843 commits

Author	SHA1	Message	Date
Offensive Security	70d97f91c1	DB: 2016-07-28 ... 2 new exploits Multiple AntiVirus (zip file) Detection Bypass Exploit Multiple AntiVirus - .zip Detection Bypass Exploit RealPlayer 10 - (.smil File) Local Buffer Overflow Exploit RealPlayer 10 - (.smil) Local Buffer Overflow Exploit Veritas Backup Exec - Remote File Access Exploit (Windows) Veritas Backup Exec - Remote File Access Exploit (Windows) (Metasploit) ZENworks 6.5 Desktop/Server Management Remote Stack Overflow MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow ZENworks 6.5 Desktop/Server Management - Remote Stack Overflow (Metasploit) MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit (Metasploit) Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit) WebAdmin <= 2.0.4 - USER Buffer Overflow Exploit WebAdmin <= 2.0.4 - USER Buffer Overflow Exploit (Metasploit) Opera <= 8.02 - Remote Denial of Service Exploit Opera <= 8.02 - Remote Denial of Service Exploit (1) MailEnable 1.54 Pro - Universal IMAPD W3C Logging BoF Exploit Google Search Appliance - proxystylesheet XSLT Java Code Execution MailEnable 1.54 Pro - Universal IMAPD W3C Logging BoF Exploit (Metasploit) Google Search Appliance - proxystylesheet XSLT Java Code Execution (Metasploit) Oracle 9.2.0.1 - Universal XDB HTTP Pass Overflow Exploit Lyris ListManager - Read Message Attachment SQL Injection Exploit Oracle 9.2.0.1 - Universal XDB HTTP Pass Overflow Exploit (Metasploit) Lyris ListManager - Read Message Attachment SQL Injection Exploit (Metasploit) Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (Linux) Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (Linux) (Metasploit) Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (OSX) Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (OSX) (Metasploit) Mac OS X Safari Browser - (Safe File) Remote Code Execution Exploit Mac OS X Safari Browser - (Safe File) Remote Code Execution Exploit (Metasploit) Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote Exploit Kerio Personal Firewall <= 2.1.4 - Remote Authentication Packet Overflow Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote Exploit (Metasploit) Kerio Personal Firewall <= 2.1.4 - Remote Authentication Packet Overflow (Metasploit) Microsoft Visual Studio 6.0 sp6 - (Malformed .dbp File) Buffer Overflow Exploit Microsoft Visual Studio 6.0 sp6 - (.dbp) Buffer Overflow Exploit Novell Messenger Server 2.0 - (Accept-Language) Remote Overflow Exploit Symantec Sygate Management Server - (login) SQL Injection Exploit Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow Exploit Novell Messenger Server 2.0 - (Accept-Language) Remote Overflow Exploit (Metasploit) Symantec Sygate Management Server - (login) SQL Injection Exploit (Metasploit) Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow Exploit (Metasploit) Microsoft Windows RRAS - Remote Stack Overflow Exploit (MS06-025) Microsoft Windows RRAS - Remote Stack Overflow Exploit (MS06-025) (Metasploit) Microsoft Windows - RRAS RASMAN Registry Stack Overflow Exploit (MS06-025) Microsoft Windows - RRAS RASMAN Registry Stack Overflow Exploit (MS06-025) (Metasploit) eIQnetworks License Manager Remote Buffer Overflow Exploit (1262) eIQnetworks License Manager Remote Buffer Overflow Exploit (494) eIQnetworks License Manager - Remote Buffer Overflow Exploit (Metasploit) eIQnetworks License Manager - Remote Buffer Overflow Exploit (multi) (2) eIQnetworks License Manager - Remote Buffer Overflow Exploit (Metasploit) (2) Microsoft Windows - NetpIsRemote() Remote Overflow Exploit (MS06-040) Microsoft Windows - NetpIsRemote() Remote Overflow Exploit (MS06-040) (Metasploit) Microsoft Internet Explorer - (MDAC) Remote Code Execution Exploit (MS06-014) (2) Microsoft Internet Explorer - (MDAC) Remote Code Execution Exploit (MS06-014) (Metasploit) (2) IBM eGatherer <= 3.20.0284.0 - (ActiveX) Remote Code Execution Exploit IBM eGatherer <= 3.20.0284.0 - (ActiveX) Remote Code Execution Exploit (Metasploit) Microsoft Windows 2003 - NetpIsRemote() Remote Overflow Exploit (MS06-040) Microsoft Windows 2003 - NetpIsRemote() Remote Overflow Exploit (MS06-040) (Metasploit) Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow Exploit Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow Exploit (Metasploit) McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit (Metasploit) PrivateWire Gateway 3.7 - Remote Buffer Overflow Exploit (Win32) PrivateWire Gateway 3.7 - Remote Buffer Overflow Exploit (Win32) (Metasploit) Apple Airport - 802.11 Probe Response Kernel Memory Corruption Proof of Concept Apple Airport - 802.11 Probe Response Kernel Memory Corruption Proof of Concept (Metasploit) VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (Metasploit) VUPlayer 2.44 - (.m3u UNC Name) Buffer Overflow Exploit (Metasploit) VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit VUPlayer 2.44 - (.m3u UNC Name) Buffer Overflow Exploit Windows Media Player 9/10 - (MID File) Denial of Service Exploit Windows Media Player 9/10 - (.MID) Denial of Service Exploit NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow Exploit NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow Exploit (Metasploit) Oreon <= 1.2.3 RC4 - (lang/index.php file) Remote Inclusion Oreon <= 1.2.3 RC4 - (lang/index.php) Remote Inclusion Magic CMS 4.2.747 - (mysave.php file) Remote File Include Magic CMS 4.2.747 - (mysave.php) Remote File Include WebLog (index.php file) Remote File Disclosure WebLog (index.php) Remote File Disclosure Pathos CMS 0.92-2 - (warn.php file) Remote File Inclusion Pathos CMS 0.92-2 - (warn.php) Remote File Inclusion Zomplog 3.8 - (force_download.php file) Remote File Disclosure Zomplog 3.8 - (force_download.php) Remote File Disclosure Winamp <= 5.3 - (WMV File) Remote Denial of Service Exploit Winamp <= 5.3 - (.WMV) Remote Denial of Service Exploit Opera 9.2 - (torrent File) Remote Denial of Service Exploit Opera 9.2 - (.torrent) Remote Denial of Service Exploit JulmaCMS 1.4 - (file.php file) Remote File Disclosure JulmaCMS 1.4 - (file.php) Remote File Disclosure PStruh-CZ 1.3/1.5 - (download.asp File) File Disclosure PStruh-CZ 1.3/1.5 - (download.asp) File Disclosure Virtual DJ 5.0 - (m3u File) Local Buffer OverFlow Exploit OTSTurntables 1.00 - (m3u File) Local Buffer Overflow Exploit Virtual DJ 5.0 - (.m3u) Local Buffer OverFlow Exploit OTSTurntables 1.00 - (.m3u) Local Buffer Overflow Exploit AtomixMP3 2.3 - (pls File) Local Buffer OverFlow Exploit AtomixMP3 2.3 - (.pls) Local Buffer OverFlow Exploit helplink 0.1.0 - (show.php file) Remote File Inclusion helplink 0.1.0 - (show.php) Remote File Inclusion jetAudio 7.x - (m3u File) Local SEH Overwrite Exploit jetAudio 7.x - (m3u) Local SEH Overwrite Exploit FireConfig 0.5 - (dl.php file) Remote File Disclosure FireConfig 0.5 - (dl.php) Remote File Disclosure Sony CONNECT Player 4.x - (m3u File) Local Stack Overflow Exploit Sony CONNECT Player 4.x - (.m3u) Local Stack Overflow Exploit phpCMS 1.2.2 - (parser.php file) Remote File Disclosure phpCMS 1.2.2 - (parser.php) Remote File Disclosure ChartDirector 4.1 - (viewsource.php file) File Disclosure ChartDirector 4.1 - (viewsource.php) File Disclosure IntelliTamper 2.07 - (map file) Local Arbitrary Code Execution Exploit (Perl) IntelliTamper 2.07 - (.map) Local Arbitrary Code Execution Exploit (Perl) Acoustica Mixcraft <= 4.2 Build 98 - (mx4 file) Local BoF Exploit Acoustica Mixcraft <= 4.2 Build 98 - (mx4) Local BoF Exploit Acoustica MP3 CD Burner 4.51 Build 147 - (asx file) Local BoF Exploit Acoustica MP3 CD Burner 4.51 Build 147 - (.asx) Local BoF Exploit Acoustica Beatcraft 1.02 Build 19 - (bcproj file) Local BoF Exploit Acoustica Beatcraft 1.02 Build 19 - (.bcproj) Local BoF Exploit Microsoft Windows Explorer - (.zip File) Denial of Service Exploit Microsoft Windows Explorer - (.zip) Denial of Service Exploit Kusaba <= 1.0.4 - Remote Code Execution Exploit Kusaba <= 1.0.4 - Remote Code Execution Exploit (1) Cain & Abel 4.9.23 - (rdp file) Buffer Overflow PoC Cain & Abel 4.9.23 - (.rdp) Buffer Overflow PoC Electronics Workbench (EWB File) Local Stack Overflow PoC Electronics Workbench (.EWB) Local Stack Overflow PoC Cain & Abel 4.9.23 - (rdp file) Buffer Overflow Exploit Cain & Abel 4.9.23 - (.rdp) Buffer Overflow Exploit autositephp 2.0.3 - (LFI/CSRF/edit file) Multiple Vulnerabilities autositephp 2.0.3 - (LFI/CSRF/Edit file) Multiple Vulnerabilities CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit CoolPlayer 2.19 - (.Skin) Local Buffer Overflow Exploit CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit (Python) CoolPlayer 2.19 - (.Skin) Local Buffer Overflow Exploit (Python) SAWStudio 3.9i (prf File) Local Buffer Overflow PoC SAWStudio 3.9i - (.prf) Local Buffer Overflow PoC IntelliTamper 2.07/2.08 - (MAP File) Local SEH Overwrite Exploit IntelliTamper 2.07/2.08 - (.MAP) Local SEH Overwrite Exploit Hex Workshop 5.1.4 - (Color Mapping File) Local Buffer Overflow PoC Hex Workshop 5.1.4 - Color Mapping File Local Buffer Overflow PoC Destiny Media Player 1.61 - (lst File) Local Buffer Overflow PoC Destiny Media Player 1.61 - (.lst) Local Buffer Overflow PoC Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (2) Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (3) Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (2) Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (3) Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (4) Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit (5) Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (4) Destiny Media Player 1.61 - (.lst) Local Buffer Overflow Exploit (5) VUPlayer <= 2.49 - (.PLS) Universal Buffer Overflow Exploit VUPlayer 2.49 - (.pls) Universal Buffer Overflow Exploit ExcelOCX ActiveX 3.2 - (Download File) Insecure Method Exploit ExcelOCX ActiveX 3.2 - Download File Insecure Method Exploit Zinf Audio Player 2.2.1 - (PLS File) Stack Overflow PoC Zinf Audio Player 2.2.1 - (PLS File) Local Buffer Overflow Exploit (univ) Zinf Audio Player 2.2.1 - (M3U FILE) Local Heap Overflow PoC Zinf Audio Player 2.2.1 - (gqmpeg File) Buffer Overflow PoC Zinf Audio Player 2.2.1 - (.pls) Stack Overflow PoC Zinf Audio Player 2.2.1 - (.pls) Local Buffer Overflow Exploit (univ) Zinf Audio Player 2.2.1 - (.M3U) Local Heap Overflow PoC Zinf Audio Player 2.2.1 - (.gqmpeg) Buffer Overflow PoC Thomson mp3PRO Player/Encoder (M3U File) Crash PoC Thomson mp3PRO Player/Encoder - (.M3U) Crash PoC Spider Player 2.3.9.5 - (asx File) off by one Crash Exploit Spider Player 2.3.9.5 - (.asx) off by one Crash Exploit Elecard AVC HD PLAYER (m3u/xpl file) Local Stack Overflow PoC Elecard AVC HD PLAYER - (.m3u/.xpl) Local Stack Overflow PoC Nokia N95-8 - (.JPG File) Remote Crash PoC Nokia N95-8 - (.JPG) Remote Crash PoC Media Commands (m3u File) Local SEH Overwrite Exploit Media Commands (.m3u) Local SEH Overwrite Exploit Media Commands (m3u File) Universal SEH Overwrite Exploit Media Commands (.m3u) Universal SEH Overwrite Exploit MediaCoder 0.6.2.4275 - (m3u File) Universal Stack Overflow Exploit MediaCoder 0.6.2.4275 - (.m3u) Universal Stack Overflow Exploit VUPlayer <= 2.49 - (.cue) Universal Buffer Overflow Exploit VUPlayer 2.49 - (.cue) Universal Buffer Overflow Exploit Gretech GOM Encoder 1.0.0.11 - (Subtitle File) Buffer Overflow PoC Gretech GOM Encoder 1.0.0.11 - (.Subtitle) Buffer Overflow PoC Abee Chm Maker 1.9.5 - (CMP File) Stack Overflow Exploit PowerCHM 5.7 - (hhp File) Stack Overflow poC Abee Chm Maker 1.9.5 - (.CMP) Stack Overflow Exploit PowerCHM 5.7 - (.hhp) Stack Overflow poC Apollo 37zz (M3u File) Local Heap Overflow PoC Apollo 37zz - (.m3u) Local Heap Overflow PoC mpegable Player 2.12 - (YUV File) Local Stack Overflow PoC mpegable Player 2.12 - (.YUV) Local Stack Overflow PoC Rama CMS <= 0.9.8 - (download.php file) File Disclosure Rama CMS <= 0.9.8 - (download.php) File Disclosure compface <= 1.5.2 - (XBM File) Local Buffer Overflow PoC compface <= 1.5.2 - (.XBM) Local Buffer Overflow PoC MP3-Nator 2.0 - (plf File) Universal Buffer Overflow Exploit (SEH) MP3-Nator 2.0 - (.plf) Universal Buffer Overflow Exploit (SEH) PatPlayer 3.9 - (M3U File) Local Heap Overflow PoC PatPlayer 3.9 - (.M3U) Local Heap Overflow PoC QuickDev 4 - (download.php file) File Disclosure QuickDev 4 - (download.php) File Disclosure FoxPlayer 1.1.0 - (m3u File) Local Buffer Overflow PoC FoxPlayer 1.1.0 - (.m3u) Local Buffer Overflow PoC Microsoft Windows 2003 - (EOT File) BSOD Crash Exploit Microsoft Windows 2003 - (.EOT) BSOD Crash Exploit VUPlayer <= 2.49 - (.m3u) Universal Buffer Overflow Exploit VUPlayer 2.49 - (.m3u) Universal Buffer Overflow Exploit Audio Lib Player (m3u File) Buffer Overflow Exploit (SEH) Audio Lib Player (.m3u) Buffer Overflow Exploit (SEH) MP3 Collector 2.3 - (m3u File) Local Crash PoC MP3 Collector 2.3 - (.m3u) Local Crash PoC BigAnt Server 2.50 SP1 - (ZIP File) Local Buffer Overflow PoC BigAnt Server 2.50 SP1 - (.ZIP) Local Buffer Overflow PoC BigAnt Server <= 2.50 SP6 - Local (ZIP File) Buffer Overflow PoC (2) BigAnt Server <= 2.50 SP6 - (.ZIP) Local Buffer Overflow PoC (2) XM Easy Personal FTP Server <= 5.8.0 DoS XM Easy Personal FTP Server <= 5.8.0 DoS (Metasploit) Symantec ConsoleUtilities ActiveX Buffer Overflow Symantec ConsoleUtilities ActiveX Buffer Overflow (Metasploit) Nagios3 statuswml.cgi Command Injection Nagios3 statuswml.cgi Command Injection (Metasploit) httpdx 1.4 - h_handlepeer BoF httpdx 1.4 - h_handlepeer BoF (Metasploit) Mambo 4.6.4 - Cache Lite Output Remote File Inclusion Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit) BASE <= 1.2.4 - base_qry_common.php Remote File Inclusion AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection Cacti 0.8.6-d graph_view.php Command Injection AWStats 6.2-6.1 - configdir Command Injection ClamAV Milter <= 0.92.2 - Blackhole-Mode (sendmail) Code Execution SpamAssassin spamd <= 3.1.3 - Command Injection DistCC Daemon - Command Execution ContentKeeper Web Appliance < 125.10 Command Execution Solaris in.telnetd TTYPROMPT - Buffer Overflow Solaris 10 / 11 Telnet - Remote Authentication Bypass Solaris sadmind adm_build_path - Buffer Overflow Solaris <= 8.0 - LPD Command Execution BASE <= 1.2.4 - base_qry_common.php Remote File Inclusion (Metasploit) AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit) Cacti 0.8.6-d graph_view.php Command Injection (Metasploit) AWStats 6.2-6.1 - configdir Command Injection (Metasploit) ClamAV Milter <= 0.92.2 - Blackhole-Mode (sendmail) Code Execution (Metasploit) SpamAssassin spamd <= 3.1.3 - Command Injection (Metasploit) DistCC Daemon - Command Execution (Metasploit) ContentKeeper Web Appliance < 125.10 Command Execution (Metasploit) Solaris in.telnetd TTYPROMPT - Buffer Overflow (Metasploit) Solaris 10 / 11 Telnet - Remote Authentication Bypass (Metasploit) Solaris sadmind adm_build_path - Buffer Overflow (Metasploit) Solaris <= 8.0 - LPD Command Execution (Metasploit) Solaris 8 dtspcd - Heap Overflow Samba 2.2.0 < 2.2.8 - trans2open Overflow (OS X) Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X) Solaris 8 dtspcd - Heap Overflow (Metasploit) Samba 2.2.0 < 2.2.8 - trans2open Overflow (OS X) (Metasploit) Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X) (Metasploit) mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X) WebSTAR FTP Server <= 5.3.2 - USER Overflow (OS X) Mail.App 10.5.0 - Image Attachment Command Execution (OS X) Arkeia Backup Client <= 5.3.3 - Type 77 Overflow (OS X) AppleFileServer 10.3.3 - LoginEXT PathName Overflow (OS X) Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X) (Metasploit) WebSTAR FTP Server <= 5.3.2 - USER Overflow (OS X) (Metasploit) Mail.App 10.5.0 - Image Attachment Command Execution (OS X) (Metasploit) Arkeia Backup Client <= 5.3.3 - Type 77 Overflow (OS X) (Metasploit) AppleFileServer 10.3.3 - LoginEXT PathName Overflow (OS X) (Metasploit) Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow (Metasploit) Wyse Rapport Hagent Fake Hserver - Command Execution Subversion 1.0.2 - Date Overflow Samba 2.2.x - nttrans Overflow RealServer 7-9 Describe Buffer Overflow PHP < 4.5.0 - unserialize Overflow ntpd 4.0.99j-k readvar - Buffer Overflow Veritas NetBackup - Remote Command Execution HP OpenView OmniBack II A.03.50 - Command Executino Apple Quicktime for Java 7 - Memory Access Opera 9.50 / 9.61 historysearch - Command Execution Opera <= 9.10 Configuration Overwrite Mozilla Suite/Firefox < 1.5.0.5 - Navigator Object Code Execution Mozilla Suite/Firefox < 1.0.5 - compareTo Code Execution Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit Firefox 3.5 - escape Memory Corruption Exploit Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow Squid 2.5.x / 3.x - NTLM Buffer Overflow Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow MySQL <= 6.0 yaSSL <= 1.7.5 - Hello Message Buffer Overflow Borland InterBase 2007 - PWD_db_aliased Buffer Overflow Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) Subversion 1.0.2 - Date Overflow (Metasploit) Samba 2.2.x - nttrans Overflow (Metasploit) RealServer 7-9 Describe Buffer Overflow (Metasploit) PHP < 4.5.0 - unserialize Overflow (Metasploit) ntpd 4.0.99j-k readvar - Buffer Overflow (Metasploit) Veritas NetBackup - Remote Command Execution (Metasploit) HP OpenView OmniBack II A.03.50 - Command Execution (Metasploit) Apple Quicktime for Java 7 - Memory Access (Metasploit) Opera 9.50 / 9.61 historysearch - Command Execution (Metasploit) Opera <= 9.10 Configuration Overwrite (Metasploit) Mozilla Suite/Firefox < 1.5.0.5 - Navigator Object Code Execution (Metasploit) Mozilla Suite/Firefox < 1.0.5 - compareTo Code Execution (Metasploit) Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit (Metasploit) Firefox 3.5 - escape Memory Corruption Exploit (Metasploit) Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow (Metasploit) Squid 