Offensive Security
641d6cca75
DB: 2018-06-28
...
3 changes to exploits/shellcodes
WinEggDropShell 1.7 - Unauthenticated Multiple Remote Stack Overflows (PoC)
WinEggDropShell 1.7 - Multiple Remote Stack Overflows (PoC)
FileCOPA FTP Server 1.01 - 'USER' Unauthenticated Remote Denial of Service
FileCOPA FTP Server 1.01 - 'USER' Remote Denial of Service
Asterisk 1.2.15/1.4.0 - Unauthenticated Remote Denial of Service
Asterisk 1.2.15/1.4.0 - Remote Denial of Service
Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC)
Mercury/32 Mail SMTPD - Remote Stack Overrun (PoC)
Hexamail Server 3.0.0.001 - 'pop3' Unauthenticated Remote Overflow (PoC)
Hexamail Server 3.0.0.001 - 'pop3' Remote Overflow (PoC)
Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)
Airsensor M520 - HTTPd Remote Denial of Service / Buffer Overflow (PoC)
McAfee E-Business Server 8.5.2 - Unauthenticated Remote Code Execution / Denial of Service (PoC)
McAfee E-Business Server 8.5.2 - Remote Code Execution / Denial of Service (PoC)
freeSSHd 1.2.1 - Authenticated Remote Stack Overflow (PoC)
freeSSHd 1.2.1 - (Authenticated) Remote Stack Overflow (PoC)
vsftpd 2.0.5 - 'CWD' Authenticated Remote Memory Consumption
vsftpd 2.0.5 - 'CWD' (Authenticated) Remote Memory Consumption
Surgemail 39e-1 - Authenticated IMAP Remote Buffer Overflow (Denial of Service) (PoC)
Surgemail 39e-1 - (Authenticated) IMAP Remote Buffer Overflow (Denial of Service) (PoC)
Oracle Internet Directory 10.1.4 - Unauthenticated Remote Denial of Service
Oracle Internet Directory 10.1.4 - Remote Denial of Service
RhinoSoft Serv-U FTP Server 7.3 - Authenticated 'stou con:1' Denial of Service
RhinoSoft Serv-U FTP Server 7.3 - (Authenticated) 'stou con:1' Denial of Service
Noticeware E-mail Server 5.1.2.2 - 'POP3' Unauthenticated Denial of Service
Noticeware E-mail Server 5.1.2.2 - 'POP3' Denial of Service
freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow (PoC)
Addonics NAS Adapter - Authenticated Denial of Service
Addonics NAS Adapter - (Authenticated) Denial of Service
RhinoSoft Serv-U FTP Server 7.4.0.1 - 'SMNT' Authenticated Denial of Service
RhinoSoft Serv-U FTP Server 7.4.0.1 - 'SMNT' (Authenticated) Denial of Service
XRDP 0.4.1 - Unauthenticated Remote Buffer Overflow (PoC)
XRDP 0.4.1 - Remote Buffer Overflow (PoC)
Addonics NAS Adapter - 'bts.cgi' Authenticated Remote Denial of Service
Addonics NAS Adapter - 'bts.cgi' (Authenticated) Remote Denial of Service
MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String (PoC)
MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC)
FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service
FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service
Cerberus FTP server 3.0.6 - Unauthenticated Denial of Service
Cerberus FTP server 3.0.6 - Denial of Service
FtpXQ 3.0 - Authenticated Remote Denial of Service
FtpXQ 3.0 - (Authenticated) Remote Denial of Service
httpdx 1.5.2 - Unauthenticated Remote Denial of Service (PoC)
httpdx 1.5.2 - Remote Denial of Service (PoC)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Crash (PoC)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Crash (PoC)
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (SEH) (PoC)
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (PoC)
EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (SEH) (PoC)
EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (PoC)
httpdx 1.5.3b - Multiple Unauthenticated Remote Denial of Service Vulnerabilities (PoC)
Kerio MailServer 6.2.2 - Unauthenticated Remote Denial of Service (PoC)
httpdx 1.5.3b - Multiple Remote Denial of Service Vulnerabilities (PoC)
Kerio MailServer 6.2.2 - Remote Denial of Service (PoC)
eDisplay Personal FTP Server 1.0.0 - Unauthenticated Denial of Service (PoC)
eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Crashs (SEH) (PoC)
eDisplay Personal FTP Server 1.0.0 - Denial of Service (PoC)
eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Crashs (SEH) (PoC)
IncrediMail 2.0 - ActiveX (Authenticate) Buffer Overflow (PoC)
IncrediMail 2.0 - ActiveX (Authenticated) Buffer Overflow (PoC)
(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Unauthenticated Denial of Service
(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Denial of Service
Microsoft Windows Server 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow
Microsoft Windows Server 2003 - AD BROWSER ELECTION Remote Heap Overflow
IPComp - encapsulation Unauthenticated Kernel Memory Corruption
IPComp - encapsulation Kernel Memory Corruption
Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit)
Wyse - Machine Remote Power Off (Denial of Service) (Metasploit)
WFTPD 2.4.1RC11 - Unauthenticated MLST Command Remote Denial of Service
WFTPD 2.4.1RC11 - MLST Command Remote Denial of Service
RobotFTP Server 1.0/2.0 - Unauthenticated Remote Command Denial of Service
RobotFTP Server 1.0/2.0 - Remote Command Denial of Service
Alt-N MDaemon 2-8 - IMAP Unauthenticated Remote Buffer Overflow
Alt-N MDaemon 2-8 - IMAP Remote Buffer Overflow
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Unauthenticated Remote Reboot (Denial of Service)
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Remote Reboot (Denial of Service)
Microsoft Windows - Unauthenticated SMB Remote Code Execution Scanner (MS17-010) (Metasploit)
Microsoft Windows - SMB Remote Code Execution Scanner (MS17-010) (Metasploit)
OpenVPN 2.4.0 - Unauthenticated Denial of Service
OpenVPN 2.4.0 - Denial of Service
NetAccess IP3 - Authenticated Ping Option Command Injection
NetAccess IP3 - (Authenticated) Ping Option Command Injection
Cobalt Linux 6.0 - RaQ Authenticate Privilege Escalation
Cobalt Linux 6.0 - RaQ (Authenticated) Privilege Escalation
Hosting Controller 0.6.1 - Unauthenticated User Registration (1)
Hosting Controller 0.6.1 - User Registration (1)
Hosting Controller 0.6.1 - Unauthenticated User Registration (2)
Hosting Controller 0.6.1 - User Registration (2)
HP-UX FTP Server - Unauthenticated Directory Listing (Metasploit)
HP-UX FTP Server - Directory Listing (Metasploit)
IBM Lotus Domino Server 6.5 - Unauthenticated Remote Overflow
IBM Lotus Domino Server 6.5 - Remote Overflow
Frontbase 4.2.7 - Authenticated Remote Buffer Overflow (2.2)
Frontbase 4.2.7 - (Authenticated) Remote Buffer Overflow (2.2)
IBM Tivoli Provisioning Manager - Unauthenticated Remote Overflow (Egghunter)
IBM Tivoli Provisioning Manager - Remote Overflow (Egghunter)
Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Unauthenticated Remote Overflow
Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Remote Overflow
SIDVault LDAP Server - Unauthenticated Remote Buffer Overflow
Mercury/32 Mail Server 3.32 < 4.51 - SMTP Unauthenticated EIP Overwrite
SIDVault LDAP Server - Remote Buffer Overflow
Mercury/32 Mail Server 3.32 < 4.51 - SMTP EIP Overwrite
Mercury/32 4.52 IMAPD - 'SEARCH' Authenticated Overflow
Mercury/32 4.52 IMAPD - 'SEARCH' (Authenticated) Overflow
SAP MaxDB 7.6.03.07 - Unauthenticated Remote Command Execution
SAP MaxDB 7.6.03.07 - Remote Command Execution
MailEnable Professional/Enterprise 3.13 - 'Fetch' Authenticated Remote Buffer Overflow
MailEnable Professional/Enterprise 3.13 - 'Fetch' (Authenticated) Remote Buffer Overflow
NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal
NetWin Surgemail 3.8k4-4 - IMAP (Authenticated) Remote LIST Universal
HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Unauthenticated Overflow (SEH)
HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH)
BigAnt Server 2.2 - Unauthenticated Remote Overflow (SEH)
BigAnt Server 2.2 - Remote Overflow (SEH)
freeSSHd 1.2.1 - Authenticated Remote Overflow (SEH)
freeSSHd 1.2.1 - (Authenticated) Remote Overflow (SEH)
Debian OpenSSH - Authenticated Remote SELinux Privilege Escalation
Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation
Serv-U FTP Server 7.3 - Authenticated Remote FTP File Replacement
Serv-U FTP Server 7.3 - (Authenticated) Remote FTP File Replacement
WinFTP Server 2.3.0 - 'LIST' Authenticated Remote Buffer Overflow
WinFTP Server 2.3.0 - 'LIST' (Authenticated) Remote Buffer Overflow
Telnet-Ftp Service Server 1.x - Multiple Authenticated Vulnerabilities
Femitter FTP Server 1.x - Multiple Authenticated Vulnerabilities
Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities
Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities
cPanel - Authenticated 'lastvisit.html Domain' Arbitrary File Disclosure
cPanel - (Authenticated) 'lastvisit.html Domain' Arbitrary File Disclosure
Adobe JRun 4 - 'logfile' Authenticated Directory Traversal
Adobe JRun 4 - 'logfile' (Authenticated) Directory Traversal
HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Unauthenticated Remote Buffer Overflow
HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Remote Buffer Overflow
Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow
Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Remote Overflow
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Remote Overflow
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (1)
EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (1)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Buffer Overflow (Metasploit)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Buffer Overflow (Metasploit)
eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (1)
eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Stack Buffer Overflows (1)
eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (2)
eDisplay Personal FTP Server 1.0.0 - (Authenticated) Multiple Stack Buffer Overflows (2)
EasyFTP Server 1.7.0.2 - 'MKD' Authenticated Remote Buffer Overflow
EasyFTP Server 1.7.0.2 - 'MKD' (Authenticated) Remote Buffer Overflow
Iomega Home Media Network Hard Drive 2.038 < 2.061 - Unauthenticated File-system Access
Iomega Home Media Network Hard Drive 2.038 < 2.061 - File-system Access
ProSSHD 1.2 - Authenticated Remote (ASLR + DEP Bypass)
ProSSHD 1.2 - (Authenticated) Remote (ASLR + DEP Bypass)
Tiki Wiki 15.1 - Unauthenticated File Upload (Metasploit)
Tiki Wiki 15.1 - File Upload (Metasploit)
EasyFTP Server 1.7.0.11 - 'MKD' Authenticated Remote Buffer Overflow
EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow
EasyFTP Server 1.7.0.11 - 'CWD' Authenticated Remote Buffer Overflow
EasyFTP Server 1.7.0.11 - 'MKD' (Authenticated) Remote Buffer Overflow
EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow
EasyFTP Server 1.7.0.11 - 'CWD' (Authenticated) Remote Buffer Overflow
EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow (Metasploit)
EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow (Metasploit)
UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow
UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow
EasyFTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflows
EasyFTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflows
Home FTP Server 1.11.1.149 - Authenticated Directory Traversal
Home FTP Server 1.11.1.149 - (Authenticated) Directory Traversal
Linksys WAP610N - Unauthenticated Root Access Security
Linksys WAP610N - Root Access Security
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Authenticated Remote Buffer Overflow
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow
Axis2 - Authenticated Code Execution (via REST) (Metasploit)
Axis2 - (Authenticated) Code Execution (via REST) (Metasploit)
Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP) (Metasploit)
Axis2 / SAP BusinessObjects - (Authenticated) Code Execution (via SOAP) (Metasploit)
Apache Tomcat Manager - Application Deployer Authenticated Code Execution (Metasploit)
Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit)
Microsoft Windows - Authenticated User Code Execution (Metasploit)
