Offensive Security
4c9eccdc6d
DB: 2021-03-31
...
2 changes to exploits/shellcodes
GetSimple CMS 3.3.16 - Reflected XSS to RCE
Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting
2021-03-31 05:01:55 +00:00
Offensive Security
e6cd1b38eb
DB: 2021-03-30
...
9 changes to exploits/shellcodes
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
vsftpd 3.0.3 - Remote Denial of Service
WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)
Concrete5 8.5.4 - 'name' Stored XSS
Equipment Inventory System 1.0 - 'multiple' Stored XSS
Budget Management System 1.0 - 'Budget title' Stored XSS
Novel Boutique House-plus 3.5.1 - Arbitrary File Download
SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow
2021-03-30 05:01:56 +00:00
Offensive Security
95de3ffa84
DB: 2021-03-27
...
4 changes to exploits/shellcodes
GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS
Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS
Moodle 3.10.3 - 'label' Persistent Cross Site Scripting
2021-03-27 05:01:53 +00:00
Offensive Security
06a83531de
DB: 2021-03-26
...
4 changes to exploits/shellcodes
Ovidentia 6 - 'id' SQL injection (Authenticated)
Linksys EA7500 2.0.8.194281 - Cross-Site Scripting
Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site Scripting
Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)
2021-03-26 05:01:58 +00:00
Offensive Security
2f2c713a12
DB: 2021-03-25
...
2 changes to exploits/shellcodes
Ext2Fsd v0.68 - 'Ext2Srv' Unquoted Service Path
2021-03-25 05:02:09 +00:00
Offensive Security
3f12367de8
DB: 2021-03-24
...
8 changes to exploits/shellcodes
Hi-Rez Studios 5.1.6.3 - 'HiPatchService' Unquoted Service Path
ELAN Touchpad 15.2.13.1_X64_WHQL - 'ETDService' Unquoted Service Path
ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path
Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path
MyBB 1.8.25 - Poll Vote Count SQL Injection
Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS
Codiad 2.8.4 - Remote Code Execution (Authenticated)
2021-03-24 05:02:00 +00:00
Offensive Security
7390cdc1c3
DB: 2021-03-23
...
10 changes to exploits/shellcodes
ProFTPD 1.3.7a - Remote Denial of Service
SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path
Winpakpro 4.8 - 'GuardTourService' Unquoted Service Path
Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path
Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path
MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path
OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal
MyBB 1.8.25 - Chained Remote Command Execution
2021-03-23 05:01:58 +00:00
Offensive Security
d85f0c8d35
DB: 2021-03-20
...
20 changes to exploits/shellcodes
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)
BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path
Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
SOYAL 701 Server 9.0.1 - Insecure Permissions
SOYAL 701 Client 9.0.1 - Insecure Permissions
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
Plone CMS 5.2.3 - 'Title' Stored XSS
LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
Boonex Dolphin 7.4.2 - 'width' Stored XSS
Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated)
VestaCP 0.9.8 - 'v_sftp_licence' Command Injection
SOYAL Biometric Access Control System 5.0 - Master Code Disclosure
SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
Online News Portal 1.0 - 'name' SQL Injection
Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting
2021-03-20 05:01:58 +00:00
Offensive Security
1f32ac253c
DB: 2021-03-19
...
9 changes to exploits/shellcodes
VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
WordPress Plugin Wp-FileManager 6.8 - RCE
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC)
rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)
VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS
SEO Panel 4.8.0 - 'order_col' Blind SQL Injection
Hestia Control Panel 1.3.2 - Arbitrary File Write
rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated)
2021-03-19 05:02:05 +00:00
Offensive Security
2dc4594d19
DB: 2021-03-18
...
3 changes to exploits/shellcodes
FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buffer Overflow (ASLR & DEP Bypass)
WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection
VestaCP 0.9.8 - File Upload CSRF
2021-03-18 05:02:04 +00:00
Offensive Security
3e6d011cf0
DB: 2021-03-17
...
6 changes to exploits/shellcodes
GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service (PoC)
GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
GeoGebra CAS Calculator 6.0.631.0 - Denial of Service (PoC)
GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)
Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (File Upload + SQL injection)
2021-03-17 05:02:05 +00:00
Offensive Security
28bd450c1a
DB: 2021-03-16
...
