bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2261 commits 1 branch 0 tags 282 MiB
Commit graph

243 commits

Author SHA1 Message Date
Offensive Security
3a6748b9d9 DB: 2018-11-13 
15 changes to exploits/shellcodes

HeidiSQL 9.5.0.5196 - Denial of Service (PoC)
CuteFTP 9.3.0.3 - Denial of Service (PoC)
Mongoose Web Server 6.9 - Denial of Service (PoC)
Data Center Audit 2.6.2 - 'username' SQL Injection
TufinOS 2.17 Build 1193 - XML External Entity Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
Nominas 0.27 - 'username' SQL Injection
 2018-11-13 05:01:42 +00:00
Offensive Security
363500a603 DB: 2018-11-06 
13 changes to exploits/shellcodes

Softros LAN Messenger 9.2 - Denial of Service (PoC)
Microsoft Internet Explorer 11 - Null Pointer Dereference
LiquidVPN 1.36 / 1.37 - Privilege Escalation
Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
SiAdmin 1.1 - 'id' SQL Injection
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
WebVet 0.1a - 'id' SQL Injection
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
Mongo Web Admin 6.0 - Information Disclosure
PHP Proxy 3.0.3 - Local File Inclusion
Royal TS/X - Information Disclosure
Voovi Social Networking Script 1.0 - 'user' SQL Injection
 2018-11-06 05:01:40 +00:00
Offensive Security
ef70ec156b DB: 2018-10-31 
22 changes to exploits/shellcodes

ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
SIPp 3.3.990 - Local Buffer Overflow (PoC)
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
xorg-x11-server 1.20.3 - Privilege Escalation
Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)

Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
Electricks eCommerce 1.0 - 'prodid' SQL Injection
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
Webiness Inventory 2.9 - Arbitrary File Upload
NETGEAR WiFi Router R6120 - Credential Disclosure
MyBB Downloads 2.0.3 - SQL Injection
Expense Management 1.0 - Arbitrary File Upload
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
Notes Manager 1.0 - Arbitrary File Upload
Instagram Clone 1.0 - Arbitrary File Upload
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
CI User Login and Management 1.0 - Arbitrary File Upload

Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)
 2018-10-31 05:01:53 +00:00
Offensive Security
dac8dd4731 DB: 2018-10-25 
15 changes to exploits/shellcodes

Adult Filter 1.0 - Denial of Service (PoC)

Microsoft Data Sharing - Local Privilege Escalation (PoC)

Webmin 1.5 - Web Brute Force (CGI)

exim 4.90 - Remote Code Execution
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
SG ERP 1.0 - 'info' SQL Injection
Fifa Master XLS 2.3.2 - 'usw' SQL Injection
Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
Apache OFBiz 16.11.04 - XML External Entity Injection
D-Link Routers - Command Injection
D-Link Routers - Plaintext Password
D-Link Routers - Directory Traversal

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes
 2018-10-25 05:01:46 +00:00
Offensive Security
635345499a DB: 2018-10-18 
15 changes to exploits/shellcodes

Git Submodule - Arbitrary Code Execution
Git Submodule - Arbitrary Code Execution (PoC)
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
Git Submodule - Arbitrary Code Execution

Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)

Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials
BigTree CMS 4.2.23 - Cross-Site Scripting
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
Time and Expense Management System 3.0 - 'table' SQL Injection
 2018-10-18 05:01:46 +00:00
Offensive Security
712d629b6b DB: 2018-10-17 
13 changes to exploits/shellcodes

Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
VLC Media Player - MKV Use-After-Free (Metasploit)
HotelDruid 2.2.4 - 'anno' SQL Injection
Navigate CMS 2.8.5 - Arbitrary File Download
Library CMS 2.1.1 - Cross-Site Scripting
Kados R10 GreenBee - 'release_id' SQL Injection
Vishesh Auto Index 3.1 - 'fid' SQL Injection
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
 2018-10-17 05:01:42 +00:00
Offensive Security
731dd0f423 DB: 2018-10-16 
22 changes to exploits/shellcodes

Snes9K 0.0.9z - Buffer Overflow (SEH)

NoMachine < 5.3.27 - Remote Code Execution

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
FLIR Brickstream 3D+ - RTSP Stream Disclosure
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure

CAMALEON CMS 2.4 - Cross-Site Scripting
Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
AlchemyCMS 4.1 - Cross-Site Scripting
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
College Notes Management System 1.0 - 'user' SQL Injection
Advanced HRM 1.6 - Remote Code Execution
Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
Academic Timetable Final Build 7.0 - Information Disclosure
KORA 2.7.0 - 'cid' SQL Injection
 2018-10-16 05:01:45 +00:00
Offensive Security
9d143a6b42 DB: 2018-10-13 
22 changes to exploits/shellcodes

