Offensive Security
6cbe6ebbb6
DB: 2021-09-03
...
395 changes to exploits/shellcodes
EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC)
Electronics Workbench - '.ewb' Local Stack Overflow (PoC)
BulletProof FTP Client 2.63 - Local Heap Overflow (PoC)
Easy Web Password 1.2 - Local Heap Memory Consumption (PoC)
Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC)
eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC)
Zortam MP3 Media Studio 9.40 - Multiple Memory Corruption Vulnerabilities
ImTOO MPEG Encoder 3.1.53 - '.cue' / '.m3u' Local Buffer Overflow (PoC)
ZoIPer 2.22 - Call-Info Remote Denial of Service
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
PHP - MultiPart Form-Data Denial of Service (PoC)
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
PHP - MultiPart Form-Data Denial of Service (PoC)
Nuked KLan 1.7.7 & SP4 - Denial of Service
AIC Audio Player 1.4.1.587 - Local Crash (PoC)
Xerox 4595 - Denial of Service
WinMerge 2.12.4 - Project File Handling Stack Overflow
Acoustica Mixcraft 1.00 - Local Crash
SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC)
Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption
Spotify 0.8.2.610 - search func Memory Exhaustion
Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC)
WaveSurfer 1.8.8p4 - Memory Corruption (PoC)
DIMIN Viewer 5.4.0 - Crash (PoC)
FreeVimager 4.1.0 - Crash (PoC)
DIMIN Viewer 5.4.0 - Crash (PoC)
FreeVimager 4.1.0 - Crash (PoC)
CoolPlayer+ Portable 2.19.4 - Local Buffer Overflow
Light Audio Player 1.0.14 - Memory Corruption (PoC)
Image Transfer IOS - Remote Crash (PoC)
Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)
VUPlayer 2.49 - '.cue' Universal Buffer Overflow
Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation
IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite
Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflow (SEH)
Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflow
Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal
Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflow (SEH)
Alleycode HTML Editor 2.2.1 - Local Buffer Overflow
GPG2/Kleopatra 2.0.11 - Malformed Certificate
Free WMA MP3 Converter 1.1 - '.wav' Local Buffer Overflow
OtsTurntables Free 1.00.047 - '.olf' Universal Buffer Overflow
Watermark Master 2.2.23 - '.wstyle' Local Buffer Overflow (SEH)
Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (3)
QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2)
CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow
quickshare file share 1.2.1 - Directory Traversal (1)
SPlayer 3.7 (build 2055) - Remote Buffer Overflow
Acunetix 8 build 20120704 - Remote Stack Overflow
Omeka 2.2.1 - Remote Code Execution
D-Link DSL-2740R - Remote DNS Change
D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure
Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure
Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution
TorrentTrader 1.0 RC2 - SQL Injection
WEBInsta CMS 0.3.1 - 'templates_dir' Remote File Inclusion
MiniPort@l 0.1.5 Beta - 'skiny' Remote File Inclusion
PHP DocWriter 0.3 - 'script' Remote File Inclusion
phpBB Journals System Mod 1.0.2 RC2 - Remote File Inclusion
phpBB SpamBlocker Mod 1.0.2 - Remote File Inclusion
RSSonate - 'xml2rss.php' Remote File Inclusion
CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion
RSSonate - 'xml2rss.php' Remote File Inclusion
CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion
QnECMS 2.5.6 - 'adminfolderpath' Remote File Inclusion
BrewBlogger 1.3.1 - 'printLog.php' SQL Injection
e-Ark 1.0 - '/src/ark_inc.php' Remote File Inclusion
awrate.com Message Board 1.0 - 'search.php' Remote File Inclusion
Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion
Gizzar 03162002 - 'index.php' Remote File Inclusion
SH-News 0.93 - 'misc.php' Remote File Inclusion
JSBoard 2.0.10 - 'login.php?table' Local File Inclusion
XOOPS Module WF-Links 1.03 - 'cid' SQL Injection
Scorp Book 1.0 - 'smilies.php?config' Remote File Inclusion
WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion
mxBB Module FAQ & RULES 2.0.0 - Remote File Inclusion
EQdkp 1.3.2 - 'listmembers.php' SQL Injection