13 changes to exploits/shellcodes
Libpango 1.40.8 - Denial of Service (PoC)
QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path
Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path
eBeam education suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path
Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path
Zenario CMS 8.8.53370 - 'id' Blind SQL Injection
MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery
rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)
openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting
Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure
SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)
2021-03-16 05:02:01 +00:00
Offensive Security
edafbb9119
DB: 2021-03-13
...
4 changes to exploits/shellcodes
Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection
Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)
2021-03-13 05:01:58 +00:00
Offensive Security
f348200ea1
DB: 2021-03-12
...
3 changes to exploits/shellcodes
Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)
NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation
MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting
2021-03-12 05:02:04 +00:00
Offensive Security
0b92858c92
DB: 2021-03-09
...
6 changes to exploits/shellcodes
Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path
Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path
Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path
Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)
Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)
GLPI 9.5.3 - 'fromtype' Unsafe Reflection
2021-03-09 05:01:57 +00:00
Offensive Security
5572674576
DB: 2021-03-05
...
8 changes to exploits/shellcodes
e107 CMS 2.3.0 - CSRF
Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution
Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting (XSS)
Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)
Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)
Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated)
Textpattern 4.8.3 - Remote code execution (Authenticated) (2)
2021-03-05 05:01:53 +00:00
Offensive Security
5edc6a08e0
DB: 2021-03-04
...
3 changes to exploits/shellcodes
AnyDesk 5.5.2 - Remote Code Execution
Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)
Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error based SQL injection (Authenticated)
2021-03-04 05:01:52 +00:00
Offensive Security
b35005d47b
DB: 2021-03-03
...
4 changes to exploits/shellcodes
Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting
Tiny Tiny RSS - Remote Code Execution
Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting
Zen Cart 1.5.7b - Remote Code Execution (Authenticated)
2021-03-03 05:01:55 +00:00
Offensive Security
75667550f6
DB: 2021-03-02
...
5 changes to exploits/shellcodes
WiFi Mouse 1.7.8.5 - Remote Code Execution
FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
VMware vCenter Server 7.0 - Unauthenticated File Upload
Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)
Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)
2021-03-02 05:02:01 +00:00
Offensive Security
b9c4ec0226
DB: 2021-02-27
...
4 changes to exploits/shellcodes
Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module)
Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)
Triconsole 3.75 - Reflected XSS
LightCMS 1.3.4 - 'exclusive' Stored XSS
2021-02-27 05:01:56 +00:00
Offensive Security
0ec0dacc0e
DB: 2021-02-26
...
3 changes to exploits/shellcodes
ASUS Remote Link 1.1.2.13 - Remote Code Execution
Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS)
2021-02-26 05:01:57 +00:00
Offensive Security
338282491b
DB: 2021-02-25
...
8 changes to exploits/shellcodes
SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path
Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path
python jsonpickle 2.0.0 - Remote Code Execution
Unified Remote 3.9.0.2463 - Remote Code Execution
LayerBB 1.1.4 - 'search_query' SQL Injection
Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)
2021-02-25 05:01:54 +00:00
Offensive Security
44132fc90b
DB: 2021-02-24
...
4 changes to exploits/shellcodes
HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
Monica 2.19.1 - 'last_name' Stored XSS
Batflat CMS 1.3.6 - 'multiple' Stored XSS
2021-02-24 05:01:57 +00:00
Offensive Security
8e76e536b7
DB: 2021-02-20
...
6 changes to exploits/shellcodes
dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow (PoC)
PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting
Comment System 1.0 - 'multiple' Stored Cross-Site Scripting
Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass
OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting
Beauty Parlour Management System 1.0 - 'sername' SQL Injection
2021-02-20 05:01:55 +00:00
Offensive Security
cc85c56b4c
DB: 2021-02-19
...
7 changes to exploits/shellcodes
BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)
Microsoft GamingServices 2.47.10001.0 - 'GamingServices' Unquoted Service Path
Apport 2.20 - Local Privilege Escalation
Rukovoditel 2.7.1 - Remote Code Execution (2) (Authenticated)
Rukovoditel 2.6.1 - RCE
Rukovoditel 2.6.1 - RCE (1)
Gitea 1.12.5 - Remote Code Execution (Authenticated)
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)
2021-02-19 05:01:53 +00:00
Offensive Security
bbe36569c3
DB: 2021-02-18
...
