Offensive Security
6ab9a26ee4
DB: 2017-06-27
...
10 new exploits
PHP Exif Extension - 'exif_read_data()' Function Remote Denial of Service
PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service
PHP phar extension 1.1.1 - Heap Overflow
PHP 'phar' Extension 1.1.1 - Heap Overflow
PHP 5.2.1 GD Extension - '.WBMP' File Integer Overflow Vulnerabilities
PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow Vulnerabilities
PHP 5.3.1 - 'session_save_path()' 'Safe_mode' Restriction-Bypass
PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot
PHP 5.3.2 xmlrpc Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.2 'xmlrpc' Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.x - 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x - 'Zip' Extension 'stream_get_contents()' Function Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_encrypt Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_decrypt Function Ciphertext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service
unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write
unrar 5.40 - 'VMSF_DELTA' Filter Arbitrary Memory Write
NTFS 3.1 - Master File Table Denial of Service
LAME 3.99.5 - 'II_step_one' Buffer Overflow
LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow
PHP COM extensions - (inconsistent Win32) Safe_mode Bypass Exploit
PHP 'COM' Extensions - (inconsistent Win32) 'safe_mode' Bypass Exploit
PHP 5.2.3 Tidy extension - Local Buffer Overflow
PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow
PHP 5.2.3 - Win32std ext. Safe_mode/disable_functions Protections Bypass
PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass
PHP 5.x - (Win32service) Local Safe Mode Bypass Exploit
PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass Exploit
PHP FFI Extension 5.0.5 - Local Safe_mode Bypass
PHP Perl Extension - Safe_mode BypassExploit
PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit
PHP 'Perl' Extension - 'Safe_mode' Bypass Exploit
PHP 4.4.7 / 5.2.3 - MySQL/MySQL Injection Safe Mode Bypass
PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit
PHP 5.2.4 ionCube extension - Safe_mode / disable_functions Bypass
PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass
PHP 5.x - COM functions Safe_mode and disable_function Bypass
PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass
PHP 5.2.6 - (error_log) Safe_mode Bypass
PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit
PHP - Safe_mode Bypass via proc_open() and custom Environment
PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment
PHP python extension safe_mode - Bypass Local
PHP 'python' Extension - 'safe_mode' Local Bypass Exploit
PHP 3 < 5 - Ini_Restore() Safe_mode and open_basedir Restriction Bypass
PHP 3 < 5 - Ini_Restore() 'Safe_mode' / 'open_basedir' Restriction Bypass
PHP 5.2 - Session.Save_Path() Safe_mode and open_basedir Restriction Bypass
PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass
PHP 5.2 - FOpen Safe_mode Restriction-Bypass
PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Exploit
PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities
PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities
suPHP 0.7 - 'suPHP_ConfigPath' Safe Mode Restriction-Bypass
suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit
PHP 5.2.9 cURL - 'Safe_mode' and 'open_basedir' Restriction-Bypass
PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit
JAD Java Decompiler 1.5.8e - Buffer Overflow
Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass/RCI Exploit
Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection Exploit
Network Tool 0.2 PHP-Nuke Addon - MetaCharacter Filtering Command Execution
PHP-Nuke Network Tool 0.2 Addon - MetaCharacter Filtering Command Execution
PHP 4.x/5.x - Html_Entity_Decode() Information Disclosure
PHP 4.x/5.x - 'Html_Entity_Decode()' Information Disclosure
PHP 4.x - copy() Function Safe Mode Bypass
PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit
PHP 5.2.5 - cURL 'safe mode' Security Bypass
PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit
PHP 5.x (5.3.x 5.3.2) - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution
Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution
Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)
Crypttech CryptoLog - Remote Code Execution (Metasploit)
Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)
Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit)
Linux/x86 - Bind Shell Shellcode (75 bytes)
JiRos Banner Experience 1.0 - (Create Authentication Bypass) Remote Exploit
JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit
XOOPS myAds Module - (lid) SQL Injection
XOOPS myAds Module - 'lid' SQL Injection
PHP-Update 2.7 - extract() Authentication Bypass / Shell Inject Exploit
PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit
Kolang - proc_open PHP safe mode Bypass 4.3.10 - 5.3.0 Exploit
Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit
SmarterMail 7.x (7.2.3925) - Persistent Cross-Site Scripting
SmarterMail 7.x (7.2.3925) - LDAP Injection
SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting
SmarterMail < 7.2.3925 - LDAP Injection
MaticMarket 2.02 for PHP-Nuke - Local File Inclusion
PHP-Nuke MaticMarket 2.02 - Local File Inclusion
WordPress Plugin BuddyPress plugin 1.5.x < 1.5.5 - SQL Injection
WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection
Search Enhanced Module 1.1/2.0 for PHP-Nuke - HTML Injection
PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection
SonicWALL Gms 7.x - Filter Bypass & Persistent Exploit
SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Exploit
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit
PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock)
PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock)
phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection
pragmaMx 1.12.1 - modules.php URI Cross-Site Scripting
pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting
Glossaire Module for XOOPS - '/modules/glossaire/glossaire-aff.php' SQL Injection
XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection
ATutor LMS - install_modules.php Cross-Site Request Forgery / Remote Code Execution
ATutor LMS - 'install_modules.php' Cross-Site Request Forgery / Remote Code Execution
vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
Eltek SmartPack - Backdoor Account
2017-06-27 05:01:26 +00:00
Offensive Security
df0343af6d
DB: 2017-06-22
...
13 new exploits
Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Pool Memory Disclosure
Microsoft Windows - 'IOCTL 0x390400_ operation code 0x00020000' Kernel KsecDD Pool Memory Disclosure
Microsoft Windows - 'IOCTL_MOUNTMGR_QUERY_POINTS' Kernel Mountmgr Pool Memory Disclosure
Microsoft Windows - '0x224000 IOCTL (WmiQueryAllData)' Kernel WMIDataDevice Pool Memory Disclosure
Microsoft Windows - 'win32k!NtGdiEnumFonts' Kernel Pool Memory Disclosure
Microsoft Windows - 'IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS' volmgr Pool Memory Disclosure
Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_GEOMETRY_EX' Kernel partmgr Pool Memory Disclosure
Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_LAYOUT_EX' Kernel partmgr Pool Memory Disclosure
Microsoft Windows - 'nt!NtQueryVolumeInformationFile (FileFsVolumeInformation)' Kernel Pool Memory Disclosure
Microsoft Windows - 'nt!NtNotifyChangeDirectoryFile' Kernel Pool Memory Disclosure
Microsoft Windows - 'nt!KiDispatchException' Kernel Stack Memory Disclosure in Exception Handling
sudo 1.8.0 < 1.8.3p1 (sudo_debug) - glibc FORTIFY_SOURCE Bypass + Privilege Escalation
sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation
Linux Kernel 3.14.5 (RHEL / CentOS 7) - 'libfutex' Privilege Escalation
Linux Kernel 3.14.5 (CentOS 7 / RHEL) - 'libfutex' Privilege Escalation
Sudo 1.8.14 - Unauthorized Privilege
Sudo 1.8.14 (RHEL 5/6/7 / Ubuntu) - 'Sudoedit' Unauthorized Privilege Escalation
Linux/x86 - Reverse UDP Shellcode (668 bytes)
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
2017-06-22 05:01:27 +00:00
Offensive Security
a090330e55
DB: 2017-06-16
...
6 new exploits
Avast aswSnx.sys Kernel Driver 11.1.2253 - Memory Corruption Privilege Escalation
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without Egg-Hunter) (Metasploit)
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without EggHunter) (Metasploit)
VX Search Enterprise 9.7.18 - Local Buffer Overflow
Sudo - 'get_process_ttyname()' Privilege Escalation
Win32 - JITed stage-0 Shellcode
Win32 - JITed Stage-0 Shellcode
Windows - JITed egg-hunter stage-0 Shellcode
Windows - JITed Egghunter Stage-0 Shellcode
Windows XP/Vista/7 - JITed egg-hunter stage-0 Shellcode Adjusted Universal
Windows XP/Vista/7 - JITed Egghunter Stage-0 Shellcode Adjusted Universal
Linux/x86 - Egg-hunter Shellcode (31 bytes)
Linux/x86 - Egghunter Shellcode (31 bytes)
Linux/x86 - Egg-hunter Shellcode (20 bytes)
Linux/x86 - Egghunter Shellcode (20 bytes)
Linux/x86 - Egg-hunter Shellcode (13 bytes)
Linux/x86 - Egghunter Shellcode (13 bytes)
Linux/x86 - Egg-hunter Shellcode (18 bytes)
Linux/x86 - Egghunter Shellcode (18 bytes)
Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)
Linux/x86_64 - execve(_/bin/sh_) Shellcode (24 bytes)
AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit)
AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)
Aerohive HiveOS 5.1r5 < 6.1r5 - Remote Code Execution
2017-06-16 05:01:26 +00:00
Offensive Security
42e94b4366
DB: 2017-06-05
...
26 new exploits
Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine
Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files
Microsoft MsMpEng - Use-After-Free via Saved Callers
WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
WebKit - 'Element::setAttributeNodeNS' Use-After-Free
reiserfstune 3.6.25 - Local Buffer Overflow
TiEmu 2.08 - Local Buffer Overflow
Octopus Deploy - Authenticated Code Execution (Metasploit)
Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities
Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes)
uc-http Daemon - Local File Inclusion / Directory Traversal
Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
Piwigo Plugin Facetag 0.0.3 - SQL Injection
OV3 Online Administration 3.0 - Directory Traversal
OV3 Online Administration 3.0 - Remote Code Execution
OV3 Online Administration 3.0 - SQL Injection
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting
WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
2017-06-05 05:01:15 +00:00
Offensive Security
6f37b94a66
DB: 2017-05-09
...
5 new exploits
RPCBind / libtirpc - Denial of Service
Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH)
Xen 64bit PV Guest - pagetable use-after-type-change Breakout
Linux/x86 - Disable ASLR Shellcode (80 bytes)
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)
2017-05-09 04:46:38 +00:00
Offensive Security
ebb6cf8831
DB: 2017-04-24
...
2 new exploits
SquirrelMail < 1.4.22 - Remote Code Execution
Linux/x86 - Egg-hunter Shellcode (18 bytes)
2017-04-24 05:01:21 +00:00
Offensive Security
8e03027ae5
DB: 2017-03-30
...
18 new exploits
FUSE fusermount Tool - Race Condition
Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure
Apache 2.2 - Scoreboard Invalid Free On Shutdown
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow
FUSE fusermount Tool - Race Condition
Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation
AUFS (Ubuntu 15.10) - 'allow_userns' Fuse/Xattr User Namespaces Privilege Escalation
Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation
Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation
NTP - Privilege Escalation
Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation
Disk Sorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow
DiskBoss Enterprise 7.8.16 - 'Import Command' Buffer Overflow
Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow
Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH)
Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Just Dial Clone Script - 'fid' SQL Injection
Just Dial Clone Script - 'fid' Parameter SQL Injection
Just Dial Clone Script - 'srch' SQL Injection
Just Dial Clone Script - 'srch' Parameter SQL Injection
Opensource Classified Ads Script - 'keyword' Parameter SQL Injection
EyesOfNetwork (EON) 5.1 - SQL Injection
2017-03-30 05:01:15 +00:00
Offensive Security
1f8c35c0c0
DB: 2017-03-28
...
25 new exploits
Samba < 3.6.2 (x86) - Denial of Serviec (PoC)
Samba < 3.6.2 (x86) - Denial of Service (PoC)
Microsoft Visual Studio 2015 update 3 - Denial of Service
Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow
Apple Safari - 'DateTimeFormat.format' Type Confusion
Apple Safari - Builtin JavaScript Allows Function.caller to be Used in Strict Mode
Apple Safari - Out-of-Bounds Read when Calling Bound Function
QNAP QTS < 4.2.4 - Domain Privilege Escalation
Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
Github Enterprise - Default Session Secret And Deserialization (Metasploit)
B2B Alibaba Clone Script - SQL Injection
B2B Alibaba Clone Script - 'IndustryID' Parameter SQL Injection
Just Another Video Script 1.4.3 - SQL Injection
Adult Tube Video Script - SQL Injection
Alibaba Clone Script - SQL Injection
B2B Marketplace Script 2.0 - SQL Injection
Php Real Estate Property Script - SQL Injection
Courier Tracking Software 6.0 - SQL Injection
Parcel Delivery Booking Script 1.0 - SQL Injection
Delux Same Day Delivery Script 1.0 - SQL Injection
Hotel Booking Script 1.0 - SQL Injection
Tour Package Booking 1.0 - SQL Injection
Professional Bus Booking Script - 'hid_Busid' Parameter SQL Injection
CouponPHP CMS 3.1 - 'code' Parameter SQL Injection
EyesOfNetwork (EON) 5.0 - Remote Code Execution
EyesOfNetwork (EON) 5.0 - SQL Injection
Nuxeo 6.0 / 7.1 / 7.2 / 7.3 - Remote Code Execution (Metasploit)
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
2017-03-28 05:01:16 +00:00
Offensive Security
d2c8c83204
DB: 2017-03-27
...
1 new exploits
Linux/x86 - Reverse /bin/bash Shellcode (110 bytes)
2017-03-27 05:01:17 +00:00
Offensive Security
3ad96f313d
DB: 2017-03-24
...
39 new exploits
Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection (Metasploit)
Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)
Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit)
Microsoft Silverlight - ScriptObject Unsafe Memory Access (MS13-022/MS13-087) (Metasploit)
EMC Replication Manager < 5.3 - Command Execution (Metasploit)
MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)
Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070) (Metasploit)
CA Arcserve D2D - GWT RPC Credential Information Disclosure (Metasploit)
Lenovo System Update - Privilege Escalation (Metasploit)
Firebird - Relational Database CNCT Group Number Buffer Overflow (Metasploit)
HP Intelligent Management Center < 5.0 E0102 - UAM Buffer Overflow (Metasploit)
VMware Host Guest Client Redirector - DLL Side Loading (Metasploit)
CADA 3S CoDeSys Gateway Server - Directory Traversal (Metasploit)
MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit)
SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit)
Ceragon FibeAir IP-10 - SSH Private Key Exposure (Metasploit)
ExaGrid - Known SSH Key and Default Password (Metasploit)
GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)
Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)
Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit)
SSH - User Code Execution (Metasploit)
Redmine SCM Repository - Arbitrary Command Execution (Metasploit)
Linux/x86 - Bind Shell Shellcode (42 bytes)
Linux/x86 - Bind Shell Shellcode (44 bytes)
Joomla! Component Modern Booking 1.0 - 'coupon' Parameter SQL Injection
Flippa Clone - SQL Injection
Centreon < 2.5.1 / Centreon Enterprise Server < 2.2 - SQL Injection / Command Injection (Metasploit)
D-Link/TRENDnet - NCC Service Command Injection (Metasploit)
Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)
MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit)
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'license.php' Remote Command Execution (Metasploit)
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'welcome' Remote Command Execution (Metasploit)
PHPMailer < 5.2.19 - Sendmail Argument Injection (Metasploit)
SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)
WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - Unauthenticated File Upload (Metasploit)
SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit)
WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)
Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)
2017-03-24 05:01:16 +00:00
Offensive Security
e3778e5508
DB: 2017-03-20
...
5 new exploits
Linux/x86 - Bind Shell Shellcode (51 bytes)
Linux/x86 - Bind Shell Shellcode (42 bytes)
Linux/x86 - File Reader Shellcode (54 Bytes)
iFdate Social Dating Script 2.0 - SQL Injection
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation
Omegle Clone - SQL Injection
Secure Download Links - 'dc' Parameter SQL Injection
2017-03-20 05:01:17 +00:00
Offensive Security
4da96605a4
DB: 2017-03-18
...
8 new exploits
Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow
FTPShell Client 6.53 - Local Buffer Overflow
Linux/x86 - Encoded exceve(_/bin/sh_) Shellcode (44 Bytes)
Linux/x86 - Bind Shell Shellcode (51 bytes)
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
AXIS Communications - Cross-Site Scripting / Content Injection
AXIS Multiple Products - Cross-Site Request Forgery
Departmental Store Management System 1.2 - SQL Injection
2017-03-18 05:01:24 +00:00
Offensive Security
8359f0a6a2
DB: 2017-03-14
...
5 new exploits
Cerberus FTP Server 8.0.10.1 - Denial of Service
VirtualBox - Cooperating VMs can Escape from Shared Folder
Netgear R7000 and R6400 - cgi-bin Command Injection (Metasploit)
Car Workshop System - SQL Injection
Fiyo CMS 2.0.6.1 - Privilege Escalation
2017-03-14 05:01:18 +00:00
Offensive Security
4195f70ade
DB: 2017-02-21
...