Microsoft Windows - (Authenticated) User Code Execution (Metasploit)
Novell NetMail 3.52d - IMAP Authenticate Buffer Overflow (Metasploit)
Novell NetMail 3.52d - IMAP (Authenticated) Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Unauthenticated Stack Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Stack Buffer Overflow (Metasploit)
Squid - NTLM Authenticate Overflow (Metasploit)
Squid - NTLM (Authenticated) Overflow (Metasploit)
ManageEngine Applications Manager - Authenticated Code Execution (Metasploit)
ManageEngine Applications Manager - (Authenticated) Code Execution (Metasploit)
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (2)
EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (2)
ActFax Server FTP - Authenticated Remote Buffer Overflow
ActFax Server FTP - (Authenticated) Remote Buffer Overflow
Blue Coat Reporter - Unauthenticated Directory Traversal
Blue Coat Reporter - Directory Traversal
Avaya WinPDM UniteHostRouter 3.8.2 - Remote Unauthenticated Command Execution
Avaya WinPDM UniteHostRouter 3.8.2 - Remote Command Execution
Sysax Multi Server 5.53 - SFTP Authenticated (SEH)
Sysax 5.53 - SSH 'Username' Remote Buffer Overflow Unauthenticated Remote Code Execution (Egghunter)
Sysax Multi Server 5.53 - SFTP (Authenticated) (SEH)
Sysax 5.53 - SSH 'Username' Remote Buffer Overflow Remote Code Execution (Egghunter)
MailMax 4.6 - POP3 'USER' Unauthenticated Remote Buffer Overflow
MailMax 4.6 - POP3 'USER' Remote Buffer Overflow
Webmin 0.9x / Usermin 0.9x/1.0 - Unauthenticated Access Session ID Spoofing
Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing
MySQL - Unauthenticated Remote User Enumeration
MySQL - Remote User Enumeration
DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (1)
DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (2)
DameWare Mini Remote Control Server 3.7x - Unauthenticated Buffer Overflow (3)
DameWare Mini Remote Control Server 3.7x - Buffer Overflow (1)
DameWare Mini Remote Control Server 3.7x - Buffer Overflow (2)
DameWare Mini Remote Control Server 3.7x - Buffer Overflow (3)
NetWin SurgeFTP - Authenticated Admin Command Injection (Metasploit)
NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)
Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution
Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution
Firebird 1.0 - Unauthenticated Remote Database Name Buffer Overrun
Firebird 1.0 - Remote Database Name Buffer Overrun
Novell NCP - Unauthenticated Remote Command Execution
Novell NCP - Remote Command Execution
Kordil EDms 2.2.60rc3 - Unauthenticated Arbitrary File Upload (Metasploit)
Kordil EDms 2.2.60rc3 - Arbitrary File Upload (Metasploit)
SAP ConfigServlet - Unauthenticated Remote Payload Execution (Metasploit)
SAP ConfigServlet - Remote Payload Execution (Metasploit)
phpMyAdmin - 'preg_replace' Authenticated Remote Code Execution (Metasploit)
phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution (Metasploit)
D-Link Devices - 'command.php' Unauthenticated Remote Command Execution (Metasploit)
D-Link Devices - 'command.php' Remote Command Execution (Metasploit)
D-Link Devices - 'tools_vct.xgi' Unauthenticated Remote Command Execution (Metasploit)
D-Link Devices - 'tools_vct.xgi' Remote Command Execution (Metasploit)
MikroTik RouterOS - sshd (ROSSSH) Unauthenticated Remote Heap Corruption
MikroTik RouterOS - sshd (ROSSSH) Remote Heap Corruption
Raidsonic NAS Devices - Unauthenticated Remote Command Execution (Metasploit)
Raidsonic NAS Devices - Remote Command Execution (Metasploit)
vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)
vTiger CRM 5.3.0 5.4.0 - (Authenticated) Remote Code Execution (Metasploit)
Zabbix - Authenticated Remote Command Execution (Metasploit)
ISPConfig - Authenticated Arbitrary PHP Code Execution (Metasploit)
Zabbix - (Authenticated) Remote Command Execution (Metasploit)
ISPConfig - (Authenticated) Arbitrary PHP Code Execution (Metasploit)
ProcessMaker Open Source - Authenticated PHP Code Execution (Metasploit)
ProcessMaker Open Source - (Authenticated) PHP Code Execution (Metasploit)
Linksys E-series - Unauthenticated Remote Code Execution
Linksys E-series - Remote Code Execution
Apache Tomcat Manager - Application Upload Authenticated Code Execution (Metasploit)
Apache Tomcat Manager - Application Upload (Authenticated) Code Execution (Metasploit)
Fritz!Box Webcm - Unauthenticated Command Injection (Metasploit)
Fritz!Box Webcm - Command Injection (Metasploit)
Sophos Web Protection Appliance Interface - Authenticated Arbitrary Command Execution (Metasploit)
Sophos Web Protection Appliance Interface - (Authenticated) Arbitrary Command Execution (Metasploit)
Vtiger - 'Install' Unauthenticated Remote Command Execution (Metasploit)
Vtiger - 'Install' Remote Command Execution (Metasploit)
Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root Remote Code Execution (Metasploit)
Unitrends Enterprise Backup 7.3.0 - Root Remote Code Execution (Metasploit)
Gitlist - Unauthenticated Remote Command Execution (Metasploit)
WordPress Plugin MailPoet Newsletters 2.6.8 - 'wysija-newsletters' Unauthenticated Arbitrary File Upload (Metasploit)
Gitlist - Remote Command Execution (Metasploit)
WordPress Plugin MailPoet Newsletters 2.6.8 - 'wysija-newsletters' Arbitrary File Upload (Metasploit)
D-Link Devices - Unauthenticated UPnP M-SEARCH Multicast Command Injection (Metasploit)
D-Link Devices - UPnP M-SEARCH Multicast Command Injection (Metasploit)
F5 Big-IP - Unauthenticated rsync Access
F5 Big-IP - rsync Access
Wing FTP Server - Authenticated Command Execution (Metasploit)
Wing FTP Server - (Authenticated) Command Execution (Metasploit)
Tincd - Authenticated Remote TCP Stack Buffer Overflow (Metasploit)
Tincd - (Authenticated) Remote TCP Stack Buffer Overflow (Metasploit)
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Unauthenticated Remote Code Execution
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Remote Code Execution
Shuttle Tech ADSL Modem/Router 915 WM - Unauthenticated Remote DNS Change
Shuttle Tech ADSL Modem/Router 915 WM - Remote DNS Change
ManageEngine (Multiple Products) - Authenticated Arbitrary File Upload (Metasploit)
ManageEngine (Multiple Products) - (Authenticated) Arbitrary File Upload (Metasploit)
D-Link DSL-2740R - Unauthenticated Remote DNS Change
D-Link DSL-2740R - Remote DNS Change
LG DVR LE6016D - Unauthenticated Remote Users/Passwords Disclosure
LG DVR LE6016D - Remote Users/Passwords Disclosure
Symantec Web Gateway 5 - 'restore.php' Authenticated Command Injection (Metasploit)
Symantec Web Gateway 5 - 'restore.php' (Authenticated) Command Injection (Metasploit)
Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)
Seagate Business NAS - Remote Command Execution (Metasploit)
ElasticSearch - Unauthenticated Remote Code Execution
ElasticSearch - Remote Code Execution
Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution (Metasploit)
Barracuda Firmware 5.0.0.012 - (Authenticated) Remote Command Execution (Metasploit)
Konica Minolta FTP Utility 1.00 - Authenticated CWD Command Overflow (SEH) (Metasploit)
Konica Minolta FTP Utility 1.00 - (Authenticated) CWD Command Overflow (SEH) (Metasploit)
Zpanel - Unauthenticated Remote Code Execution (Metasploit)
Zpanel - Remote Code Execution (Metasploit)
SKIDATA Freemotion.Gate - Unauthenticated Web Services Multiple Command Execution Vulnerabilities
SKIDATA Freemotion.Gate - Web Services Multiple Command Execution Vulnerabilities
D-Link DCS-930L - Authenticated Remote Command Execution (Metasploit)
D-Link DCS-930L - (Authenticated) Remote Command Execution (Metasploit)
OpenSSH 7.2p1 - Authenticated xauth Command Injection
OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
Novell ServiceDesk - Authenticated Arbitrary File Upload (Metasploit)
Novell ServiceDesk - (Authenticated) Arbitrary File Upload (Metasploit)
Bomgar Remote Support - Unauthenticated Code Execution (Metasploit)
Bomgar Remote Support - Code Execution (Metasploit)
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit)
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution (Metasploit)
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) (3)
Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit)
AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution
AsusWRT Router < 3.0.0.4.380.7743 - LAN Remote Code Execution
NETGEAR JNR1010 ADSL Router - Authenticated Remote File Disclosure
NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - Authenticated Remote File Disclosure
NETGEAR JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - (Authenticated) Remote File Disclosure
D-Link DIR-Series Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit)
D-Link DIR-Series Routers - HNAP Login Stack Buffer Overflow (Metasploit)
MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit)
MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Command Execution (Metasploit)
HPE iMC - dbman RestoreDBase Unauthenticated Remote Command Execution (Metasploit)
HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit)
HPE iMC - dbman 'RestoreDBase' Remote Command Execution (Metasploit)
HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit)
phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit)
phpCollab 2.5.1 - File Upload (Metasploit)
Supervisor 3.0a1 < 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit)
Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit)
NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit)
NETGEAR WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)
Tenable Appliance < 4.5 - Unauthenticated Root Remote Code Execution
Tenable Appliance < 4.5 - Root Remote Code Execution
Oracle GoldenGate 12.1.2.0.0 - Unauthenticated Remote Code Execution
Oracle GoldenGate 12.1.2.0.0 - Remote Code Execution
Octopus Deploy - Authenticated Code Execution (Metasploit)
Octopus Deploy - (Authenticated) Code Execution (Metasploit)
Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution
Logpoint < 5.6.4 - Root Remote Code Execution
VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Unauthenticated Command Execution (Metasploit)
VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Command Execution (Metasploit)
UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Unauthenticated Root Remote Code Execution
UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Root Remote Code Execution
Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Unauthenticated Remote Code Execution (Metasploit)
Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Remote Code Execution (Metasploit)
Wireless IP Camera (P2P) WIFICAM - Unauthenticated Remote Code Execution
Wireless IP Camera (P2P) WIFICAM - Remote Code Execution
D-Link DIR-850L - Unauthenticated OS Command Execution (Metasploit)
D-Link DIR-850L - OS Command Execution (Metasploit)
pfSense - Authenticated Group Member Remote Command Execution (Metasploit)
pfSense - (Authenticated) Group Member Remote Command Execution (Metasploit)
AsusWRT LAN - Unauthenticated Remote Code Execution (Metasploit)
AsusWRT LAN - Remote Code Execution (Metasploit)
Tenda AC15 Router - Unauthenticated Remote Code Execution
Tenda AC15 Router - Remote Code Execution
Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution
Unitrends UEB 10.0 - Root Remote Code Execution
xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit)
xdebug < 2.5.5 - OS Command Execution (Metasploit)
PlaySMS - 'import.php' Authenticated CSV File Upload Code Execution (Metasploit)
PlaySMS 1.4 - 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit)
PlaySMS - 'import.php' (Authenticated) CSV File Upload Code Execution (Metasploit)