4 changes to exploits/shellcodes
Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquote Service Path
Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquoted Service Path
Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS
Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting
Billing Management System 2.0 - 'email' SQL injection Auth Bypass
2021-02-18 05:01:56 +00:00
Offensive Security
6dac9b1447
DB: 2021-02-17
...
6 changes to exploits/shellcodes
Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)
Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)
2021-02-17 05:01:55 +00:00
Offensive Security
bedbb144ab
DB: 2021-02-16
...
3 changes to exploits/shellcodes
Tasks 9.7.3 - Insecure Permissions
TestLink 1.9.20 - Unrestricted File Upload (Authenticated)
Teachers Record Management System 1.0 - 'searchteacher' SQL Injection
2021-02-16 05:01:53 +00:00
Offensive Security
774f3786de
DB: 2021-02-13
...
3 changes to exploits/shellcodes
PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path
School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting
School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting
2021-02-13 05:01:54 +00:00
Offensive Security
b96bdbcfa5
DB: 2021-02-12
...
8 changes to exploits/shellcodes
Online Marriage Registration System 1.0 - Remote Code Execution
Online Marriage Registration System 1.0 - Remote Code Execution (1)
Gitlab 11.4.7 - Remote Code Execution
GitLab 11.4.7 - Remote Code Execution (Authenticated) (1)
Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (Authenticated)
Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (2)
GitLab 11.4.7 - Remote Code Execution (Authenticated)
GitLab 11.4.7 - RCE (Authenticated)
GitLab 11.4.7 - RCE (Authenticated) (2)
Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)
Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)
PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting
b2evolution 6.11.6 - 'redirect_to' Open Redirect
b2evolution 6.11.6 - 'tab3' Reflected XSS
Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2)
Online Marriage Registration System (OMRS) 1.0 - Remote code execution (3)
2021-02-12 05:01:57 +00:00
Offensive Security
fcdaf2028f
DB: 2021-02-11
...
3 changes to exploits/shellcodes
b2evolution 6.11.6 - 'plugin name' Stored XSS
Node.JS - 'node-serialize' Remote Code Execution (2)
2021-02-11 05:01:53 +00:00
Offensive Security
0ebed6d4c4
DB: 2021-02-10
...
5 changes to exploits/shellcodes
Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquote Service Path
AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path
Online Car Rental System 1.0 - Stored Cross Site Scripting
Adobe Connect 10 - Username Disclosure
Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes)
2021-02-10 05:01:58 +00:00
Offensive Security
84533192ae
DB: 2021-02-09
...
19 changes to exploits/shellcodes
SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution
SmartFoxServer 2X 2.17.0 - Credentials Disclosure
Millewin 13.39.146.1 - Local Privilege Escalation
AMD Fuel Service - 'Fuel.service' Unquote Service Path
Microsoft Internet Explorer 11 32-bit - Use-After-Free
SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS
Jenzabar 9.2.2 - 'query' Reflected XSS.
WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection
WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection
WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities
YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery
Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)
Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)
WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection
WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection
WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities
WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities
WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion
2021-02-09 05:01:57 +00:00
Offensive Security
eb867d9bd4
DB: 2021-02-06
...
3 changes to exploits/shellcodes
PhreeBooks ERP 5.2.3 - Remote Command Execution
PhreeBooks ERP 5.2.3 - Remote Command Execution (1)
SEO Panel 4.6.0 - Remote Code Execution
SEO Panel 4.6.0 - Remote Code Execution (1)
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection (Authenticated)
PhreeBooks 5.2.3 ERP - Remote Code Execution (2)
SEO Panel 4.6.0 - Remote Code Execution (2)
2021-02-06 05:01:57 +00:00
Offensive Security
cd09e0cf29
DB: 2021-02-05
...
1 changes to exploits/shellcodes
2021-02-05 05:01:58 +00:00
Offensive Security
ed5a9457b6
DB: 2021-02-04
...