6 new exploits
EFS Easy Chat Server - Authentication Request Buffer Overflow (SEH)
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (SEH)
EFS Easy Chat Server - Cross-Site Request Forgery (Change Admin Password)
EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password)
EFS Easy Chat Server - Authentication Request Buffer Overflow (Perl)
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (Perl)
yaws 1.89 - Directory Traversal
Yaws 1.89 - Directory Traversal
Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)
Jogjacamp JProfile Gold - (id_news) SQL Injection
Jogjacamp JProfile Gold - 'id_news' Parameter SQL Injection
RSS News AutoPilot Script 1.0.1 / 3.0.3 - Cross-Site Request Forgery
Joomla! Component MaQma Helpdesk 4.2.7 - 'id' Parameter SQL Injection
Joomla! Component PayPal IPN for DOCman 3.1 - 'id' Parameter SQL Injection
Album Lock 4.0 iOS - Directory Traversal
Tenda N3 Wireless N150 Home Router - Authentication Bypass
2017-02-21 05:01:20 +00:00
Offensive Security
d1a0e8f9fd
DB: 2017-02-09
...
3 new exploits
Zookeeper 3.5.2 - Denial of Service
Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode (103 bytes)
YapBB 1.2 - (forumID) Blind SQL Injection
YapBB 1.2 - 'forumID' Parameter Blind SQL Injection
ClearBudget 0.6.1 - (Misspelled htaccess) Insecure DD
ClearBudget 0.6.1 - Insecure Database Download
phpYabs 0.1.2 - (Azione) Remote File Inclusion
phpYabs 0.1.2 - 'Azione' Parameter Remote File Inclusion
IF-CMS 2.0 - 'frame.php id' Blind SQL Injection
IF-CMS 2.0 - 'id' Parameter Blind SQL Injection
BusinessSpace 1.2 - 'id' SQL Injection
A Better Member-Based ASP Photo Gallery - 'entry' SQL Injection
BusinessSpace 1.2 - 'id' Parameter SQL Injection
A Better Member-Based ASP Photo Gallery - 'entry' Parameter SQL Injection
FlexCMS - (catId) SQL Injection
FlexCMS 2.5 - 'catId' Parameter SQL Injection
Thyme 1.3 - (export_to) Local File Inclusion
Papoo CMS 3.x - (pfadhier) Local File Inclusion
q-news 2.0 - Remote Command Execution
Potato News 1.0.0 - (user) Local File Inclusion
Thyme 1.3 - 'export_to' Parameter Local File Inclusion
Papoo CMS 3.x - 'pfadhier' Parameter Local File Inclusion
Q-News 2.0 - Remote Command Execution
Potato News 1.0.0 - Local File Inclusion
Mynews 0_10 - Authentication Bypass
Mynews 0.10 - Authentication Bypass
Muviko Video CMS - SQL Injection
Multi Outlets POS 3.1 - 'id' Parameter SQL Injection
2017-02-09 05:01:17 +00:00
Offensive Security
893d590404
DB: 2017-02-02
...
12 new exploits
PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow
PHP 5.2.0 (Windows x86) - 'PHP_win32sti' Local Buffer Overflow
Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service
Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (1)
PHP 5.3.0 - getopt() Denial of Service
PHP 5.3.0 - 'getopt()' Denial of Service
Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service
Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (2)
PHP 4.3.x/5.0 - openlog() Buffer Overflow
PHP 4.3.x/5.0 - 'openlog()' Buffer Overflow
Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption
Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation
Apple WebKit - 'HTMLFormElement::reset()' Use-After Free
Google Chrome - 'HTMLKeygenElement::shadowSelect()' Type Confusion
Apple WebKit - 'HTMLKeygenElement' Type Confusion
Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled
Google Android - RKP Information Disclosure via s2-remapping Physical Ranges
QNAP NVR/NAS - Buffer Overflow
Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV < 1.4.1 Privilege Escalation (1)
Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) UDEV < 1.4.1 - Privilege Escalation (1)
Linux Kernel 2.6 (Gentoo / Ubuntu 8.10/9.04) - UDEV < 141 Privilege Escalation (2)
Linux Kernel 2.6 (Gentoo / Ubuntu 8.10/9.04) UDEV < 1.4.1 - Privilege Escalation (2)
PHP 5.2.9 (Windows x86) - Local Safemod Bypass Exploit
PHP 5.2.9 (Windows x86) - Local Safemod Bypass
Linux udev - Netlink Privilege Escalation (Metasploit)
Linux Kernel UDEV < 1.4.1 - Netlink Privilege Escalation (Metasploit)
Google Android - RKP EL1 Code Loading Bypass
Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)
Syntax Desktop 2.7 - (synTarget) Local File Inclusion
Syntax Desktop 2.7 - 'synTarget' Parameter Local File Inclusion
Joomla! Component JTAG Calendar 6.2.4 - 'search' Parameter SQL Injection
LogoStore - 'query' Parameter SQL Injection
2017-02-02 05:01:18 +00:00
Offensive Security
18d8085c6d
DB: 2016-12-18
...
13 new exploits
Microsoft Internet Explorer 9 MSHTML - CMarkup::ReloadInCompatView Use-After-Free
Microsoft Internet Explorer 9 IEFRAME - CMarkup::RemovePointerPos Use-After-Free (MS13-055)
Orthanc DICOM Server 1.1.0 - Memory Corruption
Microsoft Internet Explorer 9 - MSHTML CMarkup::ReloadInCompatView Use-After-Free
Microsoft Internet Explorer 9 - IEFRAME CMarkup::RemovePointerPos Use-After-Free (MS13-055)
OsiriX DICOM Viewer 8.0.1 - Memory Corruption
ConQuest DICOM Server 1.4.17d - Stack Buffer Overflow
DCMTK 3.6.0 storescp - Stack Buffer Overflow
Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service
Microsoft Internet Explorer 9 IEFRAME - CMarkupPointer::MoveToGap Use-After-Free
Microsoft Internet Explorer 9 IEFRAME - CView::EnsureSize Use-After-Free (MS13-021)
Nagios < 4.2.4 - Privilege Escalation
iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free
Alienvault OSSIM - SQL Injection / Remote Code Execution (Metasploit)
Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit)
Alienvault OSSIM < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution
Alienvault Open Source SIEM (OSSIM) < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution
Alienvault OSSIM - av-centerd Command Injection (Metasploit)
Alienvault Open Source SIEM (OSSIM) - av-centerd Command Injection (Metasploit)
Horos 2.1.0 Web Portal - Directory Traversal
Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)
Alienvault OSSIM Open Source SIEM 3.1 - Multiple Security Vulnerabilities
Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Security Vulnerabilities
Alienvault OSSIM Open Source SIEM 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
Alienvault OSSIM 4.1.2 - Multiple SQL Injections
Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections
Alienvault OSSIM Open Source SIEM 4.1 - Multiple SQL Vulnerabilities
Alienvault Open Source SIEM (OSSIM) 4.1 - Multiple SQL Vulnerabilities
Alienvault 4.3.1 - Unauthenticated SQL Injection
Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting
Alienvault OSSIM 4.6.1 - Authenticated SQL Injection (Metasploit)
Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit)
Alienvault OSSIM 4.3 - Cross-Site Request Forgery
Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery
WHMCS Addon VMPanel 2.7.4 - SQL Injection
WordPress Plugin Quiz And Survey Master 4.5.4 / 4.7.8 - Cross-Site Request Forgery
2016-12-18 05:01:16 +00:00
Offensive Security
fb1dd3709f
DB: 2016-12-08
...
12 new exploits
vsftpd 2.0.5 - (CWD) Authenticated Remote Memory Consumption Exploit
vsftpd 2.0.5 - 'CWD' Authenticated Remote Memory Consumption
XChat - Heap Overflow Denial of Service
XChat 2.8.9 - Heap Overflow Denial of Service
Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (1)
Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (1)
glibc - getaddrinfo Stack Based Buffer Overflow (1)
glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC)
Microsoft Edge - JSON.parse Info Leak
Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index
Microsoft Edge - CMarkup::EnsureDeleteCFState Use-After-Free (MS15-125)
Microsoft Internet Explorer 9 - CDoc::ExecuteScriptUri Use-After-Free (MS13-009)
Microsoft Edge - CBaseScriptable::PrivateQueryInterface Memory Corruption (MS16-068)
Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC)
Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1)
Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation (2)
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation
Microsoft PowerShell - XML External Entity Injection
XChat 2.8.7b - (URI Handler) Remote Code Execution (Internet Explorer 6/7'
XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7)
Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap
glibc - getaddrinfo Stack Based Buffer Overflow (2)
glibc - 'getaddrinfo' Stack Based Buffer Overflow
Microsoft Internet Explorer jscript9 - JavaScriptStackWalker Memory Corruption (MS15-056)
Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes)
Gravity Board X 1.1 - (csscontent) Remote Code Execution
Gravity Board X 1.1 - 'csscontent' Parameter Remote Code Execution
Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion
Mambo Component ExtCalendar 2.0 - Remote File Inclusion
Mambo Component com_babackup 1.1 - File Inclusion
Mambo Component bigAPE-Backup 1.1 - File Inclusion
E-Smart Cart 1.0 - 'Product_ID' SQL Injection
E-Smart Cart 1.0 - 'Product_ID' Parameter SQL Injection
Joomla! / Mambo Component 'com_swmenupro' 4.0 - Remote File Inclusion
Joomla! / Mambo Component SWmenu 4.0 - Remote File Inclusion
Joomla! / Mambo Component 'com_thopper' 1.1 - Remote File Inclusion
Joomla! / Mambo Component Taskhopper 1.1 - Remote File Inclusion
Joomla! / Mambo Component 'com_articles' 1.1 - Remote File Inclusion
Joomla! / Mambo Component New Article 1.1 - Remote File Inclusion
Cartweaver - 'Details.cfm ProdID' SQL Injection
Cartweaver 2.16.11 - 'ProdID' Parameter SQL Injection
Joomla! / Mambo Component 'com_rsgallery' 2.0b5 - 'catid' SQL Injection
Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' Parameter SQL Injection
xeCMS 1.x - (view.php list) Remote File Disclosure
xeCMS 1.x - 'view.php' Remote File Disclosure
Mambo Component 'com_portfolio' 1.0 - 'categoryId' SQL Injection
Mambo Component Portfolio Manager 1.0 - 'categoryId' Parameter SQL Injection
Easy-Clanpage 2.2 - 'id' SQL Injection
Easy-Clanpage 2.2 - 'id' Parameter SQL Injection
JAMM CMS - 'id' Blind SQL Injection
Gravity Board X 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
JAMM CMS - 'id' Parameter Blind SQL Injection
Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting
GLLCTS2 <= 4.2.4 - (login.php detail) SQL Injection
Butterfly ORGanizer 2.0.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
GLLCTS2 <= 4.2.4 - 'detail' Parameter SQL Injection
Butterfly ORGanizer 2.0.0 - SQL Injection / Cross-Site Scripting
Mambo Component 'com_galleries' 1.0 - 'aid' Parameter SQL Injection
Mambo Component Galleries 1.0 - 'aid' Parameter SQL Injection
Easy-Clanpage 3.0b1 - (section) Local File Inclusion
WebChamado 1.1 - (tsk_id) SQL Injection
Pre News Manager 1.0 - (index.php id) SQL Injection
Pre Ads Portal 2.0 - SQL Injection
Easy-Clanpage 3.0b1 - 'section' Parameter Local File Inclusion
WebChamado 1.1 - 'tsk_id' Parameter SQL Injection
Pre News Manager 1.0 - 'id' Parameter SQL Injection
Pre ADS Portal 2.0 - SQL Injection
GLLCTS2 - 'listing.php sort' Blind SQL Injection
GLLCTS2 - 'sort' Parameter Blind SQL Injection
Contenido 4.8.4 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Contenido 4.8.4 - Remote File Inclusion / Cross-Site Scripting
PHPMyCart - 'shop.php cat' SQL Injection
SHOUTcast Admin Panel 2.0 - (page) Local File Inclusion
Cartweaver 3 - (prodId) Blind SQL Injection
DIY - (index_topic did) Blind SQL Injection
PHPMyCart 1.3 - 'cat' Parameter SQL Injection
SHOUTcast Admin Panel 2.0 - 'page' Parameter Local File Inclusion
Cartweaver 3 - 'prodId' Parameter Blind SQL Injection
DIY - 'did' Parameter Blind SQL Injection
ezcms 1.2 - (Blind SQL Injection / Authentication Bypass) Multiple Vulnerabilities
PHPEasyNews 1.13 RC2 - (POST) SQL Injection
ezcms 1.2 - Blind SQL Injection / Authentication Bypass
PHPEasyNews 1.13 RC2 - 'POST' Parameter SQL Injection
Devalcms 1.4a - (currentfile) Local File Inclusion
Devalcms 1.4a - 'currentfile' Parameter Local File Inclusion
IPTBB 0.5.6 - (index.php act) Local File Inclusion
IPTBB 0.5.6 - 'act' Parameter Local File Inclusion
Mambo Component 'articles' - 'artid' Parameter Blind SQL Injection
Mambo Component Articles - 'artid' Parameter Blind SQL Injection
Mambo Component 'com_n-gallery' - Multiple SQL Injections
Mambo Component N-Gallery - Multiple SQL Injections
devalcms 1.4a - Cross-Site Scripting / Remote Code Execution
Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution
PHP JOBWEBSITE PRO - (Authentication Bypass) SQL Injection
PHP JOBWEBSITE PRO - Authentication Bypass
Pre ADS Portal 2.0 - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
Pre ADS Portal 2.0 - Authentication Bypass / Cross-Site Scripting
Mambo Component 'com_n-forms' - 'form_id' Parameter Blind SQL Injection
Mambo Component n-form - 'form_id' Parameter Blind SQL Injection
Pre Job Board - (Authentication Bypass) SQL Injection
Pre Job Board - Authentication Bypass
Butterfly ORGanizer 2.0.1 - (view.php id) SQL Injection
Butterfly ORGanizer 2.0.1 - 'id' Parameter SQL Injection
facil-cms 0.1rc2 - Multiple Vulnerabilities
Facil-CMS 0.1RC2 - Multiple Vulnerabilities
Family Connections CMS 1.9 - (member) SQL Injection
Family Connections CMS 1.9 - SQL Injection
Mambo Component 'com_hestar' - SQL Injection
Mambo Component Hestar - SQL Injection
Joomla! / Mambo Component 'com_tupinambis' - SQL Injection
Joomla! / Mambo Component Tupinambis - SQL Injection
Joomla! / Mambo Component 'com_ezine' 2.1 - Remote File Inclusion
Joomla! / Mambo Component D4J eZine 2.1 - Remote File Inclusion
Mambo Component 'com_materialsuche' 1.0 - SQL Injection
Mambo Component Material Suche 1.0 - SQL Injection
Pre ADS Portal - 'cid' SQL Injection
Pre ADS Portal - 'cid' Parameter SQL Injection
Pre News Manager - (nid) SQL Injection
Pre News Manager - 'nid' Parameter SQL Injection
Mambo Component 'com_akogallery' - SQL Injection
Mambo Component AkoGallery - SQL Injection
Mambo Component 'com_mambads' - SQL Injection
Mambo Component MambAds - SQL Injection
Facil-CMS - (Local File Inclusion / Remote File Inclusion)
Facil-CMS 0.1RC2 - Local / Remote File Inclusion
AskMe Pro 2.1 - (que_id) SQL Injection
Alstrasoft AskMe Pro 2.1 - 'que_id' Parameter SQL Injection
Pre Job Board Pro - SQL Injection Authentication Bypass
Pre Job Board Pro - Authentication Bypass
DiY-CMS 1.0 - Multiple Remote File Inclusion
DIY-CMS 1.0 - Multiple Remote File Inclusion
Alstrasoft AskMe Pro 2.1 - (forum_answer.php?que_id) SQL Injection
Alstrasoft AskMe Pro 2.1 - (profile.php?id) SQL Injection
Alstrasoft AskMe Pro 2.1 - 'profile.php' SQL Injection
Pre Ads Portal - SQL Bypass
Pre ADS Portal - Authentication Bypass
Family Connections CMS 2.3.2 - (POST) Persistent Cross-Site Scripting / XML Injection
Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting / XML Injection
Family Connections CMS 2.5.0 / 2.7.1 - (less.php) Remote Command Execution
Family Connections CMS 2.5.0 / 2.7.1 - 'less.php' Remote Command Execution
Family Connections CMS - 'less.php' Remote Command Execution (Metasploit)
Family Connections CMS 2.7.1 - 'less.php' Remote Command Execution (Metasploit)
Gravity Board X 1.1 - DeleteThread.php Cross-Site Scripting
Clever Copy 3.0 - Connect.INC Information Disclosure
Clever Copy 3.0 - 'Connect.INC' Information Disclosure
Cartweaver 2.16.11 - Results.cfm category Parameter SQL Injection
Cartweaver 2.16.11 - Details.cfm ProdID Parameter SQL Injection
Cartweaver 2.16.11 - 'Results.cfm' SQL Injection
Mambo Component 'lmtg_myhomepage' 1.2 - Multiple Remote File Inclusion
Mambo Component 'com_rssxt' 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion
Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusion
Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion
Mambo Component 'com_admin-copy_module' - 'MosConfig_absolute_path' Parameter Remote File Inclusion
Mambo Component Display MOSBot Manager - 'MosConfig_absolute_path' Parameter Remote File Inclusion
Joomla! / Mambo Component 'com_comprofiler' 1.0 - 'class.php' Remote File Inclusion
Joomla! / Mambo Component Comprofiler 1.0 - 'class.php' Remote File Inclusion
Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection
Joomla! / Mambo Component com_sg - 'pid' Parameter SQL Injection
Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection
Joomla! / Mambo Component com_salesrep - 'rid' Parameter SQL Injection
Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection
Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection
Joomla! / Mambo Component Filebase - 'filecatid' Parameter SQL Injection
Joomla! / Mambo Component com_scheduling - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_profile' - 'oid' Parameter SQL Injection
Joomla! / Mambo Component com_profile - 'oid' Parameter SQL Injection
Joomla! / Mambo Component 'com_datsogallery' 1.3.1 - 'id' Parameter SQL Injection
Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection
PHP JOBWEBSITE PRO - siteadmin/forgot.php adname Parameter SQL Injection
PHP JOBWEBSITE PRO - siteadmin/forgot.php Multiple Parameter Cross-Site Scripting
PHP JOBWEBSITE PRO - 'adname' Parameter SQL Injection
PHP JOBWEBSITE PRO - 'forgot.php' Cross-Site Scripting
Joomla! / Mambo Component 'com_gigcal' 1.0 - 'banddetails.php' SQL Injection
Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
Conkurent PHPMyCart 1.3 - Cross-Site Scripting / Authentication Bypass
PHPMyCart 1.3 - Cross-Site Scripting / Authentication Bypass
Mambo Component 'com_docman' 1.3.0 - Multiple SQL Injection
Mambo Component Docman 1.3.0 - Multiple SQL Injection
Mambo Component 'com_n-skyrslur' - Cross-Site Scripting
Mambo Component N-Skyrslur - Cross-Site Scripting
Mambo Component 'com_n-gallery' - SQL Injection
Mambo Component N-Gallery - SQL Injection
Mambo Component 'com_n-press' - SQL Injection
Mambo Component N-Press - SQL Injection
Mambo Component 'com_n-frettir' - SQL Injection
Mambo Component 'com_n-myndir' - SQL Injection
Mambo Component N-Frettir - SQL Injection
Mambo Component N-Myndir - SQL Injection
AbanteCart - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
Edge SkateShop - Authentication bypass
AbanteCart 1.2.7 - Cross-Site Scripting
2016-12-08 05:01:21 +00:00
Offensive Security
91b12c469e
DB: 2016-11-29
...