PlaySMS 1.4 - 'sendfromfile.php?Filename' (Authenticated) 'Code Execution (Metasploit)
Quest KACE Systems Management - Command Injection (Metasploit)
Hosting Controller 0.6.1 - Unauthenticated User Registration (3)
Hosting Controller 0.6.1 - User Registration (3)
Hosting Controller 6.1 Hotfix 3.2 - Unauthenticated Access
Hosting Controller 6.1 Hotfix 3.2 - Access
e107 0.7.8 - 'mailout.php' Authenticated Access Escalation
e107 0.7.8 - 'mailout.php' (Authenticated) Access Escalation
Joomla! Component JPad 1.0 - Authenticated SQL Injection
Joomla! Component JPad 1.0 - (Authenticated) SQL Injection
AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload
AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload
zFeeder 1.6 - 'admin.php' Unauthenticated Admin Bypass
zFeeder 1.6 - 'admin.php' Admin Bypass
Hannon Hill Cascade Server - Authenticated Command Execution
Hannon Hill Cascade Server - (Authenticated) Command Execution
Gravity Board X 2.0 Beta - SQL Injection / Authenticated Code Execution
Gravity Board X 2.0 Beta - SQL Injection / (Authenticated) Code Execution
Papoo CMS 3.7.3 - Authenticated Arbitrary Code Execution
Papoo CMS 3.7.3 - (Authenticated) Arbitrary Code Execution
HP Release Control - Authenticated XML External Entity (Metasploit)
HP Release Control - (Authenticated) XML External Entity (Metasploit)
3Com* iMC (Intelligent Management Center) - Unauthenticated Traversal File Retrieval
3Com* iMC (Intelligent Management Center) - Traversal File Retrieval
Apache Axis2 Administration Console - Authenticated Cross-Site Scripting
Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting
dotDefender 3.8-5 - Unauthenticated Remote Code Execution (via Cross-Site Scripting)
dotDefender 3.8-5 - Remote Code Execution (via Cross-Site Scripting)
Mitel AWC - Unauthenticated Command Execution
Mitel AWC - Command Execution
TYPO3 - Unauthenticated Arbitrary File Retrieval
TYPO3 - Arbitrary File Retrieval
vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion
vTiger CRM 5.0.4 - Local File Inclusion
N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code
N_CMS 1.1E - Local File Inclusion / Remote Code
IF-CMS 2.07 - Unauthenticated Local File Inclusion (1)
IF-CMS 2.07 - Local File Inclusion (1)
SQL-Ledger 2.8.33 - Authenticated Local File Inclusion / Edit
SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit
IF-CMS 2.07 - Unauthenticated Local File Inclusion (Metasploit) (2)
IF-CMS 2.07 - Local File Inclusion (Metasploit) (2)
Sun/Oracle GlassFish Server - Authenticated Code Execution (Metasploit)
Sun/Oracle GlassFish Server - (Authenticated) Code Execution (Metasploit)
TomatoCart 1.1 - Authenticated Local File Inclusion
TomatoCart 1.1 - (Authenticated) Local File Inclusion
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Unauthenticated Directory Traversal
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
PHP Grade Book 1.9.4 - Unauthenticated SQL Database Export
PHP Grade Book 1.9.4 - SQL Database Export
Dolibarr ERP/CRM 3 - Authenticated OS Command Injection (Metasploit)
Dolibarr ERP/CRM 3 - (Authenticated) OS Command Injection (Metasploit)
WebCalendar 1.2.4 - Unauthenticated Remote Code Injection (Metasploit)
WebCalendar 1.2.4 - Remote Code Injection (Metasploit)
SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Authenticated SQL Injection
SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / (Authenticated) SQL Injection
PostNuke 0.6 - Unauthenticated User Login
PostNuke 0.6 - User Login
Trend Micro Control Manager 5.5/6.0 AdHocQuery - Authenticated Blind SQL Injection
Trend Micro Control Manager 5.5/6.0 AdHocQuery - (Authenticated) Blind SQL Injection
WordPress Theme Archin 3.2 - Unauthenticated Configuration Access
WordPress Theme Archin 3.2 - Configuration Access
Exper EWM-01 ADSL/MODEM - Unauthenticated DNS Change
Exper EWM-01 ADSL/MODEM - DNS Change
Geeklog 1.3.x - Authenticated SQL Injection
Geeklog 1.3.x - (Authenticated) SQL Injection
FirePass SSL VPN - Unauthenticated Local File Inclusion
FirePass SSL VPN - Local File Inclusion
vbPortal 2.0 alpha 8.1 - Authenticated SQL Injection
vbPortal 2.0 alpha 8.1 - (Authenticated) SQL Injection
IRIS Citations Management Tool - Authenticated Remote Command Execution
IRIS Citations Management Tool - (Authenticated) Remote Command Execution
BetaParticle blog 2.0/3.0 - 'upload.asp' Unauthenticated Arbitrary File Upload
BetaParticle blog 2.0/3.0 - 'myFiles.asp' Unauthenticated File Manipulation
BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload
BetaParticle blog 2.0/3.0 - 'myFiles.asp' File Manipulation
YeaLink IP Phone Firmware 9.70.0.100 - Unauthenticated Phone Call
YeaLink IP Phone Firmware 9.70.0.100 - Phone Call
HelpDeskZ 1.0.2 - Unauthenticated Arbitrary File Upload
HelpDeskZ 1.0.2 - Arbitrary File Upload
aoblogger 2.3 - 'create.php' Unauthenticated Entry Creation
aoblogger 2.3 - 'create.php' Entry Creation
WordPress Plugin Dexs PM System - Authenticated Persistent Cross-Site Scripting
WordPress Plugin Dexs PM System - (Authenticated) Persistent Cross-Site Scripting
ASUS DSL-X11 ADSL Router - Unauthenticated DNS Change
ASUS DSL-X11 ADSL Router - DNS Change
COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change
COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - DNS Change
Tenda ADSL2/2+ Modem 963281TAN - Unauthenticated DNS Change
Tenda ADSL2/2+ Modem 963281TAN - DNS Change
PLANET VDR-300NU ADSL Router - Unauthenticated DNS Change
PLANET VDR-300NU ADSL Router - DNS Change
PIKATEL 96338WS_ 96338L-2M-8M - Unauthenticated DNS Change
PIKATEL 96338WS_ 96338L-2M-8M - DNS Change
Inteno EG101R1 VoIP Router - Unauthenticated DNS Change
Inteno EG101R1 VoIP Router - DNS Change
LifeSize UVC 1.2.6 - Authenticated Remote Code Execution
LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution
Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Web Shell
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell
EMC Cloud Tiering Appliance 10.0 - Unauthenticated XML External Entity Arbitrary File Read (Metasploit)
EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read (Metasploit)
Alienvault 4.5.0 - Authenticated SQL Injection (Metasploit)
Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)
Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting
Alienvault 4.3.1 - SQL Injection / Cross-Site Scripting
Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit)
Alienvault Open Source SIEM (OSSIM) 4.6.1 - (Authenticated) SQL Injection (Metasploit)
FreePBX 13.0.x < 13.0.154 - Unauthenticated Remote Command Execution
FreePBX 13.0.x < 13.0.154 - Remote Command Execution
Lunar CMS 3.3 - Unauthenticated Remote Command Execution
Lunar CMS 3.3 - Remote Command Execution
ISPConfig 3.0.54p1 - Authenticated Admin Privilege Escalation
ISPConfig 3.0.54p1 - (Authenticated) Admin Privilege Escalation
Plogger 1.0-RC1 - Authenticated Arbitrary File Upload
Plogger 1.0-RC1 - (Authenticated) Arbitrary File Upload
ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution
ActualAnalyzer Lite 2.81 - Command Execution
WordPress Plugin Huge-IT Image Gallery 1.0.1 - Authenticated SQL Injection
WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection
WordPress Plugin Premium Gallery Manager - Unauthenticated Configuration Access
WordPress Plugin Premium Gallery Manager - Configuration Access
ZTE ZXDSL-931VII - Unauthenticated Configuration Dump
ZTE ZXDSL-931VII - Configuration Dump
IPFire - Cgi Web Interface Authenticated Bash Environment Variable Code Injection
IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection
SEO Control Panel 3.6.0 - Authenticated SQL Injection
SEO Control Panel 3.6.0 - (Authenticated) SQL Injection
Tapatalk for vBulletin 4.x - Unauthenticated Blind SQL Injection
Subex Fms 7.4 - Unauthenticated SQL Injection
Tapatalk for vBulletin 4.x - Blind SQL Injection
Subex Fms 7.4 - SQL Injection
WordPress Plugin wpDataTables 1.5.3 - Unauthenticated Arbitrary File Upload
WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload
WordPress Plugin WP Symposium 14.11 - Unauthenticated Arbitrary File Upload
WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload
PMB 4.1.3 - Authenticated SQL Injection
PMB 4.1.3 - (Authenticated) SQL Injection
D-Link DSL-2640B ADSL Router - 'ddnsmngr' Unauthenticated Remote DNS Change
D-Link DSL-2640B ADSL Router - 'ddnsmngr' Remote DNS Change
Seagate Business NAS 2014.00319 - Unauthenticated Remote Code Execution
Seagate Business NAS 2014.00319 - Remote Code Execution
WordPress Plugin Ultimate Product Catalogue - Unauthenticated SQL Injection (1)
WordPress Plugin Ultimate Product Catalogue - Unauthenticated SQL Injection (2)
WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)
WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)
WordPress Plugin Freshmail 1.5.8 - Unauthenticated SQL Injection
WordPress Plugin Freshmail 1.5.8 - SQL Injection
Broadlight Residential Gateway DI3124 - Unauthenticated Remote DNS Change
Broadlight Residential Gateway DI3124 - Remote DNS Change
D-Link DSL-2780B DLink_1.01.14 - Unauthenticated Remote DNS Change
TP-Link TD-W8950ND ADSL2+ - Unauthenticated Remote DNS Change
D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change
TP-Link TD-W8950ND ADSL2+ - Remote DNS Change
D-Link DSL-526B ADSL2+ AU_2.01 - Unauthenticated Remote DNS Change
D-Link DSL-526B ADSL2+ AU_2.01 - Remote DNS Change
phpCollab 2.5 - Unauthenticated Direct Request Multiple Protected Page Access
phpCollab 2.5 - Direct Request Multiple Protected Page Access
AirDroid - Unauthenticated Arbitrary File Upload
AirDroid - Arbitrary File Upload
D-Link DSL-2750u / DSL-2730u - Authenticated Local File Disclosure
D-Link DSL-2750u / DSL-2730u - (Authenticated) Local File Disclosure
Zenoss 3.2.1 - Authenticated Remote Command Execution
Zenoss 3.2.1 - (Authenticated) Remote Command Execution
WordPress Plugin Download Manager Free 2.7.94 & Pro 4 - Authenticated Persistent Cross-Site Scripting
WordPress Plugin Download Manager Free 2.7.94 & Pro 4 - (Authenticated) Persistent Cross-Site Scripting
Magento CE < 1.9.0.1 - Authenticated Remote Code Execution
Magento CE < 1.9.0.1 - (Authenticated) Remote Code Execution
BigTree CMS 4.2.3 - Authenticated SQL Injection
BigTree CMS 4.2.3 - (Authenticated) SQL Injection
vTiger CRM 6.3.0 - Authenticated Remote Code Execution
vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution
ZTE ZXHN H108N Router - Unauthenticated Configuration Disclosure
ZTE ZXHN H108N Router - Configuration Disclosure
vBulletin 5.1.x - Unauthenticated Remote Code Execution
vBulletin 5.1.x - Remote Code Execution
Jenkins 1.633 - Unauthenticated Credential Recovery
Jenkins 1.633 - Credential Recovery
MediaAccess TG788vn - Unauthenticated File Disclosure
MediaAccess TG788vn - File Disclosure
WhatsUp Gold 16.3 - Unauthenticated Remote Code Execution
WhatsUp Gold 16.3 - Remote Code Execution
WordPress Plugin Booking Calendar Contact Form 1.1.23 - Unauthenticated SQL Injection
WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection
Dell OpenManage Server Administrator 8.2 - Authenticated Directory Traversal
Dell OpenManage Server Administrator 8.2 - (Authenticated) Directory Traversal
Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Unauthenticated Remote Command Execution (Metasploit)
Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Remote Command Execution (Metasploit)
Observium 0.16.7533 - Authenticated Arbitrary Command Execution
Observium 0.16.7533 - (Authenticated) Arbitrary Command Execution
Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize / Arbitrary Write File
Magento < 2.0.6 - Arbitrary Unserialize / Arbitrary Write File
Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Unauthenticated Arbitrary File Upload
Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Arbitrary File Upload
CyberPower Systems PowerPanel 3.1.2 - Unauthenticated XML External Entity Out-Of-Band Data Retrieval
CyberPower Systems PowerPanel 3.1.2 - XML External Entity Out-Of-Band Data Retrieval
vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting
vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection
vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting
vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection
AXIS (Multiple Products) - 'devtools ' Authenticated Remote Command Execution
AXIS (Multiple Products) - 'devtools ' (Authenticated) Remote Command Execution
PHP gettext 1.0.12 - 'gettext.php' Unauthenticated Code Execution
PHP gettext 1.0.12 - 'gettext.php' Code Execution
phpMyAdmin 4.6.2 - Authenticated Remote Code Execution
phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution
vBulletin 5.2.2 - Unauthenticated Server-Side Request Forgery
vBulletin 5.2.2 - Server-Side Request Forgery
MESSOA IP Cameras (Multiple Models) - Unauthenticated Password Change
MESSOA IP Cameras (Multiple Models) - Password Change
D-Link DSL-2640R - Unauthenticated DNS Change
D-Link DSL-2640R - DNS Change
GitStack 2.3.10 - Unauthenticated Remote Code Execution
GitStack 2.3.10 - Remote Code Execution
InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Command Execution
InfraPower PPS-02-S Q213V1 - Remote Command Execution
Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload
Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - (Authenticated) Arbitrary File Upload
Pirelli DRG A115 ADSL Router - Unauthenticated DNS Change
Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change
Pirelli DRG A115 ADSL Router - DNS Change
Tenda ADSL2/2+ Modem D840R - DNS Change
Tenda ADSL2/2+ Modem D820R - Unauthenticated DNS Change
Tenda ADSL2/2+ Modem D820R - DNS Change
Pirelli DRG A115 v3 ADSL Router - Unauthenticated DNS Change
Pirelli DRG A115 v3 ADSL Router - DNS Change
HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download
HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python)
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby)
WordPress 4.7.0/4.7.1 - Content Injection (Python)
WordPress 4.7.0/4.7.1 - Content Injection (Ruby)
vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution
vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion
vBulletin 5 - 'routestring' Remote Code Execution
vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion
Cobbler 2.8.0 - Authenticated Remote Code Execution
Cobbler 2.8.0 - (Authenticated) Remote Code Execution
FiberHome AN5506 - Unauthenticated Remote DNS Change
FiberHome AN5506 - Remote DNS Change
GitStack - Unauthenticated Remote Code Execution
Ametys CMS 4.0.2 - Unauthenticated Password Reset
GitStack - Remote Code Execution
Ametys CMS 4.0.2 - Password Reset
Geneko Routers - Unauthenticated Path Traversal
Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
Geneko Routers - Path Traversal
Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Remote Code Execution
WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - Unauthenticated File Upload (Metasploit)
WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit)
WordPress 4.6 - Unauthenticated Remote Code Execution
WordPress 4.6 - Remote Code Execution
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Root Remote Code Execution
TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution
iBall Baton iB-WRA150N - Unauthenticated DNS Change
iBall Baton iB-WRA150N - DNS Change
UTstarcom WA3002G4 - Unauthenticated DNS Change
D-Link DSL-2640U - Unauthenticated DNS Change
Beetel BCM96338 Router - Unauthenticated DNS Change
D-Link DSL-2640B ADSL Router - 'dnscfg' Unauthenticated Remote DNS Change
UTstarcom WA3002G4 - DNS Change
D-Link DSL-2640U - DNS Change
Beetel BCM96338 Router - DNS Change
D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change
Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution
Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution
TP-Link WR940N - Authenticated Remote Code
TP-Link WR940N - (Authenticated) Remote Code
Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload
Accesspress Anonymous Post Pro < 3.2.0 - Arbitrary File Upload
ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit)
ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)
Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit)
Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit)
Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC)
Drupal < 7.58 - 'drupalgeddon3' (Authenticated) Remote Code Execution (PoC)
HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting
HRSALE The Ultimate HRM 1.0.2 - (Authenticated) Cross-Site Scripting
Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution
Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution
GitList 0.6 - Unauthenticated Remote Code Execution
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot
GitList 0.6 - Remote Code Execution
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot
Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)
Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit)
WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site Scripting
WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - (Authenticated) Persistent Cross-Site Scripting
JasperReports - Authenticated File Read
JasperReports - (Authenticated) File Read
Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion
HPE VAN SDN 2.7.18.0503 - Remote Root
2018-06-28 05:01:45 +00:00
Offensive Security
2c912f897c
DB: 2018-06-27
...
3 changes to exploits/shellcodes
PoDoFo 0.9.5 - Buffer Overflow
Liferay Portal < 7.0.4 - Server-Side Request Forgery
2018-06-27 05:01:48 +00:00
Offensive Security
d8206fb5eb
DB: 2018-06-26
...
13 changes to exploits/shellcodes
KVM (Nested Virtualization) - L1 Guest Privilege Escalation
DIGISOL DG-BR4000NG - Buffer Overflow (PoC)
Foxit Reader 9.0.1.1049 - Remote Code Execution
WordPress Plugin iThemes Security < 7.0.3 - SQL Injection
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)
phpMyAdmin 4.8.1 - Local File Inclusion
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Intex Router N-150 - Cross-Site Request Forgery (Add Admin)
DIGISOL DG-BR4000NG - Cross-Site Scripting
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)
Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Intex Router N-150 - Arbitrary File Upload
WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
2018-06-26 05:01:46 +00:00
Offensive Security
4f92fdbdd2
DB: 2018-06-23
...
6 changes to exploits/shellcodes
QEMU Guest Agent 2.12.50 - Denial of Service
Opencart < 3.0.2.0 - Denial of Service
GreenCMS 2.3.0603 - Information Disclosure
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion
phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)
phpMyAdmin 4.8.1 - Local File Inclusion
2018-06-23 05:01:48 +00:00
Offensive Security
11ecb9c031
DB: 2018-06-22
...
4 changes to exploits/shellcodes
Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution
Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution
VideoInsight WebClient 5 - SQL Injection
LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)
LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)
2018-06-22 05:01:45 +00:00
Offensive Security
ac267cb298
DB: 2018-06-21
...
11 changes to exploits/shellcodes
Redis 5.0 - Denial of Service
ntp 4.2.8p11 - Local Buffer Overflow (PoC)
Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Mirasys DVMS Workstation 5.12.6 - Path Traversal
MaDDash 2.0.2 - Directory Listing
NewMark CMS 2.1 - 'sec_id' SQL Injection
TP-Link TL-WA850RE - Remote Command Execution
Apache CouchDB < 2.1.0 - Remote Code Execution
IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
VideoInsight WebClient 5 - SQL Injection
2018-06-21 05:01:44 +00:00
Offensive Security
086cfb2c76
DB: 2018-06-19
...
16 changes to exploits/shellcodes
Nikto 2.1.6 - CSV Injection
Pale Moon Browser < 27.9.3 - Use After Free (PoC)
Audiograbber 1.83 - Local Buffer Overflow (SEH)
Redis-cli < 5.0 - Buffer Overflow (PoC)
Microsoft COM for Windows - Privilege Escalation
Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass
Canon MF210/MF220 - Authenticaton Bypass
Canon LBP7110Cw - Authentication Bypass
Canon LBP6030w - Authentication Bypass
Joomla! Component jomres 9.11.2 - Cross-Site Request Forgery
RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery
Redatam Web Server < 7 - Directory Traversal
2018-06-19 05:01:47 +00:00
Offensive Security
1ccdc79fbd
DB: 2018-06-15
...
2 changes to exploits/shellcodes
rtorrent 0.9.6 - Denial of Service
Joomla Component Ek rishta 2.10 - SQL Injection
2018-06-15 05:01:44 +00:00
Offensive Security
de3b5004b9
DB: 2018-06-14
...
6 changes to exploits/shellcodes
Microsoft Windows 10 - Child Process Restriction Mitigation Bypass
glibc - 'realpath()' Privilege Escalation (Metasploit)
RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation
DHCP Client - Command Injection (DynoRoot) (Metasploit)
MACCMS 10 - Cross-Site Request Forgery (Add User)
Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload
2018-06-14 05:01:45 +00:00
Offensive Security
1877107e5a
DB: 2018-06-12
...
11 changes to exploits/shellcodes
WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' DoS
WampServer 3.0.6 - Cross-Site Request Forgery
Schools Alert Management Script - SQL Injection
WordPress Plugin Pie Register < 3.0.9 - Blind SQL Injection
Event Manager Admin panel - 'events_new.php' SQL injection
Joomla! Component EkRishta 2.10 - 'cid' SQL Injection
Schools Alert Management Script - Arbitrary File Deletion
userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting
userSpice 4.3.24 - Username Enumeration
Schools Alert Management Script - 'get_sec.php' SQL Injection
Schools Alert Management Script - Arbitrary File Read
2018-06-12 05:01:49 +00:00
Offensive Security
0381c4c519
DB: 2018-06-09
...
11 changes to exploits/shellcodes
Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service
WebKit - WebAssembly Compilation Info Leak
Google Chrome - Integer Overflow when Processing WebAssembly Locals
WebKit - Use-After-Free when Resuming Generator
WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass
MantisBT XmlImportExport Plugin - PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2)
Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure
MantisBT 1.2.3 (db_type) - Local File Inclusion
Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure
Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion
Mantis 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis 0.19 - Remote Server-Side Script Execution
Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x - New Account Signup Mass Emailing
Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution
Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x - New Account Signup Mass Emailing
Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities
Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion
Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion
Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
MantisBT 1.1.8 - Cross-Site Scripting / SQL Injection
Mantis Bug Tracker 1.1.8 - Cross-Site Scripting / SQL Injection
MantisBT 1.2.19 - Host Header
Mantis Bug Tracker 1.2.19 - Host Header
MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)
Monstra CMS < 3.0.4 - Cross-Site Scripting Automation
Monstra CMS < 3.0.4 - Cross-Site Scripting
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Splunk < 7.0.1 - Information Disclosure
Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)
2018-06-09 05:01:42 +00:00
Offensive Security
ad4b4f15f3
DB: 2018-06-06
...