FlashBB 1.1.8 - 'sendmsg.php' Remote File Inclusion
SimpleBlog 3.0 - 'comments_get.asp?id' SQL Injection
Pakupaku CMS 0.4 - Arbitrary File Upload / Local File Inclusion
CCMS 3.1 Demo - SQL Injection
MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass
BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection
AuraCMS 1.62 - Multiple SQL Injections
sCssBoard (Multiple Versions) - 'pwnpack' Remote s
EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion
RevokeBB 1.0 RC11 - 'Search' SQL Injection
Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion
CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection
PHPortal 1.2 - Multiple Remote File Inclusions
Libera CMS 1.12 - 'cookie' SQL Injection
Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload
WCMS 1.0b - Arbitrary Add Admin
FOSS Gallery Admin 1.0 - Arbitrary File Upload
MemHT Portal 4.0.1 - SQL Injection / Code Execution
Mediatheka 4.2 - Blind SQL Injection
Pligg 9.9.5b - Arbitrary File Upload / SQL Injection
XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution
Joomla! Component Casino 0.3.1 - Multiple SQL Injections s
ZeusCart 2.3 - 'maincatid' SQL Injection
ASP Football Pool 2.3 - Remote Database Disclosure
LightNEasy sql/no-db 2.2.x - System Configuration Disclosure
Zen Cart 1.3.8 - Remote Code Execution
Joomla! Component com_pinboard - 'task' SQL Injection
Joomla! Component com_bookflip - 'book_id' SQL Injection
Messages Library 2.0 - Arbitrary Delete Message
Arab Portal 2.2 - Blind Cookie Authentication Bypass
Joomla! Plugin JD-WordPress 2.0 RC2 - Remote File Inclusion
REZERVI 3.0.2 - Remote Command Execution
Joomla! Component BF Quiz 1.0 - SQL Injection (2)
E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection
AJ Matrix DNA - SQL Injection
Joomla! Component JE Story Submit - Local File Inclusion
CF Image Hosting Script 1.3.82 - File Disclosure
hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting
CMSLogik 1.2.1 - Multiple Vulnerabilities
C.P.Sub 4.5 - Authentication Bypass
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload
Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection
WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload
PHPMailer < 5.2.20 - Remote Code Execution
phpIPAM 1.4 - SQL Injection
Joomla! 3.9.0 < 3.9.7 - CSV Injection
2021-09-03 14:58:20 +00:00
Offensive Security
36c084c351
DB: 2021-09-03
...
45419 changes to exploits/shellcodes
2 new exploits/shellcodes
Too many to list!
2021-09-03 13:39:06 +00:00
Offensive Security
4e7ab00187
DB: 2021-08-20
...
204 changes to exploits/shellcodes
Charity Management System CMS 1.0 - Multiple Vulnerabilities
2021-08-20 05:01:51 +00:00
Offensive Security
6f730aa235
DB: 2021-08-19
...
4 changes to exploits/shellcodes
crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow
Crime records Management System 1.0 - 'Multiple' SQL Injection (Authenticated)
Simple Image Gallery 1.0 - Remote Code Execution (RCE) (Unauthenticated)
COVID19 Testing Management System 1.0 - 'Multiple' SQL Injections
2021-08-19 05:01:52 +00:00
Offensive Security
aa3c54402b
DB: 2021-05-27
...
4 changes to exploits/shellcodes
RarmaRadio 2.72.8 - Denial of Service (PoC)
ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)
Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)
Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)
2021-05-27 05:01:52 +00:00
Offensive Security
23c2c2fa04
DB: 2021-05-01
...
4 changes to exploits/shellcodes
GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2)
FortiOS < 5.6.0 - Cross-Site Scripting
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
Fortinet FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS)
2021-05-01 05:01:55 +00:00
Offensive Security
acb55122f4
DB: 2021-04-23
...
6 changes to exploits/shellcodes
OpenSMTPD 6.6.2 - Remote Code Execution
OpenSMTPD 6.6.1 - Remote Code Execution
OTRS 5.0.x/6.0.x - Remote Command Execution
OTRS 5.0.x/6.0.x - Remote Command Execution (1)
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
OTRS 6.0.1 - Remote Command Execution (2)
2021-04-23 05:01:59 +00:00
Offensive Security
4dbf640f70
DB: 2021-04-09
...