16 new exploits
rdesktop 1.5.0 - iso_recv_msg() Integer Underflow (PoC)
rdesktop 1.5.0 - process_redirect_pdu() BSS Overflow (PoC)
rdesktop 1.5.0 - 'iso_recv_msg()' Integer Underflow (PoC)
rdesktop 1.5.0 - 'process_redirect_pdu()' BSS Overflow (PoC)
NTP 4.2.8p3 - Denial of Service
Microsoft Internet Explorer 8 MSHTML - 'SRunPointer::SpanQualifier/RunType' Out-Of-Bounds Read (MS15-009)
Microsoft Internet Explorer 11 MSHTML - 'CGeneratedContent::HasGeneratedSVGMarker' Type Confusion
Microsoft Internet Explorer 10 MSHTML - 'CEditAdorner::Detach' Use-After-Free (MS13-047)
Microsoft Internet Explorer 8 / 9 / 10 / 11 MSHTML - 'DOMImplementation' Type Confusion (MS16-009)
Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation
Linux Kernel 2.6.x < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation
Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Privilege Escalation
Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86_64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86_64) - 'compat' Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation
Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86_64) - 'sock_diag_handlers[]' Privilege Escalation (1)
Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)
Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Privilege Escalation (2)
Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation
TFTP Server 1.4 - Buffer Overflow Remote Exploit (2)
TFTP Server 1.4 - Remote Buffer Overflow (2)
TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit)
TFTP Server 1.4 - ST WRQ Buffer Overflow (Metasploit)
Android - 'BadKernel' Remote Code Execution
VX Search Enterprise 9.1.12 - Buffer Overflow
Sync Breeze Enterprise 9.1.16 - Buffer Overflow
Disk Sorter Enterprise 9.1.12 - Buffer Overflow
Dup Scout Enterprise 9.1.14 - Buffer Overflow
Disk Savvy Enterprise 9.1.14 - Buffer Overflow
Disk Pulse Enterprise 9.1.16 - Buffer Overflow
Linux/x86 - Egg-hunter Shellcode (25 bytes)
Linux/x86 - Egg-hunter Shellcode (31 bytes)
RunCMS 1.2 - (class.forumposts.php) Arbitrary Remote File Inclusion
RunCMS 1.2 - 'class.forumposts.php' Arbitrary Remote File Inclusion
CMS Faethon 1.3.2 - (mainpath) Remote File Inclusion
CMS Faethon 1.3.2 - 'mainpath' Parameter Remote File Inclusion
CMS Faethon 2.0 - (mainpath) Remote File Inclusion
CMS Faethon 2.0 - 'mainpath' Parameter Remote File Inclusion
SazCart 1.5 - (cart.php) Remote File Inclusion
SazCart 1.5 - 'cart.php' Remote File Inclusion
Cyberfolio 2.0 RC1 - (av) Remote File Inclusion
Cyberfolio 2.0 RC1 - 'av' Parameter Remote File Inclusion
FipsCMS 4.5 - (index.asp) SQL Injection
FipsCMS 4.5 - 'index.asp' SQL Injection
AJ Classifieds 1.0 - (postingdetails.php) SQL Injection
AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection
RunCMS 1.5.2 - (debug_show.php) SQL Injection
RunCMS 1.5.2 - 'debug_show.php' SQL Injection
OneCMS 2.4 - (userreviews.php abc) SQL Injection
OneCMS 2.4 - 'abc' Parameter SQL Injection
RunCMS 1.6 - disclaimer.php Remote File Overwrite
RunCMS 1.6 - 'disclaimer.php' Remote File Overwrite
PHPEasyData 1.5.4 - 'cat_id' SQL Injection
FipsCMS - 'print.asp lg' SQL Injection
Galleristic 1.0 - (index.php cat) SQL Injection
gameCMS Lite 1.0 - (index.php systemId) SQL Injection
PHPEasyData 1.5.4 - 'cat_id' Parameter SQL Injection
FipsCMS 2.1 - 'print.asp' SQL Injection
Galleristic 1.0 - 'cat' Parameter SQL Injection
GameCMS Lite 1.0 - 'systemId' Parameter SQL Injection
CMS Faethon 2.2 Ultimate - (Remote File Inclusion / Cross-Site Scripting) Multiple Remote Vulnerabilities
CMS Faethon 2.2 Ultimate - Remote File Inclusion / Cross-Site Scripting
MusicBox 2.3.7 - (artistId) SQL Injection
RunCMS 1.6.1 - (msg_image) SQL Injection
MusicBox 2.3.7 - 'artistId' Parameter SQL Injection
RunCMS 1.6.1 - 'msg_image' Parameter SQL Injection
vShare YouTube Clone 2.6 - (tid) SQL Injection
vShare YouTube Clone 2.6 - 'tid' Parameter SQL Injection
Cyberfolio 7.12 - (rep) Remote File Inclusion
miniBloggie 1.0 - (del.php) Arbitrary Delete Post
Cyberfolio 7.12 - 'rep' Parameter Remote File Inclusion
miniBloggie 1.0 - 'del.php' Arbitrary Delete Post
SazCart 1.5.1 - (prodid) SQL Injection
SazCart 1.5.1 - 'prodid' Parameter SQL Injection
Phoenix View CMS Pre Alpha2 - (SQL Injection / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Phoenix View CMS Pre Alpha2 - SQL Injection / Local File Inclusion / Cross-Site Scripting
Ktools Photostore 3.5.1 - (gallery.php gid) SQL Injection
Ktools Photostore 3.5.1 - 'gid' Parameter SQL Injection
Joomla! Component com_datsogallery 1.6 - Blind SQL Injection
Joomla! Component Datsogallery 1.6 - Blind SQL Injection
Vortex CMS - 'index.php pageid' Blind SQL Injection
AJ Article 1.0 - (featured_article.php) SQL Injection
AJ Auction 6.2.1 - (classifide_ad.php) SQL Injection
Vortex CMS - 'pageid' Parameter Blind SQL Injection
AJ Article 1.0 - 'featured_article.php' SQL Injection
AJ Auction 6.2.1 - 'classifide_ad.php' SQL Injection
clanlite 2.x - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ClanLite 2.x - SQL Injection / Cross-Site Scripting
OneCMS 2.5 - (install_mod.php) Local File Inclusion
OneCMS 2.5 - 'install_mod.php' Local File Inclusion
AJ Auction Web 2.0 - (cate_id) SQL Injection
AJ Auction 1.0 - 'id' SQL Injection
AJ Auction Web 2.0 - 'cate_id' Parameter SQL Injection
AJ Auction 1.0 - 'id' Parameter SQL Injection
FipsCMS Light 2.1 - (r) SQL Injection
FipsCMS Light 2.1 - 'r' Parameter SQL Injection
AJ Auction Pro Platinum Skin - 'detail.php item_id' SQL Injection
AJ Auction Pro Platinum Skin - 'item_id' Parameter SQL Injection
AJ Auction Pro Platinum - (seller_id) SQL Injection
AJ Auction Pro Platinum - 'seller_id' Parameter SQL Injection
miniBloggie 1.0 - (del.php) Blind SQL Injection
miniBloggie 1.0 - 'del.php' Blind SQL Injection
AJ Article - 'featured_article.php mode' SQL Injection
AJ ARTICLE - (Authentication Bypass) SQL Injection
AJ Article 1.0 - Authentication Bypass
Cyberfolio 7.12.2 - (css.php theme) Local File Inclusion
Cyberfolio 7.12.2 - 'theme' Parameter Local File Inclusion
AJ ARTICLE - Remote Authentication Bypass
AJ Article 1.0 - Remote Authentication Bypass
MusicBox 2.3.8 - (viewalbums.php artistId) SQL Injection
MusicBox 2.3.8 - 'viewalbums.php' SQL Injection
AJ Auction Pro OOPD 2.3 - 'id' SQL Injection
AJ Auction Pro OOPD 2.3 - 'id' Parameter SQL Injection
BigACE CMS 2.5 - 'Username' SQL Injection
BigACE 2.5 - SQL Injection
ZeusCart 2.3 - 'maincatid' SQL Injection
ZeusCart 2.3 - 'maincatid' Parameter SQL Injection
BigACE CMS 2.6 - (cmd) Local File Inclusion
BigACE 2.6 - 'cmd' Parameter Local File Inclusion
RunCMS 1.6.3 - (double ext) Remote Shell Injection
RunCMS 1.6.3 - Remote Shell Injection
AJ Auction Pro OOPD 2.x - (store.php id) SQL Injection
AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection
RunCMS 2m1 - store() SQL Injection
RunCMS 2ma - post.php SQL Injection
RunCMS 2m1 - 'store()' SQL Injection
RunCMS 2ma - 'post.php' SQL Injection
AJ Article - Persistent Cross-Site Scripting
AJ Article 3.0 - Cross-Site Scripting
admidio 2.3.5 - Multiple Vulnerabilities
Admidio 2.3.5 - Multiple Vulnerabilities
RunCMS 1.1/1.2 Newbb_plus and Messages Modules - Multiple SQL Injections
RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection
MusicBox 2.3 - Type Parameter SQL Injection
MusicBox 2.3 - 'type' Parameter SQL Injection
RunCMS 1.x - Bigshow.php Cross-Site Scripting
RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting
RunCMS 1.2/1.3 - PMLite.php SQL Injection
RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection
RunCMS 1.x - Ratefile.php Cross-Site Scripting
RunCMS 1.x - 'Ratefile.php' Cross-Site Scripting
BigACE CMS 2.7.8 - Cross-Site Request Forgery (Add Admin)
BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)
MusicBox 2.3 - 'index.php' Multiple Parameter SQL Injection
MusicBox 2.3 - 'index.php' Multiple Parameter Cross-Site Scripting
MusicBox 2.3 - cart.php Multiple Parameter Cross-Site Scripting
MusicBox 2.3 - 'index.php' SQL Injection
MusicBox 2.3 - 'index.php' Cross-Site Scripting
MusicBox 2.3 - 'cart.php' Cross-Site Scripting
MusicBox 2.3.4 - Page Parameter SQL Injection
MusicBox 2.3.4 - 'page' Parameter SQL Injection
MyWebland miniBloggie 1.0 - Fname Remote File Inclusion
miniBloggie 1.0 - 'Fname' Remote File Inclusion
BigACE 1.8.2 - item_main.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - upload_form.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - download.cmd.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - admin.cmd.php GLOBALS Parameter Remote File Inclusion
BigACE 1.8.2 - 'item_main.php' Remote File Inclusion
BigACE 1.8.2 - 'upload_form.php' Remote File Inclusion
BigACE 1.8.2 - 'download.cmd.php' Remote File Inclusion
BigACE 1.8.2 - 'admin.cmd.php' Remote File Inclusion
ClanLite - Config-PHP.php Remote File Inclusion
ClanLite - 'conf-php.php' Remote File Inclusion
FipsCMS 2.1 - PID Parameter SQL Injection
FipsCMS 2.1 - 'pid' Parameter SQL Injection
RunCMS 1.6.1 - votepolls.php bbPath[path] Parameter Remote File Inclusion
RunCMS 1.6.1 - config.php bbPath[root_theme] Parameter Remote File Inclusion
RunCMS 1.6.1 - 'bbPath[path]' Parameter Remote File Inclusion
RunCMS 1.6.1 - 'bbPath[root_theme]' Parameter Remote File Inclusion
FipsCMS 2.1 - 'forum/neu.asp' SQL Injection
FipsCMS 2.1 - 'neu.asp' SQL Injection
OneCMS 2.6.1 - admin/admin.php cat Parameter Cross-Site Scripting
OneCMS 2.6.1 - search.php search Parameter SQL Injection
OneCMS 2.6.1 - admin/admin.php Short1 Parameter Cross-Site Scripting
OneCMS 2.6.1 - 'cat' Parameter Cross-Site Scripting
OneCMS 2.6.1 - 'search' Parameter SQL Injection
OneCMS 2.6.1 - 'short1' Parameter Cross-Site Scripting
RunCMS 'partners' Module - 'id' Parameter SQL Injection
RunCMS Module Partners - 'id' Parameter SQL Injection
Zeuscart v.4 - Multiple Vulnerabilities
Zeuscart 4.0 - Multiple Vulnerabilities
BigACE Web CMS 2.7.5 - '/public/index.php' LANGUAGE Parameter Directory Traversal
BigACE 2.7.5 - 'LANGUAGE' Parameter Directory Traversal
Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting
Red Hat JBoss EAP - Deserialization of Untrusted Data
2016-11-29 05:01:20 +00:00
Offensive Security
eecfa80164
DB: 2016-11-26
...