11 changes to exploits/shellcodes
Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption
Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)
Clone2GO Video converter 2.8.2 - Buffer Overflow
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)
10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH)
10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH)
WebKitGTK+ < 2.21.3 - Crash (PoC)
WebKit - not_number defineProperties UAF (Metasploit)
EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting
EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting
MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting
Pagekit < 1.0.13 - Cross-Site Scripting Code Generator
Brother HL Series Printers 1.15 - Cross-Site Scripting
Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)
2018-06-06 05:01:46 +00:00
Offensive Security
61159b7f3e
DB: 2018-06-05
...
5 changes to exploits/shellcodes
R 3.4.4 - Local Buffer Overflow
RGui 3.4.4 - Local Buffer Overflow
Zip-n-Go 4.9 - Buffer Overflow (SEH)
Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)
CyberArk < 10 - Memory Disclosure
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
SearchBlox 8.6.7 - XML External Entity Injection
EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting
2018-06-05 05:01:52 +00:00
Offensive Security
22ba7ab5f3
DB: 2018-06-02
...
5 changes to exploits/shellcodes
Epiphany 3.28.2.1 - Denial of Service
Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader
Sony Playstation 4 (PS4) 5.1 - Kernel (PoC)
Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP)
Git < 2.17.1 - Remote Code Execution
Wordpress Plugin Events Calendar - SQL Injection
WordPress Plugin Events Calendar - SQL Injection
Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes)
Linux/x86 - Egghunter + Null-Free Shellcode (11 Bytes)
Linux/x86 - EggHunter + access() Shellcode (38 bytes)
Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)
Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes)
Linux/x86 - Egghunter (0xdeadbeef) + access() + execve(/bin/sh) Shellcode (38 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (105 bytes)
Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)
2018-06-02 05:01:45 +00:00
Offensive Security
89ee92def8
DB: 2018-05-31
...
6 changes to exploits/shellcodes
Siemens SIMATIC S7-300 CPU - Remote Denial of Service
Procps-ng - Multiple Vulnerabilities
SearchBlox 8.6.6 - Cross-Site Request Forgery
Yosoro 1.0.4 - Remote Code Execution
MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass
Dolibarr 7.0.0 - SQL Injection
2018-05-31 05:01:44 +00:00
Offensive Security
96e4f1686b
DB: 2018-05-30
...
9 changes to exploits/shellcodes
GNU Barcode 0.99 - Buffer Overflow
GNU Barcode 0.99 - Memory Leak
IssueTrak 7.0 - SQL Injection
Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection
NUUO NVRmini2 / NVRsolo - Arbitrary File Upload
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
Facebook Clone Script 1.0.5 - 'search' SQL Injection
Facebook Clone Script 1.0.5 - Cross-Site Request Forgery
2018-05-30 05:01:46 +00:00
Offensive Security
608176a851
DB: 2018-05-26
...
8 changes to exploits/shellcodes
Microsoft Edge Chakra - Cross Context Use-After-Free
Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write
D-Link DSL-2750B - OS Command Injection (Metasploit)
KomSeo Cart 1.3 - 'my_item_search' SQL Injection
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting
SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
Oracle WebCenter FatWire Content Server < 7 - Improper Access Control
Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting
2018-05-26 05:01:44 +00:00
Offensive Security
c0126aa27f
DB: 2018-05-25
...
16 changes to exploits/shellcodes
DynoRoot DHCP - Client Command Injection
DynoRoot DHCP Client - Command Injection
Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution
Flash ActiveX 18.0.0.194 - Code Execution
Microsoft Internet Explorer 11 - javascript Code Execution
Flash ActiveX 28.0.0.137 - Code Execution (1)
Flash ActiveX 28.0.0.137 - Code Execution (2)
GNU glibc < 2.27 - Local Buffer Overflow
NewsBee CMS 1.4 - Cross-Site Request Forgery
ASP.NET jVideo Kit - 'query' SQL Injection
PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting
OpenDaylight - SQL Injection
Timber 1.1 - Cross-Site Request Forgery
Honeywell XL Web Controller - Cross-Site Scripting
EU MRV Regulatory Complete Solution 1 - Authentication Bypass
Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes)
Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)
2018-05-25 05:01:45 +00:00
Offensive Security
54b5ed8407
DB: 2018-05-24
...
31 changes to exploits/shellcodes
WordPress Core - 'load-scripts.php' Denial of Service
WordPress Core - 'load-scripts.php' Denial of Service
Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service
Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service
Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure
Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read
Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure
Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read
Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free
Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free
FTPShell Server 6.80 - Denial of Service
Siemens SCALANCE S613 - Remote Denial of Service
Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing
Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH)
Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH)
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
FTPShell Server 6.80 - Buffer Overflow (SEH)
SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution
SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution
Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection
Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting
Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting
EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting
EasyService Billing 1.0 - 'p1' SQL Injection
MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting
MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting
MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection
PHP Dashboards 4.5 - 'email' SQL Injection
Mobile Card Selling Platform 1 - Cross-Site Request Forgery
PHP Dashboards 4.5 - SQL Injection
Online Store System CMS 1.0 - SQL Injection
Gigs 2.0 - 'username' SQL Injection
GPSTracker 1.0 - 'id' SQL Injection
Shipping System CMS 1.0 - SQL Injection
Wecodex Store Paypal 1.0 - SQL Injection
SAT CFDI 3.3 - SQL Injection
School Management System CMS 1.0 - 'username' SQL Injection
Library CMS 1.0 - SQL Injection
Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection
Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection
eWallet Online Payment Gateway 2 - Cross-Site Request Forgery
Mcard Mobile Card Selling Platform 1 - SQL Injection
Honeywell Scada System - Information Disclosure
NewsBee CMS 1.4 - Cross-Site Request Forgery
SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change
WordPress Plugin Peugeot Music - Arbitrary File Upload
BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes)
BSD - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes)
BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes)
BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes)
BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes)
BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes)
BSD/x86 - Bind (31337/TCP) Shell Shellcode (83 bytes)
BSD/x86 - Bind (Random TCP Port) Shell Shellcode (143 bytes)
BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes)
BSD/x86 - Reverse (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes)
BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes)
BSD/x86 - Reverse (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes)
FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)
FreeBSD/x86 - Reverse (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)
FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes)
FreeBSD/x86 - Reverse (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes)
FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes)
FreeBSD/x86 - Bind (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes)
FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes)
FreeBSD/x86 - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes)
Linux/x86 - Bind TCP Shell Shellcode (Generator)
Windows (XP SP1) - Bind TCP Shell Shellcode (Generator)
Linux/x86 - Bind (/TCP) Shell Shellcode (Generator)
Windows (XP SP1) - Bind (/TCP) Shell Shellcode (Generator)
Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator)
Windows - Reverse (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator)
Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes)
Linux/x64 - Reverse (/TCP) Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes)
Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes)
Linux/PPC - Reverse (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes)
Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes)
Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes)
Linux/SPARC - Reverse (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes)
Linux/SPARC - Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes)
Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)
Linux/x86 - Bind (/TCP) Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)
Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes)
Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes)
Linux/x86 - Bind (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind (8000/TCP) Shell + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes)
Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Reverse (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes)
Linux/x86 - Reverse (8192/TCP) cat /etc/shadow Shellcode (155 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)
Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes)
Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)
Linux/x86 - Bind (2707/TCP) Shell Shellcode (84 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes)
Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator)
Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes)
Linux/x86 - Reverse (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator)
Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes)
Linux/x86 - Reverse (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes)
Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes)
Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes)
Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes)
Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes)
Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes)
Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes)
Linux/x86 - Reverse (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes)
Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Linux/x86 - Reverse (/TCP) Shell Shellcode (90 bytes) (Generator)
Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Bind (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes)
Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes)
Linux/x86 - Reverse (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes)
Linux/x86 - Reverse (/TCP) Shell (/bin/sh) Shellcode (120 bytes)
Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes)
Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes)
Linux/x86 - Bind (5074/TCP) Shell Shellcode (92 bytes)
Linux/x86 - Bind (5074/TCP) Shell + fork() Shellcode (130 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)
Linux/x64 - Bind (4444/TCP) Shell Shellcode (132 bytes)
NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes)
NetBSD/x86 - Reverse (6666/TCP) Shell Shellcode (83 bytes)
OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes)
OpenBSD/x86 - Bind (6969/TCP) Shell Shellcode (148 bytes)
Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator)
Solaris/MIPS - Reverse (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator)
Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes)
Solaris/SPARC - Bind (6666/TCP) Shell Shellcode (240 bytes)
Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)
Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shell Shellcode (Generator)
Solaris/SPARC - Bind (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)
Solaris/SPARC - Reverse (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)
Solaris/SPARC - Bind (/TCP) Shell Shellcode (240 bytes)
Solaris/x86 - Bind (/TCP) Shell Shellcode (Generator)
Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode
Windows/x86 (5.0 < 7.0) - Bind (28876/TCP) Shell + Null-Free Shellcode
Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode
Windows/x86 - Reverse (/TCP) + Download File + Save + Execute Shellcode
Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)
Windows (XP/2000/2003) - Reverse (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)
Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes)
Windows (XP SP1) - Bind (58821/TCP) Shell Shellcode (116 bytes)
FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes)
FreeBSD/x86 - Bind (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes)
Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode
Linux/x86 - Bind (13377/TCP) Netcat Shell Shellcode
Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes)
Linux/x86 - Reverse (8080/TCP) Netcat Shell Shellcode (76 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes)
Linux/x86 - Bind (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes)
Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes)
Linux/x86 - Bind (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes)
Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)
Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)
Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes)
Linux/x86 - Bind (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes)
BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes)
BSD/x86 - Bind (2525/TCP) Shell Shellcode (167 bytes)
Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode
Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode
Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode
Linux/ARM - Bind (0x1337/TCP) Shell Shellcode
Linux/ARM - Bind (68/UDP) Listener + Reverse (192.168.0.1:67/TCP) Shell Shellcode
Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode
FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator)
FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes)
FreeBSD/x86 - Reverse (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator)
FreeBSD/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x64 - Reverse (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)
Linux/x86 - Reverse (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)
OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode
OSX/x64 - Universal ROP + Reverse (/TCP) Shell Shellcode
Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes)
Linux/MIPS - Reverse (0x7a69/TCP) Shell Shellcode (168 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - Reverse (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes)
Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)
Windows/x86 - Bind (/TCP) Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)
Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)
Windows/x64 - Bind (4444/TCP) Shell Shellcode (508 bytes)
Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes)
Linux/x86 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes)
Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode
Windows/ARM (RT) - Bind (4444/TCP) Shell Shellcode
Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode
Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)
Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode
Windows/x86 - Reverse (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)
Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes)
Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)
Linux/MIPS (Little Endian) - Reverse (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes)
Windows/x86 (7) - Bind (4444/TCP) Shell Shellcode (357 bytes)
Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x64 - Reverse (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes)
Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes)
Linux/x86 - Reverse (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes)
Linux/x86 - Bind (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes)
Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes)
Linux/x86 - Bind (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes)
Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes)
Linux/x86 - Bind (5555/TCP) Netcat Shell Shellcode (60 bytes)
Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes)
Mainframe/System Z - Bind (12345/TCP) Shell + Null-Free Shellcode (2488 bytes)
OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
OSX/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes)
Google Android - Bind (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes)
Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x64 - Bind (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)
Linux x86/x64 - Reverse (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x64 - Bind (4444/TCP) Shell Shellcode (251 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes)
Linux/ARM - Reverse (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes)
Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x64 - Reverse (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)
Linux/x64 - Bind (5600/TCP) Shell Shellcode (81 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)
Linux/x64 - Bind (5600/TCP) Shell Shellcode (86 bytes)
Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes)
Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes)
Linux/x64 - Bind TCP Shell Shellcode (Generator)
Linux/x86 - Reverse (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes)
Linux/x86 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes)
Linux/x64 - Bind (/TCP) Shell Shellcode (Generator)
Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)
Linux/x64 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x64 - Reverse (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)
Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator)
Linux/x86 - Bind (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator)
Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes)
Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes)
Linux/x86 - Bind (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes)
Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes)
Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes)
Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes)
Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)
Linux/x64 - Reverse (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x64 - Bind (/TCP) Netcat Shell + Null-Free Shellcode (64 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes)
Linux/x64 - Bind (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes)
Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x86 - Reverse (127.1.1.1:10/TCP) Xterm Shell Shellcode (68 bytes)
Linux/x64 - Bind (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 Axis Communication - Reverse (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)
Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)
Linux/x64 - Reverse (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)
Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes)
Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes)
Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes)
Linux/x86 - Bind (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes)
Linux/x86 - Bind (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes)
Linux/x86 - Reverse (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes)
Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x64 - Bind (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x64 - Reverse (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x64 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x64 - Bind (31337/TCP) Shell Shellcode (150 bytes)
Linux/x64 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x64 - Bind (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x64 - Reverse (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode
OSX/PPC - Reverse (/TCP) Shell (/bin/csh) Shellcode
OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes)
OSX/PPC - Bind (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes)
BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind (2222/TCP) Shell Shellcode (133 bytes)
BSD/x86 - Bind (2222/TCP) Shell Shellcode (100 bytes)
Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode
Solaris/SPARC - Bind TCP Shell Shellcode
Solaris/SPARC - Bind (2001/TCP) Shell (/bin/sh) Shellcode
Solaris/SPARC - Bind (/TCP) Shell Shellcode
Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)
Linux/x86 - Bind (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)
Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes)
Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes)
Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)
Linux/x86 - Reverse (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind (31337/TCP) Shell + Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x86 - Bind (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes)
Linux/x86 - Reverse (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes)
Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (65 bytes)
Linux/x86 - Bind (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes)
Linux/x86 - Bind (1111/TCP) Shell + Null-Free Shellcode (73 bytes)
Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes)
Linux/x86 - Bind (31337/TCP) Shell Shellcode (108 bytes)
Linux/x86 - Bind TCP Shell Shellcode (112 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes)
Linux/x86 - Bind (/TCP) Shell Shellcode (112 bytes)
Linux/x86 - Reverse (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes)
Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes)
Linux/x86 - Bind (1337/TCP) Shell Shellcode (89 bytes)
Linux/x86 - Reverse (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes)
Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes)
Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes)
Windows/x86 (NT/XP/2000/2003) - Bind (8721/TCP) Shell Shellcode (356 bytes)
Windows/x86 (2000) - Reverse (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes)
Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)
Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)
Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes)
Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Windows/x86 - Reverse (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes)
Windows/x64 - Reverse (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - Reverse (/TCP) Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x64 - Bind (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)
Linux/x64 - Bind (5600/TCP) Shell Shellcode (87 bytes)
Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator)
Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes)
Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes)
Linux - Reverse (/TCP) Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes)
Linux - Bind (/TCP) Shell + Dual/Multi Mode Shellcode (156 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)
Linux/x64 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x64 - Reverse (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Windows/x86 - Reverse (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)
Linux/x86 - Reverse (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)
Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes)
Linux/ARM (Raspberry Pi) - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes)
FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
FreeBSD/x64 - Bind (/TCP) Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes)
FreeBSD/x86 - Bind (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes)
IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes)
IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes)
Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes)
Android/ARM - Reverse (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes)
Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes)
Linux/StrongARM - Bind (/TCP) Shell (/bin/sh) Shellcode (203 bytes)
Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes)
Linux/SuperH (sh4) - Bind (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes)
Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x64 - Bind (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes)
Linux/x86 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes)
Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes)
Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes)
Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes)
Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes)
Linux/x86 - Reverse (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes)
Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Linux/x64 - Reverse (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes)
Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes)
Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x86 - Reverse (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes)
Linux/x64 - Reverse (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/x64 - Reverse (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)
Linux/ARM (Raspberry Pi) - Bind (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes)
Linux/ARM (Raspberry Pi) - Reverse (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)
Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)
Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)
Linux/x86 - Reverse (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)
Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)
Linux/x86 - Bind (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)
Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (113 bytes)
2018-05-24 05:01:50 +00:00
Offensive Security
7bbc323854
DB: 2018-05-23
...
20 changes to exploits/shellcodes
Siemens SIMATIC S7-1500 CPU - Remote Denial of Service
Microsoft Edge Chakra JIT - Magic Value Type Confusion
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read
MakeMyTrip 7.2.4 - Information Disclosure
Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)
Microsoft Windows - 'POP/MOV SS' Privilege Escalation
Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting
Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting
Zechat 1.5 - SQL Injection / Cross-Site Request Forgery
Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery
Private Message PHP Script 2.0 - Persistent Cross-Site Scripting
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Private Message PHP Script 2.0 - Cross-Site Scripting
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery
ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting
ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting
Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass
Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities
Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass
Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting
Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities
Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting
Nordex N149/4.0-4.5 - SQL Injection
WebSocket Live Chat - Cross-Site Scripting
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
PaulPrinting CMS Printing 1.0 - SQL Injection
iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery
ERPnext 11 - Cross-Site Scripting
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
Feedy RSS News Ticker 2.0 - 'cat' SQL Injection
NewsBee CMS 1.4 - 'download.php' SQL Injection
Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting
2018-05-23 05:01:45 +00:00
Offensive Security
08c35595ed
DB: 2018-05-22
...
23 changes to exploits/shellcodes
Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit)
R 3.4.4 - Local Buffer Overflow (DEP Bypass)
KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection
Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution
Superfood 1.0 - Multiple Vulnerabilities
Private Message PHP Script 2.0 - Persistent Cross-Site Scripting
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Zenar Content Management System - Cross-Site Scripting
GitBucket 4.23.1 - Remote Code Execution
ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting
Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery
Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery
Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery
Teradek Cube 7.3.6 - Cross-Site Request Forgery
Teradek Slice 7.3.15 - Cross-Site Request Forgery
Schneider Electric PLCs - Cross-Site Request Forgery
Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass
Merge PACS 7.0 - Cross-Site Request Forgery
Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass
Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting
2018-05-22 05:01:47 +00:00
Offensive Security
41ea196761
DB: 2018-05-19
...
12 changes to exploits/shellcodes
Microsoft Edge - 'Array.filter' Info Leak
Microsoft Edge - 'Array.filter' Information Leak
Microsoft Edge Chakra JIT - Bound Check Elimination Bug
Windows - Local Privilege Escalation
Windows WMI - Recieve Notification Exploit (Metasploit)
Microsoft Windows - Local Privilege Escalation
Microsoft Windows WMI - Recieve Notification Exploit (Metasploit)
Microsoft Xbox One 10.0.14393.2152 - Code Execution (PoC)
Prime95 29.4b8 - Stack Buffer Overflow (SEH)
DynoRoot DHCP - Client Command Injection
Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit)
Microsoft Edge (Windows 10) - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution
Microsoft Edge (Windows 10) - 'chakra.dll' Information Leak / Type Confusion Remote Code Execution
Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)
Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)
HPE iMC 7.3 - Remote Code Execution (Metasploit)
Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Monstra CMS before 3.0.4 - Cross-Site Scripting
SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure
Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery
Cisco SA520W Security Appliance - Path Traversal
SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion
2018-05-19 05:01:48 +00:00
Offensive Security
5aca1b9763
DB: 2018-05-18
...
8 changes to exploits/shellcodes
Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall
Libuser - roothelper Privilege Escalation (Metasploit)
Libuser - 'roothelper' Privilege Escalation (Metasploit)
Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution
Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution
Jenkins CLI - HTTP Java Deserialization (Metasploit)
Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)
NodAPS 4.0 - SQL injection / Cross-Site Request Forgery
Intelbras NCLOUD 300 1.0 - Authentication bypass
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass
Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery
2018-05-18 05:01:49 +00:00
Offensive Security
1873a7d234
DB: 2018-05-17
...
12 changes to exploits/shellcodes
WhatsApp 2.18.31 - Memory Corruption
Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation
Libuser - roothelper Privilege Escalation (Metasploit)
Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution
MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery
VirtueMart 3.1.14 - Persistent Cross-Site Scripting
Rockwell Scada System 27.011 - Cross-Site Scripting
Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting
Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery
totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery
WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery
RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting
2018-05-17 05:01:47 +00:00
Offensive Security
017887466c
DB: 2018-05-10
...
4 changes to exploits/shellcodes
Allok Video Splitter 3.1.12.17 - Denial of Service
GNU wget - Cookie Injection
FxCop 10/12 - XML External Entity Injection
Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit)
PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit)
PlaySMS 1.4 - sendfromfile.php Authenticated _Filename_ Field Code Execution (Metasploit)
Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit)
PlaySMS - 'import.php' Authenticated CSV File Upload Code Execution (Metasploit)
PlaySMS 1.4 - 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit)
Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)
2018-05-10 05:01:46 +00:00
Offensive Security
a066ef9212
DB: 2018-05-07
...
11 changes to exploits/shellcodes
HWiNFO 5.82-3410 - Denial of Service
DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH)
CSP MySQL User Manager 2.3.1 - Authentication Bypass
WordPress Plugin User Role Editor < 4.25 - Privilege Escalation
Linux/x86 - execve(/bin/sh) NOT Encoded Shellcode (27 bytes)
2018-05-07 05:01:44 +00:00
Offensive Security
813a3efbb5
DB: 2018-05-04
...
20 changes to exploits/shellcodes
Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow
Jnes 1.0.2 - Stack Buffer Overflow
Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow
netek 0.8.2 - Denial of Service
Cisco Smart Install - Crash (PoC)
Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service
Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free
Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Local Privilege Escalation (1)
Linux Kernel 2.6.32 < 3.x (CentOS 5/6) - 'PERF_EVENTS' Local Privilege Escalation (1)
Adobe Reader PDF - Client Side Request Injection
Windows - Local Privilege Escalation
Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit)
Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit)
Adobe Flash < 28.0.0.161 - Use-After-Free
Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC)
GPON Routers - Authentication Bypass / Command Injection
TBK DVR4104 / DVR4216 - Credentials Leak
Call of Duty Modern Warefare 2 - Buffer Overflow
Squirrelcart 1.x.x - 'cart.php' Remote File Inclusion
Squirrelcart 1.x - 'cart.php' Remote File Inclusion
Infinity 2.x.x - options[style_dir] Local File Disclosure
Infinity 2.x - 'options[style_dir]' Local File Disclosure
PHP-Nuke 8.x.x - Blind SQL Injection
PHP-Nuke 8.x - Blind SQL Injection
WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - 'cart.php' Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x.x - 'clientarea.php' Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x - 'clientarea.php' Local File Disclosure
Ajax Availability Calendar 3.x.x - Multiple Vulnerabilities
Ajax Availability Calendar 3.x - Multiple Vulnerabilities
vBulletin vBSEO 4.x.x - 'visitormessage.php' Remote Code Injection
vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection
WordPress Theme Photocrati 4.x.x - SQL Injection / Cross-Site Scripting
WordPress Theme Photocrati 4.x - SQL Injection / Cross-Site Scripting
Subrion 3.X.x - Multiple Vulnerabilities
Subrion 3.x - Multiple Vulnerabilities
Ciuis CRM 1.0.7 - SQL Injection
LifeSize ClearSea 3.1.4 - Directory Traversal
WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting
DLINK DCS-5020L - Remote Code Execution (PoC)
Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection
2018-05-04 05:01:47 +00:00
Offensive Security
be89b7c04a
DB: 2018-05-03
...
