMethod HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method (PoC) HP Software Update - 'Hpufunction.dll 4.0.0.1' Insecure Method Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting (PoC) Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal MicroTik RouterOS 3.13 - SNMP write (Set request) (PoC) MicroTik RouterOS 3.13 - SNMP write (Set request) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload (PoC) Microsoft PicturePusher - ActiveX Cross-Site Arbitrary File Upload Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution (PoC) Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution Opera 9.61 - 'opera:historysearch' Code Execution (PoC) Opera 9.61 - 'opera:historysearch' Code Execution Chilkat Crypt - ActiveX Arbitrary File Creation/Execution (PoC) Chilkat Crypt - ActiveX Arbitrary File Creation/Execution Microsoft XML Core Services DTD - Cross-Domain Scripting (PoC) (MS08-069) Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069) Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection (PoC) Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption (PoC) GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (PoC) (MS09-002) Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (MS09-002) Zervit Web Server 0.4 - Directory Traversal / Memory Corruption (PoC) Zervit Web Server 0.4 - Directory Traversal / Memory Corruption Apple Mac OSX - Java applet Remote Deserialization Remote (PoC) (2) Apple Mac OSX - Java applet Remote Deserialization Remote (2) VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow (PoC) VideoLAN VLC Media Player 1.0.2 - 'smb://' URI Stack Overflow Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC) (MS09-054) Microsoft Internet Explorer 5/6/7 - Memory Corruption (MS09-054) Pegasus Mail Client 4.51 - Remote Buffer Overflow (PoC) Pegasus Mail Client 4.51 - Remote Buffer Overflow TLS - Renegotiation (PoC) TLS - Renegotiation Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC) Trend Micro Web-Deployment - ActiveX Remote Execution (PoC) Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution Trend Micro Web-Deployment - ActiveX Remote Execution MX Simulator Server - Remote Buffer Overflow (PoC) MX Simulator Server - Remote Buffer Overflow Apache OFBiz - Remote Execution (via SQL Execution) (PoC) Apache OFBiz - Admin Creator (PoC) Apache OFBiz - Remote Execution (via SQL Execution) Apache OFBiz - Admin Creator Adobe Flash / Reader - Live Malware (PoC) Adobe Flash / Reader - Live Malware Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow (PoC) Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow KingView 6.5.3 - SCADA HMI Heap Overflow (PoC) KingView 6.5.3 - SCADA HMI Heap Overflow Microsoft Data Access Components - Remote Overflow (PoC) (MS11-002) Microsoft Data Access Components - Remote Overflow (MS11-002) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution (PoC) HP Data Protector Client 6.11 - 'EXEC_SETUP' Remote Code Execution HP Data Protector Client 6.11 - 'EXEC_CMD' Remote Code Execution Solar FTP Server 2.1.1 - PASV Buffer Overflow (PoC) Solar FTP Server 2.1.1 - PASV Buffer Overflow Apache mod_proxy - Reverse Proxy Exposure (PoC) Apache mod_proxy - Reverse Proxy Exposure Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite (PoC) Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite (PoC) Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution (PoC) Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution OpenVAS Manager 4.0 - Authentication Bypass (PoC) OpenVAS Manager 4.0 - Authentication Bypass w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution (PoC) w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution Legend Perl IRC Bot - Remote Code Execution (PoC) Legend Perl IRC Bot - Remote Code Execution dhclient 4.1 - Bash Environment Variable Command Injection (PoC) (Shellshock) dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow (PoC) WebDrive 12.2 (Build #4172) - Remote Buffer Overflow Endian Firewall < 3.0.0 - OS Command Injection (Python) (PoC) Endian Firewall < 3.0.0 - OS Command Injection (Python) Fortigate OS 4.x < 5.0.7 - SSH Backdoor Access OpenSSHd 7.2p2 - Username Enumeration (PoC) OpenSSHd 7.2p2 - Username Enumeration Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution Intel Active Management Technology - System Privileges Xplico - Remote Code Execution (Metasploit) Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution S9Y Serendipity 0.7-beta1 - SQL Injection (PoC) S9Y Serendipity 0.7-beta1 - SQL Injection AWStats 5.7 < 6.2 - Multiple Remote (PoC) AWStats 5.7 < 6.2 - Multiple Remote WoltLab Burning Book 1.1.2 - SQL Injection (PoC) WoltLab Burning Book 1.1.2 - SQL Injection Invision Power Board 2.1.7 - ACTIVE Cross-Site Scripting / SQL Injection Invision Power Board (IP.Board) 2.1.7 - 'ACTIVE' Cross-Site Scripting / SQL Injection EQdkp 1.3.2f - 'user_id' Authentication Bypass (PoC) EQdkp 1.3.2f - 'user_id' Authentication Bypass Invision Power Board 2.3.5 - Multiple Vulnerabilities (2) Invision Power Board (IP.Board) 2.3.5 - Multiple Vulnerabilities (2) FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC) FOSS Gallery Public 1.0 - Arbitrary File Upload Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC) Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation (PoC) Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation Invision Power Board 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure Invision Power Board (IP.Board) 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption (PoC) Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption IPB (nv2) Awards < 1.1.0 - SQL Injection (PoC) IPB (nv2) Awards < 1.1.0 - SQL Injection X-Cart Pro 4.0.13 - SQL Injection (PoC) X-Cart Pro 4.0.13 - SQL Injection Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute (PoC) Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute IPB 3.0.1 - SQL Injection Invision Power Board 3.0.1 - SQL Injection WebsiteBaker 2.8.1 - Cross-Site Request Forgery (PoC) WebsiteBaker 2.8.1 - Cross-Site Request Forgery BS Auto Classifieds - 'info.php' SQL Injection (PoC) BS Business Directory - 'articlesdetails.php' SQL