exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	b786988389	DB: 2018-11-03 9 changes to exploits/shellcodes WinMTR 0.91 - Denial of Service (PoC) CdCatalog 2.3.1 - Denial of Service (PoC) Zint Barcode Generator 2.6 - Denial of Service (PoC) Anviz AIM CrossChex Standard 4.3 - CSV Injection Fantastic Blog CMS 1.0 - 'id' SQL Injection Jelastic 5.4 - 'host' SQL Injection Gate Pass Management System 2.1 - 'login' SQL Injection qdPM 9.1 - 'filter_by' SQL Injection Yot CMS 3.3.1 - 'aid' SQL Injection	2018-11-03 05:01:48 +00:00
Offensive Security	ef70ec156b	DB: 2018-10-31 22 changes to exploits/shellcodes ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC) SIPp 3.3.990 - Local Buffer Overflow (PoC) R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass) xorg-x11-server 1.20.3 - Privilege Escalation Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit) Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection Electricks eCommerce 1.0 - 'prodid' SQL Injection phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection Webiness Inventory 2.9 - Arbitrary File Upload NETGEAR WiFi Router R6120 - Credential Disclosure MyBB Downloads 2.0.3 - SQL Injection Expense Management 1.0 - Arbitrary File Upload University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin) Notes Manager 1.0 - Arbitrary File Upload Instagram Clone 1.0 - Arbitrary File Upload Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection CI User Login and Management 1.0 - Arbitrary File Upload Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)	2018-10-31 05:01:53 +00:00
Offensive Security	832a222df4	DB: 2018-10-26 21 changes to exploits/shellcodes ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC) BORGChat 1.0.0 build 438 - Denial of Service (PoC) libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer Adult Filter 1.0 - Buffer Overflow (SEH) WebEx - Local Service Permissions Exploit (Metasploit) exim 4.90 - Remote Code Execution ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write exim 4.90 - Remote Code Execution WebExec - Authenticated User Code Execution (Metasploit) ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Ekushey Project Manager CRM 3.1 - Cross-Site Scripting phptpoint Pharmacy Management System 1.0 - 'username' SQL injection phptpoint Hospital Management System 1.0 - 'user' SQL injection Simple Chat System 1.0 - 'id' SQL Injection Delta Sql 1.8.2 - Arbitrary File Upload User Management 1.1 - Cross-Site Scripting ClipBucket 2.8 - 'id' SQL Injection Simple POS and Inventory 1.0 - 'cat' SQL Injection AiOPMSD Final 1.0.0 - 'q' SQL Injection AjentiCP 1.2.23.13 - Cross-Site Scripting MPS Box 0.1.8.0 - 'uuid' SQL Injection Open STA Manager 2.3 - Arbitrary File Download	2018-10-26 05:01:46 +00:00
Offensive Security	dac8dd4731	DB: 2018-10-25 15 changes to exploits/shellcodes Adult Filter 1.0 - Denial of Service (PoC) Microsoft Data Sharing - Local Privilege Escalation (PoC) Webmin 1.5 - Web Brute Force (CGI) exim 4.90 - Remote Code Execution School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection SG ERP 1.0 - 'info' SQL Injection Fifa Master XLS 2.3.2 - 'usw' SQL Injection Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Apache OFBiz 16.11.04 - XML External Entity Injection D-Link Routers - Command Injection D-Link Routers - Plaintext Password D-Link Routers - Directory Traversal Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes	2018-10-25 05:01:46 +00:00
Offensive Security	4f60a3d8f2	DB: 2018-10-24 9 changes to exploits/shellcodes AudaCity 2.3 - Denial of Service (PoC) Audacity 2.3 - Denial of Service (PoC) ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC) Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass) Appsource School Management System 1.0 - 'student_id' SQL Injection SIM-PKH 2.4.1 - Arbitrary File Upload ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection School ERP Pro+Responsive 1.0 - Arbitrary File Download School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection	2018-10-24 05:02:04 +00:00
Offensive Security	defa138d04	DB: 2018-10-23 17 changes to exploits/shellcodes Modbus Poll 7.2.2 - Denial of Service (PoC) AudaCity 2.3 - Denial of Service (PoC) Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit) Countly - Persistent Cross-Site Scripting Countly - Cross-Site Scripting MySQL Edit Table 1.0 - 'id' SQL Injection School ERP Ultimate 2018 - Arbitrary File Download Oracle Siebel CRM 8.1.1 - CSV Injection The Open ISES Project 3.30A - 'tick_lat' SQL Injection School ERP Ultimate 2018 - 'fid' SQL Injection eNdonesia Portal 8.7 - 'artid' SQL Injection The Open ISES Project 3.30A - Arbitrary File Download Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection	2018-10-23 05:01:48 +00:00
Offensive Security	712d629b6b	DB: 2018-10-17 13 changes to exploits/shellcodes Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure Solaris - RSH Stack Clash Privilege Escalation (Metasploit) VLC Media Player - MKV Use-After-Free (Metasploit) HotelDruid 2.2.4 - 'anno' SQL Injection Navigate CMS 2.8.5 - Arbitrary File Download Library CMS 2.1.1 - Cross-Site Scripting Kados R10 GreenBee - 'release_id' SQL Injection Vishesh Auto Index 3.1 - 'fid' SQL Injection WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection MV Video Sharing Software 1.2 - 'searchname' SQL Injection GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection Heatmiser Wifi Thermostat 1.7 - Credential Disclosure	2018-10-17 05:01:42 +00:00