1 new exploits
Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)
Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)
Linux Kenrel 2.6.10 < 2.6.31.5 - 'pipe.c' Privilege Escalation
Linux Kernel 2.6.10 < 2.6.31.5 - 'pipe.c' Privilege Escalation
miniweb 0.8.19 - Multiple Vulnerabilities
Miniweb 0.8.19 - Multiple Vulnerabilities
HLDS WebMod 0.48 - (rconpass) Remote Heap Overflow
HLDS WebMod 0.48 - 'rconpass' Remote Heap Overflow
bytes interactive Web shopper 1.0/2.0 - Directory Traversal
Bytes interactive Web shopper 1.0/2.0 - Directory Traversal
interactive story 1.3 - Directory Traversal
Interactive story 1.3 - Directory Traversal
Linux/x86 - Egg-hunter Shellcode (25 bytes)
DeluxeBB 1.06 - (name) SQL Injection (mq=off)
DeluxeBB 1.06 - 'name' Parameter SQL Injection (mq=off)
DeluxeBB 1.06 - (Attachment mod_mime) Remote Exploit
DeluxeBB 1.06 - 'Attachment mod_mime' Remote Exploit
DeluxeBB 1.06 - (templatefolder) Remote File Inclusion
DeluxeBB 1.06 - 'templatefolder' Parameter Remote File Inclusion
DeluxeBB 1.07 - (cp.php) Create Admin Exploit
DeluxeBB 1.07 - Remote Create Admin
Scout Portal Toolkit 1.4.0 - (forumid) SQL Injection
Scout Portal Toolkit 1.4.0 - 'forumid' Parameter SQL Injection
interact 2.2 - (CONFIG[base_path]) Remote File Inclusion
Interact 2.2 - 'CONFIG[base_path]' Remote File Inclusion
DeluxeBB 1.09 - Remote Admin Email Change Exploit
DeluxeBB 1.09 - Remote Admin Email Change
megabbs forum 2.2 - SQL Injection / Cross-Site Scripting
Megabbs Forum 2.2 - SQL Injection / Cross-Site Scripting
OxYProject 0.85 - (edithistory.php) Remote Code Execution
OxYProject 0.85 - 'edithistory.php' Remote Code Execution
interact 2.4.1 - Multiple Remote File Inclusion
Joomla! Component Webhosting - 'catid' Blind SQL Injection
Interact 2.4.1 - Multiple Remote File Inclusion
Joomla! Component Webhosting - 'catid' Parameter Blind SQL Injection
vlbook 1.21 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
Vlbook 1.21 - Cross-Site Scripting / Local File Inclusion
ItCMS 1.9 - (boxpop.php) Remote Code Execution
BlogMe PHP - 'comments.php id' SQL Injection
SmartBlog - 'index.php tid' SQL Injection
ItCMS 1.9 - 'boxpop.php' Remote Code Execution
BlogMe PHP 1.1 - 'comments.php' SQL Injection
SmartBlog 1.3 - 'index.php' SQL Injection
cplinks 1.03 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ScorpNews 1.0 - (example.php site) Remote File Inclusion
Scout Portal Toolkit 1.4.0 - (ParentId) SQL Injection
Cplinks 1.03 - Authentication Bypass / SQL Injection / Cross-Site Scripting
ScorpNews 1.0 - 'site' Parameter Remote File Inclusion
Scout Portal Toolkit 1.4.0 - 'ParentId' Parameter SQL Injection
Online Rental Property Script 4.5 - 'pid' SQL Injection
Anserv Auction XL - 'viewfaqs.php cat' SQL Injection
Kmita Tellfriend 2.0 - (file) Remote File Inclusion
Kmita Mail 3.0 - (file) Remote File Inclusion
BackLinkSpider (cat_id) - SQL Injection
Online Rental Property Script 4.5 - 'pid' Parameter SQL Injection
Anserv Auction XL - 'cat' Parameter SQL Injection
Kmita Tellfriend 2.0 - 'file' Parameter Remote File Inclusion
Kmita Mail 3.0 - 'file' Parameter Remote File Inclusion
BackLinkSpider 1.1 - 'cat_id' Parameter SQL Injection
deluxebb 1.2 - Multiple Vulnerabilities
Pre Shopping Mall 1.1 - (search.php search) SQL Injection
DeluxeBB 1.2 - Multiple Vulnerabilities
Pre Shopping Mall 1.1 - 'search.php' SQL Injection
Interact E-Learning System 2.4.1 - (help.php) Local File Inclusion
Interact 2.4.1 - 'help.php' Local File Inclusion
ItCMS 2.1a - (Authentication Bypass) SQL Injection
ItCMS 2.1a - Authentication Bypass
DeluxeBB 1.3 - (qorder) SQL Injection
DeluxeBB 1.3 - 'qorder' Parameter SQL Injection
Online Rental Property Script 5.0 - 'pid' SQL Injection
Online Rental Property Script 5.0 - 'pid' Parameter SQL Injection
phpDirectorySource - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
phpDirectorySource 1.0 - Cross-Site Scripting / SQL Injection
open auto Classifieds 1.5.9 - Multiple Vulnerabilities
Open Auto Classifieds 1.5.9 - Multiple Vulnerabilities
deluxebb 1.3 - Multiple Vulnerabilities
DeluxeBB 1.3 - Multiple Vulnerabilities
DeluxeBB 1.0 - topic.php tid Parameter SQL Injection
DeluxeBB 1.0 - misc.php uid Parameter SQL Injection
DeluxeBB 1.0 - forums.php fid Parameter SQL Injection
DeluxeBB 1.0 - pm.php uid Parameter SQL Injection
DeluxeBB 1.0 - newpost.php fid Parameter SQL Injection
DeluxeBB 1.0 - 'topic.php' SQL Injection
DeluxeBB 1.0 - 'misc.php' SQL Injection
DeluxeBB 1.0 - 'forums.php' SQL Injection
DeluxeBB 1.0 - 'pm.php' SQL Injection
DeluxeBB 1.0 - 'newpost.php' SQL Injection
Scout Portal Toolkit 1.3.1 - SPT-QuickSearch.php Multiple Parameter Cross-Site Scripting
Scout Portal Toolkit 1.3.1 - SPT-BrowseResources.php ParentId Parameter Cross-Site Scripting
Scout Portal Toolkit 1.3.1 - SPT-AdvancedSearch.php Multiple Parameter Cross-Site Scripting
Scout Portal Toolkit 1.3.1 - SPT-UserLogin.php Multiple Parameter SQL Injection
Scout Portal Toolkit 1.3.1 - 'SPT-QuickSearch.php' Cross-Site Scripting
Scout Portal Toolkit 1.3.1 - 'SPT-BrowseResources.php' Cross-Site Scripting
Scout Portal Toolkit 1.3.1 - 'SPT-AdvancedSearch.php' Cross-Site Scripting
Scout Portal Toolkit 1.3.1 - 'SPT-UserLogin.php' SQL Injection
Pre Shopping Mall 1.0 - Multiple Input Validation Vulnerabilities
DeluxeBB 1.09 - Sig.php Remote File Inclusion
DeluxeBB 1.09 - 'Sig.php' Remote File Inclusion
BackLinkSpider 1.3.1774 - Multiple Cross-Site Scripting Vulnerabilities
2016-11-26 05:01:22 +00:00
Offensive Security
5e2fc10125
DB: 2016-09-03
2016-09-03 13:13:25 +00:00
Offensive Security
31a21bb68d
DB: 2016-09-03
...
14 new exploits
Too many to list!
2016-09-03 05:08:42 +00:00
Offensive Security
832f9cf8b5
DB: 2016-08-11
...
10 new exploits
Nagios Network Analyzer 2.2.1 - Multiple CSRF
Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)
Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)
Microsoft Office Word 2007_2010_2013_2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)
vBulletin 5.2.2 - Preauth Server Side Request Forgery (SSRF)
EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation
EyeLock nano NXT 3.5 - Local File Disclosure
EyeLock nano NXT 3.5 - Remote Root Exploit
WebNMS Framework Server 5.2 and 5.2 SP1 - Multiple Vulnerabilities
SAP SAPCAR - Multiple Vulnerabilities
2016-08-11 05:08:59 +00:00
Offensive Security
d1e88dd6d0
DB: 2016-07-30
2016-07-30 07:05:01 +00:00
Offensive Security
ec03ab428f
DB: 2016-07-21
...
10 new exploits
Microsoft Internet Explorer <= XP SP2 - HTML Help Control Local Zone Bypass
Microsoft Internet Explorer XP SP2 - HTML Help Control Local Zone Bypass
Mambo <= 4.5.3 & Joomla <= 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit
Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit
Simplog <= 0.9.3 - (tid) Remote SQL Injection Exploit
Simplog 0.9.3 - (tid) SQL Injection
Skulltag <= 0.96f - (Version String) Remote Format String PoC
OpenTTD <= 0.4.7 - Multiple Vulnerabilities/Denial of Service Exploit
Skulltag 0.96f - (Version String) Remote Format String PoC
OpenTTD 0.4.7 - Multiple Vulnerabilities
Apple Mac OS X Safari <= 2.0.3 (417.9.2) - Multiple Vulnerabilities (PoC)
Apple Mac OS X Safari 2.0.3 (417.9.2) - Multiple Vulnerabilities
Apple Mac OS X Safari <= 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC
Apple Mac OS X Safari 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC
Aardvark Topsites PHP <= 4.2.2 - (path) Remote File Inclusion
phpMyAgenda <= 3.0 Final (rootagenda) Remote Include
Aardvark Topsites PHP <= 4.2.2 - (lostpw.php) Remote Include Exploit
Aardvark Topsites PHP 4.2.2 - (path) Remote File Inclusion
phpMyAgenda 3.0 Final - (rootagenda) Remote Include
Aardvark Topsites PHP 4.2.2 - (lostpw.php) Remote File Inclusion
X7 Chat <= 2.0 - (help_file) Remote Commands Execution Exploit
X7 Chat 2.0 - (help_file) Remote Command Execution
Auction <= 1.3m (phpbb_root_path) Remote File Include Exploit
Auction 1.3m - (phpbb_root_path) Remote File Inclusion
acFTP FTP Server <= 1.4 - (USER) Remote Buffer Overflow PoC
Quake 3 Engine 1.32b R_RemapShader() Remote Client BoF Exploit
acFTP FTP Server 1.4 - (USER) Remote Buffer Overflow PoC
Quake 3 Engine 1.32b - R_RemapShader() Remote Client BoF Exploit
AWStats <= 6.5 - (migrate) Remote Shell Command Injection Exploit
AWStats 6.5 - (migrate) Remote Shell Command Injection
acFTP FTP Server <= 1.4 - (USER) Remote Denial of Service Exploit
acFTP FTP Server 1.4 - (USER) Remote Denial of Service
PHP-Fusion <= 6.00.306 - Multiple Vulnerabilities
Jetbox CMS <= 2.1 - (relative_script_path) Remote File Inclusion Exploit
ACal <= 2.2.6 - (day.php) Remote File Inclusion
EQdkp <= 1.3.0 - (dbal.php) Remote File Inclusion
PHP-Fusion 6.00.306 - Multiple Vulnerabilities
Jetbox CMS 2.1 - (relative_script_path) Remote File Inclusion
ACal 2.2.6 - (day.php) Remote File Inclusion
EQdkp 1.3.0 - (dbal.php) Remote File Inclusion
Microsoft Internet Explorer <= 6.0.2900 SP2 - (CSS Attribute) Denial of Service
Microsoft Internet Explorer 6.0.2900 SP2 - (CSS Attribute) Denial of Service
Unclassified NewsBoard <= 1.6.1 patch 1 - Arbitrary Local Inclusion Exploit
Unclassified NewsBoard 1.6.1 patch 1 - Local File Inclusion
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (1)
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (2)
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (3)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (1)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (2)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (3)
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (4)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (4)
Linux Kernel <= 2.6.17.4 - (proc) Local Root Exploit
Linux Kernel <= 2.6.17.4 - 'proc' Local Root Exploit
Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Exploit
Linux Kernel 2.4 / 2.6 x86_64) - System Call Emulation Exploit
\o - Local File Inclusion (1st)
Keller Web Admin CMS 0.94 Pro - Local File Inclusion (1)
PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
PulseAudio setuid (Ubuntu 9.04 / Slackware 12.2.0) - Local Privilege Escalation
Linux Kernel < 2.6.36-rc6 (Redhat/Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept
Linux Kernel < 2.6.36-rc6 (Redhat / Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept
Linux Kernel <= 2.2.18 (RH 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1)
Linux Kernel <= 2.2.18 (RH 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1)
Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)
Django CMS 3.3.0 - (Editor Snippet) Persistent XSS
Drupal RESTWS Module 7.x - Remote PHP Code Execution (Metasploit)
Linux/x86 - execve /bin/sh Shellcode (19 bytes)
Wowza Streaming Engine 4.5.0 - Local Privilege Escalation
Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation
Wowza Streaming Engine 4.5.0 - Add Advanced Admin CSRF
Wowza Streaming Engine 4.5.0 - Multiple XSS
OpenSSHD <= 7.2p2 - Username Enumeration
WordPress Video Player Plugin 1.5.16 - SQL Injection
2016-07-21 05:06:28 +00:00
Offensive Security
a9e80c57e9
DB: 2016-07-18
...
164 new exploits
Snitz Forums 3.3.03 - Remote Command Execution Exploit
CdRecord <= 2.0 - Mandrake Local Root Exploit
Snitz Forums 3.3.03 - Remote Command Execution Exploit
CdRecord <= 2.0 - Mandrake Local Root Exploit
Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
Mandrake Linux 8.2 - /usr/mail Local Exploit
Microsoft Windows Media Services - (nsiislog.dll) Remote Exploit
Microsoft Windows - (RPC DCOM) Remote Exploit (48 Targets)
Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit
Microsoft Windows - (RPC2) Universal Exploit & DoS (RPC3) (MS03-039)
Eudora 6.0.3 Attachment Spoofing Exploit (windows)
Redhat 6.2 /sbin/restore - Exploit
Oracle (oidldapd connect) Local Command Line Overflow Exploit
Redhat 6.2 /sbin/restore - Exploit
Oracle (oidldapd connect) Local Command Line Overflow Exploit
CVS - Remote Entry Line Root Heap Overflow Exploit
UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit
CVS - Remote Entry Line Root Heap Overflow Exploit
UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit
Microsoft Outlook Express Window Opener
Microsoft Outlook Express Javascript Execution
Microsoft Outlook Express Window Opener
Microsoft Outlook Express Javascript Execution
Ping of Death Remote Denial of Service Exploit
Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Internet Explorer Overly Trusted Location Cache Exploit
Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Internet Explorer Overly Trusted Location Cache Exploit
Apache HTTPd - Arbitrary Long HTTP Headers DoS (C)
Microsoft Internet Explorer Remote Null Pointer Crash (mshtml.dll)
CVSTrac Remote Arbitrary Code Execution Exploit
LibPNG <= 1.2.5 - png_jmpbuf() Local Buffer Overflow Exploit
IPD (Integrity Protection Driver) Local Exploit
Bird Chat 1.61 - Denial of Service
D-Link DCS-900 Camera Remote IP Address Changer Exploit
GD Graphics Library Heap Overflow Proof of Concept Exploit
vBulletin LAST.php SQL Injection
miniBB - Input Validation Hole ('user')
phpBB highlight Arbitrary File Upload (Santy.A)
Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)
PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion
ZeroBoard Worm Source Code
Invision Power Board <= 1.3.1 - Login.php SQL Injection
Veritas Backup Exec Remote File Access Exploit (windows)
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow
Microsoft Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047)
PHP-Nuke <= 7.8 - Search Module Remote SQL Injection Exploit
SGI IRIX <= 6.5.28 - (runpriv) Design Error
Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit
Microsoft Internet Explorer 7 Popup Address Bar Spoofing Weakness
Microsoft Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit
Invision Community Blog Mod 1.2.4 - SQL Injection
Microsoft Windows - (MessageBox) Memory Corruption Local Denial of Service
Twilight Webserver 1.3.3.0 (GET) Remote Denial of Service Exploit
PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit
Microsoft Internet Explorer - Recordset Double Free Memory Exploit (MS07-009)
phpGalleryScript 1.0 - (init.gallery.php include_class) RFI
Md-Pro <= 1.0.8x (Topics topicid) Remote SQL Injection
DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service PoC
Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BoF Exploit
Woltlab Burning Board Addon JGS-Treffen SQL Injection
pSys 0.7.0.a (shownews) Remote SQL Injection
JAMM CMS (id) Remote Blind SQL Injection Exploit
Clever Copy 3.0 (results.php) Remote SQL Injection Exploit
GLLCTS2 (listing.php sort) Remote Blind SQL Injection Exploit
PHPMyCart (shop.php cat) Remote SQL Injection
Cartweaver 3 (prodId) Remote Blind SQL Injection Exploit
Oxygen 2.0 (repquote) Remote SQL Injection
MyMarket 1.72 - BlindSQL Injection Exploit
easyTrade 2.x - (detail.php id) Remote SQL Injection
CaupoShop Classic 1.3 - (saArticle[ID]) Remote SQL Injection
AcmlmBoard 1.A2 (pow) Remote SQL Injection
Catviz 0.4.0 beta1 - Multiple Remote SQL Injection Vulnerabilities
DZCP (deV!L_z Clanportal) <= 1.4.9.6 - Blind SQL Injection Exploit
Webspell 4 (Auth Bypass) SQL Injection
Microsoft Internet Explorer 7 - Memory Corruption PoC (MS09-002)
kloxo 5.75 - Multiple Vulnerabilities
Microsoft Office Web Components (Spreadsheet) ActiveX BoF PoC
PulseAudio setuid - Local Privilege Escalation Exploit
PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
PulseAudio setuid - Local Privilege Escalation Exploit
PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X)
mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X)
eWebeditor Directory Traversal
eWebeditor ASP Version - Multiple Vulnerabilities
Radasm .rap file Local Buffer Overflow
Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) (38 bytes)
Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) shellcode (38 bytes)
Joomla Component com_event - SQL Injection
Aix - execve /bin/sh (88 bytes)
BSD - Passive Connection Shellcode
bsd/PPC - execve /bin/sh (128 bytes)
bsd/x86 - setuid/execve shellcode (30 bytes)
bsd/x86 - setuid/portbind shellcode (94 bytes)
bsd/x86 - execve /bin/sh multiplatform (27 bytes)
bsd/x86 - execve /bin/sh setuid (0) (29 bytes)
bsd/x86 - portbind port 31337 (83 bytes)
bsd/x86 - portbind port random (143 bytes)
bsd/x86 - break chroot (45 bytes)
bsd/x86 - execve /bin/sh Crypt /bin/sh (49 bytes)
bsd/x86 - execve /bin/sh ENCRYPT* (57 bytes)
bsd/x86 - connect (93 bytes)
bsd/x86 - cat /etc/master.passwd | mail [email] (92 bytes)
bsd/x86 - reverse portbind (129 bytes)
bsdi/x86 - execve /bin/sh (45 bytes)
bsdi/x86 - execve /bin/sh (46 bytes)
AIX - execve /bin/sh shellcode (88 bytes)
BSD - Passive Connection Shellcode (124 bytes)
BSD/PPC - execve /bin/sh shellcode (128 bytes)
BSD/x86 - setuid(0) then execve /bin/sh shellcode (30 bytes)
BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes)
BSD/x86 - execve /bin/sh multiplatform shellcode (27 bytes)
BSD/x86 - execve /bin/sh setuid (0) shellcode (29 bytes)
BSD/x86 - portbind port 31337 shellcode (83 bytes)
BSD/x86 - portbind port random shellcode (143 bytes)
BSD/x86 - break chroot shellcode (45 bytes)
BSD/x86 - execve /bin/sh Crypt /bin/sh shellcode (49 bytes)
BSD/x86 - execve /bin/sh ENCRYPT* shellcode (57 bytes)
BSD/x86 - connect torootteam.host.sk:2222 shellcode (93 bytes)
BSD/x86 - cat /etc/master.passwd | mail [email] shellcode (92 bytes)
BSD/x86 - reverse 6969 portbind shellcode (129 bytes)