4 changes to exploits/shellcodes
Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (1)
Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (2)
Pixelimity 1.0 - 'password' Cross-Site Request Forgery
Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution
2021-02-04 05:01:56 +00:00
Offensive Security
0f068c1f51
DB: 2021-02-03
...
6 changes to exploits/shellcodes
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (1)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)
Student Record System 4.0 - 'cid' SQL Injection
2021-02-03 05:01:58 +00:00
Offensive Security
f7b4bca87b
DB: 2021-02-02
...
12 changes to exploits/shellcodes
MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
Zoo Management System 1.0 - 'anid' SQL Injection
User Management System 1.0 - 'uid' SQL Injection
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting
bloofoxCMS 0.5.2.1 - CSRF (Add user)
H8 SSRMS - 'id' IDOR
Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting
Roundcube Webmail 1.2 - File Disclosure
Klog Server 2.4.1 - Command Injection (Authenticated)
WordPress 5.0.0 - Image Remote Code Execution
2021-02-02 05:02:00 +00:00
Offensive Security
dade976f06
DB: 2021-01-30
...
12 changes to exploits/shellcodes
Apache - Arbitrary Long HTTP Headers Denial of Service (Perl)
Apache - Arbitrary Long HTTP Headers (Denial of Service)
Microsoft Internet Explorer - Denial of Service (11 bytes)
Microsoft Internet Explorer - Denial of Service
Apache - Arbitrary Long HTTP Headers Denial of Service (C)
Apache - Arbitrary Long HTTP Headers Denial of Service
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)
phpBB 2.0.15 - Register Multiple Users (Denial of Service)
XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)
XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)
XChat 2.6.7 (Windows) - Remote Denial of Service
Opera 9 IRC Client - Remote Denial of Service (Python)
Opera 9 IRC Client - Remote Denial of Service
Xfire 1.6.4 - Remote Denial of Service (Perl)
Xfire 1.6.4 - Remote Denial of Service
Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)
Microsoft Windows - NAT Helper Components Remote Denial of Service
Apple CFNetwork - HTTP Response Denial of Service (Ruby)
Apple CFNetwork - HTTP Response Denial of Service
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service (Python)
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
PHP Hosting Directory 2.0 - Database Disclosure (Python)
PHP Hosting Directory 2.0 - Database Disclosure
Ascend R 4.5 Ci12 - Denial of Service (C)
Ascend R 4.5 Ci12 - Denial of Service (Perl)
Ascend R 4.5 Ci12 - Denial of Service
BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Python)
BulletProof FTP Client 2010 - Buffer Overflow (SEH)
RedHat 6.2 Restore and Dump - Local Privilege Escalation (Perl)
RedHat 6.2 Restore and Dump - Local Privilege Escalation
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Bash)
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Perl)
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation
ARPUS/Ce - Local Overflow (setuid) (Perl)
ARPUS/Ce - Local Overflow (setuid)
Xmame 0.102 - 'lang' Local Buffer Overflow (C)
Xmame 0.102 - 'lang' Local Buffer Overflow
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
Browser3D 3.5 - '.sfs' Local Stack Overflow (C)
Browser3D 3.5 - '.sfs' Local Stack Overflow (Perl)
Browser3D 3.5 - '.sfs' Local Stack Overflow
CastRipper 2.50.70 - '.m3u' Universal Stack Overflow (Python)
CastRipper 2.50.70 - '.m3u' Universal Stack Overflow
Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation (Python)
Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Perl)
Soritong 1.0 - Universal Buffer Overflow (Python)
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Python)
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow
Soritong 1.0 - Universal Buffer Overflow
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow
Apple Mac OSX 10.8.4 - Local Privilege Escalation (Python)
Apple Mac OSX 10.8.4 - Local Privilege Escalation
BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby)
BulletProof FTP Client 2010 - Local Buffer Overflow (SEH)
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032) (C#)
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032)
10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)
10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH) (ROP)
B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)
B64dec 1.1.2 - Buffer Overflow (SEH Overflow + EggHunter)
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (PHP)
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Perl)
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2) (Perl)
Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2)
Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070) (Python)
Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070)
3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode (Perl)
3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Python)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Perl)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Perl)