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection
Wikidforum 2.20 - Cross-Site Scripting
WAGO 750-881 01.09.18 - Cross-Site Scripting
E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
Phoenix Contact WebVisit 6.40.00 - Password Disclosure
HaPe PKH 1.1 - 'id' SQL Injection
LUYA CMS 1.0.12 - Cross-Site Scripting
Phoenix Contact WebVisit 2985725 - Authentication Bypass
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
CAMALEON CMS 2.4 - Cross-Site Scripting
HaPe PKH 1.1 - Arbitrary File Upload
SugarCRM 6.5.26 - Cross-Site Scripting
FluxBB < 1.5.6 - SQL Injection
 2018-10-13 05:01:46 +00:00
Offensive Security
b311000a22 DB: 2018-10-09 
16 changes to exploits/shellcodes

net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)
net-snmp 5.7.3 - Authenticated Denial of Service (PoC)
Linux - Kernel Pointer Leak via BPF
Android - sdcardfs Changes current->fs Without Proper Locking
360 3.5.0.1033 - Sandbox Escape
Git Submodule - Arbitrary Code Execution
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)
Cisco Prime Infrastructure - Unauthenticated Remote Code Execution
Unitrends UEB - HTTP API Remote Code Execution (Metasploit)
Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
Imperva SecureSphere 13 - Remote Command Execution

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
 2018-10-09 05:01:44 +00:00
Offensive Security
b602c2f493 DB: 2018-10-07 
2 changes to exploits/shellcodes

Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure
 2018-10-07 05:02:05 +00:00
Offensive Security
21717894fe DB: 2018-10-06 
4 changes to exploits/shellcodes

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR & DEP Bypass)

NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR)
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities
ISPConfig < 3.1.13 - Remote Command Execution
Chamilo LMS 1.11.8 - Cross-Site Scripting

Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)
Linux/x86 - execve(/bin/sh) + ROT-N/Shift-N/XOR-N Encoded Shellcode (77 bytes)

Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)
Linux/x86 - execve(/bin/sh) + ROT-13/RShift-2/XOR Encoded Shellcode (44 bytes)

Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (50 byes)
Linux/x86 - execve(/bin/sh) + NOT/SHIFT-N/XOR-N Encoded Shellcode (50 byes)
 2018-10-06 05:01:59 +00:00
Offensive Security
05328d91a4 DB: 2018-10-04 
5 changes to exploits/shellcodes

FTP Voyager 16.2.0 - Denial of Service (PoC)

OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
Zechat 1.5 - 'uname' SQL Injection
Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection
Airties AIR5342 1.0.0.18 - Cross-Site Scripting
RICOH MP C1803 JPN Printer - Cross-Site Scripting
 2018-10-04 05:01:54 +00:00
Offensive Security
716ece3cc6 DB: 2018-10-02 
13 changes to exploits/shellcodes

Snes9K 0.0.9z - Denial of Service (PoC)
Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
H2 Database 1.4.196 - Remote Code Execution
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
Fork CMS 5.4.0 - Cross-Site Scripting
Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection
Education Website 1.0 - 'subject' SQL Injection
Singleleg MLM Software 1.0 - 'msg_id' SQL Injection
Binary MLM Software 1.0 - 'pid' SQL Injection
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
WUZHICMS 2.0 - Cross-Site Scripting
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
 2018-10-02 05:01:58 +00:00
Offensive Security
6efd01d5b6 DB: 2018-09-27 
5 changes to exploits/shellcodes

TransMac 12.2 - Denial of Service (PoC)
CrossFont 7.5 - Denial of Service (PoC)

Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath

Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)
 2018-09-27 05:01:58 +00:00
Offensive Security
4e39fa0f91 DB: 2018-09-26 
35 changes to exploits/shellcodes

WebKit - 'WebCore::SVGAnimateElementBase::resetAnimatedType' Use-After-Free
WebKit - 'WebCore::AXObjectCache::handleMenuItemSelected' Use-After-Free
WebKit - 'WebCore::Node::ensureRareData' Use-After-Free
WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read
WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free
WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free
WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free
WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free
WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free
Easy PhoroResQ 1.0 - Buffer Overflow
Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit)
Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH)

Collectric CMU 1.0 - 'lang' SQL injection
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
RICOH MP C2003 Printer - Cross-Site Scripting
Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection
Super Cms Blog Pro 1.0 - SQL Injection
Joomla! Component Raffle Factory 3.5.2 - SQL Injection
Joomla! Component Music Collection 3.0.3 - SQL Injection
Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection
Joomla! Component Questions 1.4.3 - SQL Injection
Joomla! Component Jobs Factory 2.0.4 - SQL Injection
Joomla! Component Social Factory 3.8.3 - SQL Injection
RICOH MP C6503 Plus Printer - Cross-Site Scripting
Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component Swap Factory 2.2.1 - SQL Injection
Joomla! Component Collection Factory 4.1.9 - SQL Injection
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection
Joomla! Component Timetable Schedule 3.6.8 - SQL Injection
RICOH MP 305+ Printer - Cross-Site Scripting
RICOH MP C406Z Printer - Cross-Site Scripting
Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection

Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) + sigaction() Shellcode (52 Bytes)
 2018-09-26 05:02:43 +00:00
Offensive Security
ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
 2018-09-25 05:01:51 +00:00
Offensive Security
c7cec74ceb DB: 2018-09-20 
6 changes to exploits/shellcodes

Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
LG SuperSign EZ CMS 2.5 - Local File Inclusion
 2018-09-20 05:01:45 +00:00
Offensive Security
f1d68507cd DB: 2018-09-18 
7 changes to exploits/shellcodes

XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
Notebook Pro 2.0 - Denial Of Service (PoC)
Oracle VirtualBox Manager 5.2.18 r124319  - 'Name Attribute' Denial of Service (PoC)
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)

CA Release Automation NiMi 6.5 - Remote Command Execution

Gitweb 1.7.3.3 - Cross-Site Scripting
gitWeb 1.7.3.3 - Cross-Site Scripting
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection

Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)
Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes)
Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes)
Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes)
Linux/x86 - Read File (/etc/passwd) + MSF Optimized Shellcode (61 bytes)
Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)
Linux/x86 - echo _Hello World_ + Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
 2018-09-18 05:01:45 +00:00
Offensive Security
b42759b8b8 DB: 2018-09-13 
15 changes to exploits/shellcodes

jiNa OCR Image to Text 1.0 - Denial of Service (PoC)
PixGPS 1.1.8 - Denial of Service (PoC)
RoboImport 1.2.0.72 - Denial of Service (PoC)
PicaJet FX 2.6.5 - Denial of Service (PoC)
iCash 7.6.5 - Denial of Service (PoC)
PDF Explorer 1.5.66.2 - Denial of Service (PoC)
Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC)
Apple macOS 10.13.4 - Denial of Service (PoC)
CirCarLife SCADA 4.3.0 - Credential Disclosure
Rubedo CMS 3.4.0 - Directory Traversal
SynaMan 4.0 build 1488 - Authenticated Cross-Site Scripting (XSS)
SynaMan 4.0 build 1488 - SMTP Credential Disclosure
IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection
MyBB 1.8.17 - Cross-Site Scripting
LG Smart IP Camera 1508190 - Backup File Download
 2018-09-13 05:01:52 +00:00
Offensive Security
87053f010c DB: 2018-09-11 
12 changes to exploits/shellcodes

SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH)
Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH)
Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Zenmap (Nmap) 7.70 - Denial of Service (PoC)
Ghostscript - Failed Restore Command Execution (Metasploit)
VirtualBox 5.2.6.r120293 - VM Escape

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities
RPi Cam Control < 6.3.14 - Multiple Vulnerabilities
LW-N605R 12.20.2.1486 - Remote Code Execution
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
 2018-09-11 05:01:54 +00:00
Offensive Security
76af808136 DB: 2018-09-08 
6 changes to exploits/shellcodes

DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH)
iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow (SEH)

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution

D-Link Dir-600M N150 - Cross-Site Scripting
MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection
Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
QNAP Photo Station 5.7.0 - Cross-Site Scripting
 2018-09-08 05:01:54 +00:00
Offensive Security
8379495e8e DB: 2018-09-07 
10 changes to exploits/shellcodes

Cisco Umbrella Roaming Client 2.0.168 - Privilege Escalation

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)

Tenda ADSL Router D152 - Cross-Site Scripting
Jorani Leave Management 0.6.5 - Cross-Site Scripting
Jorani Leave Management 0.6.5 - 'startdate' SQL Injection
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
Online Quiz Maker 1.0 - 'catid' SQL Injection
Logicspice FAQ Script 2.9.7 - Remote Code Execution
PHP File Browser Script 1 - Directory Traversal
Online Quiz Maker 1.0 - 'catid' SQL Injection
D-Link Dir-600M N150 - Cross-Site Scripting
Logicspice FAQ Script 2.9.7 - Remote Code Execution
PHP File Browser Script 1 - Directory Traversal
 2018-09-07 05:01:55 +00:00
Offensive Security
32f471140a DB: 2018-09-06 
18 changes to exploits/shellcodes

Microsoft people 10.1807.2131.0 - Denial of service (PoC)

GNU glibc < 2.27 - Local Buffer Overflow

UltraISO 9.7.1.3519 - Buffer Overflow (SEH)

JBoss 4.2.x/4.3.x - Information Disclosure

Git < 2.17.1 - Remote Code Execution

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

Monstra CMS 3.0.4 - Remote Code Execution

OpenDaylight - SQL Injection
Tenda ADSL Router D152 - Cross-Site Scripting

Pivotal Spring Java Framework < 5.0 - Remote Code Execution
 2018-09-06 05:01:55 +00:00
Offensive Security
a0f0afa2de DB: 2018-09-01 
5 changes to exploits/shellcodes

Acunetix WVS Reporter 10.0 - Denial of Service (PoC)
Argus Surveillance DVR 4.0.0.0 - Privilege Escalation
Network Manager VPNC - Username Privilege Escalation (Metasploit)
Vox TG790 ADSL Router - Cross-Site Scripting
DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)
 2018-09-01 05:01:55 +00:00
Offensive Security
011bb3564a DB: 2018-08-31 
8 changes to exploits/shellcodes

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC)
Nord VPN 6.14.31 - Denial of Service (PoC)
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
DLink DIR-601 - Credential Disclosure
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting

Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
 2018-08-31 05:01:57 +00:00
Offensive Security
444206a6be DB: 2018-08-30 
21 changes to exploits/shellcodes

NASA openVSP 3.16.1 - Denial of Service (PoC)
Immunity Debugger 1.85 - Denial of Service (PoC)
ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)
Fathom 2.4 - Denial Of Service (PoC)
Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)
Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)
HD Tune Pro 5.70 - Denial of Service (PoC)
Drive Power Manager 1.10 - Denial Of Service (PoC)
Easy PhotoResQ 1.0 - Denial Of Service (PoC)
Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC)
SIPP 3.3 - Stack-Based Buffer Overflow
R 3.4.4 - Buffer Overflow (SEH)

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure
phpMyAdmin 4.7.x - Cross-Site Request Forgery
Episerver 7 patch 4 - XML External Entity Injection
Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes)
Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode
Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes)
Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)
 2018-08-30 05:01:54 +00:00
Offensive Security
18e2848633 DB: 2018-08-28 
25 changes to exploits/shellcodes

Firefox 55.0.3 - Denial of Service (PoC)
Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)
Libpango 1.40.8 - Denial of Service (PoC)
Adobe Flash - AVC Processing Out-of-Bounds Read

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
CuteFTP 5.0 - Buffer Overflow
Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

OpenSSH 7.7 - Username Enumeration
OpenSSH 2.3 < 7.7 - Username Enumeration
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (2)
Node.JS - 'node-serialize' Remote Code Execution
Electron WebPreferences - Remote Code Execution
HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

Auditor Website 2.0.1 - Cross-Site Scripting
Basic B2B Script 2.0.0 - Cross-Site Scripting
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting

Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
LiteCart 2.1.2 - Arbitrary File Upload
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
Responsive FileManager < 9.13.4 - Directory Traversal
WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection
 2018-08-28 05:01:59 +00:00
Offensive Security
1ebf504a96 DB: 2018-08-25 
2 changes to exploits/shellcodes

SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
 2018-08-25 05:01:56 +00:00
Offensive Security
b81a1d9d72 DB: 2018-08-23 
12 changes to exploits/shellcodes

Textpad 7.6.4 - Denial Of Service (PoC)
UltraISO 9.7.1.3519 - Denial Of Service (PoC)
Easyboot 6.6.0 - Denial Of Service (PoC)
Softdisk 3.0.3 - Denial Of Service (PoC)

Soroush IM Desktop App 0.17.0 - Authentication Bypass
Project64 2.3.2 - Buffer Overflow (SEH)
Ghostscript - Multiple Vulnerabilities
Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation

OpenSSH 2.3 < 7.4 - Username Enumeration (PoC)
OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)

Geutebrueck re_porter 7.8.974.20 - Credential Disclosure
ZyXEL VMG3312-B10B - Cross-Site Scripting
KingMedia 4.1 - Remote Code Execution
Geutebrueck re_porter 16 - Cross-Site Scripting
 2018-08-23 05:01:49 +00:00
Offensive Security
8750f2fdd7 DB: 2018-08-22 
6 changes to exploits/shellcodes

Project64 2.3.2 - Denial Of Service (PoC)

Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution
Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code Execution
OpenSSH 7.7 - Username Enumeration

WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
Twitter-Clone 1 - 'userid' SQL Injection
Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)
Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
 2018-08-22 05:01:45 +00:00
Offensive Security
16744756bc DB: 2018-08-18 
10 changes to exploits/shellcodes

TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
CEWE Photoshow 6.3.4 - Denial of Service (PoC)
Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl
Microsoft Edge Chakra JIT - Scope Parsing Type Confusion
Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion
Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion
Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion

OpenSSH 2.3 < 7.4 - Username Enumeration (PoC)

Mikrotik WinBox 6.42 - Credential Disclosure (golang)

Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)

Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection

ADM 3.1.2RHG1 - Remote Code Execution
 2018-08-18 05:01:47 +00:00
Offensive Security
2e282df4a8 DB: 2018-08-16 
3 changes to exploits/shellcodes

JioFi 4G M2S 1.0.2 - Denial of Service (PoC)
ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection
ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass
 2018-08-16 05:02:01 +00:00
Offensive Security
e5c23cdd53 DB: 2018-08-13 
4 changes to exploits/shellcodes

LG NAS 3718.510.a0 - Remote Command Execution
Monstra 3.0.4 - Cross-Site Scripting
Wavemaker Studio 6.6 - Server-Side Request Forgery
Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking)
 2018-08-13 05:01:45 +00:00
Offensive Security
1d21694058 DB: 2018-08-10 
13 changes to exploits/shellcodes

reSIProcate 1.10.2 - Heap Overflow

CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)

AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)

Linux Kernel  4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)

Responsive Filemanager 9.13.1 - Server-Side Request Forgery

Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection

Sitecore.Net 8.1 - Directory Traversal

Monstra 3.0.4 - Cross-Site Scripting
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
 2018-08-10 05:01:46 +00:00
Offensive Security
9d8170fd85 DB: 2018-08-09 
9 changes to exploits/shellcodes