BSDi/x86 - execve /bin/sh shellcode (45 bytes)
BSDi/x86 - execve /bin/sh shellcode (46 bytes)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (1)
bsdi/x86 - execve /bin/sh toupper evasion (97 bytes)
FreeBSD i386/AMD64 - Execve /bin/sh (Anti-Debugging)
freebsd/x86 - setreuid_ execve(pfctl -d) (56 bytes)
freebsd/x86 - connect back.send.exit /etc/passwd (112 bytes)
freebsd/x86 - kill all processes (12 bytes)
freebsd/x86 - rev connect_ recv_ jmp_ return results (90 bytes)
freebsd/x86 - /bin/cat /etc/master.passwd (NULL free) (65 bytes)
freebsd/x86 - reverse portbind /bin/sh (89 bytes)
freebsd/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)
freebsd/x86 - encrypted shellcode /bin/sh (48 bytes)
freebsd/x86 - portbind 4883 with auth shellcode
freebsd/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)
freebsd/x86 - execve /bin/sh (23 bytes)
freebsd/x86 - execve /bin/sh (2) (23 bytes)
freebsd/x86 - execve /bin/sh (37 bytes)
freebsd/x86 - kldload /tmp/o.o (74 bytes)
freebsd/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes)
freebsd/x86 - execve /tmp/sh (34 bytes)
freebsd/x86 - connect (102 bytes)
freebsd/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)
freebsd/x86-64 - execve /bin/sh shellcode (34 bytes)
Linux/x86 - execve shellcode generator null byte free
Linux/x86 - generate portbind payload
Windows XP SP1 - portbind payload (Generator)
/bin/sh Polymorphic shellcode with printable ASCII characters
Linux/x86 - shellcode null free (Generator)
Alphanumeric Shellcode Encoder/Decoder
HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)
Multi-Format Shellcode Encoding Tool - Beta 2.0 (Win32) (Generator)
iOS Version-independent shellcode
Cisco IOS - Connectback Shellcode
Cisco IOS - Bind Shellcode 1.0 (116 bytes)
Cisco IOS - Tiny Shellcode
Cisco IOS - Shellcode And Exploitation Techniques (BlackHat)
HPUX - execve /bin/sh (58 bytes)
Linux/amd64 - flush iptables rules shellcode (84 bytes)
Linux/amd64 - connect-back semi-stealth shellcode (88+ bytes)
Linux/MIPS (Linksys WRT54G/GL) - port bind shellcode (276 bytes)
BSDi/x86 - execve /bin/sh toupper evasion shellcode (97 bytes)
FreeBSD i386 & AMD64 - Execve /bin/sh shellcode (Anti-Debugging) (140 bytes)
FreeBSD/x86 - setreuid_ execve(pfctl -d) shellcode (56 bytes)
FreeBSD/x86 - connect back.send.exit /etc/passwd shellcode (112 bytes)
FreeBSD/x86 - kill all processes shellcode (12 bytes)
FreeBSD/x86 - rev connect_ recv_ jmp_ return results shellcode (90 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes)
FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh shellcode (89 bytes)
FreeBSD/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)
FreeBSD/x86 - encrypted shellcode /bin/sh (48 bytes)
FreeBSD/x86 - portbind 4883 with auth shellcode (222 bytes)
FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (23 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (2) (23 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (37 bytes)
FreeBSD/x86 - kldload /tmp/o.o shellcode (74 bytes)
FreeBSD/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh shellcode (44 bytes)
FreeBSD/x86 - execve /tmp/sh shellcode (34 bytes)
FreeBSD/x86 - connect (Port 31337) shellcode (102 bytes)
FreeBSD/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)
FreeBSD/x86-64 - execve /bin/sh shellcode (34 bytes)
Linux/x86 - execve shellcode null byte free (Generator)
Linux/x86 - portbind payload shellcode (Generator)
Windows XP SP1 - portbind payload shellcode (Generator)
(Generator) - /bin/sh Polymorphic shellcode with printable ASCII characters
Linux/x86 - cmd shellcode null free (Generator)
(Generator) - Alphanumeric Shellcode Encoder/Decoder
HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)
Win32 - Multi-Format Shellcode Encoding Tool (Generator)
iOS - Version-independent shellcode
Cisco IOS - Connectback (Port 21) Shellcode
Cisco IOS - Bind Shellcode Password Protected (116 bytes)
Cisco IOS - Tiny Shellcode (New TTY_ Privilege level to 15_ No password)
HPUX - execve /bin/sh shellcode (58 bytes)
Linux/x86-64 - flush iptables rules shellcode (84 bytes)
Linux/x86-64 - connect-back semi-stealth shellcode (88+ bytes)
Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind shellcode (276 bytes)
Linux/MIPS - execve /bin/sh (56 bytes)
Linux/PPC - execve /bin/sh (60 bytes)
Linux/MIPS - execve /bin/sh shellcode (56 bytes)
Linux/PPC - execve /bin/sh shellcode (60 bytes)
Linux/PPC - connect back execve /bin/sh (240 bytes)
Linux/PPC - execve /bin/sh (112 bytes)
Linux/SPARC - connect back (216 bytes)
Linux/SPARC - portbind port 8975 (284 bytes)
Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh shellcode (240 bytes)
Linux/PPC - execve /bin/sh shellcode (112 bytes)
Linux/SPARC - connect back (192.168.100.1:2313) shellcode (216 bytes)
Linux/SPARC - portbind port 8975 shellcode (284 bytes)
Linux/x86 - Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) (34 bytes)
Linux/x86 - bindport 8000 & execve iptables -F (176 bytes)
Linux/x86 - bindport 8000 & add user with root access (225+ bytes)
Linux/x86 - Bind ASM Code Linux (179 bytes)
Linux/x86_64 - setuid(0) + execve(/bin/sh) (49 bytes)
Serial port shell binding & busybox Launching shellcode
Linux/x86 - File unlinker (18+ bytes)
Linux/x86 - Perl script execution (99+ bytes)
Linux/x86 - file reader (65+ bytes)
Linux/x86 - chmod(_/etc/shadow__666) & exit(0) (30 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) shellcode (34 bytes)
Linux/x86 - bindport 8000 & execve iptables -F shellcode (176 bytes)
Linux/x86 - bindport 8000 & add user with root access shellcode (225+ bytes)
Linux/x86 - 8000 Bind Port ASM Code Linux shellcode (179 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) shellcode (49 bytes)
Linux/x86 - Serial port shell binding & busybox Launching shellcode (82 bytes)
Linux/x86 - File unlinker shellcode (18+ bytes)
Linux/x86 - Perl script execution shellcode (99+ bytes)
Linux/x86 - file reader shellcode (65+ bytes)
Linux/x86 - chmod(_/etc/shadow__666) & exit(0) shellcode (30 bytes)
Linux/x86 - PUSH reboot() (30 bytes)
Linux/x86 - PUSH reboot() shellcode (30 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 (295 bytes)
Linux/x86 - edit /etc/sudoers for full access (86 bytes)
Ho' Detector - Promiscuous mode detector shellcode (56 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture shellcode (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 shellcode (295 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access shellcode (86 bytes)
Linux/x86 - Ho' Detector - Promiscuous mode detector shellcode (56 bytes)
Linux/x86 - iopl(3); asm(cli); while(1){} (12 bytes)
Linux/x86 - iopl(3); asm(cli); while(1){} shellcode (12 bytes)
Linux/x86 - connect back_ download a file and execute (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode
Linux/x86 - connect back.send.exit /etc/shadow (155 bytes)
Linux/x86 - writes a php connectback shell to the fs (508 bytes)
Linux/x86 - rm -rf / attempts to block the process from being stopped (132 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off (79 bytes)
Linux/x86 - raw-socket ICMP/checksum shell (235 bytes)
Linux/x86 - /sbin/iptables -F (40 bytes)
Linux/x86 - kill all processes (11 bytes)
Linux/x86 - connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode (39 bytes)
Linux/x86 - connect back (Port )8192.send.exit /etc/shadow shellcode (155 bytes)
Linux/x86 - writes a php connectback shell (/var/www/cb.php) to the filesystem shellcode (508 bytes)
Linux/x86 - rm -rf / attempts to block the process from being stopped shellcode (132 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off shellcode (79 bytes)
Linux/x86 - raw-socket ICMP/checksum shell shellcode (235 bytes)
Linux/x86 - /sbin/iptables -F shellcode (40 bytes)
Linux/x86 - kill all processes shellcode (11 bytes)
Linux/x86 - /sbin/ipchains -F (40 bytes)
Linux/x86 - set system time to 0 and exit (12 bytes)
Linux/x86 - add root user r00t with no password to /etc/passwd (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow (36 bytes)
Linux/x86 - forkbomb (7 bytes)
Linux/x86 - /sbin/ipchains -F shellcode (40 bytes)
Linux/x86 - set system time to 0 and exit shellcode (12 bytes)
Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow shellcode (36 bytes)
Linux/x86 - forkbomb shellcode (7 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh) (28 bytes)
Linux/x86 - execve(/bin/sh) (22 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111+ bytes)
Linux/x86 - executes command after setreuid (49+ bytes)
Linux/x86 - stdin re-open and /bin/sh exec shellcode
Linux/x86 - setuid(0) + execve(/bin/sh) shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) shellcode (22 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() shellcode (111+ bytes)
Linux/x86 - executes command after setreuid shellcode (49+ bytes)
Linux/x86 - stdin re-open and /bin/sh exec shellcode (39 bytes)
Linux/x86 - setuid/portbind shellcode (96 bytes)
Linux/x86 - portbind (define your own port) (84 bytes)
Linux/x86 - setuid/portbind (Port 31337) shellcode (96 bytes)
Linux/x86 - portbind (2707) shellcode (84 bytes)
Linux/x86 - SET_PORT() portbind (100 bytes)
Linux/x86 - SET_IP() Connectback Shellcode (82 bytes)
Linux/x86 - execve(/bin/sh) (24 bytes)
Linux/x86 - xor-encoded Connect Back Shellcode (371 bytes)
Linux/x86 - execve(/bin/sh) + ZIP Header (28 bytes)
Linux/x86 - execve(/bin/sh) + RTF Header (30 bytes)
Linux/x86 - execve(/bin/sh) + RIFF Header (28 bytes)
Linux/x86 - execve(/bin/sh) + Bitmap Header (27 bytes)
Linux/x86 - SWAP restore shellcode (109 bytes)
Linux/x86 - SWAP store shellcode (99 bytes)
Linux/x86 - Password Authentication portbind Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) (31 bytes)
Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) (37 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) (33 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68+ bytes)
Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes)
Linux/x86 - SET_IP() Connectback (192.168.13.22:31337) Shellcode (82 bytes)
Linux/x86 - execve(/bin/sh) shellcode (24 bytes)
Linux/x86 - xor-encoded Connect Back (127.0.0.1:80) Shellcode (371 bytes)
Linux/x86 - execve(/bin/sh) + ZIP Header shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + RTF Header shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + RIFF Header shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + Bitmap Header shellcode (27 bytes)
Linux/x86 - /tmp/swr to SWAP restore shellcode (109 bytes)
Linux/x86 - SWAP store from /tmp/sws shellcode (99 bytes)
Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) shellcode (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (31 bytes)
Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) shellcode (37 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (33 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP shellcode (68+ bytes)
Linux/x86 - execve /bin/sh anti-ids (40 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID (41 bytes)
Linux/x86 - execve /bin/sh (encoded by +1) (39 bytes)
Linux/x86 - Adduser without Password to /etc/passwd (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() (98 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) (39 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) (45 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() (32 bytes)
Linux/x86 - execve /bin/sh anti-ids shellcode (40 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID shellcode (41 bytes)
Linux/x86 - execve /bin/sh shellcode (encoded by +1) (39 bytes)
Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh shellcode (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) shellcode (39 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() shellcode (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) shellcode (45 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() shellcode (32 bytes)
Linux/x86 - normal exit with random (so to speak) return value (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) (51 bytes)
Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit (4 bytes)
Linux/x86 - reboot() (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) (31 bytes)
Linux/x86 - execve(/bin/sh) / PUSH (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console (63 bytes)
Linux/x86 - normal exit with random (so to speak) return value shellcode (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) shellcode (51 bytes)
Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes)
Linux/x86 - reboot() shellcode (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) / PUSH shellcode (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console shellcode (63 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); (29 bytes)
Linux/x86 - _exit(1); (7 bytes)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) (36 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); shellcode (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); shellcode (29 bytes)
Linux/x86 - _exit(1); shellcode (7 bytes)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) shellcode (36 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload (21 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (187+ bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (45 bytes)
Linux/x86 - chroot & standart (66 bytes)
Linux/x86 - upload & exec (189 bytes)
Linux/x86 - setreuid/execve (31 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload shellcode (21 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change shellcode (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change shellcode (187+ bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (45 bytes)
Linux/x86 - chroot & standart shellcode (66 bytes)
Linux/x86 - upload & exec shellcode (189 bytes)
Linux/x86 - setreuid/execve shellcode (31 bytes)
Linux/x86 - Radically Self Modifying Code (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code (76 bytes)
Linux/x86 - execve code (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); (21 bytes)
Linux/x86 - execve /bin/sh alphanumeric (392 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less (45 bytes)
Linux/x86 - symlink /bin/sh xoring (56 bytes)
Linux/x86 - portbind port 5074 toupper (226 bytes)
Linux/x86 - add user t00r ENCRYPT (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT (75 bytes)
Linux/x86 - symlink . /bin/sh (32 bytes)
Linux/x86 - kill snort (151 bytes)
Linux/x86 - shared memory exec (50 bytes)
Linux/x86 - iptables -F (45 bytes)
Linux/x86 - iptables -F (58 bytes)
Linux/x86 - Reverse telnet (134 bytes)
Linux/x86 - connect (120 bytes)
Linux/x86 - chmod 666 /etc/shadow (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy (126 bytes)
Linux/x86 - eject /dev/cdrom (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 (132 bytes)
Linux/x86 - ipchains -F (49 bytes)
Linux/x86 - chmod 666 /etc/shadow (82 bytes)
Linux/x86 - execve /bin/sh (29 bytes)
Linux/x86 - execve /bin/sh (24 bytes)
Linux/x86 - execve /bin/sh (38 bytes)
Linux/x86 - execve /bin/sh (30 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) (50 bytes)
Linux/x86 - portbind port 5074 (92 bytes)
Linux/x86 - portbind port 5074 + fork() (130 bytes)
Linux/x86 - add user t00r (82 bytes)
Linux/x86 - add user (104 bytes)
Linux/x86 - break chroot (34 bytes)
Linux/x86 - break chroot (46 bytes)
Linux/x86 - break chroot execve /bin/sh (80 bytes)
Linux/x86 - execve /bin/sh encrypted (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted (55 bytes)
Linux/x86 - execve /bin/sh tolower() evasion (41 bytes)
execve of /bin/sh after setreuid(0_0)
Linux - chroot()/execve() code (80 bytes)
Linux/x86 - execve /bin/sh toupper() evasion (55 bytes)
Linux/x86 - add user (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh (132 bytes)
Linux/x86_64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86_64 - execve(/bin/sh) (33 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes)
OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes)
Linux/x86 & unix/SPARC & irix/mips - execve /bin/sh irx.mips (141 bytes)
Linux/x86 & unix/SPARC - execve /bin/sh (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh (38 bytes)
netbsd/x86 - kill all processes shellcode (23 bytes)
netbsd/x86 - callback shellcode (port 6666) (83 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes)
netbsd/x86 - execve /bin/sh (68 bytes)
openbsd/x86 - execve(/bin/sh) (23 bytes)
openbsd/x86 - portbind port 6969 (148 bytes)
openbsd/x86 - add user w00w00 (112 bytes)
OS-X/ppc - sync()_ reboot() (32 bytes)
OS-X/PPC - execve(/bin/sh)_ exit() (72 bytes)
OS-X/PPC - Add user r00t (219 bytes)
OS-X/PPC - execve /bin/sh (72 bytes)
OS-X/PPC - add inetd backdoor (222 bytes)
OS-X/PPC - reboot (28 bytes)
OS-X/PPC - setuid(0) + execve /bin/sh (88 bytes)
OS-X/PPC - create /tmp/suid (122 bytes)
OS-X/PPC - simple write() (75 bytes)
OS-X/PPC - execve /usr/X11R6/bin/xterm (141 bytes)
sco/x86 - execve(_/bin/sh__ ..._ NULL); (43 bytes)
Solaris/SPARC - download and execute (278 bytes)
Solaris/SPARC - executes command after setreuid (92+ bytes)
Solaris/SPARC - connect-back (with XNOR encoded session) (600 bytes)
Solaris/SPARC - setreuid/execve (56 bytes)
Solaris/SPARC - portbind (port 6666) (240 bytes)
Solaris/SPARC - execve /bin/sh (52 bytes)
Solaris/SPARC - portbind port 6789 (228 bytes)
Solaris/SPARC - connect-back (204 bytes)
Solaris/SPARC - portbinding shellcode