5 changes to exploits/shellcodes
Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
CMSimple 5.2 - 'External' Stored XSS
DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
Composr 10.0.36 - Remote Code Execution
2021-04-09 05:02:00 +00:00
Offensive Security
5edc6a08e0
DB: 2021-03-04
...
3 changes to exploits/shellcodes
AnyDesk 5.5.2 - Remote Code Execution
Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)
Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error based SQL injection (Authenticated)
2021-03-04 05:01:52 +00:00
Offensive Security
cb83a6e2dd
DB: 2020-12-19
...
17 changes to exploits/shellcodes
docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)
TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)
FRITZ!Box 7.20 - DNS Rebinding Protection Bypass
SyncBreeze 10.0.28 - 'login' Denial of Service (Poc)
Xeroneit Library Management System 3.1 - _Add Book Category _ Stored XSS
Point of Sale System 1.0 - Authentication Bypass
Alumni Management System 1.0 - Unrestricted File Upload To RCE
Alumni Management System 1.0 - _Course Form_ Stored XSS
Alumni Management System 1.0 - 'id' SQL Injection
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)
Smart Hospital 3.1 - _Add Patient_ Stored XSS
Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)
Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)
2020-12-19 05:01:57 +00:00
Offensive Security
0ffa4d35c4
DB: 2020-12-03
...
32 changes to exploits/shellcodes
aSc TimeTables 2021.6.2 - Denial of Service (PoC)
IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path
Microsoft Windows - Win32k Elevation of Privilege
Ksix Zigbee Devices - Playback Protection Bypass (PoC)
Mitel mitel-cs018 - Call Data Information Disclosure
Expense Management System - 'description' Stored Cross Site Scripting
ILIAS Learning Management System 4.3 - SSRF
Pharmacy Store Management System 1.0 - 'id' SQL Injection
Under Construction Page with CPanel 1.0 - SQL injection
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF
Student Result Management System 1.0 - Authentication Bypass SQL Injection
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting
WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution
WonderCMS 3.1.3 - Authenticated Remote Code Execution
PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS
Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting
NewsLister - Authenticated Persistent Cross-Site Scripting
Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting
Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting
Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass
WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting
Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork
Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile
DotCMS 20.11 - Stored Cross-Site Scripting
WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass
ChurchCRM 4.2.0 - CSV/Formula Injection
ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)
Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality
Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover
Simple College Website 1.0 - 'page' Local File Inclusion
Car Rental Management System 1.0 - SQL Injection / Local File include
WordPress Plugin Wp-FileManager 6.8 - RCE
2020-12-03 05:01:56 +00:00
Offensive Security
c0e7247938
DB: 2020-07-11
...
5 changes to exploits/shellcodes
FrootVPN 4.8 - 'frootvpn' Unquoted Service Path
Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution
HelloWeb 2.0 - Arbitrary File Download
Barangay Management System 1.0 - Authentication Bypass
2020-07-11 05:02:09 +00:00
Offensive Security
1979df6cb3
DB: 2020-06-19
...
51 changes to exploits/shellcodes
Tor Browser < 0.3.2.10 - Use After Free (PoC)
Notepad++ < 7.7 (x64) - Denial of Service
SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
InputMapper 1.6.10 - Denial of Service
SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)
XnConvert 1.82 - Denial of Service (PoC)
SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC)
SpotDialup 1.6.7 - 'Key' Denial of Service (PoC)
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
FreeBSD 12.0 - 'fd' Local Privilege Escalation
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH)
DeviceViewer 3.12.0.1 - Arbitrary Password Change
Winrar 5.80 - XML External Entity Injection
Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution
Siemens TIA Portal - Remote Command Execution
Android 7 < 9 - Remote Code Execution
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)
CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit)
MyBB < 1.8.21 - Remote Code Execution
Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation
Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)
Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery
Publisure Hybrid - Multiple Vulnerabilities
NetGain EM Plus 10.1.68 - Remote Command Execution
Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion
DotNetNuke 9.3.2 - Cross-Site Scripting
VehicleWorkshop 1.0 - 'bookingid' SQL Injection
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload
WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion
WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting
WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
Joomla! 3.9.0 < 3.9.7 - CSV Injection
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
Wing FTP Server - Authenticated CSRF (Delete Admin)
WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification
UADMIN Botnet 1.0 - 'link' SQL Injection
Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload
Wordpress Plugin PicUploader 1.0 - Remote File Upload
PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution
WordPress Plugin Helpful 2.4.11 - SQL Injection
Prestashop 1.7.6.4 - Cross-Site Request Forgery
WordPress Plugin Simple File List 5.4 - Remote Code Execution
Library CMS Powerful Book Management System 2.2.0 - Session Fixation
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection
Beauty Parlour Management System 1.0 - Authentication Bypass
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes)
Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
2020-06-19 05:02:01 +00:00
Offensive Security
dfb79e06a1
DB: 2020-06-04
...