Offensive Security	731dd0f423	DB: 2018-10-16 22 changes to exploits/shellcodes Snes9K 0.0.9z - Buffer Overflow (SEH) NoMachine < 5.3.27 - Remote Code Execution MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection FLIR Brickstream 3D+ - RTSP Stream Disclosure FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure CAMALEON CMS 2.4 - Cross-Site Scripting Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin) AlchemyCMS 4.1 - Cross-Site Scripting FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution College Notes Management System 1.0 - 'user' SQL Injection Advanced HRM 1.6 - Remote Code Execution Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities Academic Timetable Final Build 7.0 - Information Disclosure KORA 2.7.0 - 'cid' SQL Injection	2018-10-16 05:01:45 +00:00
Offensive Security	9d143a6b42	DB: 2018-10-13 22 changes to exploits/shellcodes Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection Wikidforum 2.20 - Cross-Site Scripting WAGO 750-881 01.09.18 - Cross-Site Scripting E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection jQuery-File-Upload 9.22.0 - Arbitrary File Upload Phoenix Contact WebVisit 6.40.00 - Password Disclosure HaPe PKH 1.1 - 'id' SQL Injection LUYA CMS 1.0.12 - Cross-Site Scripting Phoenix Contact WebVisit 2985725 - Authentication Bypass HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin) CAMALEON CMS 2.4 - Cross-Site Scripting HaPe PKH 1.1 - Arbitrary File Upload SugarCRM 6.5.26 - Cross-Site Scripting FluxBB < 1.5.6 - SQL Injection	2018-10-13 05:01:46 +00:00
Offensive Security	6fe17058fb	DB: 2018-10-10 15 changes to exploits/shellcodes Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass Microsoft Edge Chakra JIT - Type Confusion Seqrite End Point Security 7.4 - Privilege Escalation Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass) 360 3.5.0.1033 - Sandbox Escape ghostscript - executeonly Bypass with errorhandler Setup ifwatchd - Privilege Escalation (Metasploit) FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH) Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit) Wikidforum 2.20 - 'select_sort' SQL Injection Wikidforum 2.20 - 'message_id' SQL Injection Monstra 3.0.4 - Cross-Site Scripting	2018-10-10 05:01:44 +00:00
Offensive Security	b311000a22	DB: 2018-10-09 16 changes to exploits/shellcodes net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC) net-snmp 5.7.3 - Authenticated Denial of Service (PoC) Linux - Kernel Pointer Leak via BPF Android - sdcardfs Changes current->fs Without Proper Locking 360 3.5.0.1033 - Sandbox Escape Git Submodule - Arbitrary Code Execution Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit) Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit) Cisco Prime Infrastructure - Unauthenticated Remote Code Execution Unitrends UEB - HTTP API Remote Code Execution (Metasploit) Navigate CMS - Unauthenticated Remote Code Execution (Metasploit) FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Imperva SecureSphere 13 - Remote Command Execution Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)	2018-10-09 05:01:44 +00:00
Offensive Security	91ac09507e	DB: 2018-09-28 4 changes to exploits/shellcodes EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting Rausoft ID.prove 2.95 - 'Username' SQL injection Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes) Linux/x86 - Bind (5555/TCP) Shell (/bin/sh) Shellcode (98 bytes)	2018-09-28 05:01:59 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	2785d40187	DB: 2018-09-14 12 changes to exploits/shellcodes Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC) MediaTek Wirless Utility rt2870 - Denial of Service (PoC) TeamViewer App 13.0.100.0 - Denial of Service (PoC) Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH) STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH) Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH) Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket MyBB 1.8.17 - Cross-Site Scripting Apache Portals Pluto 3.0.0 - Remote Code Execution Apache Syncope 2.0.7 - Remote Code Execution	2018-09-14 05:01:54 +00:00
Offensive Security	87053f010c	DB: 2018-09-11 12 changes to exploits/shellcodes SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH) Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH) Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH) Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH) Any Sound Recorder 2.93 - Denial of Service (PoC) Zenmap (Nmap) 7.70 - Denial of Service (PoC) Ghostscript - Failed Restore Command Execution (Metasploit) VirtualBox 5.2.6.r120293 - VM Escape Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit) RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities RPi Cam Control < 6.3.14 - Multiple Vulnerabilities LW-N605R 12.20.2.1486 - Remote Code Execution RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution	2018-09-11 05:01:54 +00:00
Offensive Security	76af808136	DB: 2018-09-08 6 changes to exploits/shellcodes DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH) iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow (SEH) Tenable WAS-Scanner 7.4.1708 - Remote Command Execution D-Link Dir-600M N150 - Cross-Site Scripting MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal QNAP Photo Station 5.7.0 - Cross-Site Scripting	2018-09-08 05:01:54 +00:00
Offensive Security	444206a6be	DB: 2018-08-30 21 changes to exploits/shellcodes NASA openVSP 3.16.1 - Denial of Service (PoC) Immunity Debugger 1.85 - Denial of Service (PoC) ipPulse 1.92 - 'TCP Port' Denial of Service (PoC) Fathom 2.4 - Denial Of Service (PoC) Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC) Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC) HD Tune Pro 5.70 - Denial of Service (PoC) Drive Power Manager 1.10 - Denial Of Service (PoC) Easy PhotoResQ 1.0 - Denial Of Service (PoC) Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC) SIPP 3.3 - Stack-Based Buffer Overflow R 3.4.4 - Buffer Overflow (SEH) Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure phpMyAdmin 4.7.x - Cross-Site Request Forgery Episerver 7 patch 4 - XML External Entity Injection Argus Surveillance DVR 4.0.0.0 - Directory Traversal Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes) Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes) Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)	2018-08-30 05:01:54 +00:00