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Python)
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution (Python)
Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (C)
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow
BIND 9.x - Remote DNS Cache Poisoning (Python)
BIND 9.x - Remote DNS Cache Poisoning
Microsoft Internet Explorer 7 - Memory Corruption (MS09-002) (Python)
Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (Perl)
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow
Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (PHP)
Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass
Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow (Perl)
Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow
Endian Firewall < 3.0.0 - OS Command Injection (Python)
Endian Firewall < 3.0.0 - OS Command Injection
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (C)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (Perl)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution
phpBB 2.0.12 - Change User Rights Authentication Bypass (C)
phpBB 2.0.12 - Change User Rights Authentication Bypass
Maxwebportal 1.36 - 'Password.asp' Change Password (3) (Perl)
Maxwebportal 1.36 - 'Password.asp' Change Password (2) (PHP)
Maxwebportal 1.36 - 'Password.asp' Change Password (3)
Maxwebportal 1.36 - 'Password.asp' Change Password (2)
phpStat 1.5 - 'setup.php' Authentication Bypass (Perl)
phpStat 1.5 - 'setup.php' Authentication Bypass
SimpleBBS 1.1 - Remote Command Execution (C)
SimpleBBS 1.1 - Remote Command Execution
DataLife Engine 4.1 - SQL Injection (Perl)
DataLife Engine 4.1 - SQL Injection (PHP)
DataLife Engine 4.1 - SQL Injection
cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP)
cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (PHP)
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (Perl)
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution
webSPELL 4.2.0d (Linux) - Local File Disclosure (C)
webSPELL 4.2.0d (Linux) - Local File Disclosure
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload
PHPMailer < 5.2.18 - Remote Code Execution (Bash)
PHPMailer < 5.2.18 - Remote Code Execution (PHP)
PHPMailer < 5.2.18 - Remote Code Execution
PHPMailer < 5.2.18 - Remote Code Execution (Python)
PHPMailer < 5.2.18 - Remote Code Execution
WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection
Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload
BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
Online Grading System 1.0 - 'uname' SQL Injection
Quick.CMS 6.7 - Remote Code Execution (Authenticated)
Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover
MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
Simple Public Chat Room 1.0 - Authentication Bypass SQLi
Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)
2021-01-30 05:01:55 +00:00
Offensive Security
82075ed5ca
DB: 2021-01-29
...
10 changes to exploits/shellcodes
jQuery UI 1.12.1 - Denial of Service (DoS)
Metasploit Framework 6.0.11 - msfvenom APK template command injection
fuelCMS 1.4.1 - Remote Code Execution
fuel CMS 1.4.1 - Remote Code Execution (1)
OpenEMR 5.0.1 - Remote Code Execution
OpenEMR 5.0.1 - Remote Code Execution (1)
EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)
OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
Fuel CMS 1.4.1 - Remote Code Execution (2)
Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution
2021-01-29 05:01:58 +00:00
Offensive Security
9847785d4c
DB: 2021-01-27
...
5 changes to exploits/shellcodes
Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)
Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
Simple College Website 1.0 - 'full' Stored Cross Site Scripting
Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
2021-01-27 05:01:58 +00:00
Offensive Security
3fa3a8be65
DB: 2021-01-26
...
8 changes to exploits/shellcodes
MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
Library System 1.0 - 'category' SQL Injection
Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
2021-01-26 05:01:58 +00:00
Offensive Security
3e80d07fdb
DB: 2021-01-23
...
15 changes to exploits/shellcodes
Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation
Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)
Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
Library System 1.0 - Authentication Bypass Via SQL Injection
CASAP Automated Enrollment System 1.0 - Authentication Bypass
ERPNext 12.14.0 - SQL Injection (Authenticated)
Atlassian Confluence Widget Connector Macro - SSTI
Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Socat Bind Shellcode (113 bytes)
Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes)
Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)
Linux/x86 - Egghunter (0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)
Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta ) Via mshta + Execute + Stager Shellcode (143 bytes)
2021-01-23 05:01:59 +00:00
Offensive Security
aa473257e9
DB: 2021-01-22
...