TP-Link Wireless N Router WR840N - Denial of Service (PoC)

Splinterware System Scheduler Pro 5.12 - Privilege Escalation
iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow
iSmartViewPro 1.5 - 'Account' Buffer Overflow

OpenEMR < 5.0.1 - Remote Code Execution

Kirby CMS 2.5.12 - Cross-Site Scripting
osTicket 1.10.1 - Arbitrary File Upload
LG-Ericsson iPECS NMS 30M - Directory Traversal
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
Monstra 3.0.4 - Cross-Site Scripting
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
Monstra 3.0.4 - Cross-Site Scripting
 2018-08-09 05:01:53 +00:00
Offensive Security
addac3a875 DB: 2018-08-07 
9 changes to exploits/shellcodes

mySCADA myPRO 7 - Hard-Coded Credentials

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload

Open-AudIT Community 2.2.6 - Cross-Site Scripting
Subrion CMS 4.2.1 - Cross-Site Scripting
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
CMS ISWEB 3.5.3 - Directory Traversal
Monstra 3.0.4 - Cross-Site Scripting
 2018-08-07 05:01:44 +00:00
Offensive Security
9ea5e15796 DB: 2018-08-03 
13 changes to exploits/shellcodes

Sun Solaris 11.3 AVS - Local Kernel root Exploit

Allok Fast AVI MPEG Splitter 1.2 - Buffer Overflow (PoC)
AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)
Imperva SecureSphere 11.5 / 12.0 / 13.0 - Privilege Escalation
SecureSphere 12.0.0.50 - SealMode Shell Escape (Metasploit)

wityCMS 0.6.1 - Cross-Site Scripting

Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting
WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)
TI Online Examination System v2 - Arbitrary File Download
PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQL Injection
CoSoSys Endpoint Protector 4.5.0.1 - Authenticated Remote Root Command Injection
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection
ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution
Seq 4.2.476 - Authentication Bypass
 2018-08-03 05:01:46 +00:00
Offensive Security
cfbfaba0a7 DB: 2018-07-27 
3 changes to exploits/shellcodes

Core FTP 2.0 - 'XRMD' Denial of Service (PoC)

Inteno’s IOPSYS - (Authenticated) Local Privilege Escalation

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
 2018-07-27 05:01:45 +00:00
Offensive Security
1d504e24f2 DB: 2018-07-25 
3 changes to exploits/shellcodes

Nagios Core 4.4.1 - Denial of Service

Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)

D-link DAP-1360 - Path Traversal / Cross-Site Scripting

Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (100 bytes)
 2018-07-25 05:01:46 +00:00
Offensive Security
300aada6a5 DB: 2018-07-24 
7 changes to exploits/shellcodes

Windows Speech Recognition - Buffer Overflow

Knox Software Arkeia 4.0 - Backup Local Overflow
Knox Arkeia 4.0 Backup - Local Overflow

Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)

Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit)
Knox Arkeia Backup Client 5.3.3 Type 77 (OSX) - Overflow (Metasploit)

Microsoft Windows - 'dnslint.exe' Drive-By Download
NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution
Davolink DVW 3200 Router - Password Disclosure
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)

Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)
 2018-07-24 05:01:45 +00:00
Offensive Security
939bd7d9cd DB: 2018-07-23 
1 changes to exploits/shellcodes

GeoVision GV-SNVR0811 - Directory Traversal
 2018-07-23 05:01:45 +00:00
Offensive Security
350bb348ff DB: 2018-07-21 
3 changes to exploits/shellcodes

TP-Link TL-WR840N - Denial of Service

WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting
WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting
MSVOD 10 - 'cid' SQL Injection
Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass
 2018-07-21 05:01:50 +00:00
Offensive Security
1f88d0a67a DB: 2018-07-18 
10 changes to exploits/shellcodes

Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass
Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials
QNAP Q'Center - change_passwd Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs RCE (Metasploit)
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root

Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)
 2018-07-18 05:01:47 +00:00
Offensive Security
a657b64301 DB: 2018-07-17 
7 changes to exploits/shellcodes

macOS/iOS - JavaScript Injection Bug in OfficeImporter
Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)
Hadoop YARN ResourceManager - Command Execution (Metasploit)

VelotiSmart WiFi B-380 Camera - Directory Traversal
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting

Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)
 2018-07-17 05:01:49 +00:00
Offensive Security
b374aca9a3 DB: 2018-07-14 
10 changes to exploits/shellcodes

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow

Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)

HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit)
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)

IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)
IBM QRadar SIEM - Remote Code Execution (Metasploit)
Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)
Apache CouchDB - Arbitrary Command Execution (Metasploit)
phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)
Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)

Dolibarr 3.2.0 < Alpha - File Inclusion
Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion

Dolibarr ERP/CRM - OS Command Injection
Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection

Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection
Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection

Dolibarr CMS 3.5.3 - Multiple Vulnerabilities
Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities

Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr ERP/CRM 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr ERP/CRM - '/user/index.php' Multiple SQL Injections
Dolibarr ERP/CRM - '/user/info.php?id' SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php?rowid' SQL Injection
Dolibarr ERP/CRM 3.1.0 - '/user/index.php' Multiple SQL Injections
Dolibarr ERP/CRM 3.1.0 - '/user/info.php?id' SQL Injection
Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection

Dolibarr CMS 3.x - '/adherents/fiche.php' SQL Injection
Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection

Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities

Dolibarr 7.0.0 - SQL Injection
Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection

Dolibarr ERP CRM  < 7.0.3 - PHP Code Injection
Dolibarr ERP/CRM  < 7.0.3 - PHP Code Injection

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution

WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure
Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery
 2018-07-14 05:01:50 +00:00
Offensive Security
02fa7c70d3 DB: 2018-07-11 
9 changes to exploits/shellcodes

HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit)
HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit)
OpenSSH < 6.6 SFTP (x64) - Command Execution
OpenSSH < 6.6 SFTP - Command Execution

ModSecurity 3.0.0 - Cross-Site Scripting
Gitea 1.4.0 - Remote Code Execution
WolfSight CMS 3.2 - SQL Injection
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
Elektronischer Leitz-Ordner 10 - SQL Injection
D-Link DIR601 2.02 - Credential Disclosure
 2018-07-11 05:01:52 +00:00
Offensive Security
08110782dd DB: 2018-07-06 
4 changes to exploits/shellcodes

ADB Broadband Gateways / Routers - Local Root Jailbreak
ADB Broadband Gateways / Routers - Privilege Escalation

ADB Broadband Gateways / Routers - Authorization Bypass

SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection
 2018-07-06 05:01:46 +00:00
Offensive Security
e8a3702c6c DB: 2018-07-03 
11 changes to exploits/shellcodes

Core FTP LE 2.2 - Buffer Overflow (PoC)
SIPp 3.6 - Local Buffer Overflow (PoC)
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)

Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection
FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)
Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
Dolibarr ERP CRM  < 7.0.3 - PHP Code Injection

Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)
 2018-07-03 05:01:48 +00:00
Offensive Security
fdf8bfe785 DB: 2018-06-29 
5 changes to exploits/shellcodes

Microsoft Windows - WRITE_ANDX SMB command handling Kernel Denial of Service (Metasploit)
Microsoft Windows - 'WRITE_ANDX' SMB Command Handling Kernel Denial of Service (Metasploit)

freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - (Authenticated) SFTP 'rename' Remote Buffer Overflow (PoC)

freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow (PoC)
freeSSHd 1.2.1 - (Authenticated) SFTP 'realpath' Remote Buffer Overflow (PoC)

Novell Groupwise 8.0 - Malformed RCPT Command Off-by-One
Novell Groupwise 8.0 - 'RCPT' Off-by-One

WarFTPd 1.82.00-RC12 - LIST command Format String Denial of Service
WarFTPd 1.82.00-RC12 - 'LIST' Format String Denial of Service

Sysax Multi Server < 5.25 (SFTP Module) - Multiple Commands Denial of Service Vulnerabilities
Sysax Multi Server < 5.25 (SFTP Module) - Multiple Denial of Service Vulnerabilities
Novell Groupwise Internet Agent - IMAP LIST Command Remote Code Execution
Novell Groupwise Internet Agent - IMAP LIST LSUB Command Remote Code Execution
Novell Groupwise Internet Agent - IMAP 'LIST' Remote Code Execution
Novell Groupwise Internet Agent - IMAP 'LIST LSUB' Remote Code Execution

Solar FTP Server 2.0 - Multiple Commands Denial of Service Vulnerabilities
Solar FTP Server 2.0 - Multiple Denial of Service Vulnerabilities

LiteServe 2.81 - PASV Command Denial of Service
LiteServe 2.81 - 'PASV' Denial of Service

Notepad++ NppFTP plugin - LIST command Remote Heap Overflow (PoC)
Notepad++ NppFTP Plugin - 'LIST' Remote Heap Overflow (PoC)

TYPSoft FTP Server 1.10 - Multiple Commands Denial of Service Vulnerabilities
TYPSoft FTP Server 1.10 - Multiple Denial of Service Vulnerabilities

WFTPD 2.4.1RC11 - STAT/LIST Command Denial of Service
WFTPD 2.4.1RC11 - 'STAT'/'LIST' Denial of Service

WFTPD 2.4.1RC11 - MLST Command Remote Denial of Service
WFTPD 2.4.1RC11 - 'MLST' Remote Denial of Service

Oracle 8i - dbsnmp Command Remote Denial of Service
Oracle 8i - 'dbsnmp' Remote Denial of Service

Mollensoft Software Enceladus Server Suite 3.9 - FTP Command Buffer Overflow
Mollensoft Software Enceladus Server Suite 3.9 - 'FTP' Buffer Overflow

GuildFTPd 0.999.8 - CWD Command Denial of Service
GuildFTPd 0.999.8 - 'CWD' Denial of Service