1 changes to exploits/shellcodes
vCloud Director 9.7.0.15498291 - Remote Code Execution
2020-06-04 05:01:55 +00:00
Offensive Security
ccea007282
DB: 2020-05-01
...
81 changes to exploits/shellcodes
WordPress 2.9 - Denial of Service
WordPress Core 2.9 - Denial of Service
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)
IBM AIX 4.3.1 - 'adb' Denial of Service
Jzip - Buffer Overflow (PoC) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
WordPress 4.0 - Denial of Service
WordPress < 4.0.1 - Denial of Service
WordPress Core 4.0 - Denial of Service
WordPress Core < 4.0.1 - Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)
Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
PHPFreeChat 1.7 - Denial of Service
XenForo 2 - CSS Loader Denial of Service
MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)
Wansview 1.0.2 - Denial of Service (PoC)
StyleWriter 4 1.0 - Denial of Service (PoC)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Snes9K 0.0.9z - Denial of Service (PoC)
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)
Windows PowerShell - Unsanitized Filename Command Execution
Microsoft Windows PowerShell - Unsanitized Filename Command Execution
QEMU - Denial of Service
Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Bematech Printer MP-4200 - Denial of Service
Cisco WLC 2504 8.9 - Denial of Service (PoC)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)
WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
Tautulli 2.1.9 - Denial of Service (Metasploit)
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
TP-Link Archer C50 3 - Denial of Service (PoC)
Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)
Cisco IP Phone 11.7 - Denial of service (PoC)
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass
IBM AIX 4.3.1 - 'adb' Denial of Service
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)
AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)
Wansview 1.0.2 - Denial of Service (PoC)
StyleWriter 4 1.0 - Denial of Service (PoC)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Snes9K 0.0.9z - Denial of Service (PoC)
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation
Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows NTFS - Privileged File Access Enumeration
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
Microsoft Windows NTFS - Privileged File Access Enumeration
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)
Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
_GCafé 3.0 - 'gbClienService' Unquoted Service Path
_GCafé 3.0 - 'gbClienService' Unquoted Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Windows - Shell COM Server Registrar Local Privilege Escalation
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation
Windows Kernel - Information Disclosure
Microsoft Windows Kernel - Information Disclosure
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path
Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service
Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting
WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
Windows PowerShell ISE - Remote Code Execution
Microsoft Windows PowerShell ISE - Remote Code Execution
QEMU - Denial of Service
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
WordPress 1.2 - HTTP Splitting
WordPress Core 1.2 - HTTP Splitting
WordPress 1.5.1.1 - SQL Injection
WordPress Core 1.5.1.1 - SQL Injection
WordPress 1.5.1.1 - 'add new admin' SQL Injection
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection
WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress 1.5.1.3 - Remote Code Execution
WordPress 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress Core 1.5.1.3 - Remote Code Execution
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress 2.0.5 - Trackback UTF-7 SQL Injection
WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection
WordPress 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress 2.1.2 - 'xmlrpc' SQL Injection
WordPress Core 2.1.2 - 'xmlrpc' SQL Injection
WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress 2.2 - 'xmlrpc.php' SQL Injection
WordPress Core 2.2 - 'xmlrpc.php' SQL Injection
WordPress 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress 2.3.1 - Charset SQL Injection
WordPress Core 2.3.1 - Charset SQL Injection
Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection
Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection
WordPress 2.6.1 - SQL Column Truncation
WordPress Core 2.6.1 - SQL Column Truncation
WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress 2.8.1 - 'url' Cross-Site Scripting
WordPress Core 2.8.1 - 'url' Cross-Site Scripting
WordPress 2.8.3 - Remote Admin Reset Password
WordPress Core 2.8.3 - Remote Admin Reset Password
WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress 2.9 - Failure to Restrict URL Access
WordPress Core 2.9 - Failure to Restrict URL Access
Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection
Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion
WordPress 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress 3.1.3 - SQL Injection
WordPress Core 3.1.3 - SQL Injection
WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities
WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting
WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress 1.5 - 'post.php' Cross-Site Scripting
WordPress Core 1.5 - 'post.php' Cross-Site Scripting
WordPress 2.0 - Comment Post HTML Injection
WordPress Core 2.0 - Comment Post HTML Injection
WordPress 2.0.5 - 'functions.php' Remote File Inclusion
WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion
WordPress 1.x/2.0.x - 'template.php' HTML Injection
WordPress Core 1.x/2.0.x - 'template.php' HTML Injection
WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress 2.1.1 - 'post.php' Cross-Site Scripting
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting
WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress 2.1.1 - Arbitrary Command Execution
WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress Core 2.1.1 - Arbitrary Command Execution
WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress 2.2 - 'Request_URI' Cross-Site Scripting
WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting
WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress 2.3.1 - Unauthorized Post Access
WordPress Core 2.3.1 - Unauthorized Post Access
WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress 2.3.3 - 'cat' Directory Traversal
WordPress Core 2.3.3 - 'cat' Directory Traversal
WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 4.2 - Persistent Cross-Site Scripting
WordPress Core 4.2 - Persistent Cross-Site Scripting
WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress 3.4.2 - Cross-Site Request Forgery
WordPress Core 3.4.2 - Cross-Site Request Forgery
Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress 4.5.3 - Directory Traversal / Denial of Service
WordPress Core 4.5.3 - Directory Traversal / Denial of Service
PHPFreeChat 1.7 - Denial of Service
WordPress 4.7.0/4.7.1 - Content Injection (Python)
WordPress 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress < 4.7.1 - Username Enumeration
WordPress Core < 4.7.1 - Username Enumeration
WordPress Multiple Plugins - Arbitrary File Upload
Multiple WordPress Plugins - Arbitrary File Upload
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download
Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal
Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection
Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
WordPress 4.6 - Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
WordPress Core 4.6 - Remote Code Execution
WordPress Core < 4.7.4 - Unauthorized Password Reset
XenForo 2 - CSS Loader Denial of Service
Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion
Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)
Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla! Component Ek Rishta 2.10 - SQL Injection
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection
Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress CherryFramework Themes 3.1.4 - Backup File Download
WordPress Theme CherryFramework 3.1.4 - Backup File Download
WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting
Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
phpBB 3.2.3 - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution
60CycleCMS - 'news.php' SQL Injection
60CycleCMS - 'news.php' SQL Injection
Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution
Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
Centreon 19.04 - Remote Code Execution
Centreon 19.04 - Remote Code Execution
WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery
Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress 5.2.3 - Cross-Site Host Modification
WordPress Core 5.2.3 - Cross-Site Host Modification
Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution
WordPress Arforms 3.7.1 - Directory Traversal
WordPress Plugin Arforms 3.7.1 - Directory Traversal
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution
Joomla 3.9.13 - 'Host' Header Injection
Joomla! 3.9.13 - 'Host' Header Injection
Bematech Printer MP-4200 - Denial of Service
Cisco WLC 2504 8.9 - Denial of Service (PoC)
NopCommerce 4.2.0 - Privilege Escalation
NopCommerce 4.2.0 - Privilege Escalation
WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service
Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal ( Metasploit )
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal (Metasploit)
Tautulli 2.1.9 - Denial of Service ( Metasploit )
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting
WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
Cacti 1.2.8 - Authenticated Remote Code Execution
Cacti 1.2.8 - Authenticated Remote Code Execution
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
Wordpress Plugin Search Meter 2.13.2 - CSV injection
WordPress Plugin Search Meter 2.13.2 - CSV injection
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
TP-Link Archer C50 3 - Denial of Service (PoC)
Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)
Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution
Cisco IP Phone 11.7 - Denial of service (PoC)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
2020-05-01 05:02:03 +00:00
Offensive Security
01900f216d
DB: 2020-04-21
...