11 changes to exploits/shellcodes
WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free
LibreOffice/Open Office - '.odt' Information Disclosure
Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH)
ASUS infosvr - Auth Bypass Command Execution (Metasploit)
ASUS infosvr - Authentication Bypass Command Execution (Metasploit)
Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)
xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit)
Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit)
Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)
Exim < 4.90.1 - 'base64d' Remote Code Execution
Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)
Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery
2018-05-03 05:01:45 +00:00
Offensive Security
b1f00227f1
DB: 2018-04-27
...
12 changes to exploits/shellcodes
Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH)
Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH)
Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow
Shopy Point of Sale v1.0 - CSV Injection
Shopy Point of Sale 1.0 - CSV Injection
Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC)
Blog Master Pro v1.0 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection
Blog Master Pro 1.0 - CSV Injection
HRSALE The Ultimate HRM 1.0.2 - CSV Injection
HRSALE The Ultimate HRM 1.0.2 - 'award_id' SQL Injection
HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion
HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion
Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution
WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response
October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting
MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting
GitList 0.6 - Unauthenticated Remote Code Execution
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot
Frog CMS 0.9.5 - Persistent Cross-Site Scripting
2018-04-27 05:01:49 +00:00
Offensive Security
2090553629
DB: 2018-04-26
...
12 changes to exploits/shellcodes
VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service
Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)
Chrome V8 JIT - 'AwaitedPromise' Update Bug
Chrome V8 JIT - Arrow Function Scope Fixing Bug
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC
Shopy Point of Sale v1.0 - CSV Injection
Blog Master Pro v1.0 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection
HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting
HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion
Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode
Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes)
Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access + Null-Free Shellcode (79 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)
Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)
Linux/x86 - execve(cp /bin/sh /tmp/sh; chmod +s /tmp/sh) + Null-Free Shellcode (74 bytes)
Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)
2018-04-26 05:01:48 +00:00
Offensive Security
c249d94cb7
DB: 2018-04-25
...
28 changes to exploits/shellcodes
gif2apng 1.9 - '.gif' Stack Buffer Overflow
VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC)
Kaspersky KSN for Linux 5.2 - Memory Corruption
Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service
Adobe Flash - Overflow when Playing Sound
Adobe Flash - Overflow in Slab Rendering
Adobe Flash - Info Leak in Image Inflation
Adobe Flash - Out-of-Bounds Write in blur Filtering
Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion
R 3.4.4 - Local Buffer Overflow
Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH)
lastore-daemon D-Bus - Privilege Escalation (Metasploit)
Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)
ASUS infosvr - Auth Bypass Command Execution (Metasploit)
UK Cookie Consent - Persistent Cross-Site Scripting
WUZHI CMS 4.1.0 - Cross-Site Request Forgery
Open-AudIT 2.1 - CSV Macro Injection
Monstra CMS 3.0.4 - Arbitrary Folder Deletion
Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting
Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode
Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes)
Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes)
Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)
2018-04-25 05:01:39 +00:00
Offensive Security
082f2d1bd8
DB: 2018-04-24
...
6 changes to exploits/shellcodes
PRTG Network Monitor < 18.1.39.1648 - Stack Overflow (Denial of Service)
phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
Ncomputing vSpace Pro v10 and v11 - Directory Traversal PoC
Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
Monstra cms 3.0.4 - Persitent Cross-Site Scripting
2018-04-24 05:01:45 +00:00
Offensive Security
e8f4ef9188
DB: 2018-04-19
...
14 changes to exploits/shellcodes
PDFunite 0.41.0 - '.pdf' Local Buffer Overflow
RSVG 2.40.13 / 2.42.2 - '.svg' Buffer Overflow
VX Search 10.6.18 - 'directory' Local Buffer Overflow
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)
Easy File Sharing Web Server 7.2 - Stack Buffer Overflow
Coship RT3052 Wireless Router - Persistent Cross-Site Scripting
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
Rvsitebuilder CMS - Database Backup Download
Match Clone Script 1.0.4 - Cross-Site Scripting
Kodi 17.6 - Persistent Cross-Site Scripting
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
2018-04-19 05:01:48 +00:00
Offensive Security
bef325a736
DB: 2018-04-14
...
9 changes to exploits/shellcodes
GNU Beep 1.3 - 'HoleyBeep' Local Privilege Escalation
Microsoft Credential Security Support Provider - Remote Code Execution
WordPress Plugin Shopping Cart 3.0.4 - Unrestricted Arbitrary File Upload
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
2018-04-14 05:01:49 +00:00
Offensive Security
a8b515dd6d
DB: 2018-04-13
...
3 changes to exploits/shellcodes
F5 BIG-IP SSL Virtual Server - Memory Disclosure
F5 BIG-IP SSL Virtual Server - 'Ticketbleed' Memory Disclosure
F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
2018-04-13 05:01:51 +00:00
Offensive Security
08c1a4df45
DB: 2018-04-11
...
9 changes to exploits/shellcodes
Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion
DVD X Player Standard 5.5.3.9 - Buffer Overflow
iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting
Wordpress Plugin Activity Log 2.4.0 - Stored Cross Site Scripting
WUZHI CMS 4.1.0 - ‘Add Admin Account’ Cross-Site Request Forgery
WUZHI CMS 4.1.0 - ‘Add User Account’ Cross-Site Request Forgery
Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control
WordPress File Upload Plugin 4.3.2 - Stored Cross Site Scripting
WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS
2018-04-11 05:01:46 +00:00
Offensive Security
c91cad5a90
DB: 2018-04-10
...
19 changes to exploits/shellcodes
WebKit - WebAssembly Parsing Does not Correctly Check Section Order
CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure
H2 Database - 'Alias' Arbitrary Code Execution
GoldWave 5.70 - Local Buffer Overflow (SEH Unicode)
PMS 0.42 - Local Stack-Based Overflow (ROP)
Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution
WolfCMS 0.8.3.1 - Cross Site Request Forgery
Cobub Razor 0.7.2 - Add New Superuser Account
MyBB Plugin Recent Threads On Index - Cross-Site Scripting
WolfCMS 0.8.3.1 - Open Redirection
Yahei PHP Prober 0.4.7 - Cross-Site Scripting
WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution
CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection
KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting
WordPress Plugin Google Drive 2.2 - Remote Code Execution
2018-04-10 05:01:53 +00:00
Offensive Security
4fd08ae698
DB: 2018-03-29
...
6 changes to exploits/shellcodes
TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting
Microsoft Windows Remote Assistance - XML External Entity Injection
Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change
Open-AuditIT Professional 2.1 - Cross-Site Scripting
2018-03-29 05:01:52 +00:00
Offensive Security
e3fb91f1d7
DB: 2018-03-24
...
14 changes to exploits/shellcodes
Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure
Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read
Dell EMC NetWorker - Denial of Service
WM Recorder 16.8.1 - Denial of Service
Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service
Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow
Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve )
Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH)
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass
TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery
XenForo 2 - CSS Loader Denial of Service
MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting
Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
Linux/x86 - EggHunter Shellcode (11 Bytes)
2018-03-24 05:01:48 +00:00
Offensive Security
31a39a07b9
DB: 2018-03-23
...
1 changes to exploits/shellcodes
Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak
2018-03-23 05:01:51 +00:00
Offensive Security
dd3b710ae8
DB: 2018-03-21
...
14 changes to exploits/shellcodes
Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit Pool Memory Disclosure
Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit Stack Memory Disclosure
Microsoft Windows Kernel - 'nt!KiDispatchException' 64-bit Stack Memory Disclosure
Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure
Internet Explorer - 'RegExp.lastMatch' Memory Disclosure
Kamailio 5.1.1 / 5.1.0 / 5.0.0 - Off-by-One Heap Overflow
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
Microsoft Windows - Desktop Bridge VFS Privilege Escalation
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation
Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Escalation
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
Vehicle Sales Management System - Multiple Vulnerabilities
Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)
2018-03-21 05:01:50 +00:00
Offensive Security
224c305b0d
DB: 2018-03-20
...
9 changes to exploits/shellcodes
Linux 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
Linux Kenel 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
Linux 2.6.36 IGMP - Remote Denial of Service
Linux Kernel 2.6.36 IGMP - Remote Denial of Service
Linux - SELinux W+X Protection Bypass via AIO
Linux SELinux - W+X Protection Bypass via AIO
Linux group_info refcounter - Overflow Memory Corruption
Linux Kernel - 'group_info' refcounter Overflow Memory Corruption
Linux io_submit L2TP sendmsg - Integer Overflow
Linux Kernel - io_submit L2TP sendmsg Integer Overflow
Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
Linux ARM/ARM64 - 'perf_event_open()' Arbitrary Memory Read
Linux Kernel (ARM/ARM64) - 'perf_event_open()' Arbitrary Memory Read
Linux - 'mincore()' Uninitialized Kernel Heap Page Disclosure
Linux Kernel - 'mincore()' Uninitialized Kernel Heap Page Disclosure
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (1)
Linux Kernel < 4.5.1 - Off-By-One (PoC)
Linux Kernel - 'mincore()' Heap Page Disclosure (PoC)
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (2)
Linux libc 5.3.12 / RedHat Linux 4.0 / Slackware Linux 3.1 - libc NLSPATH
Linux libc 5.3.12 (RedHat Linux 4.0 / Slackware Linux 3.1) - libc NLSPATH
Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Local Buffer Overflow
Linux libc 5.3.12/5.4 (RedHat Linux 4.0) - 'vsyslog()' Local Buffer Overflow
Linux 6.1/6.2/7.0/7.1 Man Page - Source Buffer Overflow
Linux Man Page 6.1/6.2/7.0/7.1- Source Buffer Overflow
Linux VServer Project 1.2x - CHRoot Breakout
Linux VServer Project 1.2x - Chroot Breakout
Linux espfix64 - Nested NMIs Interrupting Privilege Escalation
Linux (x86) - Memory Sinkhole Privilege Escalation
Linux Kernel - 'espfix64' Nested NMIs Interrupting Privilege Escalation
Linux Kernel (x86) - Memory Sinkhole Privilege Escalation
Linux 3.17 - 'Python ctypes and memfd_create' noexec File Security Bypass
Linux Kernel 3.17 - 'Python ctypes and memfd_create' noexec File Security Bypass
Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation
Linux Kernel - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation
Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation
Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation
2018-03-20 05:01:55 +00:00
Offensive Security
3f6d16d5c3
DB: 2018-03-13
...
8 changes to exploits/shellcodes
Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader
Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Kernel Loader
SC 7.16 - Stack-Based Buffer Overflow
DEWESoft X3 SP1 (64-bit) - Remote Command Execution
Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)
ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)
Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials
TextPattern 4.6.2 - 'qty' SQL Injection
Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution
2018-03-13 05:01:46 +00:00
Offensive Security
5947825a84
DB: 2018-03-10
...