Linux/x86 - Radically Self Modifying Code shellcode (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code shellcode (76 bytes)
Linux/x86 - execve code shellcode (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); shellcode (21 bytes)
Linux/x86 - execve /bin/sh alphanumeric shellcode (392 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring shellcode (56 bytes)
Linux/x86 - portbind port 5074 toupper shellcode (226 bytes)
Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh shellcode (32 bytes)
Linux/x86 - kill snort shellcode (151 bytes)
Linux/x86 - shared memory exec shellcode (50 bytes)
Linux/x86 - iptables -F shellcode (45 bytes)
Linux/x86 - iptables -F shellcode (58 bytes)
Linux/x86 - Reverse telnet shellcode (134 bytes)
Linux/x86 - connect shellcode (120 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy shellcode (126 bytes)
Linux/x86 - eject /dev/cdrom shellcode (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 shellcode (132 bytes)
Linux/x86 - ipchains -F shellcode (49 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (82 bytes)
Linux/x86 - execve /bin/sh shellcode (29 bytes)
Linux/x86 - execve /bin/sh shellcode (24 bytes)
Linux/x86 - execve /bin/sh shellcode (38 bytes)
Linux/x86 - execve /bin/sh shellcode (30 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) shellcode (50 bytes)
Linux/x86 - portbind port 5074 shellcode (92 bytes)
Linux/x86 - portbind port 5074 + fork() shellcode (130 bytes)
Linux/x86 - Add user _t00r_ shellcode (82 bytes)
Linux/x86 - Add user shellcode (104 bytes)
Linux/x86 - break chroot shellcode (34 bytes)
Linux/x86 - break chroot shellcode (46 bytes)
Linux/x86 - break chroot execve /bin/sh shellcode (80 bytes)
Linux/x86 - execve /bin/sh encrypted shellcode (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted shellcode (55 bytes)
Linux/x86 - execve /bin/sh tolower() evasion shellcode (41 bytes)
Linux/x86 - execve of /bin/sh after setreuid(0_0) shellcode (46+ bytes)
Linux/x86 - chroot()/execve() code shellcode (80 bytes)
Linux/x86 - execve /bin/sh toupper() evasion shellcode (55 bytes)
Linux/x86 - Add user _z_ shellcode (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh shellcode (132 bytes)
Linux/x86-64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (33 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (99 bytes)
OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (121 bytes)
Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh shellcode (141 bytes)
Linux/x86 & Unix/SPARC - execve /bin/sh shellcode (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh shellcode (38 bytes)
NetBSD/x86 - kill all processes shellcode (23 bytes)
NetBSD/x86 - callback shellcode (port 6666) (83 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (30 bytes)
NetBSD/x86 - execve /bin/sh shellcode (68 bytes)
OpenBSD/x86 - execve(/bin/sh) ( shellcode 23 bytes)
OpenBSD/x86 - portbind port 6969 shellcode (148 bytes)
OpenBSD/x86 - Add user _w00w00_ (112 shellcode bytes)
OS-X/PPC - sync()_ reboot() shellcode (32 bytes)
OS-X/PPC - execve(/bin/sh)_ exit() shellcode (72 bytes)
OS-X/PPC - Add user _r00t_ shellcode (219 bytes)
OS-X/PPC - execve /bin/sh shellcode (72 bytes)
OS-X/PPC - Add inetd backdoor shellcode (222 bytes)
OS-X/PPC - reboot shellcode (28 bytes)
OS-X/PPC - setuid(0) + execve /bin/sh shellcode (88 bytes)
OS-X/PPC - create /tmp/suid shellcode (122 bytes)
OS-X/PPC - simple write() shellcode (75 bytes)
OS-X/PPC - execve /usr/X11R6/bin/xterm shellcode (141 bytes)
SCO/x86 - execve(_/bin/sh__ ..._ NULL); shellcode (43 bytes)
Solaris/SPARC - download and execute shellcode (278 bytes)
Solaris/SPARC - executes command after setreuid shellcode (92+ bytes)
Solaris/SPARC - connect-back (with XNOR encoded session) shellcode (600 bytes)
Solaris/SPARC - setreuid/execve shellcode (56 bytes)
Solaris/SPARC - portbind (port 6666) shellcode (240 bytes)
Solaris/SPARC - execve /bin/sh shellcode (52 bytes)
Solaris/SPARC - portbind port 6789 shellcode (228 bytes)
Solaris/SPARC - connect-bac shellcode k (204 bytes)
Solaris/SPARC - portbinding shellcode (240 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes)
Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes)
Solaris/x86 - execve /bin/sh toupper evasion (84 bytes)
Solaris/x86 - add services and execve inetd (201 bytes)
Unixware - execve /bin/sh (95 bytes)
Windows 5.0 < 7.0 x86 - null-free bindshell
Win32/XP SP2 (EN) - cmd.exe (23 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes)
Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) shellcode (59 bytes)
Solaris/x86 - execve /bin/sh toupper evasion shellcode (84 bytes)
Solaris/x86 - Add services and execve inetd shellcode (201 bytes)
UnixWare - execve /bin/sh shellcode (95 bytes)
Windows 5.0 < 7.0 x86 - null-free bindshell shellcode
Win32/XP SP2 (EN) - cmd.exe shellcode (23 bytes)
Win32 -SEH omelet shellcode
Win32 - telnetbind by Winexec (111 bytes)
Win32 - PEB!NtGlobalFlags shellcode (14 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe (32 bytes)
Win32/XP SP2 - cmd.exe (57 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) (49 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Tiny Download and Exec Shellcode (192 bytes)
Win32 - download and execute (124 bytes)
Win32 (NT/XP) - IsDebuggerPresent ShellCode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box (110 bytes)
Win32 - WinExec() Command Parameter (104+ bytes)
Win32 - Download & Exec Shellcode (226+ bytes)
Windows NT/2000/XP - useradd shellcode for russian systems (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - PEB method (29 bytes)
Windows 9x/NT/2000/XP - PEB method (31 bytes)
Windows 9x/NT/2000/XP - PEB method (35 bytes)
Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes)
Windows XP/2000/2003 - Download File and Exec (241 bytes)
Windows XP - download and exec source
Windows XP SP1 - Portshell on port 58821 (116 bytes)
Windows - (DCOM RPC2) Universal Shellcode
Win64 - (URLDownloadToFileA) download and execute (218+ bytes)
Linux/x86 - kill all processes (9 bytes)
Linux - setuid(0) & execve(_/sbin/poweroff -f_) (47 bytes)
Linux - setuid(0) and cat /etc/shadow
Linux - chmod(/etc/shadow_ 0666) & exit() (33 bytes)
Linux - Linux/x86 execve() (51bytes)
Win32 - SEH omelet shellcode
Win32 - telnetbind by Winexec shellcode (111 bytes)
Win32 - PEB!NtGlobalFlags shellcode (14 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe shellcode (32 bytes)
Win32/XP SP2 - cmd.exe shellcode (57 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric shellcode (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) shellcode (49 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Tiny Download and Exec Shellcode (192 bytes)
Win32 - download and execute shellcode (124 bytes)
Win32/NT/XP - IsDebuggerPresent ShellCode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box shellcode (110 bytes)
Win32 - WinExec() Command Parameter shellcode (104+ bytes)
Win32 - Download & Exec Shellcode (226+ bytes)
Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (29 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (31 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (35 bytes)
Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes)
Windows XP/2000/2003 - Download File and Exec shellcode (241 bytes)
Windows XP - download and exec source shellcode
Windows XP SP1 - Portshell on port 58821 shellcode (116 bytes)
Windows - (DCOM RPC2) Universal Shellcode
Win64 - (URLDownloadToFileA) download and execute shellcode (218+ bytes)
Linux/x86 - kill all processes shellcode (9 bytes)
Linux/x86 - setuid(0) & execve(_/sbin/poweroff -f_) shellcode (47 bytes)
Linux/x86 - setuid(0) and cat /etc/shadow shellcode (49 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) & exit() shellcode (33 bytes)
Linux/x86 - Linux/x86 execve() shellcode (51 bytes)
Windows XP SP2 - PEB ISbeingdebugged shellcode
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' (43 bytes)
Win32 XP SP3 - ShellExecuteA shellcode
Linux - setreuid (0_0) & execve(/bin/rm /etc/shadow)
Win32 XP SP3 - addFirewallRule
freebsd/x86 - portbind shellcode (167 bytes)
Win32/XP SP2 - calc.exe (45 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() (35 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe (23 bytes)
Linux/x86 - chmod 666 /etc/shadow (27 bytes)
Linux/x86 - break chroot (79 bytes)
Linux/x86 - fork bomb (6 bytes)
Linux/x86 - append _/etc/passwd_ & exit() (107 bytes)
Windows XP SP2 - PEB ISbeingdebugged shellcode (56 bytes)
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' shellcode (43 bytes)
Win32 XP SP3 - ShellExecuteA shellcode
Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) shellcode
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 shellcode
FreeBSD/x86 - portbind (Port 1337) shellcode (167 bytes)
Win32/XP SP2 - calc.exe shellcode (45 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() shellcode (35 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe shellcode (23 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (27 bytes)
Linux/x86 - break chroot shellcode (79 bytes)
Linux/x86 - fork bomb shellcode (6 bytes)
Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes)
Linux/x86 - eject /dev/cdrom (42 bytes)
Win32 XP SP2 FR - calc (19 bytes)
Linux/x86 - eject /dev/cdrom shellcode (42 bytes)
Win32 XP SP2 FR - calc shellcode (19 bytes)
Linux/x86 - ip6tables -F (47 bytes)
Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes)
Linux i686 - pacman -R <package> (59 bytes)
Linux - bin/cat /etc/passwd (43 bytes)
Win32 XP SP3 English - cmd.exe (26 bytes)
Win32 XP SP2 Turkish - cmd.exe (26 bytes)
Linux/x86 - /bin/sh (8 bytes)
Linux/x86 - execve /bin/sh (21 bytes)
Windows XP Home Edition SP2 English - calc.exe (37 bytes)
Windows XP Home Edition SP3 English - calc.exe (37 bytes)
Linux/x86 - disabled modsecurity (64 bytes)
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Linux/x86 - ip6tables -F shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) shellcode (64 bytes)
Linux/i686 - pacman -R <package> shellcode (59 bytes)
Linux/x86 - bin/cat /etc/passwd shellcode (43 bytes)
Win32 XP SP3 English - cmd.exe shellcode (26 bytes)
Win32 XP SP2 Turkish - cmd.exe shellcode (26 bytes)
Linux/x86 - /bin/sh shellcode (8 bytes)
Linux/x86 - execve /bin/sh shellcode (21 bytes)
Windows XP Home Edition SP2 English - calc.exe shellcode (37 bytes)
Windows XP Home Edition SP3 English - calc.exe shellcode (37 bytes)
Linux/x86 - disabled modsecurity shellcode (64 bytes)
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - MessageBox (Metasploit)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - MessageBox shellcode (Metasploit)
chmod(_/etc/shadow__ 0666) shellcode (36 bytes)
execve(_/bin/sh_) shellcode (25 bytes)
DoS-Badger-Game shellcode (6 bytes)
SLoc-DoS shellcode (55 bytes)
execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
chmod(_/etc/shadow__ 0777) Shellcode(33 bytes)
chmod(_/etc/shadow__ 0777) shellcode (29 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0666) shellcode (36 bytes)
Linux/x86-64 - execve(_/bin/sh_) shellcode (25 bytes)
Linux/x86 - DoS-Badger-Game shellcode (6 bytes)
Linux/x86 - SLoc-DoS shellcode (55 bytes)
Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) shellcode (29 bytes)
Linux/x86 - polymorphic forkbombe (30 bytes)
Linux/x86 - forkbomb
setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86_64 - reboot(POWER_OFF) shellcode (19 bytes)
Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) (33 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes)
Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) (27 bytes)
Linux/x86 - polymorphic forkbombe shellcode (30 bytes)
Linux/x86 - forkbomb shellcode (6 bytes)
Linux/x86 - setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86-64 - reboot(POWER_OFF) shellcode (19 bytes)
Linux/x86-64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) shellcode (33 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) shellcode (57 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); shellcode (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) shellcode (45 bytes)
Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) shellcode (27 bytes)
Solaris/x86 - Reboot() (37 bytes)
Solaris/x86 - Remote Download file (79 bytes)
Linux/x86 - Disable randomize stack addresse (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83
Solaris/x86 - Reboot() shellcode (37 bytes)
Solaris/x86 - Remote Download file shellcode (79 bytes)
Linux/x86 - Disable randomize stack addresse shellcode (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Linux/x86 - Shellcode Polymorphic - setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
change mode 0777 of _/etc/shadow_ with sys_chmod syscall (39 bytes)
Linux/x86 - kill all running process (11 bytes)
change mode 0777 of _/etc/passwd_ with sys_chmod syscall (39 bytes)
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Linux/x86 - Polymorphic setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - kill all running process shellcode (11 bytes)
Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes)
Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - hard / unclean reboot (29 bytes)
Linux/x86 - hard / unclean reboot (33 bytes)
Solaris/x86 - SystemV killall command (39 bytes)
Linux/x86 - hard / unclean reboot shellcode (29 bytes)
Linux/x86 - hard / unclean reboot shellcode (33 bytes)
Solaris/x86 - SystemV killall command shellcode (39 bytes)
Linux/x86 - give all user root access when execute /bin/sh (45 bytes)
Linux/x86 - give all user root access when execute /bin/sh shellcode (45 bytes)
Linux/x86 - netcat connect back port 8080 (76 bytes)
Linux/x86 - netcat connect back port 8080 shellcode (76 bytes)
Windows - MessageBoxA Shellcode
Windows - MessageBoxA Shellcode (238 bytes)
Solaris/x86 - Sync() & reboot() & exit(0) (48 bytes)
Solaris/x86 - Sync() & reboot() & exit(0) shellcode (48 bytes)
Linux/x86_64 - Disable ASLR Security (143 bytes)
Linux/x86-64 - Disable ASLR Security shellcode (143 bytes)
Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) (131 bytes)
Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) shellcode (131 bytes)
Linux/x86_64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes)
Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) shellcode (63 bytes)
Linux/x86_64 - Add root user with password (390 bytes)
Linux/x86-64 - Add root user _shell-storm_ with password _leet_ shellcode (390 bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess (176+ bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess shellcode (176+ bytes)
Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes)
Linux/ARM - setuid(0) & kill(-1_ SIGKILL) shellcode (28 bytes)
Linux/ARM - execve(_/bin/sh___/bin/sh__0) (30 bytes)
Linux/ARM - execve(_/bin/sh___/bin/sh__0) shellcode (30 bytes)
Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) (84 bytes)
Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) shellcode (84 bytes)
Linux/ARM - Disable ASLR Security (102 bytes)
Linux/ARM - Disable ASLR Security shellcode (102 bytes)
Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded (78 bytes)
Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded shellcode (78 bytes)
Linux/x86 - bind shell port 64533 (97 bytes)
Linux/x86 - bind shell port 64533 shellcode (97 bytes)
Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode (161 bytes)
Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes)
Linux - 125 bind port to 6778 XOR encoded polymorphic
Linux - 125 bind port to 6778 XOR encoded polymorphic shellcode (125 bytes)
Linux - nc -lp 31337 -e /bin//sh polymorphic shellcode (91 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ polymorphic shellcode (91 bytes)
Win32 - Write-to-file Shellcode
Win32 - Write-to-file Shellcode (278 bytes)
Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) shellcode (49 bytes)
Linux/x86 - netcat bindshell port 8080 (75 bytes)
Linux/x86 - netcat bindshell port 8080 shellcode (75 bytes)
Mini-Stream RM-MP3 Converter 3.1.2.1 - (.pls) Stack Buffer Overflow universal
PHP-Nuke 8.1 SEO Arabic - Remote File Include
bds/x86 - bindshell on port 2525 shellcode (167 bytes)
BSD/x86 - bindshell on port 2525 shellcode (167 bytes)
Win32 - Shellcode Checksum Routine (18 bytes)
Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) (27 bytes)
Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (27 bytes)
Integard Home and Pro 2 - Remote HTTP Buffer Overflow Exploit
Audiotran 1.4.2.4 SEH Overflow Exploit
Joomla Component (com_elite_experts) SQL Injection
Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes)
Traidnt UP - Cross-Site Request Forgery Add Admin Account
Allpc 2.5 osCommerce - (SQL/XSS) Multiple Vulnerabilities
Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes)
Win32 - add new local administrator (326 bytes)
Win32/XP Pro SP3 (EN) 32-bit - Add new local administrator _secuid0_ shellcode (113 bytes)
Win32 - Add new local administrator shellcode _secuid0_ (326 bytes)
HP Data Protector Media Operations NULL Pointer Dereference Remote DoS
AnyDVD <= 6.7.1.0 - Denial of Service
ARM - Bindshell port 0x1337
ARM - Bind Connect UDP Port 68
ARM - Loader Port 0x1337
ARM - ifconfig eth0 and Assign Address
ARM - Bindshell port 0x1337shellcode
ARM - Bind Connect UDP Port 68 shellcode
ARM - Loader Port 0x1337 shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 shellcode