Xlight FTP Server 1.25/1.41 - PASS Command Remote Buffer Overflow
Xlight FTP Server 1.25/1.41 - 'PASS'  Remote Buffer Overflow

RobotFTP Server 1.0/2.0 - Remote Command Denial of Service
RobotFTP Server 1.0/2.0 - Remote Denial of Service
RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (1)
RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (2)
RhinoSoft Serv-U FTPd Server 3/4/5 - MDTM Command Time Argument Buffer Overflow (3)
RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow (1)
RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow (2)
RhinoSoft Serv-U FTPd Server 3/4/5 - 'MDTM' Time Argument Buffer Overflow (3)

Opera Web Browser 7.54 - KDE KFMCLIENT Remote Command Execution
Opera Web Browser 7.54 - 'KDE KFMCLIENT' Remote Command Execution

MailEnable 1.x - SMTP HELO Command Remote Denial of Service
MailEnable 1.x - SMTP 'HELO' Remote Denial of Service

HP Printer FTP Print Server 2.4.5 - List Command Buffer Overflow
HP Printer FTP Print Server 2.4.5 - 'LIST'  Buffer Overflow

HP JetDirect FTP Print Server - RERT Command Denial of Service
HP JetDirect FTP Print Server - 'RERT' Denial of Service

FSD 2.052/3.000 - servinterface.cc servinterface::sendmulticast Function PIcallsign Command Remote Overflow
FSD 2.052/3.000 - 'servinterface.cc servinterface::sendmulticast' 'PIcallsign' Command Remote Overflow

freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service
freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Remote Denial of Service

Qbik WinGate 6.2.2 - LIST Command Remote Denial of Service
Qbik WinGate 6.2.2 - 'LIST'  Remote Denial of Service

Quick 'n Easy FTP Server 3.9.1 - USER Command Remote Buffer Overflow
Quick 'n Easy FTP Server 3.9.1 - 'USER'  Remote Buffer Overflow
Ability FTP Server 2.1.4 - 'afsmain.exe' USER Command Remote Denial of Service
Ability FTP Server 2.1.4 - Admin Panel AUTHCODE Command Remote Denial of Service
Ability FTP Server 2.1.4 - 'afsmain.exe' 'USER' Remote Denial of Service
Ability FTP Server 2.1.4 - Admin Panel 'AUTHCODE' Remote Denial of Service

Resolv+ (RESOLV_HOST_CONF) - Linux Library Command Execution
Resolv+ 'RESOLV_HOST_CONF' - Linux Library Command Execution

Platform Load Sharing Facility 4/5 - LSF_ENVDIR Local Command Execution
Platform Load Sharing Facility 4/5 - 'LSF_ENVDIR' Local Command Execution

Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Exeuction
Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Execution

Golden FTP Server 4.70 - PASS Command Buffer Overflow
Golden FTP Server 4.70 - 'PASS'  Buffer Overflow

EasyFTP Server 1.7.0.11 - MKD Command Stack Buffer Overflow (Metasploit)
EasyFTP Server 1.7.0.11 - 'MKD' Stack Buffer Overflow (Metasploit)

Vermillion FTP Daemon - PORT Command Memory Corruption (Metasploit)
Vermillion FTP Daemon - 'PORT' Memory Corruption (Metasploit)

EasyFTP Server 1.7.0.11 - LIST Command Stack Buffer Overflow (Metasploit)
EasyFTP Server 1.7.0.11 - 'LIST'  Stack Buffer Overflow (Metasploit)

EasyFTP Server 1.7.0.11 - CWD Command Stack Buffer Overflow (Metasploit)
EasyFTP Server 1.7.0.11 - 'CWD' Stack Buffer Overflow (Metasploit)

HP OpenView Network Node Manager (OV NNM) - connectedNodes.ovpl Remote Command Execution (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'connectedNodes.ovp'l Remote Command Execution (Metasploit)

Zabbix Agent - net.tcp.listen Command Injection (Metasploit)
Zabbix Agent - 'net.tcp.listen' Command Injection (Metasploit)

Actfax FTP Server 4.27 - USER Command Stack Buffer Overflow (Metasploit)
Actfax FTP Server 4.27 - 'USER'  Stack Buffer Overflow (Metasploit)
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - rpc.ypupdated Command Execution (1)
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - rpc.ypupdated Command Execution (2)
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - 'rpc.ypupdated' Command Execution (1)
HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - 'rpc.ypupdated' Command Execution (2)

Majordomo 1.89/1.90 - lists Command Execution
Majordomo 1.89/1.90 - 'lists' Command Execution

PALS Library System WebPALS 1.0 - pals-cgi Arbitrary Command Execution
PALS Library System WebPALS 1.0 - 'pals-cgi' Arbitrary Command Execution

SGI IRIX 6.x - rpc.xfsmd Remote Command Execution
SGI IRIX 6.x - 'rpc.xfsmd' Remote Command Execution

HP-UX FTPD 1.1.214.4 - REST Command Memory Disclosure
HP-UX FTPD 1.1.214.4 - 'REST' Memory Disclosure