Offensive Security	ef80d21646	DB: 2018-08-29 5 changes to exploits/shellcodes Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service (PoC) Instagram App 41.1788.50991.0 - Denial of Service (PoC) Microsoft Windows - JScript RegExp.lastIndex Use-After-Free UltraISO 9.7.1.3519 - Buffer Overflow (SEH) Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection	2018-08-29 05:01:57 +00:00
Offensive Security	18e2848633	DB: 2018-08-28 25 changes to exploits/shellcodes Firefox 55.0.3 - Denial of Service (PoC) Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC) Libpango 1.40.8 - Denial of Service (PoC) Adobe Flash - AVC Processing Out-of-Bounds Read Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP) CuteFTP 5.0 - Buffer Overflow Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit) OpenSSH 7.7 - Username Enumeration OpenSSH 2.3 < 7.7 - Username Enumeration Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) Node.JS - 'node-serialize' Remote Code Execution Electron WebPreferences - Remote Code Execution HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit) Auditor Website 2.0.1 - Cross-Site Scripting Basic B2B Script 2.0.0 - Cross-Site Scripting Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting Sentrifugo HRMS 3.2 - 'deptid' SQL Injection WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin) RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin) LiteCart 2.1.2 - Arbitrary File Upload Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection Responsive FileManager < 9.13.4 - Directory Traversal WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection	2018-08-28 05:01:59 +00:00
Offensive Security	4d43b968d8	DB: 2018-08-24 7 changes to exploits/shellcodes CuteFTP 8.3.1 - Denial of Service (PoC) Epiphany Web Browser 3.28.1 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) CMS ISWEB 3.5.3 - Directory Traversal Twitter-Clone 1 - 'code' SQL Injection PCViewer vt1000 - Directory Traversal	2018-08-24 05:01:53 +00:00
Offensive Security	b81a1d9d72	DB: 2018-08-23 12 changes to exploits/shellcodes Textpad 7.6.4 - Denial Of Service (PoC) UltraISO 9.7.1.3519 - Denial Of Service (PoC) Easyboot 6.6.0 - Denial Of Service (PoC) Softdisk 3.0.3 - Denial Of Service (PoC) Soroush IM Desktop App 0.17.0 - Authentication Bypass Project64 2.3.2 - Buffer Overflow (SEH) Ghostscript - Multiple Vulnerabilities Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation OpenSSH 2.3 < 7.4 - Username Enumeration (PoC) OpenSSH 2.3 < 7.7 - Username Enumeration (PoC) Geutebrueck re_porter 7.8.974.20 - Credential Disclosure ZyXEL VMG3312-B10B - Cross-Site Scripting KingMedia 4.1 - Remote Code Execution Geutebrueck re_porter 16 - Cross-Site Scripting	2018-08-23 05:01:49 +00:00
Offensive Security	1d21694058	DB: 2018-08-10 13 changes to exploits/shellcodes reSIProcate 1.10.2 - Heap Overflow CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass) AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH) Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit) Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page) Responsive Filemanager 9.13.1 - Server-Side Request Forgery Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Sitecore.Net 8.1 - Directory Traversal Monstra 3.0.4 - Cross-Site Scripting TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot) TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)	2018-08-10 05:01:46 +00:00
Offensive Security	9d8170fd85	DB: 2018-08-09 9 changes to exploits/shellcodes TP-Link Wireless N Router WR840N - Denial of Service (PoC) Splinterware System Scheduler Pro 5.12 - Privilege Escalation iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow iSmartViewPro 1.5 - 'Account' Buffer Overflow OpenEMR < 5.0.1 - Remote Code Execution Kirby CMS 2.5.12 - Cross-Site Scripting osTicket 1.10.1 - Arbitrary File Upload LG-Ericsson iPECS NMS 30M - Directory Traversal LAMS < 3.1 - Cross-Site Scripting onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) Monstra 3.0.4 - Cross-Site Scripting LAMS < 3.1 - Cross-Site Scripting onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) Monstra 3.0.4 - Cross-Site Scripting	2018-08-09 05:01:53 +00:00
Offensive Security	3aca47020d	DB: 2018-08-04 10 changes to exploits/shellcodes FTPShell Client 5.24 - Add to Favorites Buffer Overflow FTPShell Client 5.24 - 'Add to Favorites' Buffer Overflow FTPShell Client 5.24 - Create NewFolder Local Buffer Overflow FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow Wedding Slideshow Studio 1.36 - Buffer Overflow Linux Kernel - UDP Fragmentation Offset 'UFO' Privilege Escalation (Metasploit) Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting Auditor Website 2.0.1 - Cross-Site Scripting Basic B2B Script 2.0.0 - Cross-Site Scripting Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting PHP Template Store Script 3.0.6 - Cross-Site Scripting Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (128 Bytes)	2018-08-04 05:01:46 +00:00