Linux/ARM - add root user with password (151 bytes)
Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes)
OS-X/Intel - setuid shell x86_64 (51 bytes)
OS-X/Intel - setuid shell x86_64 shellcode (51 bytes)
Create a New User with UID 0 - ARM (Metasploit)
ARM - Create a New User with UID 0 shellcode (Metasploit) (Generator) (66+ bytes)
Windows Win32k Pointer Dereferencement PoC (MS10-098)
Win32 - speaking shellcode
bds/x86 - connect back Shellcode (81 bytes)
bds/x86 - portbind + fork shellcode (111 bytes)
bsd/x86 - connect back Shellcode (81 bytes)
BSD/x86 - 31337 portbind + fork shellcode (111 bytes)
Win32 - eggsearch shellcode (33 bytes)
Arkeia Backup Client Type 77 - Overflow (Win32)
Oracle 9i XDB FTP PASS Overflow (Win32)
SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow
SHTTPD <= 1.34 - URI-Encoded POST Request Overflow (Win32)
Icecast <= 2.0.1 - Header Overwrite (Win32)
McAfee ePolicy Orchestrator / ProtectionPilot Overflow
Oracle 9i XDB HTTP PASS Overflow (Win32)
Linux/SuperH - sh4 - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) (43 bytes)
Linux/SuperH (sh4) - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) shellcode (43 bytes)
Linux/x86 - netcat bindshell port 6666 (69 bytes)
Linux/x86 - netcat bindshell port 6666 shellcode (69 bytes)
OS-X/Intel - reverse_tcp shell x86_64 (131 bytes)
OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes)
Windows - WinExec add new local administrator + ExitProcess Shellcode (279 bytes)
Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes)
Linux/x86 - ASLR deactivation (83 bytes)
Linux/x86 - ASLR deactivation shellcode (83 bytes)
Linux/x86 - ConnectBack with SSL connection (422 bytes)
Linux/x86 - ConnectBack with SSL connection shellcode (422 bytes)
SuperH (sh4) - Add root user with password (143 bytes)
Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes)
Win32/PerfectXp-pc1/SP3 TR - Add Admin Shellcode (112 bytes)
Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes)
Linux/MIPS - execve (52 bytes)
Linux/MIPS - execve shellcode (52 bytes)
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS
Linux/SuperH - sh4 - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) (27 bytes)
Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) shellcode (27 bytes)
Linux/MIPS - execve /bin/sh (48 bytes)
Linux/MIPS - add user(UID 0) with password (164 bytes)
Linux/MIPS - execve /bin/sh shellcode (48 bytes)
Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes)
Linux/x86_64 - execve(/bin/sh) (52 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (52 bytes)
Linux/MIPS - reboot() (32 bytes)
Linux/MIPS - reboot() shellcode (32 bytes)
GdiDrawStream BSoD using Safari
Linux/x86 - Polymorphic ShellCode - setuid(0)+setgid(0)+add user 'iph' without password to /etc/passwd
Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd
Linux/x86 - Search For php/html Writable Files and Add Your Code (380+ bytes)
Linux/x86 - Search For php/html Writable Files and Add Your Code shellcode (380+ bytes)
Linux/x86_64 - add user with passwd (189 bytes)
Linux/x86-64 - Add user _t0r_ with password _Winner_ shellcode (189 bytes)
Linux/x86 - execve(/bin/dash) (42 bytes)
Linux/x86 - execve(/bin/dash) shellcode (42 bytes)
Linux/x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes)
Linux/x86 - chmod 666 /etc/passwd & /etc/shadow shellcode (57 bytes)
Microsoft Windows Kernel - Intel x64 SYSRET PoC
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) (72 bytes)
Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) (41 bytes)
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (30 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) shellcode (41 bytes)
Windows XP Pro SP3 - Full ROP calc shellcode
Windows XP Pro SP3 - Full ROP calc shellcode (428 bytes)
Novell Client 2 SP3 - nicm.sys Local Privilege Escalation
MIPS Little Endian - Shellcode
MIPS - (Little Endian) system() Shellcode (80 bytes)
Windows RT ARM - Bind Shell (Port 4444)
Windows RT ARM - Bind Shell (Port 4444) shellcode
Linux Kernel <= 3.7.6 (Redhat x86/x64) - 'MSR' Driver Local Privilege Escalation
Linux/x86 - Multi-Egghunter
Linux/x86 - Multi-Egghunter shellcode
MIPS Little Endian - Reverse Shell Shellcode (Linux)
Linux/MIPS - (Little Endian) Reverse Shell (192.168.1.177:31337) Shellcode (200 bytes)
Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation
Windows - Add Admin User Shellcode (194 bytes)
Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035)
OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege
Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - ptrace/sysret Local Privilege Escalation
MQAC.sys Arbitrary Write Privilege Escalation
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes)
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh shellcode (378 bytes)
VirtualBox 3D Acceleration Virtual Machine Escape
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes)
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes)
Connect Back (139 bytes)
Linux/x86-64 - Connect Back shellcode (139 bytes)
Linux/x86 - Add map in /etc/hosts file
Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) shellcode (77 bytes)
Microsoft Bluetooth Personal Area Networking - (BthPan.sys) Privilege Escalation
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Position independent & Alphanumeric 64-bit execve(_/bin/sh\0__NULL_NULL); (87 bytes)
Linux/x86-64 - Position independent & Alphanumeric execve(_/bin/sh\0__NULL_NULL); shellcode (87 bytes)
Offset2lib: Bypassing Full ASLR On 64 bit Linux
Linux/x86 - rmdir (37 bytes)
Linux/x86 - rmdir shellcode (37 bytes)
Linux/x64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x64 - Reverse TCP connect (77 to 85 bytes / 90 to 98 bytes with password)
Linux/x86-64 - Reverse TCP connect shellcode (77 to 85 bytes / 90 to 98 bytes with password)
RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation
RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation
Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Linux/MIPS - execve (36 bytes)
Linux/MIPS - execve /bin/sh shellcode (36 bytes)
Windows XP x86-64 - Download & execute (Generator)
Windows XP x86-64 - Download & execute shellcode (Generator)
Linux Kernel <= 3.17.5 - IRET Instruction #SS Fault Handling Crash PoC
Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow (55 bytes)
Linux/MIPS - (Little Endian) Chmod 666 /etc/shadow shellcode (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd shellcode (55 bytes)
Reads Data From /etc/passwd To /tmp/outfile (118 bytes)
Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile shellcode (118 bytes)
Linux/x86 - ROT13 encoded execve(_/bin/sh_) (68 bytes)
Linux/x86 - ROT13 encoded execve(_/bin/sh_) shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated (84 bytes)
Linux/x86 - Obfuscated map google.com to 127.1.1.1 (98 bytes)
Linux/x86 - Obfuscated execve(_/bin/sh_) (40 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated shellcode (84 bytes)
Linux/x86 - Obfuscated map google.com to 127.1.1.1 shellcode (98 bytes)
Linux/x86 - Obfuscated execve(_/bin/sh_) shellcode (40 bytes)
Linux/x86 - Reverse TCP Shell (72 bytes)
Linux/x86 - TCP Bind Shell (96 bytes)
Linux/x86 - Reverse TCP Shell shellcode (72 bytes)
Linux/x86 - TCP Bind Shel shellcode l (96 bytes)
Linux - Disable ASLR (84 bytes)
Linux/x86 - Disable ASLR shellcode (84 bytes)
Linux/x86 - Egg-hunter (20 bytes)
Linux/x86 - Egg-hunter shellcode (20 bytes)
Create 'my.txt' Working Directory (37 bytes)
Linux/x86 - Create 'my.txt' Working Directory shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) (49 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) shellcode (49 bytes)
Win32/XP SP3 - Create (_file.txt_) (83 bytes)
Win32/XP SP3 - Restart computer
Linux - custom execve-shellcode Encoder/Decoder
Win32/XP SP3 - Create (_file.txt_) shellcode (83 bytes)
Win32/XP SP3 - Restart computer shellcode (57 bytes)
Linux/x86 - custom execve-shellcode Encoder/Decoder
Linux/x86_64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux/x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux/x86 - exit(0) (6 bytes)
Linux/x86 - exit(0) shellcode (6 bytes)
Windows 8.0 < 8.1 x64 - TrackPopupMenu Privilege Escalation (MS14-058)
Linux/x86 - chmod() 777 /etc/shadow & exit() (33 bytes)
Linux/x86 - chmod() 777 /etc/shadow & exit() shellcode (33 bytes)
Linux/x86 - /etc/passwd Reader (58 bytes)
Linux/x86 - /etc/passwd Reader shellcode (58 bytes)
Linux/x86 - mkdir HACK & chmod 777 and exit(0) (29 bytes)
Linux/x86 - Netcat BindShell Port 5555 (60 bytes)
Linux/x86 - mkdir HACK & chmod 777 and exit(0) shellcode (29 bytes)
Linux/x86 - Netcat BindShell Port 5555 shellcode (60 bytes)
Linux/x86_64 - execve(/bin/sh) (30 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (30 bytes)
Linux/x86 - Download & Execute
Linux/x86 - Reboot (28 bytes)
Linux/x86 - Download & Execute shellcode
Linux/x86 - Reboot shellcode (28 bytes)
Linux/x86 - execve /bin/sh (23 bytes)
Linux/x86 - execve /bin/sh shellcode (23 bytes)
Linux 64bit - Encoded execve shellcode
Linux/x86-64 - Encoded execve shellcode (57 bytes)
encoded 64 bit execve shellcode
Linux/x86-64 - encoded execve shellcode (57 bytes)
Win32/XP SP3 (TR) - MessageBox (24 bytes)
Win32/XP SP3 (TR) - MessageBox shellcode (24 bytes)
Windows XP SP3 x86 / 2003 SP2 x86 - NDProxy Privilege Escalation (MS14-002)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free (199 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes)
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
Adobe Flash XMLSocket Destructor Not Cleared Before Setting User Data in connect
Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash Shared Object Type Confusion
Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash Shared Object Type Confusion
Windows 2003 x64 - Token Stealing shellcode (59 bytes)
OS-X x64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
Mainframe/System Z - Bind Shell
Mainframe/System Z - Bind Shell shellcode (2488 bytes)
ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC
Linux/x86 - execve(/bin/bash) (31 bytes)
Linux/x86 - execve(/bin/bash) shellcode (31 bytes)
Linux/x86 - Create file with permission 7775 and exit (Shell Generator)
Linux/x86 - Create file with permission 7775 and exit shellcode (Generator)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) (75 bytes)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) shellcode (75 bytes)
OS-X x64 - tcp bind shellcode_ NULL byte free (144 bytes)
OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes)
Linux/x86_64 - /bin/sh
Linux/x86-64 - /bin/sh shellcode
Android Shellcode Telnetd with Parameters
Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Microsoft Windows - Font Driver Buffer Overflow (MS15-078)
Linux/x86_64 - execve Shellcode (22 bytes)
Linux/x86-64 - execve Shellcode (22 bytes)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061)
Windows Kernel - WindowStation Use-After-Free (MS15-061)
Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Windows Kernel - FlashWindowEx Memory Corruption (MS15-097)
Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)
Windows Kernel - WindowStation Use-After-Free (MS15-061)
Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Windows Kernel - FlashWindowEx Memory Corruption (MS15-097)
Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)
Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097)
Truecrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation
Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application)
Linux/x86_64 - Bindshell with Password (92 bytes)
Linux/x86-64 - Bindshell with Password shellcode (92 bytes)
Symantec pcAnywhere 12.5.0 Windows x86 - Remote Code Execution
Linux/x64 - egghunter (24 bytes)
Linux/x86-64 - egghunter shellcode (24 bytes)
Linux/x86_64 - Polymorphic execve Shellcode (31 bytes)
Linux/x86-64 - Polymorphic execve Shellcode (31 bytes)
Windows XP<10 - Null-Free WinExec Shellcode (Python)
Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator)
win32k Desktop and Clipboard - Null Pointer Derefence
win32k Clipboard Bitmap - Use-After-Free
win32k Desktop and Clipboard - Null Pointer Derefence
win32k Clipboard Bitmap - Use-After-Free
Microsoft Windows 8.1 - win32k Local Privilege Escalation (MS15-010)
Adobe Flash Selection.SetSelection - Use-After-Free
Adobe Flash Sound.setTransform - Use-After-Free
Linux/x64 - Bind TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bind TCP Port Shellcode (103 bytes)
Linux/x86_64 - bind TCP port shellcode (103 bytes)
TCP Bindshell with Password Prompt (162 bytes)
Linux/x86-64 - bind TCP port shellcode (103 bytes)
Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes)
TCP Reverse Shell with Password Prompt (151 bytes)
Linux/x86-64 - TCP Reverse Shell with Password Prompt shellcode (151 bytes)
Linux/x86_64 - Egghunter (18 bytes)
Linux/x86 - Egg-hunter (13 bytes)
Linux/x86-64 - Egghunter shellcode (18 bytes)
Linux/x86 - Egg-hunter shellcode (13 bytes)
Adobe Flash - Use-After-Free When Setting Stage
Linux/x86_64 - xor/not/div Encoded execve Shellcode (54 bytes)
Linux/x86-64 - xor/not/div Encoded execve Shellcode (54 bytes)
Linux x86 & x86_64 - reverse_tcp Shellcode
Linux x86 & x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86 & x86_64 - tcp_bind Shellcode
Linux x86 & x86_64 - Read etc/passwd Shellcode
Linux x86 & x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86 & x86_64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (1) (122 bytes)
Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (1) (122 bytes)
Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (2) (135 bytes)
Linux/x86 - Download & Execute Shellcode
Linux/x86_64 - Polymorphic Execve-Stack (47 bytes)
Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (2) (135 bytes)
Linux/x86 - Download & Execute Shellcode (135 bytes)
Linux/x86-64 - Polymorphic Execve-Stack shellcode (47 bytes)
Microsoft Windows - afd.sys Dangling Pointer Privilege Escalation (MS14-040)
Linux/ARM - Connect back to {ip:port} with /bin/sh (95 bytes)
Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh shellcode (95 bytes)
Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
Microsoft Windows 7 x64 - afd.sys Privilege Escalation (MS14-040)
Linux/x86_64 - Reverse Shell Shellcode
Linux/x86-64 - Reverse Shell Shellcode
Linux/x86_64 - execve(/bin/sh) (26 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (26 bytes)
Linux/x86_64 - execve(/bin/sh) (25 bytes)
Linux/x86_64 - execve(/bin/bash) (33 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (25 bytes)
Linux/x86-64 - execve(/bin/bash) shellcode (33 bytes)
Linux/x86_64 - bindshell (Pori: 5600) (81 bytes)
Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes)
Linux/x86_64 - Read /etc/passwd (65 bytes)
Linux/x86-64 - Read /etc/passwd shellcode (65 bytes)
Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)
Linux/x86_64 - bindshell (Port 5600) (86 bytes)
Linux/x86-64 - bindshell (Port 5600) shellcode (86 bytes)
Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode
Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode (394 bytes)
Linux/x86 - Reverse TCP Shellcode (IPv6)
Linux/x86 - Bind TCP Port 1472 (IPv6) (1250 bytes)
Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes)
Linux/x86 - Bind TCP Port 1472 (IPv6) shellcode (1250 bytes)
Linux/x64 - Bind Shell Shellcode (Generator)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
Linux/x86-64 - Bind Shell Shellcode (Generator)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
Win32 .Net Framework - Execute Native x86 Shellcode
Linux/x86_64 - Bind TCP Port 1472 (IPv6)
Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes)
Linux/x86_64 - Reverse TCP (IPv6)
Linux/x86-64 - Reverse TCP shellcode (IPv6) (203 bytes)
Linux/x86 - Bindshell with Configurable Port (87 bytes)
Linux/x86 - Bindshell with Configurable Port shellcode (87 bytes)
Linux/x86_64 - Null-Free Reverse TCP Shell
Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes)
Linux/x86_64 - Information Stealer Shellcode
Linux/x86-64 - Information Stealer Shellcode (399 bytes)
Linux/x86 - TCP Bind Shell Port 4444 (656 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes)
Linux/x86_64 - XOR Encode execve Shellcode
Linux/x86-64 - XOR Encode execve Shellcode
Windows x86 - WinExec(_cmd.exe__0) Shellcode
Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Windows x86 - system(_systeminfo_) Shellcode
Windows x86 - system(_systeminfo_) Shellcode (224 bytes)
Windows - Custom Font Disable Policy Bypass
PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit)
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)
Linux/x86_64 - /etc/passwd File Sender Shellcode
Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes)
Windows 7 SP1 x86 - Privilege Escalation (MS16-014)
Linux 64bit - NetCat Bind Shell Shellcode (64 bytes)
Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes)
Linux/x86 - TCP Bind Shell Port 4444 (98 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes)
Linux 64bit - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)
Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)
Linux/x86_64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes)
Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password shellcode (172 bytes)
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 shellcode (68 bytes)
2016-07-18 05:02:52 +00:00
Offensive Security
b51e0f27d5
DB: 2016-07-17
...