Sami FTP Server 2.0.1 - LIST Command Buffer Overflow
Sami FTP Server 2.0.1 - 'LIST'  Buffer Overflow

Sami FTP Server - LIST Command Buffer Overflow (Metasploit)
Sami FTP Server - 'LIST'  Buffer Overflow (Metasploit)

PineApp Mail-SeCure - livelog.html Arbitrary Command Execution (Metasploit)
PineApp Mail-SeCure - 'livelog.html' Arbitrary Command Execution (Metasploit)

FSD 2.052/3.000 - sysuser.cc sysuser::exechelp Function HELP Command Remote Overflow
FSD 2.052/3.000 - 'sysuser.cc sysuser::exechelp' 'HELP' Remote Overflow

HP Data Protector - EXEC_BAR Remote Command Execution
HP Data Protector - 'EXEC_BAR' Remote Command Execution

IPtools 0.1.4 - Remote Command Server Buffer Overflow
IPtools 0.1.4 - Remote Buffer Overflow

TWiki 20030201 - search.pm Remote Command Execution
TWiki 20030201 - 'search.pm' Remote Command Execution
AWStats 6.0 < 6.2 - configdir Remote Command Execution (C)
AWStats 6.0 < 6.2 - configdir Remote Command Execution (Perl)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (C)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (Perl)

Guppy 4.5.9 - 'REMOTE_ADDR' Remote Commands Execution
Guppy 4.5.9 - 'REMOTE_ADDR' Remote Command Execution

SimpleBBS 1.1 - Remote Commands Execution
SimpleBBS 1.1 - Remote Command Execution

SimpleBBS 1.1 - Remote Commands Execution (C)
SimpleBBS 1.1 - Remote Command Execution (C)

Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution
Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution
phpBB 2.0.17 - 'signature_bbcode_uid' Remote Command
phpDocumentor 1.3.0 rc4 - Remote Commands Execution
phpBB 2.0.17 - 'signature_bbcode_uid' Remot Command
phpDocumentor 1.3.0 rc4 - Remote Command Execution
CPGNuke Dragonfly 9.0.6.1 - Remote Commands Execution
SPIP 1.8.2g - Remote Commands Execution
CPGNuke Dragonfly 9.0.6.1 - Remote Command Execution
SPIP 1.8.2g - Remote Command Execution

DocMGR 0.54.2 - 'file_exists' Remote Commands Execution
DocMGR 0.54.2 - 'file_exists' Remote Command Execution
EnterpriseGS 1.0 rc4 - Remote Commands Execution
FlySpray 0.9.7 - 'install-0.9.7.php' Remote Commands Execution
EnterpriseGS 1.0 rc4 - Remote Command Execution
FlySpray 0.9.7 - 'install-0.9.7.php' Remote Command Execution

PHPKIT 1.6.1R2 - 'filecheck' Remote Commands Execution
PHPKIT 1.6.1R2 - 'filecheck' Remote Command Execution

Coppermine Photo Gallery 1.4.3 - Remote Commands Execution
Coppermine Photo Gallery 1.4.3 - Remote Command Execution

GeekLog 1.x - 'error.log' (gpc = Off) Remote Commands Execution
GeekLog 1.x - 'error.log' Remote Command Execution

PHP-Stats 0.1.9.1 - Remote Commands Execution
PHP-Stats 0.1.9.1 - Remote Commans Execution

Gallery 2.0.3 - stepOrder[] Remote Commands Execution
Gallery 2.0.3 - 'stepOrder[]' Remote Command Execution

phpList 2.10.2 - GLOBALS[] Remote Code Execution
phpList 2.10.2 - 'GLOBALS[]' Remote Code Execution

Simplog 0.9.2 - 's' Remote Commands Execution
Simplog 0.9.2 - 's' Remote Command Execution

phpWebSite 0.10.2 - 'hub_dir' Remote Commands Execution
phpWebSite 0.10.2 - 'hub_dir' Remote Command Execution

phpGroupWare 0.9.16.010 - GLOBALS[] Remote Code Execution
phpGroupWare 0.9.16.010 - 'GLOBALS[]' Remote Code Execution

GuppY 4.5.16 - Remote Commands Execution
GuppY 4.5.16 - Remote Command Execution

AWStats 6.1 < 6.2 - configdir Remote Command Execution (Metasploit)
AWStats 6.1 < 6.2 - 'configdir' Remote Command Execution (Metasploit)

Achievo 0.7/0.8/0.9 - Remote File Inclusion Command Execution
Achievo 0.7/0.8/0.9 - Remote File Inclusion / Command Execution

SiteInteractive Subscribe Me - Setup.pl Arbitrary Command Execution
SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution
BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)
HongCMS 3.0.0 - SQL Injection
hycus CMS 1.0.4 - Authentication Bypass
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal
 2018-06-29 05:01:52 +00:00
Offensive Security
2c912f897c DB: 2018-06-27 
3 changes to exploits/shellcodes

PoDoFo 0.9.5 - Buffer Overflow

Liferay Portal < 7.0.4 - Server-Side Request Forgery
 2018-06-27 05:01:48 +00:00