5 changes to exploits/shellcodes
Online Documents Sharing Platform 1.0 - 'user' SQL Injection
Apartment Visitors Management System 1.0 - 'email' SQL Injection
Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit)
Anchor CMS 0.12.7 - CSRF (Delete user)
2021-01-22 05:01:56 +00:00
Offensive Security
d65226277c
DB: 2021-01-21
...
4 changes to exploits/shellcodes
ChurchRota 2.6.4 - RCE (Authenticated)
Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS
Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
Linux/x86 - Socat Bind Shellcode (113 bytes)
2021-01-21 05:01:57 +00:00
Offensive Security
62b25db87d
DB: 2021-01-20
...
2 changes to exploits/shellcodes
osTicket 1.14.2 - SSRF
Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes)
2021-01-20 05:02:00 +00:00
Offensive Security
8d70b4e885
DB: 2021-01-19
...
6 changes to exploits/shellcodes
Life Insurance Management System 1.0 - 'client_id' SQL Injection
Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated)
Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated)
Cisco UCS Manager 2.2(1d) - Remote Command Execution
Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)
Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)
2021-01-19 05:01:58 +00:00
Offensive Security
969e7d6c90
DB: 2021-01-16
...
13 changes to exploits/shellcodes
Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS
E-Learning System 1.0 - Authentication Bypass & RCE POC
Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)
PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message)
WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)
Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting
Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
EyesOfNetwork 5.3 - File Upload Remote Code Execution
BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes)
BSD/x86 - execve(/bin/sh) + Encoded Shellcode (49 bytes)
FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes)
FreeBSD x86/x64 - execve(/bin/sh) + Anti-Debugging Shellcode (140 bytes)
FreeBSD/x86 - setreuid() + execve(pfctl -d) Shellcode (56 bytes)
FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve(/bin/sh) + Encoded Shellcode (48 bytes)
Linux/PPC - read + exec Shellcode (32 bytes)
Linux/PPC - read() + exec Shellcode (32 bytes)
Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Append RSA Key To /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)
Linux/x86 - Reverse PHP (Writes To /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)
Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin ) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)
Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin ) + Receive + Payload Loader Shellcode (68+ bytes)
BSD/x86 - symlink . /bin/sh Shellcode (32 bytes)
BSD/x86 - symlink /bin/sh Shellcode (32 bytes)
Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Linux/x86 - Overwrite MBR On /dev/sda With _LOL!' Shellcode (43 bytes)
Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes)
Linux/x86 - Add Root User (toor) To /etc/passwd + No Password + exit() Shellcode (107 bytes)
Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)
Linux/x86 - execve(_/bin/sh__ _0__ _0_) With umask 16 (sys_umask(14)) Shellcode (45 bytes)
Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x64 - setuid(0) + chmod (/etc/passwd 0777) + exit(0) Shellcode (63 bytes)
Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes)
Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)
Linux/ARM - chmod(/etc/shadow 0777) + Polymorphic Shellcode (84 bytes)
Linux/ARM - chmod(/etc/shadow 0777) Shellcode (35 bytes)
Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind (6778/TCP) Shell + Polymorphic + XOR Encoded Shellcode (125 bytes)
Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode
Linux/ARM - Bind (0x1337/TCP) Listener + Receive + Payload Loader Shellcode
Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod (/etc/shadow 0666) + exit(0) Shellcode (43 bytes)
Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit)
Windows - Download File + Execute Via DNS + IPv6 Shellcode (Generator) (Metasploit)
Linux/MIPS (Little Endian) - system() Shellcode (80 bytes)
Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid() + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes)
Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts Shellcode (77 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (77-85/90-98 bytes)
Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)
Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)
Windows/x64 (XP) - Download File + Execute Shellcode Using PowerShell (Generator)
Linux/MIPS (Little Endian) - chmod(/etc/shadow 666) Shellcode (55 bytes)
Linux/MIPS (Little Endian) - chmod(/etc/passwd 666) Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - execve(/bin/sh) + ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes)
Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts + Obfuscated Shellcode (98 bytes)
Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - Custom execve() + 'Followtheleader' Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)
Linux/x86 - mkdir(HACK) + chmod 777 + exit(0) Shellcode (29 bytes)