15 changes to exploits/shellcodes
uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service
μTorrent (uTorrent) / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service
uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)
μTorrent (uTorrent) 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)
uTorrent WebUI 0.370 - Authorisation Header Denial of Service
μTorrent (uTorrent) WebUI 0.370 - Authorisation Header Denial of Service
Memcached - 'memcrashed' Denial of Service
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (2)
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1)
Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API
Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service
WebLog Expert Enterprise 9.4 - Denial of Service
uTorrent 2.0.3 - 'plugin_dll.dll' DLL Hijacking
μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking
uTorrent 2.0.3 - DLL Hijacking
μTorrent (uTorrent) 2.0.3 - DLL Hijacking
iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow
Microsoft Office - 'Composite Moniker Remote Code Execution
Mozilla Firefox - Address Bar Spoofing
Tor (Firefox 41 < 50) - Code Execution
Chrome 35.0.1916.153 - Sandbox Escape / Command Execution
WebLog Expert Enterprise 9.4 - Authentication Bypass
uTorrent 1.6 build 474 - 'announce' Key Remote Heap Overflow
μTorrent (uTorrent) 1.6 build 474 - 'announce' Key Remote Heap Overflow
t. hauck jana WebServer 1.0/1.45/1.46 - Directory Traversal
T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal
Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution
Werkzeug - 'Debug Shell' Command Execution
TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal
TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal
toronja CMS - SQL Injection
Toronja CMS - SQL Injection
uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery
μTorrent (uTorrent) WebUI 0.310 Beta 2 - Cross-Site Request Forgery
tinybrowser - 'tinybrowser.php' Directory Listing
tinybrowser - 'edit.php' Directory Listing
TinyBrowser - 'tinybrowser.php' Directory Listing
TinyBrowser - 'edit.php' Directory Listing
Xoops 2.5.7.2 - Directory Traversal Bypass
XOOPS 2.5.7.2 - Directory Traversal Bypass
SAP BusinessObjects launch pad - Server-Side Request Forgery
antMan < 0.9.1a - Authentication Bypass
Bacula-Web < 8.0.0-rc2 - SQL Injection
2018-03-10 05:01:50 +00:00
Offensive Security
9897272892
DB: 2018-03-07
...
8 changes to exploits/shellcodes
Memcached - 'memcrashed' Denial of Service
Softros Network Time System Server 2.3.4 - Denial of Service
Chrome V8 JIT - Simplified-lowererer IrOpcode::kStoreField_ IrOpcode::kStoreElement Optimization Bug
Chrome V8 JIT - JSBuiltinReducer::ReduceObjectCreate Fails to Ensure that the Prototype is _null_
Chrome V8 JIT - 'GetSpecializationContext' Type Confusion
Chrome V8 JIT - Empty BytecodeJumpTable Out-of-Bounds Read
Tenda AC15 Router - Unauthenticated Remote Code Execution
Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download (PoC)
Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download (PoC)
Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download
Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download
Bravo Tejari Web Portal - Cross-Site Request Forgery
2018-03-07 05:01:51 +00:00
Offensive Security
6a017b10c8
DB: 2018-03-06
...
12 changes to exploits/shellcodes
Suricata < 4.0.4 - IDS Detection Bypass
ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions
Xion 1.0.125 - '.m3u' Local SEH-Based Unicode Venetian Exploit
Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow
Sophos UTM 9.410 - 'loginuser' 'confd' Service Privilege Escalation
Papenmeier WiFi Baby Monitor Free & Lite < 2.02.2 - Remote Audio Record
NETGEAR - 'TelnetEnable' Magic Packet (Metasploit)
Joomla! Component Joomanager 2.0.0 - Arbitrary File Download
Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download (PoC)
Parallels Remote Application Server 15.5 - Path Traversal
ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection
Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download
2018-03-06 05:01:50 +00:00
Offensive Security
6885f2dcc7
DB: 2018-03-01
...
26 changes to exploits/shellcodes
Sony Playstation 4 (PS4) 5.01 < 5.05 - WebKit Code Execution (PoC)
FreeBSD Kernel (FreeBSD 10.2 < 10.3 x64) - 'SETFKEY' (PoC)
FreeBSD Kernel (FreeBSD 10.2 x64) - 'sendmsg' Kernel Heap Overflow (PoC)
Apple iOS 11.2.5 / watchOS 4.2.2 / tvOS 11.2.5 - 'bluetoothd' Memory Corruption
Apple iOS - '.pdf' Jailbreak
Apple iOS - '.pdf' Local Privilege Escalation / Jailbreak
Foxit Reader 4.0 - '.pdf' Jailbreak
Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow / Jailbreak
Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' File Handling Local Command Execution
Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution
Sony Playstation 4 4.05 FW - Local Kernel Loader
Sony Playstation 4 (PS4) 4.05 - Jailbreak (WebKit / 'namedobj ' Kernel Loader)
Sony Playstation 4 4.55 FW - Local Kernel
Sony Playstation 4 (PS4) 4.07 < 4.55 - 'bpf' Local Kernel Code Execution (PoC)
Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC)
Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC)
Sony Playstation 3 (PS3) < 2.50 - WebKit Code Execution (PoC)
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
Linux Kernel - 'BadIRET' Local Privilege Escalation
Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader
Nintendo Switch - WebKit Code Execution (PoC)
Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak
Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation / Jailbreak
Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55)
EPIC MyChart - SQL Injection
EPIC MyChart - X-Path Injection
Routers2 2.24 - Cross-Site Scripting
2018-03-01 05:01:48 +00:00
Offensive Security
5d48f0abd2
DB: 2018-02-28
...
16 changes to exploits/shellcodes
Transmission - Integer Overflows Parsing Torrent Files
Chrome V8 - 'PropertyArray' Integer Overflow
Chrome V8 - 'TranslatedState::MaterializeCapturedObjectAt' Type Confusion
Asterisk chan_pjsip 15.2.0 - 'INVITE' Denial of Service
Asterisk chan_pjsip 15.2.0 - 'SDP' Denial of Service
Asterisk chan_pjsip 15.2.0 - 'SDP fmtp' Denial of Service
Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack Corruption
Microsoft Windows Windows 8.1/2012 R2 - SMB Denial of Service
Sony Playstation 4 4.55 FW - Local Kernel
GetGo Download Manager 5.3.0.2712 - Buffer Overflow (SEH)
Schools Alert Management Script 2.0.2 - Authentication Bypass
MyBB My Arcade Plugin 1.3 - Cross-Site Scripting
Joomla! Component K2 2.8.0 - Arbitrary File Download
School Management Script 3.0.4 - Authentication Bypass
CMS Made Simple 2.1.6 - Remote Code Execution
Concrete5 < 8.3.0 - Username / Comments Enumeration
2018-02-28 05:01:52 +00:00
Offensive Security
ed38447971
DB: 2018-02-17
...
45 changes to exploits/shellcodes
Microsoft Edge - 'UnmapViewOfFile' ACG Bypass
JBoss Remoting 6.14.18 - Denial of Service
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service
ABRT - raceabrt Privilege Escalation(Metasploit)
Joomla! Component Fastball 1.1.0 < 1.2 - SQL Injection
Joomla! Component Fastball 1.1.0 < 1.2 - 'league' SQL Injection
Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
EPIC MyChart - SQL Injection
TV - Video Subscription - Authentication Bypass SQL Injection
UserSpice 4.3 - Blind SQL Injection
Twig < 2.4.4 - Server Side Template Injection
Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting
Joomla! Component Advertisement Board 3.1.0 - 'catname' SQL Injection
Joomla! Component Aist 2.0 - 'id' SQL Injection
Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection
Joomla! Component DT Register 3.2.7 - 'id' SQL Injection
Joomla! Component Fastball 2.5 - 'season' SQL Injection
Joomla! Component File Download Tracker 3.0 - SQL Injection
Joomla! Component Form Maker 3.6.12 - SQL Injection
Joomla! Component Gallery WD 1.3.6 - SQL Injection
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection
Joomla! Component JB Bus 2.3 - 'order_number' SQL Injection
Joomla! Component jGive 2.0.9 - SQL Injection
Joomla! Component JomEstate PRO 3.7 - 'id' SQL Injection
Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection
Joomla! Component JS Autoz 1.0.9 - SQL Injection
Joomla! Component JS Jobs 1.1.9 - SQL Injection
Joomla! Component JTicketing 2.0.16 - SQL Injection
Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
Joomla! Component NeoRecruit 4.1 - SQL Injection
Joomla! Component Project Log 1.5.3 - 'search' SQL Injection
Joomla! Component Realpin 1.5.04 - SQL Injection
Joomla! Component SimpleCalendar 3.1.9 - SQL Injection
Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection
Joomla! Component Solidres 2.5.1 - SQL Injection
Joomla! Component Staff Master 1.0 RC 1 - SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection
Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component Saxum Astro 4.0.14 - SQL Injection
Joomla! Component Saxum Numerology 3.0.4 - SQL Injection
Joomla! Component SquadManagement 1.0.3 - SQL Injection
Joomla! Component Saxum Picker 3.2.10 - SQL Injection
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery
PHIMS - Hospital Management Information System - 'Password' SQL Injection
PSNews Website 1.0.0 - 'Keywords' SQL Injection
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
2018-02-17 05:01:49 +00:00
Offensive Security
e630f8c249
DB: 2018-02-16
...
45 changes to exploits/shellcodes
Cisco ASA - Crash PoC
Cisco ASA - Crash (PoC)
GNU binutils 2.26.1 - Integer Overflow (POC)
GNU binutils 2.26.1 - Integer Overflow (PoC)
K7 Total Security 15.1.0.305 - Device Driver Arbitrary Memory Read
Linux Kernel - 'AF_PACKET' Use-After-Free
Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service
Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly (2)
Microsoft Edge Chakra JIT - Memory Corruption
Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass
Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions
Microsoft Edge Chakra JIT - 'Array.prototype.reverse' Array Type Confusion
Microsoft Edge Chakra JIT - 'NewScObjectNoCtor' Array Type Confusion
Microsoft Edge Chakra JIT - 'LdThis' Type Confusion
Pdfium - Pattern Shading Integer Overflows
Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace
Chrome V8 - 'Runtime_RegExpReplace' Integer Overflow
Hotspot Shield - Information Disclosure
Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation
Nitro Pro PDF - Multiple Vulnerabilities
Odoo CRM 10.0 - Code Execution
Dashlane - DLL Hijacking
LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation
LightDM (Ubuntu 16.04/16.10) - 'Guest Account' Local Privilege Escalation
Trustwave SWG 11.8.0.27 - SSH Unauthorized Access
Ichano AtHome IP Cameras - Multiple Vulnerabilities
Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution
Ikraus Anti Virus 2.16.7 - Remote Code Execution
McAfee Security Scan Plus - Remote Command Execution
OrientDB - Code Execution
360 Total Security - Local Privilege Escalation
HPE Intelligent Management Center (iMC) 7.2 (E0403P10) - Code Execution
Oracle Knowledge Management 12.1.1 < 12.2.5 - XML External Entity Leading To Remote Code Execution
iBall WRA150N - Multiple Vulnerabilities
GitStack - Unauthenticated Remote Code Execution
Monstra CMS - Remote Code Execution
Ametys CMS 4.0.2 - Unauthenticated Password Reset
DblTek - Multiple Vulnerabilities
FiberHome - Directory Traversal
PHP Melody 2.7.3 - Multiple Vulnerabilities
Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure
Horde Groupware 5.2.21 - Unauthorized File Download
QNAP HelpDesk < 1.1.12 - SQL Injection
Hanbanggaoke IP Camera - Arbitrary Password Change
McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution
Sophos XG Firewall 16.05.4 MR-4 - Path Traversal
Cisco DPC3928 Router - Arbitrary File Disclosure
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities
Geneko Routers - Unauthenticated Path Traversal
Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
2018-02-16 05:01:50 +00:00
Offensive Security