7 changes to exploits/shellcodes
Atomic Alarm Clock 6.3 - Stack Overflow (Unicode+SEH)
Nsauditor 3.2.1.0 - Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite))
Rubo DICOM Viewer 2.0 - Buffer Overflow (SEH)
Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path
Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)
Centreon 19.10.5 - 'id' SQL Injection
Fork CMS 5.8.0 - Persistent Cross-Site Scripting
2020-04-21 05:01:47 +00:00
Offensive Security
189c8b52c9
DB: 2020-04-18
...
6 changes to exploits/shellcodes
Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow (SEH + DEP)
Code Blocks 16.01 - Buffer Overflow (SEH) UNICODE
Nexus Repository Manager - Java EL Injection RCE (Metasploit)
Playable 9.18 iOS - Persistent Cross-Site Scripting
TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection
Cisco IP Phone 11.7 - Denial of service (PoC)
2020-04-18 05:01:49 +00:00
Offensive Security
c3e827f657
DB: 2020-04-17
...
8 changes to exploits/shellcodes
VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)
TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)
Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
Apache Solr - Remote Code Execution via Velocity Template (Metasploit)
2020-04-17 05:01:48 +00:00
Offensive Security
19615ff704
DB: 2020-04-01
...
7 changes to exploits/shellcodes
FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)
Redis - Replication Code Execution (Metasploit)
IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)
DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit)
SharePoint Workflows - XOML Injection (Metasploit)
Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection
Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection
2020-04-01 05:01:47 +00:00
Offensive Security
169b528eaa
DB: 2020-03-31
...
6 changes to exploits/shellcodes
Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service (PoC)
10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation
Multiple DrayTek Products - Pre-authentication Remote Root Code Execution
ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)
Joomla! com_fabrik 3.9.11 - Directory Traversal
Zen Load Balancer 3.10.1 - Remote Code Execution
2020-03-31 05:01:48 +00:00
Offensive Security
20e5ee2e94
DB: 2020-03-18
...
2 changes to exploits/shellcodes
Rconfig 3.x - Chained Remote Code Execution (Metasploit)
ManageEngine Desktop Central - Java Deserialization (Metasploit)
2020-03-18 05:01:50 +00:00
Offensive Security
0a0ad49d15
DB: 2020-03-11
...
7 changes to exploits/shellcodes
Counter Strike: GO - '.bsp' Memory Control (PoC)
Nagios XI - Authenticated Remote Command Execution (Metasploit)
PHPStudy - Backdoor Remote Code execution (Metasploit)
Sysaid 20.1.11 b26 - Remote Command Execution
YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting
Persian VIP Download Script 1.0 - 'active' SQL Injection
2020-03-11 05:01:47 +00:00
Offensive Security
7531fa6a21
DB: 2020-03-06
...
3 changes to exploits/shellcodes
Exchange Control Panel - Viewstate Deserialization (Metasploit)
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
netkit-telnet-0.17 telnetd (Fedora 31) - 'BraveStarr' Remote Code Execution
2020-03-06 05:01:47 +00:00
Offensive Security
2d45ff4f39
DB: 2020-02-27
...
5 changes to exploits/shellcodes
Core FTP LE 2.2 - Denial of Service (PoC)
OpenSMTPD 6.6.3 - Arbitrary File Read
OpenSMTPD < 6.6.3p1 - Local Privilege Escalation + Remote Code Execution
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
PhpIX 2012 Professional - 'id' SQL Injection
2020-02-27 05:02:27 +00:00
Offensive Security
cf92ea269e
DB: 2020-02-25
...
22 changes to exploits/shellcodes
Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)
Go SSH servers 0.0.2 - Denial of Service (PoC)
Android Binder - Use-After-Free (Metasploit)
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)
Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
Real Web Pentesting Tutorial Step by Step - [Persian]
AMSS++ v 4.31 - 'id' SQL Injection
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
AMSS++ 4.7 - Backdoor Admin Account
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
ATutor 2.2.4 - 'id' SQL Injection
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
eLection 2.0 - 'id' SQL Injection
DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 - File Upload Restrictions Bypass
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
Cacti 1.2.8 - Remote Code Execution
Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
2020-02-25 05:01:52 +00:00
Offensive Security
8cbf7883c1
DB: 2020-02-11
...