Offensive Security	9ea5e15796	DB: 2018-08-03 13 changes to exploits/shellcodes Sun Solaris 11.3 AVS - Local Kernel root Exploit Allok Fast AVI MPEG Splitter 1.2 - Buffer Overflow (PoC) AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Imperva SecureSphere 11.5 / 12.0 / 13.0 - Privilege Escalation SecureSphere 12.0.0.50 - SealMode Shell Escape (Metasploit) wityCMS 0.6.1 - Cross-Site Scripting Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change) TI Online Examination System v2 - Arbitrary File Download PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQL Injection CoSoSys Endpoint Protector 4.5.0.1 - Authenticated Remote Root Command Injection Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution Seq 4.2.476 - Authentication Bypass	2018-08-03 05:01:46 +00:00
Offensive Security	903bf974eb	DB: 2018-08-02 10 changes to exploits/shellcodes ipPulse 1.92 - 'Licence Key' Denial of Service (PoC) Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC) WebRTC - VP8 Block Decoding Use-After-Free WebRTC - FEC Processing Overflow WebRTC - H264 NAL Packet Processing Type Confusion Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH) Axis Network Camera - .srv to parhand RCE (Metasploit) SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit) Synology DiskStation Manager 4.1 - Directory Traversal Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)	2018-08-02 05:02:43 +00:00
Offensive Security	ed985d30e0	DB: 2018-07-26 3 changes to exploits/shellcodes PoDoFo 0.9.5 - Buffer Overflow PoDoFo 0.9.5 - Buffer Overflow (PoC) Windows Speech Recognition - Buffer Overflow Windows Speech Recognition - Buffer Overflow (PoC) GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC) 10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH) 10-Strike LANState 8.8 - Local Buffer Overflow (SEH) D-link DAP-1360 - Path Traversal / Cross-Site Scripting	2018-07-26 05:01:45 +00:00
Offensive Security	300aada6a5	DB: 2018-07-24 7 changes to exploits/shellcodes Windows Speech Recognition - Buffer Overflow Knox Software Arkeia 4.0 - Backup Local Overflow Knox Arkeia 4.0 Backup - Local Overflow Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH) Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) Knox Arkeia Backup Client 5.3.3 Type 77 (OSX) - Overflow (Metasploit) Microsoft Windows - 'dnslint.exe' Drive-By Download NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution Davolink DVW 3200 Router - Password Disclosure Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router) Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)	2018-07-24 05:01:45 +00:00
Offensive Security	a657b64301	DB: 2018-07-17 7 changes to exploits/shellcodes macOS/iOS - JavaScript Injection Bug in OfficeImporter Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Microsoft Enterprise Mode Site List Manager - XML External Entity Injection Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit) Hadoop YARN ResourceManager - Command Execution (Metasploit) VelotiSmart WiFi B-380 Camera - Directory Traversal Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)	2018-07-17 05:01:49 +00:00
Offensive Security	b374aca9a3	DB: 2018-07-14 10 changes to exploits/shellcodes G DATA Total Security 25.4.0.3 - Activex Buffer Overflow Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit) HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit) HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit) IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit) IBM QRadar SIEM - Remote Code Execution (Metasploit) Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit) Apache CouchDB - Arbitrary Command Execution (Metasploit) phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit) Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit) Dolibarr 3.2.0 < Alpha - File Inclusion Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion Dolibarr ERP/CRM - OS Command Injection Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection Dolibarr CMS 3.5.3 - Multiple Vulnerabilities Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr ERP/CRM 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr ERP/CRM - '/user/index.php' Multiple SQL Injections Dolibarr ERP/CRM - '/user/info.php?id' SQL Injection Dolibarr ERP/CRM - '/admin/boxes.php?rowid' SQL Injection Dolibarr ERP/CRM 3.1.0 - '/user/index.php' Multiple SQL Injections Dolibarr ERP/CRM 3.1.0 - '/user/info.php?id' SQL Injection Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection Dolibarr CMS 3.x - '/adherents/fiche.php' SQL Injection Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities Dolibarr 7.0.0 - SQL Injection Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution WAGO e!DISPLAY 7300T - Multiple Vulnerabilities QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery	2018-07-14 05:01:50 +00:00
Offensive Security	e76244b41a	DB: 2018-07-13 8 changes to exploits/shellcodes Adobe Flash Player 10.0.22 and AIR - 'intf_count' Integer Overflow Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions VLC media player 2.2.8 - Arbitrary Code Execution (PoC) Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation 212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities 212Cafe Board 0.08 Beta / 6.30 Beta - Multiple Cross-Site Scripting Vulnerabilities 123 Flash Chat - Multiple Vulnerabilities 123 Flash Chat 7.8 - Multiple Vulnerabilities Dicoogle PACS 2.5.0 - Directory Traversal	2018-07-13 05:02:00 +00:00
Offensive Security	727943f775	DB: 2018-07-10 8 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH) Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow HP VAN SDN Controller - Root Command Injection (Metasploit) HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit) GitList 0.6.0 - Argument Injection (Metasploit) Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Linux/x86 - Kill Process Shellcode (20 bytes)	2018-07-10 05:01:55 +00:00