2.5.x / 3.x - NTLM Buffer Overflow (Metasploit) Poptop < 1.1.3-b3 / 1.1.3-20030409 - Negative Read Overflow (Metasploit) MySQL <= 6.0 yaSSL <= 1.7.5 - Hello Message Buffer Overflow (Metasploit) Borland InterBase 2007 - PWD_db_aliased Buffer Overflow (Metasploit) HP Release Control Authenticated XXE HP Release Control Authenticated XXE (Metasploit) Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow Borland InterBase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow Borland Interbase 2007 / 2007 SP2 - open_marker_file Buffer Overflow (Metasploit) Borland InterBase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow (Metasploit) Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow (Metasploit) Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow Madwifi < 0.9.2.1 - SIOCGIWSCAN Buffer Overflow University of Washington - imap LSUB Buffer Overflow Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit PeerCast <= 0.1216 Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow Salim Gasmi GLD 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit) Madwifi < 0.9.2.1 - SIOCGIWSCAN Buffer Overflow (Metasploit) University of Washington - imap LSUB Buffer Overflow (Metasploit) Snort 2.4.0 < 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit (Metasploit) PeerCast <= 0.1216 (Metasploit) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow (Metasploit) Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 - masterCGI Command Injection Unreal Tournament 2004 - 'Secure' Overflow Irix LPD tagprinter - Command Execution HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution Xtacacsd <= 4.1.2 - report Buffer Overflow System V Derived /bin/login Extraneous Arguments Buffer Overflow (modem based) Mercantec SoftCart 4.00b - CGI Overflow Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 - masterCGI Command Injection (Metasploit) Unreal Tournament 2004 - 'Secure' Overflow (Metasploit) Irix LPD tagprinter - Command Execution (Metasploit) HP-UX LPD 10.20 / 11.00 / 11.11 - Command Execution (Metasploit) Xtacacsd <= 4.1.2 - report Buffer Overflow (Metasploit) System V Derived /bin/login Extraneous Arguments Buffer Overflow (modem based) (Metasploit) Mercantec SoftCart 4.00b - CGI Overflow (Metasploit) Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution (Metasploit) M3U To ASX-WPL 1.1 - (m3u Playlist file) Buffer Overflow Exploit HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit Audacity 1.2.6 - (gro File) Buffer Overflow Exploit M3U To ASX-WPL 1.1 - (.m3u) Buffer Overflow Exploit HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit Audacity 1.2.6 - (.gro) Buffer Overflow Exploit HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (Metasploit) HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (Metasploit) Millenium MP3 Studio 2.0 - (PLS File) Universal Stack Overflow (Metasploit) Millenium MP3 Studio 2.0 - (.pls) Universal Stack Overflow (Metasploit) Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (1) Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (Metasploit) (1) Audiotran 1.4.1 - (PLS File) Stack Overflow (Metasploit) Audiotran 1.4.1 - (.pls) Stack Overflow (Metasploit) OpenOffice - (.slk File) Parsing Null Pointer OpenOffice - (.slk) Parsing Null Pointer MediaCoder - (.lst file) Local Buffer Overflow Exploit MediaCoder - (.lst) Local Buffer Overflow Exploit VUPlayer <= 2.49 - (.m3u) Universal Buffer Overflow Exploit (DEP bypass) VUPlayer 2.49 - (.m3u) Universal Buffer Overflow Exploit (DEP bypass) ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS DEP and ASLR Bypass) ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS DEP and ASLR Bypass) (Metasploit) Mediacoder 0.7.3.4682 - (.m3u File) Universal Buffer Overflow Exploit Mediacoder 0.7.3.4682 - (.m3u) Universal Buffer Overflow Exploit Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit) Novell iPrint Client ActiveX Control 'debug' Buffer Overflow Exploit Novell iPrint Client ActiveX Control 'debug' Buffer Overflow Exploit (Metasploit) VUPlayer - M3U Buffer Overflow VUPlayer - (.m3u) Buffer Overflow (Metasploit) Audiotran 1.4.1 - (PLS File) Stack Buffer Overflow Audiotran 1.4.1 - (.pls) Stack Buffer Overflow HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (1) HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (1) Millenium MP3 Studio 2.0 - (PLS File) Stack Buffer Overflow Millenium MP3 Studio 2.0 - (.pls) Stack Buffer Overflow VariCAD 2010-2.05 EN (DWB File) Stack Buffer Overflow VariCAD 2010-2.05 EN - (.DWB) Stack Buffer Overflow HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (2) HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (2) ProShow Gold 4.0.2549 - (PSH File) Stack Buffer Overflow ProShow Gold 4.0.2549 - (.PSH) Stack Buffer Overflow VUPlayer - CUE Buffer Overflow VUPlayer - (.cue) Buffer Overflow (Metasploit) AstonSoft DeepBurner (DBR File) Path Buffer Overflow AstonSoft DeepBurner - (.DBR) Path Buffer Overflow HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (3) HTML Help Workshop 4.74 - (.hhp) Buffer Overflow Exploit (3) Zinf Audio Player 2.2.1 - (PLS File) Stack Buffer Overflow Zinf Audio Player 2.2.1 - (.pls) Stack Buffer Overflow MikeyZip 1.1 - (.zip File) Buffer Overflow MikeyZip 1.1 - (.zip) Buffer Overflow Windows - DNS Reverse Download and Exec Shellcode Windows - DNS Reverse Download and Exec Shellcode (Metasploit) Magix Musik Maker 16 - (.mmm) Stack Buffer Overflow (without egg-hunter) Magix Musik Maker 16 - (.mmm) Stack Buffer Overflow (without egg-hunter) (Metasploit) Black Ice Cover Page SDK insecure method DownloadImageFileURL() Exploit Black Ice Cover Page SDK insecure method DownloadImageFileURL() Exploit (Metasploit) If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (2) If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (Metasploit) (2) Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS (MS09-053) Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS (MS09-053) (Metasploit) MicroP 0.1.1.1600 - (MPPL File) Stack Buffer Overflow MicroP 0.1.1.1600 - (.MPPL) Stack Buffer Overflow Firefox 3.6.16 - OBJECT mChannel Remote Code Execution Exploit (DEP Bypass) Firefox 3.6.16 - OBJECT mChannel Remote Code Execution Exploit (DEP Bypass) (Metasploit) HP JetDirect PJL Interface Universal Path Traversal HP JetDirect PJL Query Execution HP JetDirect PJL Interface Universal Path Traversal (Metasploit) HP JetDirect PJL Query Execution (Metasploit) Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution (Metasploit) LifeSize Room - Command Injection LifeSize Room - Command Injection (Metasploit) Opera 10/11 - (bad nesting with frameset tag) Memory Corruption Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit) Opera Browser 10/11/12 - (SVG layout) Memory Corruption (0Day) Opera Browser 10/11/12 - (SVG layout) Memory Corruption (0Day) (Metasploit) Cytel Studio 9.0 - (CY3 File) Stack Buffer Overflow Cytel Studio 9.0 - (.CY3) Stack Buffer Overflow NJStar Communicator 3.00 MiniSMTP Server Remote Exploit NJStar Communicator 3.00 MiniSMTP Server Remote Exploit (Metasploit) KnFTP 1.0 - Buffer Overflow Exploit (DEP Bypass) KnFTP 1.0 - Buffer Overflow Exploit (DEP Bypass) (Metasploit) AbsoluteFTP 1.9.6 < 2.2.10 - Remote Buffer Overflow (LIST) AbsoluteFTP 1.9.6 < 2.2.10 - Remote Buffer Overflow (LIST) (Metasploit) QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS (Metasploit) Free MP3 CD Ripper 1.1 - (WAV File) Stack Buffer Overflow Free MP3 CD Ripper 1.1 - (.WAV) Stack Buffer Overflow CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit (.m3u) CCMPlayer 1.5 - Stack based Buffer Overflow SEH Exploit (.m3u) (Metasploit) AVID Media Composer Phonetic Indexer Remote Stack BoF Final Draft 8 - Multiple Stack Buffer Overflows AVID Media Composer Phonetic Indexer Remote Stack BoF (Metasploit) Final Draft 8 - Multiple Stack Buffer Overflows (Metasploit) StoryBoard Quick 6 - Stack Buffer Overflow StoryBoard Quick 6 - Stack Buffer Overflow (Metasploit) phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection (Metasploit) vBSEO <= 3.6.0 - 'proc_deutf()' Remote PHP Code Injection Exploit vBSEO <= 3.6.0 - 'proc_deutf()' Remote PHP Code Injection Exploit (Metasploit) The Uploader 2.0.4 - (Eng/Ita) Remote File Upload Remote Code Execution The Uploader 2.0.4 - (Eng/Ita) Remote File Upload Remote Code Execution (Metasploit) Liferay XSL - Command Execution Liferay XSL - Command Execution (Metasploit) CPE17 Autorun Killer <= 1.7.1 - Stack Buffer Overflow Exploit CPE17 Autorun Killer <= 1.7.1 - Stack Buffer Overflow Exploit (Metasploit) Wyse - Machine Remote Power off (DOS) without any privilege Wyse - Machine Remote Power off (DOS) without any privilege (Metasploit) TFM MMPlayer (m3u/ppl File) Buffer Overflow TFM MMPlayer (.m3u/.ppl) Buffer Overflow Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow (Metasploit) WANGKONGBAO CNS-1000 UTM IPS-FW Directory Traversal WANGKONGBAO CNS-1000 UTM IPS-FW Directory Traversal (Metasploit) ALLMediaServer 0.8 SEH Overflow Exploit ALLMediaServer 0.8 - SEH Overflow Exploit Siemens Simatic S7-300/400 CPU START/STOP Module Siemens Simatic S7-300 PLC Remote Memory Viewer Siemens Simatic S7-1200 CPU START/STOP Module Siemens Simatic S7-300/400 CPU START/STOP Module (Metasploit) Siemens Simatic S7-300 PLC Remote Memory Viewer (Metasploit) Siemens Simatic S7-1200 CPU START/STOP Module (Metasploit) Sysax Multi Server 5.64 - Create Folder Buffer Overflow Sysax Multi Server 5.64 - Create Folder Buffer Overflow (Metasploit) Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit (Metasploit) Jira Scriptrunner 2.0.7 - CSRF/RCE Exploit Jira Scriptrunner 2.0.7 - CSRF/RCE Exploit (Metasploit) NetWin SurgeFTP Authenticated Admin Command Injection NetWin SurgeFTP Authenticated Admin Command Injection (Metasploit) ActFax 5.01 - RAW Server Exploit ActFax 5.01 - RAW Server Exploit (Metasploit) Polycom HDX Telnet Authorization Bypass Polycom HDX Telnet Authorization Bypass (Metasploit) Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009) Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009) (Metasploit) Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit) Mikrotik Syslog Server for Windows 1.15 - Denial of Service Mikrotik Syslog Server for Windows 1.15 - Denial of Service (Metasploit) SAP ConfigServlet OS Command Execution SAP ConfigServlet OS Command Execution (Metasploit) SAP ConfigServlet Remote Unauthenticated Payload Execution SAP ConfigServlet Remote Unauthenticated Payload Execution (Metasploit) Microsoft Internet Explorer textNode Use-After-Free Microsoft Internet Explorer textNode Use-After-Free (Metasploit) Java Web Start Double Quote Injection Remote Code Execution Java Web Start Double Quote Injection Remote Code Execution (Metasploit) OpenEMR 4.1.1 Patch 14 - SQLi Privilege Escalation Remote Code Execution OpenEMR 4.1.1 Patch 14 - SQLi Privilege Escalation Remote Code Execution (Metasploit) Zabbix 2.0.8 - SQL Injection / Remote Code Execution Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit) SikaBoom - Remote Buffer Overflow SikaBoom - Remote Buffer Overflow (Metasploit) Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass (Metasploit) VUPlayer 2.49 - (.M3U) Universal Buffer Overflow (DEP Bypass) VUPlayer 2.49 - (.m3u) Universal Buffer Overflow (DEP Bypass) Netgear WNR1000v3 - Password Recovery Credential Disclosure Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit) Easy CD-DA Recorder - (PLS File) Buffer Overflow Easy CD-DA Recorder - (.pls) Buffer Overflow Fitnesse Wiki - Remote Command Execution Fitnesse Wiki - Remote Command Execution (Metasploit) EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read (Metasploit) AlienVault 4.5.0 - Authenticated SQL Injection AlienVault 4.5.0 - Authenticated SQL Injection (Metasploit) Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root RCE Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root RCE (Metasploit) F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation (Metasploit) AlienVault OSSIM 4.6.1 - Authenticated SQL Injection AlienVault OSSIM 4.6.1 - Authenticated SQL Injection (Metasploit) Raritan PowerIQ 4.1.0 - SQL Injection Raritan PowerIQ 4.1.0 - SQL Injection (Metasploit) Mthree Development MP3 to WAV Decoder - (.mp3 File) Remote Buffer Overflow Mthree Development MP3 to WAV Decoder - (.mp3) Remote Buffer Overflow ManageEngine Password Manager MetadataServlet.dat SQL Injection ManageEngine Password Manager MetadataServlet.dat SQL Injection (Metasploit) Ammyy Admin 3.5 - RCE Ammyy Admin 3.5 - RCE (Metasploit) Microsoft Exchange IIS HTTP Internal IP Address Disclosure Microsoft Exchange IIS HTTP Internal IP Address Disclosure (Metasploit) ManageEngine OpManager / Social IT Arbitrary File Upload ManageEngine OpManager / Social IT Arbitrary File Upload (Metasploit) DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload (Metasploit) Device42 WAN Emulator 2.3 - Traceroute Command Injection Device42 WAN Emulator 2.3 - Ping Command Injection Device42 WAN Emulator 2.3 - Traceroute Command Injection (Metasploit) Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit) Microsoft Windows Media Player 11.0.5721.5145 - (.avi File) Buffer Overflow Microsoft Windows Media Player 11.0.5721.5145 - (.avi) Buffer Overflow Varnish Cache CLI Interface - Remote Code Execution Varnish Cache CLI Interface - Remote Code Execution (Metasploit) Lotus Mail Encryption Server (Protector for Mail) - LFI to RCE Lotus Mail Encryption Server (Protector for Mail) - LFI to RCE (Metasploit) OpenMyZip 0.1 - (.zip File) Buffer Overflow OpenMyZip 0.1 - (.zip) Buffer Overflow Persistent Systems Client Automation - Command Injection RCE Persistent Systems Client Automation - Command Injection RCE (Metasploit) Metasploit Project < 4.11.1 - Initial User Creation CSRF Metasploit Project < 4.11.1 - Initial User Creation CSRF (Metasploit) Exim GHOST (glibc gethostbyname) Buffer Overflow Exim GHOST (glibc gethostbyname) Buffer Overflow (Metasploit) QNAP - Admin Shell via Bash Environment Variable Code Injection QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection QNAP - Admin Shell via Bash Environment Variable Code Injection (Metasploit) QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection (Metasploit) WordPress Business Intelligence Plugin - SQL injection WordPress Business Intelligence Plugin - SQL injection (Metasploit) Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit (Metasploit) PDF Shaper 3.5 - Buffer Overflow PDF Shaper 3.5 - Buffer Overflow (Metasploit) Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit) Centreon <= 2.5.3 - Remote Command Execution Centreon 2.5.3 - Remote Command Execution Symantec Brightmail 10.6.0-7- LDAP Credentials Disclosure Symantec Brightmail 10.6.0-7- LDAP Credentials Disclosure (Metasploit) Meteocontrol WEB’log - Admin Password Disclosure Meteocontrol WEB’log - Admin Password Disclosure (Metasploit) VUPlayer 2.49 - .m3u Buffer Overflow Exploit (Win 7 DEP Bypass) VUPlayer 2.49 - (.m3u) Buffer Overflow Exploit (Win 7 DEP Bypass) VMWare - Setuid vmware-mount Popen lsb_release Privilege Escalation (VMSA-2013-0010) Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)	2016-07-28 05:03:16 +00:00
Offensive Security	9680c9c2cb	DB: 2016-07-27 ... 6 new exploits Invision Power Board <= 3.0.4_ <= 3.0.4_ <= 2.3.6 - LFI and SQL Injection Invision Power Board <= 3.0.4 / <= 3.0.4 / <= 2.3.6 - LFI and SQL Injection Linux/x86 - connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes) Linux/x86 - Connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes) Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes) Win32 - connectback_ receive_ save and execute shellcode Win32 - Connectback_ receive_ save and execute shellcode DVD X Player 5.5 Professional (.plf) Universal Buffer Overflow DVD X Player 5.5 Professional - (.plf) Universal Buffer Overflow DVD X Player 5.5.0 Pro / Standard - Universal Exploit (DEP+ASLR Bypass) DVD X Player 5.5.0 Pro / Standard - Universal Exploit (DEP + ASLR Bypass) ISC BIND <= 8.2.2_IRIX <= 6.5.17_Solaris 7.0 - (NXT Overflow and Denial of Service) Vulnerabilities ISC BIND <= 8.2.2 / IRIX <= 6.5.17 / Solaris 7.0 - (NXT Overflow and Denial of Service) Vulnerabilities LedgerSMB1.0/1.1_SQL-Ledger 2.6.x Login Parameter Local File Include And Authentication Bypass Vulnerabilities LedgerSMB1.0/1.1 / SQL-Ledger 2.6.x - Login Parameter Local File Include And Authentication Bypass Vulnerabilities Lighttpd <= 1.4.15 - Multiple Code Execution_ Denial of Service and Information Disclosure Vulnerabilities Lighttpd <= 1.4.15 - Multiple Code Execution + Denial of Service + Information Disclosure Vulnerabilities Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow Privilege Escalation Windows TrackPopupMenu Win32k NULL Pointer Dereference Windows - TrackPopupMenu Win32k NULL Pointer Dereference ManageEngine OpManager_ Social IT Plus and IT360 - Multiple Vulnerabilities ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities Wikipad 1.6.0 - Cross-Site Scripting_ HTML Injection and Information Disclosure Vulnerabilities Wikipad 1.6.0 - Cross-Site Scripting + HTML Injection + Information Disclosure Vulnerabilities concrete5 5.5.2.1 Information Disclosure_ SQL Injection and Cross Site Scripting Vulnerabilities concrete5 5.5.2.1 - Information Disclosure + SQL Injection + Cross Site Scripting Vulnerabilities RuubikCMS 1.1.x Cross Site Scripting_ Information Disclosure and Directory Traversal Vulnerabilities RuubikCMS 1.1.x - Cross Site Scripting + Information Disclosure + Directory Traversal Vulnerabilities Windows Kernel Win32k.sys Privilege Escalation Exploit (MS14-058) Windows Kernel - Win32k.sys Privilege Escalation Exploit (MS14-058) Tiki-Wiki CMS Calendar 14.2_ 12.5 LTS_ 9.11 LTS_ and 6.15 - Remote Code Execution Tiki-Wiki CMS Calendar 14.2 / 12.5 LTS / 9.11 LTS / 6.15 - Remote Code Execution PHP 7.0.8_ 5.6.23 and 5.5.37 - bzread() Out-of-Bounds Write PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Post Auth Remote Root Exploit (Metasploit) PHP File Vault 0.9 - Directory Traversal Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities Iris ID IrisAccess ICU 7000-2 - Remote Root Command Execution Iris ID IrisAccess iCAM4000/iCAM7000 - Hardcoded Credentials Remote Shell Access	2016-07-27 05:06:35 +00:00