Linux/x86 - Reboot() Shellcode (28 bytes)
Linux/x86 - reboot() Shellcode (28 bytes)
Linux/x64 - execve() Encoded Shellcode (57 bytes)
Linux/x64 - execve() + Encoded Shellcode (57 bytes)
Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)
Windows/x86 - Download File (//192.168.1.19/c) Via WebDAV + Execute Null-Free Shellcode (96 bytes)
Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes)
Windows - Keylogger To File (./log.bin) + Null-Free Shellcode (431 bytes)
Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes)
Windows - Keylogger To File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes)
BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
BSD / Linux / Windows (x86/x64) - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Shellcode (194 bytes) (Generator)
Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing Via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)
Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)
BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes)
BSD/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes)
Linux/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes)
BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (31 bytes)
Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes)
Linux/x86 - Audio (knock knock knock) Via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes)
Linux/x86 - Remote File Download Shellcode (42 bytes)
Linux/x86 - Download File Shellcode (42 bytes)
Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes)
Linux/x86 - reboot() + Mutated + Null-Free Shellcode (55 bytes)
Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes)
Linux/x86 - execve(wget) + Mutated + Null-Free Shellcode (96 bytes)
Linux/x86 - Download File (http://192.168.2.222/x ) + chmod() + execute Shellcode (108 bytes)
Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes)
Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes)
Linux/x86 - Download File (http://192.168.2.222/x ) + chmod() + Execute Shellcode (108 bytes)
Linux/x86 - execve(/bin/sh) Using jump/call/pop Shellcode (52 bytes)
Linux/x86 - Copy /etc/passwd To /tmp/outfile Shellcode (97 bytes)
Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)
Linux/x64 - execve(/bin/sh -c reboot) Shellcode (89 bytes)
Linux/x64 - mkdir() Shellcode (25 bytes)
Linux/x64 - mkdir(ajit) Shellcode (25 bytes)
IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes)
IRIX - Bind (/TCP) Shell (/bin/sh) Shellcode (364 bytes)
Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes)
Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes)
Linux/ARM - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (79 bytes)
Linux/ARM - chmod(/etc/passwd 0777) Shellcode (39 bytes)
Linux/x64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (27 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (110 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (96 bytes)
Linux/x64 - shutdown -h now Shellcode (65 bytes)
Linux/x64 - shutdown -h now Shellcode (64 bytes)
Linux/x64 - /sbin/shutdown -h now Shellcode (65 bytes)
Linux/x64 - /sbin/shutdown -h now Shellcode (64 bytes)
Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode
Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator)
Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode
Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes)
Linux/x64 - execve(/bin/sh) + Custom Encoded XOR Shellcode
Linux/x64 - execve(/bin/sh) + Custom Encoded XOR + Polymorphic Shellcode (Generator)
Linux/x64 - execve(/bin/sh) + Twofish Encoded + DNS (CNAME) Password + Shellcode
Linux/x86 - execve(/bin/sh) + NOT Encoder / Decoder Shellcode (44 bytes)
Linux/x64 - x64 Assembly Shellcode (Generator)
Linux/x64 - execve() Assembly Shellcode (Generator)
Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)
Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (37 bytes)
Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + (Dual IPv4 and IPv6) Shellcode (146 bytes)
Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + IPv4/6 Shellcode (146 bytes)
Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes)
Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (28 Bytes)
Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (20 Bytes)
Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)
Linux/x86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)
Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)
Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (4 Bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse (192.168.2.157:31337/TCP) Shellcode (181 bytes)
Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x86 - execve(/usr/bin/head -n99 cat etc/passwd) Shellcode (61 Bytes)
Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile ) + chmod 777 + execute Shellcode (119 bytes)
Windows/x86 - Download With TFTP And Execute Shellcode (51-60 bytes) (Generator)
Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile ) + chmod 777 + Execute Shellcode (119 bytes)
Windows/x86 (XP Pro SP3) - Download File Via TFTP + Execute Shellcode (51-60 bytes) (Generator)
Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes)
Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes)