Offensive Security	6a98e55e9d	DB: 2018-07-04 4 changes to exploits/shellcodes openslp 2.0.0 - Double-Free Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (Metasploit) FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit) FTPShell Client 6.70 (Enterprise Edition) - Stack Buffer Overflow (Metasploit) ModSecurity 3.0.0 - Cross-Site Scripting ntop-ng < 3.4.180617 - Authentication Bypass	2018-07-04 05:01:48 +00:00
Offensive Security	e8a3702c6c	DB: 2018-07-03 11 changes to exploits/shellcodes Core FTP LE 2.2 - Buffer Overflow (PoC) SIPp 3.6 - Local Buffer Overflow (PoC) Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC) Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit) Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit) VMware NSX SD-WAN Edge < 3.1.2 - Command Injection DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)	2018-07-03 05:01:48 +00:00
Offensive Security	086cfb2c76	DB: 2018-06-19 16 changes to exploits/shellcodes Nikto 2.1.6 - CSV Injection Pale Moon Browser < 27.9.3 - Use After Free (PoC) Audiograbber 1.83 - Local Buffer Overflow (SEH) Redis-cli < 5.0 - Buffer Overflow (PoC) Microsoft COM for Windows - Privilege Escalation Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass Canon MF210/MF220 - Authenticaton Bypass Canon LBP7110Cw - Authentication Bypass Canon LBP6030w - Authentication Bypass Joomla! Component jomres 9.11.2 - Cross-Site Request Forgery RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery Redatam Web Server < 7 - Directory Traversal	2018-06-19 05:01:47 +00:00
Offensive Security	329d5722a0	DB: 2018-06-16 3 changes to exploits/shellcodes Soroush IM Desktop app 0.15 - Authentication Bypass OEcms 3.1 - Cross-Site Scripting Dimofinf CMS 3.0.0 - Cross-Site Scripting	2018-06-16 05:01:46 +00:00
Offensive Security	de3b5004b9	DB: 2018-06-14 6 changes to exploits/shellcodes Microsoft Windows 10 - Child Process Restriction Mitigation Bypass glibc - 'realpath()' Privilege Escalation (Metasploit) RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation DHCP Client - Command Injection (DynoRoot) (Metasploit) MACCMS 10 - Cross-Site Request Forgery (Add User) Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload	2018-06-14 05:01:45 +00:00
Offensive Security	0381c4c519	DB: 2018-06-09 11 changes to exploits/shellcodes Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service WebKit - WebAssembly Compilation Info Leak Google Chrome - Integer Overflow when Processing WebAssembly Locals WebKit - Use-After-Free when Resuming Generator WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass MantisBT XmlImportExport Plugin - PHP Code Injection (Metasploit) Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2) Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure MantisBT 1.2.3 (db_type) - Local File Inclusion Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion Mantis 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution Mantis 0.19 - Remote Server-Side Script Execution Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x - New Account Signup Mass Emailing Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis Bug Tracker 0.x - New Account Signup Mass Emailing Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting MantisBT 1.1.8 - Cross-Site Scripting / SQL Injection Mantis Bug Tracker 1.1.8 - Cross-Site Scripting / SQL Injection MantisBT 1.2.19 - Host Header Mantis Bug Tracker 1.2.19 - Host Header MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit) Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1) Monstra CMS < 3.0.4 - Cross-Site Scripting Automation Monstra CMS < 3.0.4 - Cross-Site Scripting XiongMai uc-httpd 1.0.0 - Buffer Overflow Splunk < 7.0.1 - Information Disclosure Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes) Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes) Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)	2018-06-09 05:01:42 +00:00
Offensive Security	ad4b4f15f3	DB: 2018-06-06 11 changes to exploits/shellcodes Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Clone2GO Video converter 2.8.2 - Buffer Overflow 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) 10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH) 10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH) WebKitGTK+ < 2.21.3 - Crash (PoC) WebKit - not_number defineProperties UAF (Metasploit) EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting Pagekit < 1.0.13 - Cross-Site Scripting Code Generator Brother HL Series Printers 1.15 - Cross-Site Scripting Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)	2018-06-06 05:01:46 +00:00
Offensive Security	61159b7f3e	DB: 2018-06-05 5 changes to exploits/shellcodes R 3.4.4 - Local Buffer Overflow RGui 3.4.4 - Local Buffer Overflow Zip-n-Go 4.9 - Buffer Overflow (SEH) Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) CyberArk < 10 - Memory Disclosure GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin) GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin) SearchBlox 8.6.7 - XML External Entity Injection EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting	2018-06-05 05:01:52 +00:00
Offensive Security	c0126aa27f	DB: 2018-05-25 16 changes to exploits/shellcodes DynoRoot DHCP - Client Command Injection DynoRoot DHCP Client - Command Injection Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution Flash ActiveX 18.0.0.194 - Code Execution Microsoft Internet Explorer 11 - javascript Code Execution Flash ActiveX 28.0.0.137 - Code Execution (1) Flash ActiveX 28.0.0.137 - Code Execution (2) GNU glibc < 2.27 - Local Buffer Overflow NewsBee CMS 1.4 - Cross-Site Request Forgery ASP.NET jVideo Kit - 'query' SQL Injection PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting OpenDaylight - SQL Injection Timber 1.1 - Cross-Site Request Forgery Honeywell XL Web Controller - Cross-Site Scripting EU MRV Regulatory Complete Solution 1 - Authentication Bypass Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes) Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)	2018-05-25 05:01:45 +00:00