Injection (PoC) BS Classifieds Ads - 'articlesdetails.php' SQL Injection (PoC) BS Events Directory - 'articlesdetails.php' SQL Injection (PoC) BS Auto Classifieds - 'info.php' SQL Injection BS Business Directory - 'articlesdetails.php' SQL Injection BS Classifieds Ads - 'articlesdetails.php' SQL Injection BS Events Directory - 'articlesdetails.php' SQL Injection BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC) BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) (PoC) Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account) SWAT Samba Web Administration Tool - Cross-Site Request Forgery (PoC) SWAT Samba Web Administration Tool - Cross-Site Request Forgery Plone and Zope - Remote Command Execution (PoC) Plone and Zope - Remote Command Execution Invision Power Board 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting Invision Power Board (IP.Board) 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting Invision Power Board 1.x - 'index.php' showtopic Cross-Site Scripting Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.3 - 'Pop' Cross-Site Scripting Invision Power Board (IP.Board) 1.3 - 'Pop' Cross-Site Scripting Invision Power Board 1.3 - 'SSI.php' Cross-Site Scripting Invision Power Board (IP.Board) 1.3 - 'SSI.php' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.x/2.0.3 - SML Code Script Injection Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 2.0.3/2.1 - 'Act' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.3/2.1 - 'Act' Cross-Site Scripting Invision Power Board 1.0.3 - Attached File Cross-Site Scripting Invision Power Board (IP.Board) 1.0.3 - Attached File Cross-Site Scripting Invision Power Services Invision Board 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Invision Power Services Invision Board 2.0.4 - 'index.php?st' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - 'index.php?st' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Board (IP.Board) 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities Invision Power Services Invision Board 2.0.4 - Print Action 't' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Mail Action 'MID' Cross-Site Scripting Invision Power Services Invision Board 2.0.4 - Help Action 'HID' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Print Action 't' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Mail Action 'MID' Cross-Site Scripting Invision Power Board (IP.Board) 2.0.4 - Help Action 'HID' Cross-Site Scripting Invision Power Board 1.x/2.x - Multiple SQL Injections Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections Invision Power Board 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities Invision Power Board 3.0.3 - '.txt' MIME-Type Cross-Site Scripting Invision Power Board (IP.Board) 3.0.3 - '.txt' MIME-Type Cross-Site Scripting IP Board 3.x - Cross-Site Request Forgery / Token Hjiacking Invision Power Board (IP.Board) 3.x - Cross-Site Request Forgery / Token Hjiacking Invision Power Board 4.2.1 - 'searchText' Cross-Site Scripting Invision Power Board (IP.Board) 4.2.1 - 'searchText' Cross-Site Scripting TOTOLINK Routers - Backdoor / Remote Code Execution (PoC) TOTOLINK Routers - Backdoor / Remote Code Execution IP.Board 4.x - Persistent Cross-Site Scripting Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting IP.Board 4.1.4.x - Persistent Cross-Site Scripting Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting NETGEAR R7000 - Command Injection (PoC) NETGEAR R7000 - Command Injection WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration Photos in Wifi 1.0.1 - Path Traversal SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities FiberHome LM53Q1 - Multiple Vulnerabilities WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload Vanilla < 2.1.5 - Cross-Site Request Forgery Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE (PoC) Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC) Joomla! 3.7.0 - 'com_fields' SQL Injection Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) Apache Struts 2.3.x Showcase - Remote Code Execution AIX - execve /bin/sh Shellcode (88 bytes) Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)	2018-01-09 05:02:30 +00:00
Offensive Security	f6c5c427c3	DB: 2018-01-02 5 changes to exploits/shellcodes Apple macOS - IOHIDSystem Kernel Read/Write HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit) Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit) Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit) Huawei Router HG532 - Arbitrary Command Execution	2018-01-02 05:02:10 +00:00
Offensive Security	cfef56c321	DB: 2017-12-16 5 changes to exploits/shellcodes MikroTik RouterBoard 6.39.2 / 6.40.5 DNS - Denial of Service Sync Breeze 10.2.12 - Denial of Service ITGuard-Manager 0.0.0.1 - Remote Code Execution Movie Guide 2.0 - SQL Injection	2017-12-16 05:02:18 +00:00
Offensive Security	0f0a6efff9	DB: 2017-12-14 2 changes to exploits/shellcodes glibc ld.so - Memory Leak / Buffer Overflow Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read	2017-12-14 05:02:14 +00:00
Offensive Security	b546191ef2	DB: 2017-12-08 9 changes to exploits/shellcodes Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path Wireshark 2.4.0 - 2.4.2 / 2.2.0 - 2.2.10 - CIP Safety Dissector Crash Linux Kernel - DCCP Socket Use-After-Free LaCie 5big Network 2.2.8 - Command Injection Polycom Shell HDX Series - Traceroute Command Execution (Metasploit) Claymore Dual ETH + DCR/SC/LBC/PASC GPU Miner - Stack Buffer Overflow / Path Traversal FS IMDB Clone - 'id' SQL Injection FS Facebook Clone - 'token' SQL Injection OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting	2017-12-08 05:02:13 +00:00
Offensive Security	cc349de5d3	DB: 2017-11-29 4 changes to exploits/shellcodes Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) YaBB 1 Gold - SP 1 YaBB.pl Cross-Site Scripting YaBB 1 Gold SP 1 - 'YaBB.pl' Cross-Site Scripting NetPilot/Soho Blue Router 6.1.15 - Privilege Escalation Synology StorageManager 5.2 - Remote Root Command Execution	2017-11-29 10:22:56 +00:00
Offensive Security	d304cc3d3e	DB: 2017-11-24 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00

30 commits