52 new exploits
Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) (38 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() (35 bytes)
Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes)
Linux i686 - pacman -R <package> (59 bytes)
Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes)
Linux i686 - pacman -R <package> (59 bytes)
JITed stage-0 shellcode
JITed exec notepad Shellcode
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
JITed egg-hunter stage-0 shellcode
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Windows - JITed egg-hunter stage-0 shellcode
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Linux/x86 - nc -lvve/bin/sh -p13377 shellcode
Linux/x86 - polymorphic forkbombe - (30 bytes)
Linux/x86 - forkbomb
Linux/x86 - polymorphic forkbombe (30 bytes)
Linux/x86 - forkbomb
Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes)
Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes)
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes)
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes)
Linux/x86 - Disable randomize stack addresse (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83
Linux/x86 - alphanumeric Bomb FORK Shellcode (117 bytes)
Linux/x86 - Disable randomize stack addresse (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83
Linux/x86 - alphanumeric Bomb FORK Shellcode (117 bytes)
Linux/x86 - Shellcode Polymorphic - setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
Linux/x86 - kill all running process (11 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes)
Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes)
Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes)
Linux/x86 - unlink _/etc/shadow_ shellcode (33 bytes)
Linux/x86 - hard / unclean reboot (29 bytes)
Linux/x86 - hard / unclean reboot (33 bytes)
Linux/x86 - unlink _/etc/shadow_ shellcode (33 bytes)
Linux/x86 - hard / unclean reboot (29 bytes)
Linux/x86 - hard / unclean reboot (33 bytes)
Linux/x86 - chown root:root /bin/sh shellcode (48 bytes)
Linux/x86 - give all user root access when execute /bin/sh (45 bytes)
Linux/x86 - chown root:root /bin/sh shellcode (48 bytes)
Linux/x86 - give all user root access when execute /bin/sh (45 bytes)
Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes)
Linux/ARM - execve(_/bin/sh___/bin/sh__0) (30 bytes)
Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) (84 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes)
Linux/ARM - Disable ASLR Security (102 bytes)
Linux/x86 - bind shell port 64533 (97 bytes)
Safari JS JITed shellcode - exec calc (ASLR/DEP bypass)
Windows - Safari JS JITed shellcode - exec calc (ASLR/DEP bypass)
Win32 - Write-to-file Shellcode
Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes)
Linux/x86 - netcat bindshell port 8080 (75 bytes)
Shellcode Checksum Routine (18 bytes)
Win32 - Shellcode Checksum Routine (18 bytes)
Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes)
Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes)
Win32 - add new local administrator (326 bytes)
Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes)
Win32 - add new local administrator (326 bytes)
Win32 - speaking shellcode
Linux/x86 - netcat bindshell port 6666 (69 bytes)
DNS Reverse Download and Exec Shellcode
Windows - DNS Reverse Download and Exec Shellcode
Linux/x86_32 - ConnectBack with SSL connection (422 bytes)
Linux/x86 - ConnectBack with SSL connection (422 bytes)
Linux/x86 - egghunt shellcode (29 bytes)
Linux/MIPS - execve /bin/sh (48 bytes)
Linux/MIPS - add user(UID 0) with password (164 bytes)
Linux/MIPS - execve /bin/sh (48 bytes)
Linux/MIPS - add user(UID 0) with password (164 bytes)
Linux/x86 - execve(/bin/dash) (42 bytes)
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes)
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes)
Linux/x86 - rmdir (37 bytes)
Linux/MIPS - execve (36 bytes)
Windows XP x86-64 - Download & execute (Generator)
Linux/x86 - /etc/passwd Reader (58 bytes)
Linux - execve /bin/sh (23 bytes)
Linux/x86 - execve /bin/sh (23 bytes)
Linux/x86/x86_64 - reverse_tcp Shellcode
Linux x86 & x86_64 - reverse_tcp Shellcode
Linux/x86/x86_64 - tcp_bind Shellcode
Linux/x86/x86_64 - Read etc/passwd Shellcode
Linux x86 & x86_64 - tcp_bind Shellcode
Linux x86 & x86_64 - Read etc/passwd Shellcode
.Net Framework - Execute Native x86 Shellcode
Win32 .Net Framework - Execute Native x86 Shellcode
2016-07-17 05:07:02 +00:00
Offensive Security
0d018828aa
DB: 2016-07-15
2016-07-15 06:29:45 +00:00
Offensive Security
13e9ec719b
DB: 2016-07-14
...
17 new exploits
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (2)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (3)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (4)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (5)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (6)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (7)
Adobe Flash Player 22.0.0.192 - DefineBitsJPEG2 Memory Corruption
Adobe Flash Player 22.0.0.192 - DefineSprite Memory Corruption
Adobe Flash Player 22.0.0.192 - TAG Memory Corruption
Adobe Flash Player 22.0.0.192 - SceneAndFrameData Memory Corruption
Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode
GSX Analyzer 10.12 and 11 - Main.swf Hardcoded Superadmin Credentials
MS16-032 Secondary Logon Handle Privilege Escalation
Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution
Apache Archiva 1.3.9 - Multiple CSRF Vulnerabilities
Linux x86 Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10
2016-07-14 05:05:01 +00:00
Offensive Security
29f0764fac
DB: 2016-07-09
...
9 new exploits
Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit
Joomla <= 1.0.9 - (Weblinks) Remote Blind SQL Injection Exploit
Microsoft Excel Malformed FEATHEADER Record Exploit (MS09-067)
Microsoft Excel - Malformed FEATHEADER Record Exploit (MS09-067)
Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability
Seo Panel 2.2.0 - Cookie-Rendered Persistent XSS Vulnerability
VLC AMV Dangling Pointer Vulnerability
VLC - AMV Dangling Pointer Vulnerability
Movable Type 4.2x_ 4.3x Web Upgrade Remote Code Execution
Movable Type 4.2x_ 4.3x - Web Upgrade Remote Code Execution
Roxio CinePlayer 3.2 SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability
Roxio CinePlayer 3.2 - SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability
HP Client Automation Command Injection
HP Client - Automation Command Injection
Persistent Systems Client Automation Command Injection RCE
Persistent Systems Client Automation - Command Injection RCE
ElasticSearch Unauthenticated Remote Code Execution
ElasticSearch - Unauthenticated Remote Code Execution
ElasticSearch Search Groovy Sandbox Bypass
ElasticSearch - Search Groovy Sandbox Bypass
Fedora abrt Race Condition Exploit
Fedora - abrt Race Condition Exploit
ProFTPD 1.3.5 Mod_Copy Command Execution
ProFTPD 1.3.5 - Mod_Copy Command Execution
Windows ClientCopyImage Win32k Exploit
Microsoft Windows - ClientCopyImage Win32k Exploit
Wolf CMS Arbitrary File Upload To Command Execution
Wolf CMS - Arbitrary File Upload To Command Execution
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Kaseya VSA uploader.aspx Arbitrary File Upload
Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload
Samsung Galaxy S6 - Samsung Gallery Bitmap Decoding Crash
Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash
Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux 2 (MS16-008)
Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008)
Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008)
Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008)
Microsoft Windows 7 SP1 x86 - WebDAV Privilege Escalation (MS16-016)
Microsoft Windows 7 SP1 x86 - WebDAV Privilege Escalation (MS16-016) (1)
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
NETGEAR ProSafe Network Management System 300 - Arbitrary File Upload
Windows - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)
Microsoft Windows 8.1/10 - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)
OS X / iOS Suid Binary Logic Error Kernel Code Execution
OS X / iOS - Suid Binary Logic Error Kernel Code Execution
Novell ServiceDesk Authenticated File Upload
Novell ServiceDesk - Authenticated File Upload
Mach Race OS X Local Privilege Escalation Exploit
Mach Race OS X - Local Privilege Escalation Exploit
Oracle ATS Arbitrary File Upload
Oracle Application Testing Suite (ATS) - Arbitrary File Upload
Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
WordPress Lazy Content Slider Plugin 3.4 - (Add Catetory) CSRF
Hide.Me VPN Client 1.2.4 - Privilege Escalation
InstantHMI 6.1 - Privilege Escalation
Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash PoC
Microsoft WinDbg logviewer.exe - Crash PoC
Linux x86 TCP Reverse Shellcode - 75 bytes
php Real Estate Script 3 - Arbitrary File Disclosure
CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval
Streamo Online Radio And TV Streaming CMS - SQL Injection
2016-07-09 05:06:22 +00:00
Offensive Security
b530dd470e
DB: 2016-07-05
...
8 new exploits
BigDump - (Cross Site Scripting/SQL Injection/Arbitrary File Upload) Multiple Vulnerabilities
BigDump 0.29b and 0.32b - Multiple Vulnerabilities
Linux - netfilter IPT_SO_SET_REPLACE Memory Corruption
Linux Kernel 3.10_ 3.18 + 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption
Debian Exim - Spool Local Root Privilege Escalation
Ubuntu 16.04 local root exploit - netfilter target_offset OOB
Linux Kernel 4.4.0-2 (Ubuntu 16.04) - netfilter target_offset OOB Local Root Exploit
XpoLog Center 6 - Remote Command Execution CSRF
Ktools Photostore 4.7.5 - Multiple Vulnerabilities
Linux 64bit NetCat Bind Shell Shellcode - 64 bytes
WordPress Real3D FlipBook Plugin - Multiple Vulnerabilities
Linux x86 TCP Bind Shell Port 4444 - 98 bytes
WebCalendar 1.2.7 - Multiple Vulnerabilities
eCardMAX 10.5 - Multiple Vulnerabilities
2016-07-05 05:06:28 +00:00
Offensive Security
e9145685e4
DB: 2016-06-28
...
14 new exploits
Linux Netcat Reverse Shell - 32bit - 77 bytes
XM Easy Personal FTP Server 5.8 - (HELP) Remote DoS Vulnerability
Linux x86_64 execve Shellcode - 15 bytes
WordPress Ultimate Product Catalog Plugin 3.8.6 - Arbitrary File Upload
OPAC KpwinSQL - SQL Injection
Magnet Networks Tesley CPVA 642 Router – Weak WPA-PSK Passphrase Algorithm
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
Kagao 3.0 - Multiple Vulnerabilities
Panda Security Multiple Products - Privilege Escalation
MyLittleForum 2.3.5 - PHP Command Injection
iBilling 3.7.0 - Stored and Reflected XSS
PInfo 0.6.9-5.1 - Local Buffer Overflow
BigTree CMS 4.2.11 - SQL Injection
HNB 1.9.18-10 - Local Buffer Overflow
Linux x86 /bin/sh Shellcode + ASLR Bruteforce
SugarCRM 6.5.18 - PHP Code Injection
Riverbed SteelCentral NetProfiler & NetExpress 10.8.7 - Multiple Vulnerabilities
2016-06-28 05:03:46 +00:00
Offensive Security
3739831fb2
DB: 2016-06-24
...
16 new exploits
Banner Exchange Script 1.0 - (targetid) Blind SQL Injection Vulnerability
PHP 5.3.3 - ibase_gen_id() off-by-one Overflow Vulnerability
ARM Bindshell port 0x1337
ARM Bind Connect UDP Port 68
ARM Loader Port 0x1337
ARM ifconfig eth0 and Assign Address
ARM Bindshell port 0x1337
ARM Bind Connect UDP Port 68
ARM Loader Port 0x1337
ARM ifconfig eth0 and Assign Address
G Data TotalCare 2011 - NtOpenKey Race Condition Vulnerability
ImpressPages CMS 3.8 - Stored XSS Vulnerability
Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Vulnerability
Linux Netcat Reverse Shell - 32bit - 77 bytes
PrestaShop 1.4.4.1 modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php Multiple Parameter XSS
PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Parameter XSS
Getsimple CMS 3.3.10 - Arbitrary File Upload
op5 v7.1.9 Configuration Command Execution
op5 7.1.9 - Configuration Command Execution
Alibaba Clone B2B Script - Arbitrary File Disclosure
XuezhuLi FileSharing - Directory Traversal
XuezhuLi FileSharing - (Add User) CSRF
FinderView - Multiple Vulnerabilities
2016-06-24 05:06:19 +00:00
Offensive Security
2815f48e25
DB: 2016-06-17
...
12 new exploits
Linux x86_64 - Reverse Shell Shellcode
Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal
Solarwinds Virtualization Manager - Privilege Escalation
Blat 3.2.14 - Stack Overflow
Linux/x86 - Bindshell with Configurable Port - 87 bytes
Linux x86_64 Shellcode Null-Free Reverse TCP Shell
Linux x86 TCP Bind Shell Port 4444 (656 bytes)
Tiki-Wiki CMS Calendar 14.2_ 12.5 LTS_ 9.11 LTS_ and 6.15 - Remote Code Execution
Linux/Windows/BSD x86_64 execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode
ATCOM PBX IP01_ IP08 _ IP4G_ IP2G4A - Authentication Bypass
Roxy Fileman 1.4.4 - Arbitrary File Upload
SlimCMS 0.1 - CSRF (Change Admin Password)
2016-06-17 05:05:00 +00:00
Offensive Security
858079a4fe
DB: 2016-06-08
...
5 new exploits
Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root
Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root (2)
Windows x86 WinExec(_cmd.exe__0) Shellcode
Linux x86 /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes)
League of Legends Screensaver - Unquoted Service Path Privilege Escalation
League of Legends Screensaver - Insecure File Permissions Privilege Escalation
Cisco EPC 3928 - Multiple Vulnerabilities
2016-06-08 05:05:38 +00:00
Offensive Security
69f4286492
DB: 2016-05-08
...
3 new exploits
Linux x86 Shellcode - Bind TCP Port 1472 (ipv6)
Linux x86_64 Shellcode - Bind TCP Port 1472 (ipv6)
Linux x86_64 Shellcode - Reverse TCP (ipv6)
2016-05-08 05:03:48 +00:00
Offensive Security
7472667089
DB: 2016-04-30
...
9 new exploits
Linux x86 Reverse TCP Shellcode (ipv6)
Observium 0.16.7533 - Cross Site Request Forgery
Observium 0.16.7533 - Authenticated Arbitrary Command Execution
Merit Lilin IP Cameras - Multiple Vulnerabilities
Rough Auditing Tool for Security (RATS) 2.3 - Array Out of Block Crash
Wireshark - dissect_2008_16_security_4 Stack-Based Buffer Overflow
Wireshark - alloc_address_wmem Assertion Failure
Wireshark - ett_zbee_zcl_pwr_prof_enphases Static Out-of-Bounds Read
GLPi 0.90.2 - SQL Injection
2016-04-30 05:01:53 +00:00
Offensive Security
477bcbdcc0
DB: 2016-03-17
...
5 new exploits
phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit
phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities
My Book World Edition NAS Multiple Vulnerability
My Book World Edition NAS - Multiple Vulnerabilities
Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL
Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities
cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability
cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities
DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php)
DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities
Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability
Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities
N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability
N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities
New-CMS - Multiple Vulnerability
New-CMS - Multiple Vulnerabilities
Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability
Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities
JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability
JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities
i-Gallery - Multiple Vulnerability
i-Gallery - Multiple Vulnerabilities
My Kazaam Notes Management System Multiple Vulnerability
My Kazaam Notes Management System - Multiple Vulnerabilities
Omnidocs - Multiple Vulnerability
Omnidocs - Multiple Vulnerabilities
Web Cookbook Multiple Vulnerability
Web Cookbook - Multiple Vulnerabilities
KikChat - (LFI/RCE) Multiple Vulnerability
KikChat - (LFI/RCE) Multiple Vulnerabilities
Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability
Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability
xEpan 1.0.4 - Multiple Vulnerability
xEpan 1.0.4 - Multiple Vulnerabilities
AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection
Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow
Cisco UCS Manager 2.1(1b) - Shellshock Exploit
OpenSSH <= 7.2p1 - xauth Injection
FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
2016-03-17 07:07:56 +00:00
Offensive Security
2ec2bcdde4
DB: 2016-02-02
...
11 new exploits
2016-02-02 05:02:47 +00:00
Offensive Security
86d0c5fe16
DB: 2016-01-09
...
10 new exploits
2016-01-09 05:02:44 +00:00
Offensive Security
42b241205e
DB: 2015-09-11
...
20 new exploits
2015-09-11 05:01:46 +00:00
Offensive Security
229204741f
DB: 2015-09-10
...
15 new exploits
2015-09-10 05:04:12 +00:00
Offensive Security
9569f264ec
DB: 2015-08-14
...
191 new exploits
2015-08-14 05:02:47 +00:00
Offensive Security
6bd95eb0eb
DB: 2015-08-11
...
8 new exploits
2015-08-11 05:02:51 +00:00
Offensive Security
e4d0bdd544
DB: 2015-07-18
...
3 new exploits
2015-07-18 05:02:00 +00:00
Offensive Security
fcb4d832b3
DB: 2015-06-27
...
19 new exploits
2015-06-27 05:02:05 +00:00
Offensive Security
611a35761a
DB: 2015-06-25
...
22 new exploits
2015-06-25 05:03:16 +00:00
Offensive Security
2030fa98fd
DB: 2015-06-20
...
25 new exploits
2015-06-20 05:02:50 +00:00
Offensive Security
20d0fff830
DB: 2015-06-13
...
7 new exploits
2015-06-13 05:02:28 +00:00
Offensive Security
62ba41ab0a
DB: 2015-05-21
...
5 new exploits
2015-05-21 05:03:22 +00:00
Offensive Security