Linux/ARM - Reverse (192.168.1.124:4321/TCP) Shell (/bin/sh) Shellcode (64 bytes)
Windows/x86 - Download File (http://192.168.0.13/ms.msi ) Via msiexec + Execute Shellcode (95 bytes)
Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (119 bytes)
Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes)
Linux/x86 - Add User (sshd/root) To /etc/passwd Shellcode (149 bytes)
Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080 ) Shellcode (125 bytes)
Linux/x86 - cat .bash_history + base64 Encode + cURL (http://localhost:8080 ) Shellcode (125 bytes)
Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes)
Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) Shellcode (91 Bytes) (Generator)
Linux/x86 - Shred file (test.txt) Shellcode (72 bytes)
Linux/x86 - Shred File (test.txt) Shellcode (72 bytes)
Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (23 bytes)
Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
Linux/x86 - execve(/bin/sh) + Reposition + INC Encoder Shellcode (66 bytes)
Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe _c:\evil.exe_) Shellcode (210 Bytes)
Windows/x86 - Download File (http://192.168.10.10/evil.exe _c:\evil.exe_) Via bitsadmin + Execute Shellcode (210 Bytes)
Linux/x86 - Chmod + Execute (/usr/bin/wget http://192.168.1.93//x ) + Hide Output Shellcode (129 bytes)
Linux/x86 - chmod + execute(/usr/bin/wget http://192.168.1.93//x ) + Hide Output Shellcode (129 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (140 bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + mmap() + read() Stager Shellcode (60 Bytes)
Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (8 Bytes)
Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) Using JMP-CALL-POP Shellcode (21 bytes)
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes)
Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)
Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (168 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + Polymorphic Shellcode (53 bytes)
Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (107 bytes)
Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)
Linux/x86_64 - execve(_/bin/sh_) + AVX2 XOR Decoder Shellcode (62 bytes)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)
Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes)
Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (107 Bytes)
Linux/x86 - Bind (43690/TCP) + Null-Free Shellcode (53 Bytes)
Linux/x86 - execve(/bin/sh) + NOT + XOR-N + Random Encoded Shellcode (132 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Byte Free Shellcode (188 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Windows/7 - Screen Lock Shellcode (9 bytes)
Linux/x86 - Add Root User (vl43ck/test) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) To /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (25 bytes)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) Socket Reuse Shellcode (42 bytes)
Linux/x86 - execve(/bin/sh) + NOT|ROT+8 Encoded + Null-Free Shellcode (47 bytes)
Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Free Shellcode (188 bytes)
Linux/x86 - execve() + Alphanumeric Shellcode (66 bytes)
Linux/x86 - execve(/bin/sh) + Random Bytes Encoder + XOR/SUB/NOT/ROR Shellcode (114 bytes)
Windows/x64 (7) - Screen Lock Shellcode (9 bytes)
Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
Windows/x86 - WinExec Calc.exe + Null-Free Shellcode (195 bytes)
Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes)
Linux/x86 - Reboot + Polymorphic Shellcode (26 bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
Linux/ARM - execve /bin/dash Shellcode (32 bytes)
Windows/x86 - MSVCRT System + Dynamic Null-Free + Add RDP Admin (MajinBuu/TurnU2C@ndy!!) + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Password (P3WP3Wl4ZerZ) + Null-free Shellcode (272 Bytes)
Linux/ARM - execve(/bin/dash) Shellcode (32 bytes)
Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes)
Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (124 bytes)
Windows/x86 - Download using mshta.exe Shellcode (100 bytes)
Windows/x86 - Download File (http://192.168.43.192:8080/9MKWaRO.hta ) Via mshta Shellcode (100 bytes)
2021-01-16 05:01:56 +00:00
Offensive Security
cf0895f784
DB: 2021-01-15
...
5 changes to exploits/shellcodes
Online Movie Streaming 1.0 - Admin Authentication Bypass
Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated)
Online Shopping Cart System 1.0 - 'id' SQL Injection
Laravel 8.4.2 debug mode - Remote code execution
Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
2021-01-15 05:01:55 +00:00
Offensive Security
f8d41df29f
DB: 2021-01-14
...
4 changes to exploits/shellcodes
dnsrecon 0.10.0 - CSV Injection
Erlang Cookie - Remote Code Execution
Online Hotel Reservation System 1.0 - Admin Authentication Bypass
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (91 bytes)
Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)
Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Byte Free Shellcode (188 bytes)
Linux/x86 - bind shell on port 13377 Shellcode (65 bytes)
Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes)
2021-01-14 05:01:54 +00:00