11 changes to exploits/shellcodes
Dota 2 7.23f - Denial of Service (PoC)
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
Ricoh Driver - Privilege Escalation (Metasploit)
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
2020-02-11 05:02:02 +00:00
Offensive Security
9f56865d3d
DB: 2020-01-31
...
3 changes to exploits/shellcodes
OpenSMTPD 6.6.2 - Remote Code Execution
rConfig 3.9.3 - Authenticated Remote Code Execution
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
2020-01-31 05:02:01 +00:00
Offensive Security
a7338bf2c6
DB: 2020-01-24
...
4 changes to exploits/shellcodes
BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC)
Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
Pachev FTP Server 1.0 - Path Traversal
qdPM 9.1 - Remote Code Execution
2020-01-24 05:02:04 +00:00
Offensive Security
dbb38f4b3a
DB: 2020-01-16
...
3 changes to exploits/shellcodes
Barco WePresent - file_transfer.cgi Command Injection (Metasploit)
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal ( Metasploit )
2020-01-16 05:02:06 +00:00
Offensive Security
c7085a57b4
DB: 2020-01-09
...
9 changes to exploits/shellcodes
Cisco DCNM JBoss 10.4 - Credential Leakage
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
ASTPP VoIP 4.0.1 - Remote Code Execution
JetBrains TeamCity 2018.2.4 - Remote Code Execution
Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting
Online Book Store 1.0 - Unauthenticated Remote Code Execution
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape
Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
2020-01-09 05:02:04 +00:00
Offensive Security
b7471ba451
DB: 2019-12-19
...
9 changes to exploits/shellcodes
XnView 2.49.1 - 'Research' Denial of Service (PoC)
macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()
AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow
OpenMRS - Java Deserialization RCE (Metasploit)
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting
Telerik UI - Remote Code Execution via Insecure Deserialization
2019-12-19 05:01:59 +00:00
Offensive Security
72cddaee51
DB: 2019-11-20
...
13 changes to exploits/shellcodes
ipPulse 1.92 - 'Enter Key' Denial of Service (PoC)
Centova Cast 3.2.12 - Denial of Service (PoC)
scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC)
XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service
BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path
Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation
DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable'
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
Apache Httpd mod_rewrite - Open Redirects
WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
2019-11-20 05:01:41 +00:00
Offensive Security
3e9ff5a927
DB: 2019-11-19
...
13 changes to exploits/shellcodes
iSmartViewPro 1.3.34 - Denial of Service (PoC)
Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path
MobileGo 8.5.0 - Insecure File Permissions
NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths
nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
Crystal Live HTTP Server 6.01 - Directory Traversal
Centova Cast 3.2.11 - Arbitrary File Download
TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)
TemaTres 3.0 - 'value' Persistent Cross-site Scripting
2019-11-19 05:01:40 +00:00
Offensive Security
b6ed2c7176
DB: 2019-11-09
...
6 changes to exploits/shellcodes
SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path
Android Janus - APK Signature Bypass (Metasploit)
rConfig - install Command Execution (Metasploit)
Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
Adive Framework 2.0.7 - Privilege Escalation
Nextcloud 17 - Cross-Site Request Forgery
2019-11-09 05:01:40 +00:00
Offensive Security
bae704d681
DB: 2019-10-16
...
4 changes to exploits/shellcodes
sudo 1.8.28 - Security Bypass
ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path
Podman & Varlink 1.5.1 - Remote Code Execution
Bolt CMS 3.6.10 - Cross-Site Request Forgery
2019-10-16 05:01:45 +00:00
Offensive Security
a3b360fc6c
DB: 2019-09-11
...
7 changes to exploits/shellcodes
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
LibreNMS - Collectd Command Injection (Metasploit)
October CMS - Upload Protection Bypass Code Execution (Metasploit)
Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection
Enigma NMS 65.0.0 - SQL Injection
Online Appointment - SQL Injection
Enigma NMS 65.0.0 - SQL Injection
Online Appointment - SQL Injection
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
Dolibarr ERP-CRM 10.0.1 - SQL Injection
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
Dolibarr ERP-CRM 10.0.1 - SQL Injection
WordPress Plugin Photo Gallery 1.5.34 - SQL Injection
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
2019-09-11 05:02:35 +00:00
Offensive Security
ad97ff4198
DB: 2019-09-07
...