Offensive Security	54b5ed8407	DB: 2018-05-24 31 changes to exploits/shellcodes WordPress Core - 'load-scripts.php' Denial of Service WordPress Core - 'load-scripts.php' Denial of Service Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free FTPShell Server 6.80 - Denial of Service Siemens SCALANCE S613 - Remote Denial of Service Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH) Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH) WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service FTPShell Server 6.80 - Buffer Overflow (SEH) SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting EasyService Billing 1.0 - 'p1' SQL Injection MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection PHP Dashboards 4.5 - 'email' SQL Injection Mobile Card Selling Platform 1 - Cross-Site Request Forgery PHP Dashboards 4.5 - SQL Injection Online Store System CMS 1.0 - SQL Injection Gigs 2.0 - 'username' SQL Injection GPSTracker 1.0 - 'id' SQL Injection Shipping System CMS 1.0 - SQL Injection Wecodex Store Paypal 1.0 - SQL Injection SAT CFDI 3.3 - SQL Injection School Management System CMS 1.0 - 'username' SQL Injection Library CMS 1.0 - SQL Injection Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection eWallet Online Payment Gateway 2 - Cross-Site Request Forgery Mcard Mobile Card Selling Platform 1 - SQL Injection Honeywell Scada System - Information Disclosure NewsBee CMS 1.4 - Cross-Site Request Forgery SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change WordPress Plugin Peugeot Music - Arbitrary File Upload BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Bind (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) BSD/x86 - Reverse (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Reverse (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Bind (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) FreeBSD/x86 - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Bind TCP Shell Shellcode (Generator) Windows (XP SP1) - Bind TCP Shell Shellcode (Generator) Linux/x86 - Bind (/TCP) Shell Shellcode (Generator) Windows (XP SP1) - Bind (/TCP) Shell Shellcode (Generator) Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Windows - Reverse (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/x64 - Reverse (/TCP) Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/PPC - Reverse (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/SPARC - Reverse (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Bind (/TCP) Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Bind (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Reverse (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) Linux/x86 - Bind (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Reverse (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Reverse (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse (/TCP) Shell Shellcode (90 bytes) (Generator) Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Bind (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Reverse (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - Reverse (/TCP) Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x86 - Bind (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x64 - Bind (4444/TCP) Shell Shellcode (132 bytes) NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes) NetBSD/x86 - Reverse (6666/TCP) Shell Shellcode (83 bytes) OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes) OpenBSD/x86 - Bind (6969/TCP) Shell Shellcode (148 bytes) Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) Solaris/MIPS - Reverse (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shell Shellcode (Generator) Solaris/SPARC - Bind (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/SPARC - Bind (/TCP) Shell Shellcode (240 bytes) Solaris/x86 - Bind (/TCP) Shell Shellcode (Generator) Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows/x86 (5.0 < 7.0) - Bind (28876/TCP) Shell + Null-Free Shellcode Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode Windows/x86 - Reverse (/TCP) + Download File + Save + Execute Shellcode Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP/2000/2003) - Reverse (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) Windows (XP SP1) - Bind (58821/TCP) Shell Shellcode (116 bytes) FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) FreeBSD/x86 - Bind (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode Linux/x86 - Bind (13377/TCP) Netcat Shell Shellcode Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Reverse (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux/x86 - Bind (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) Linux/x86 - Bind (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes) BSD/x86 - Bind (2525/TCP) Shell Shellcode (167 bytes) Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind (0x1337/TCP) Shell Shellcode Linux/ARM - Bind (68/UDP) Listener + Reverse (192.168.0.1:67/TCP) Shell Shellcode Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) FreeBSD/x86 - Reverse (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/x86 - Reverse (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode OSX/x64 - Universal ROP + Reverse (/TCP) Shell Shellcode Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/MIPS - Reverse (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows/x86 - Bind (/TCP) Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x64 - Bind (4444/TCP) Shell Shellcode (508 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Linux/x86 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode Windows/ARM (RT) - Bind (4444/TCP) Shell Shellcode Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows/x86 - Reverse (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Linux/MIPS (Little Endian) - Reverse (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows/x86 (7) - Bind (4444/TCP) Shell Shellcode (357 bytes) Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Reverse (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Reverse (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes) Linux/x86 - Bind (5555/TCP) Netcat Shell Shellcode (60 bytes) Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) Mainframe/System Z - Bind (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) OSX/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Google Android - Bind (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Bind (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x64 - Reverse (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind (4444/TCP) Shell Shellcode (251 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/ARM - Reverse (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - Reverse (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (86 bytes) Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x64 - Bind TCP Shell Shellcode (Generator) Linux/x86 - Reverse (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x64 - Bind (/TCP) Shell Shellcode (Generator) Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x64 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x86 - Bind (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x64 - Reverse (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind (/TCP) Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x64 - Bind (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86 - Reverse (127.1.1.1:10/TCP) Xterm Shell Shellcode (68 bytes) Linux/x64 - Bind (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x64 - Reverse (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x86 - Bind (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Linux/x86 - Bind (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Bind (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode OSX/PPC - Reverse (/TCP) Shell (/bin/csh) Shellcode OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) OSX/PPC - Bind (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes) BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind (2222/TCP) Shell Shellcode (133 bytes) BSD/x86 - Bind (2222/TCP) Shell Shellcode (100 bytes) Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode Solaris/SPARC - Bind TCP Shell Shellcode Solaris/SPARC - Bind (2001/TCP) Shell (/bin/sh) Shellcode Solaris/SPARC - Bind (/TCP) Shell Shellcode Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) Linux/x86 - Bind (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - Reverse (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Bind (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - Bind (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - Bind TCP Shell Shellcode (112 bytes) Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Bind (/TCP) Shell Shellcode (112 bytes) Linux/x86 - Reverse (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Bind (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Windows/x86 (NT/XP/2000/2003) - Bind (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes) Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes) Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Windows/x86 - Reverse (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Windows/x64 - Reverse (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - Reverse (/TCP) Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x64 - Bind (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (87 bytes) Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse (/TCP) Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind (/TCP) Shell + Dual/Multi Mode Shellcode (156 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x64 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows/x86 - Reverse (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/x86 - Reverse (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) Linux/ARM (Raspberry Pi) - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x64 - Bind (/TCP) Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) FreeBSD/x86 - Bind (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes) IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes) Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Android/ARM - Reverse (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes) Linux/StrongARM - Bind (/TCP) Shell (/bin/sh) Shellcode (203 bytes) Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/SuperH (sh4) - Bind (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - Bind (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/x86 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes) Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes) Linux/x86 - Reverse (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x64 - Reverse (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86 - Reverse (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x64 - Reverse (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x64 - Reverse (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes) Linux/ARM (Raspberry Pi) - Bind (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - Reverse (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes) Linux/x86 - Bind (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (113 bytes)	2018-05-24 05:01:50 +00:00