3 changes to exploits/shellcodes
SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation
Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation
Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2)
Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3)
SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
FusionPBX 4.4.8 - Remote Code Execution
Inventory Webapp - 'itemquery' SQL injection
Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)
2019-09-07 05:02:21 +00:00
Offensive Security
835218237b
DB: 2019-09-06
...
2 changes to exploits/shellcodes
AwindInc SNMP Service - Command Injection (Metasploit)
Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
2019-09-06 05:02:26 +00:00
Offensive Security
b4225f5fa8
DB: 2019-08-31
...
12 changes to exploits/shellcodes
SQL Server Password Changer 1.90 - Denial of Service
Easy MP3 Downloader 4.7.8.8 - 'Unlock Code' Denial of Service
Asus Precision TouchPad 11.0.0.25 - Denial of Service
VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service
Canon PRINT 2.5.5 - Information Disclosure
QEMU - Denial of Service
Sentrifugo 3.2 - File Upload Restriction Bypass
Sentrifugo 3.2 - Persistent Cross-Site Scripting
DomainMod 4.13 - Cross-Site Scripting
YouPHPTube 7.4 - Remote Code Execution
WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
2019-08-31 05:02:54 +00:00
Offensive Security
6adaedca69
DB: 2019-08-27
...
6 changes to exploits/shellcodes
Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)
LSoft ListServ < 16.5-2018a - Cross-Site Scripting
WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection
WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting
openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery
2019-08-27 05:02:18 +00:00
Offensive Security
a32e028b88
DB: 2019-08-13
...
17 changes to exploits/shellcodes
VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
Linux - Use-After-Free Reads in show_numa_stats()
WebKit - UXSS via XSLT and Nested Document Replacements
Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Formula Injection
osTicket 1.12 - Persistent Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
2019-08-13 05:02:31 +00:00
Offensive Security
00f5094d48
DB: 2019-07-31
...
8 changes to exploits/shellcodes
macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects
WP Database Backup < 5.2 - Remote Code Execution (Metasploit)
WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit)
Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
2019-07-31 05:02:25 +00:00
Offensive Security
2935a5c0af
DB: 2019-07-17
...
10 changes to exploits/shellcodes
Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH)
Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)
PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
CentOS Control Web Panel 0.9.8.836 - Privilege Escalation
CentOS Control Web Panel 0.9.8.838 - User Enumeration
2019-07-17 05:02:03 +00:00
Offensive Security
894b9e59aa
DB: 2019-07-10
...
3 changes to exploits/shellcodes
Firefox 67.0.4 - Denial of Service
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
2019-07-10 05:02:07 +00:00
Offensive Security
4afcc04eda
DB: 2019-07-02
...
24 changes to exploits/shellcodes
Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
2019-07-02 05:01:50 +00:00
Offensive Security
ee2531c421
DB: 2019-06-27
...
2 changes to exploits/shellcodes
Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
2019-06-27 05:01:52 +00:00
Offensive Security
3ef90f18d0
DB: 2019-06-21
...
6 changes to exploits/shellcodes
Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
Tuneclone 2.20 - Local SEH Buffer Overflow
Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)
Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)
WebERP 4.15 - SQL injection
BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection
2019-06-21 05:01:58 +00:00
Offensive Security
29aeb0c030
DB: 2019-06-12
...
5 changes to exploits/shellcodes
ProShow 9.0.3797 - Local Privilege Escalation
Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)
WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
phpMyAdmin 4.8 - Cross-Site Request Forgery
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
2019-06-12 05:01:53 +00:00
Offensive Security
85fbab2de4
DB: 2019-06-08
...
5 changes to exploits/shellcodes
Nvidia GeForce Experience Web Helper - Command Injection
Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)
Exim 4.87 < 4.91 - (Local / Remote) Command Execution
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
2019-06-08 05:01:56 +00:00
Offensive Security
e76aee5eaf
DB: 2019-06-06
...
4 changes to exploits/shellcodes
Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
LibreNMS - addhost Command Injection (Metasploit)
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
2019-06-06 05:01:56 +00:00