Offensive Security	7bbc323854	DB: 2018-05-23 20 changes to exploits/shellcodes Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Microsoft Edge Chakra JIT - Magic Value Type Confusion AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read MakeMyTrip 7.2.4 - Information Disclosure Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit) Microsoft Windows - 'POP/MOV SS' Privilege Escalation Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting Zechat 1.5 - SQL Injection / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Nordex N149/4.0-4.5 - SQL Injection WebSocket Live Chat - Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting PaulPrinting CMS Printing 1.0 - SQL Injection iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery ERPnext 11 - Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Feedy RSS News Ticker 2.0 - 'cat' SQL Injection NewsBee CMS 1.4 - 'download.php' SQL Injection Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting	2018-05-23 05:01:45 +00:00
Offensive Security	42f3759885	DB: 2018-05-21 6 changes to exploits/shellcodes Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass) mySCADA myPRO 7 - Hard-Coded Credentials D-Link DSL-3782 - Authentication Bypass Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection	2018-05-21 05:01:47 +00:00
Offensive Security	41ea196761	DB: 2018-05-19 12 changes to exploits/shellcodes Microsoft Edge - 'Array.filter' Info Leak Microsoft Edge - 'Array.filter' Information Leak Microsoft Edge Chakra JIT - Bound Check Elimination Bug Windows - Local Privilege Escalation Windows WMI - Recieve Notification Exploit (Metasploit) Microsoft Windows - Local Privilege Escalation Microsoft Windows WMI - Recieve Notification Exploit (Metasploit) Microsoft Xbox One 10.0.14393.2152 - Code Execution (PoC) Prime95 29.4b8 - Stack Buffer Overflow (SEH) DynoRoot DHCP - Client Command Injection Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit) Microsoft Edge (Windows 10) - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution Microsoft Edge (Windows 10) - 'chakra.dll' Information Leak / Type Confusion Remote Code Execution Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010) Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010) HPE iMC 7.3 - Remote Code Execution (Metasploit) Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Monstra CMS before 3.0.4 - Cross-Site Scripting SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery Cisco SA520W Security Appliance - Path Traversal SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion	2018-05-19 05:01:48 +00:00
Offensive Security	1873a7d234	DB: 2018-05-17 12 changes to exploits/shellcodes WhatsApp 2.18.31 - Memory Corruption Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Libuser - roothelper Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery VirtueMart 3.1.14 - Persistent Cross-Site Scripting Rockwell Scada System 27.011 - Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting	2018-05-17 05:01:47 +00:00
Offensive Security	2d5885c58b	DB: 2018-05-15 5 changes to exploits/shellcodes 2345 Security Guard 3.7 - '2345NsProtect.sys' Denial of Service FxCop 10/12 - XML External Entity Injection Microsoft Windows FxCop 10/12 - XML External Entity Injection Apple Safari 3.2.x - 'XXE' Local File Theft Apple Safari 3.2.x - XML External Entity Local File Theft Open-AudIT Community - 2.2.0 – Cross-Site Scripting Open-AudIT Community 2.2.0 - Cross-Site Scripting Monstra CMS 3.0.4 - Remote Code Execution XATABoost 1.0.0 - SQL Injection Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell Shellcode (96 Bytes)	2018-05-15 05:01:47 +00:00
Offensive Security	7788a305c5	DB: 2018-05-12 6 changes to exploits/shellcodes 2345 Security Guard 3.7 - Denial of Service 2345 Security Guard 3.7 - '2345NetFirewall.sys' Denial of Service 2345 Security Guard 3.7 - '2345BdPcSafe.sys' Denial of Service Reaper 5.78 - Local Buffer Overflow EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection Mantis 1.1.3 - manage_proj_page PHP Code Execution (Metasploit) Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) Open-AudIT Professional - 2.1.1 - Cross-Site Scripting Ncomputing vSpace Pro v10 and v11 - Directory Traversal PoC Ncomputing vSpace Pro 10/11 - Directory Traversal Fastweb FASTGate 0.00.47 - Cross-site Request Forgery Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery Open-AudIT Community - 2.2.0 – Cross-Site Scripting	2018-05-12 05:01:46 +00:00
Offensive Security	017887466c	DB: 2018-05-10 4 changes to exploits/shellcodes Allok Video Splitter 3.1.12.17 - Denial of Service GNU wget - Cookie Injection FxCop 10/12 - XML External Entity Injection Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit) PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit) PlaySMS 1.4 - sendfromfile.php Authenticated _Filename_ Field Code Execution (Metasploit) Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit) PlaySMS - 'import.php' Authenticated CSV File Upload Code Execution (Metasploit) PlaySMS 1.4 - 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit) Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)	2018-05-10 05:01:46 +00:00
Offensive Security	a066ef9212	DB: 2018-05-07 11 changes to exploits/shellcodes HWiNFO 5.82-3410 - Denial of Service DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH) CSP MySQL User Manager 2.3.1 - Authentication Bypass WordPress Plugin User Role Editor < 4.25 - Privilege Escalation Linux/x86 - execve(/bin/sh) NOT Encoded Shellcode (27 bytes)	2018-05-07 05:01:44 +00:00

... 4 5 6 7 8

389 commits