Offensive Security	d06dff59f9	DB: 2016-07-26 ... 16 new exploits Ubuntu Breezy 5.10 - Installer Password Disclosure Ubuntu 5.10 - Installer Password Disclosure BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes) BSD/x86 - setuid/portbind 31337/TCP shellcode (94 bytes) Linux/x86 - shellcode that forks a HTTP Server on port tcp/8800 (166 bytes) Linux/x86 - listens for shellcode on tcp/5555 and jumps to it (83 bytes) Linux/x86 - Forks a HTTP Server on port 8800/TCP shellcode (166 bytes) Linux/x86 - Listens for shellcode on 5555/TCP and jumps to it (83 bytes) Linux/x86 - Shellcode Polymorphic chmod(_/etc/shadow__666) (54 bytes) Linux/x86 - Polymorphic chmod(_/etc/shadow__666) Shellcode (54 bytes) Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes) Linux/x86 - Add root user 'r00t' with no password to /etc/passwd shellcode (69 bytes) Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes) Linux/x86 - SET_PORT() portbind 31337/TCP shellcode (100 bytes) Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes) Linux/x86 - Add User 'xtz' without Password to /etc/passwd shellcode (59 bytes) Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP + fork() shellcode (98 bytes) Linux/x86 - connect-back shellcode 127.0.0.1:31337/tcp (74 bytes) Linux/x86 - Connect-back shellcode 127.0.0.1:31337/TCP (74 bytes) Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes) Linux/x86 - Add user 't00r' encrypt shellcode (116 bytes) Linux/x86 - Add user _t00r_ shellcode (82 bytes) Linux/x86 - Add user 't00r' shellcode (82 bytes) Linux/x86 - Add user _z_ shellcode (70 bytes) Linux/x86 - Add User 'z' shellcode (70 bytes) Solaris/x86 - portbind/tcp shellcode (Generator) Solaris/x86 - portbind/TCP shellcode (Generator) Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes) Linux/x86 - append '/etc/passwd' & exit() shellcode (107 bytes) Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes) Linux/x86 - sends 'Phuck3d!' to all terminals shellcode (60 bytes) Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes) Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall shellcode (39 bytes) Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes) Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall shellcode (39 bytes) Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes) Linux/ARM - Add root user 'shell-storm' with password 'toor' shellcode (151 bytes) OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes) OS-X/Intel (x86_64) - reverse_tcp shell shellcode (131 bytes) Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes) Linux/SuperH (sh4) - Add root user 'shell-storm' with password 'toor' shellcode (143 bytes) Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes) Linux/MIPS - Add user(UID 0) 'rOOt' with password 'pwn3d' shellcode (164 bytes) Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password) Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes) Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes) OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes) OS-X/x86-64 - 4444/TPC port bind Nullfree shellcode (144 bytes) Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes) Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes) Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes) Linux/x86-64 - Bindshell 4444/TCP with Password Prompt shellcode (162 bytes) Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes) Linux/x86-64 - Bind 1472/TCP shellcode (IPv6) (199 bytes) Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes) Linux/x86 - Bind Shell Port 4444/TCP shellcode (656 bytes) Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes) Linux/x86 - Bind Shell Port 4444/TCP shellcode (98 bytes) Rapid7 AppSpider 6.12 - Local Privilege Escalation Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit) Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit) MediaCoder 0.8.43.5852 - .m3u SEH Exploit Drupal CODER Module 2.5 - Remote Command Execution (Metasploit) CodoForum 3.2.1 - SQL Injection CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter+ASLR bypass) GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload PHP gettext (gettext.php) 1.0.12 - Unauthenticated Code Execution PHP 7.0.8_ 5.6.23 and 5.5.37 - bzread() Out-of-Bounds Write Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities Bellini/Supercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities	2016-07-26 05:04:05 +00:00
Offensive Security	2a57bee5c6	DB: 2016-07-25 ... 12 new exploits Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Exploit Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation Exploit Linux Kernel < 2.6.31-rc4 - nfs4_proc_lock() Denial of Service FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes) Linux/x86 - execve shellcode null byte free (Generator) Linux/x86 - execve Null Free shellcode (Generator) Linux/x86 - cmd shellcode null free (Generator) Linux/x86 - cmd Null Free shellcode (Generator) iOS - Version-independent shellcode Linux/x86-64 - bindshell port:4444 shellcode (132 bytes) Linux/x86-64 - bindshell port 4444 shellcode (132 bytes) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free shellcode (39 bytes) Windows 5.0 < 7.0 x86 - null-free bindshell shellcode Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 shellcode Win32 - telnetbind by Winexec shellcode (111 bytes) Win32 - telnetbind by Winexec 23 port shellcode (111 bytes) Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes) Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes) Windows XP Pro SP2 English - _Message-Box_ Shellcode Null-Free (16 bytes) Windows XP Pro SP2 English - _Wordpad_ Shellcode Null Free (12 bytes) Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes) Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes) Linux/x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes) Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes) Win32 - Add new local administrator shellcode _secuid0_ (326 bytes) Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes) ARM - Bindshell port 0x1337shellcode ARM - Bindshell port 0x1337 shellcode Linux Kernel <= 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite Linux Kernel <= 2.4.0 - Stack Infoleaks bsd/x86 - connect back Shellcode (81 bytes) FreeBSD/x86 - connect back Shellcode (81 bytes) Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.10/11.04) - Privilege Boundary Crossing Local Root Exploit Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Privilege Boundary Crossing Local Root Exploit Linux Kernel 2.0 / 2.1 - SIGIO Linux Kernel 2.0 / 2.1 - Send a SIGIO Signal To Any Process Linux Kernel 2.2 - 'ldd core' Force Reboot Debian 2.1_ Linux Kernel 2.0.x_ RedHat 5.2 - Packet Length with Options Linux Kernel 2.0.x (Debian 2.1 / RedHat 5.2) - Packet Length with Options Linux Kernel 2.2.x - Non-Readable File Ptrace Linux Kernel 2.2.x - Non-Readable File Ptrace Local Information Leak OS X 10.x_ FreeBSD 4.x_OpenBSD 2.x_Solaris 2.5/2.6/7.0/8 exec C Library Standard I/O File Descriptor Closure OS X 10.x_ FreeBSD 4.x_ OpenBSD 2.x_ Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (1) Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (2) Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (1) Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (2) Linux Kernel 2.4 - suid execve() System Call Race Condition PoC Linux Kernel 2.4 - suid execve() System Call Race Condition Executable File Read Proof of Concept Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Memory Read Linux Kernel <= 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure Microsoft Internet Explorer 6.0_ Firefox 0.x_Netscape 7.x - IMG Tag Multiple Vulnerabilities Microsoft Internet Explorer 6.0 / Firefox 0.x / Netscape 7.x - IMG Tag Multiple Vulnerabilities Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1) Linux/x86 - Reverse TCP Bind Shellcode (92 bytes) Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes) Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password) Linux/x86 - TCP Bind Shel shellcode l (96 bytes) Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes) Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Privilege Escalation Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes) OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes) OS-X/x86-64 - /bin/sh Null Free Shellcode (34 bytes) Mainframe/System Z - Bind Shell shellcode (2488 bytes) Mainframe/System Z - Bind Shell Port 12345 Shellcode (2488 bytes) OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes) OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes) Ubuntu Apport - Local Privilege Escalation Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation Linux/x86-64 - Bindshell with Password shellcode (92 bytes) Linux/x86-64 - Bindshell 31173 port with Password shellcode (92 bytes) Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator) Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator) Linux/x86-64 - bind TCP port shellcode (103 bytes) Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes) Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes) Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes) Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes) Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes) Linux Kernel 3.10_ 3.18 + 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption Linux Kernel 3.10 / 3.18 / 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption Windows - Null-Free Shellcode Primitive Keylogger to File (431 (0x01AF) bytes) Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes) Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow) Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow) Windows - Null-Free Shellcode Functional Keylogger to File (601 (0x0259) bytes) Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes) Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes) Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes) Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes) Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes) Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes) Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes)	2016-07-25 05:06:19 +00:00
Offensive Security	be496c36bc	DB: 2016-07-23 ... 3 new exploits Mandrake Linux 8.2 - /usr/mail Local Exploit /usr/mail (Mandrake Linux 8.2) - Local Exploit Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Root Exploit (3) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3) Linux Kernel 2.2 - (TCP/IP Weakness) Exploit Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Exploit CDRecord's ReadCD - Local Root Privileges CDRecord's ReadCD - Local Root Exploit NetBSD FTPd / tnftpd Remote Stack Overflow PoC NetBSD FTPd / Tnftpd - Remote Stack Overflow PoC Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit (1) Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' ring0 Root Exploit (1) Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (1) Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1) SimpNews 2.16.2 and Below Multiple SQL Injection Vulnerabilities SimpNews <= 2.16.2 - Multiple SQL Injection Vulnerabilities NetBSD 5.0 and below Hack GENOCIDE Environment Overflow proof of concept NetBSD 5.0 and below Hack PATH Environment Overflow proof of concept NetBSD <= 5.0 - Hack GENOCIDE Environment Overflow proof of concept NetBSD <= 5.0 - Hack PATH Environment Overflow proof of concept Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (2) Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2) Linux Kernel < 2.6.34 (Ubuntu 10.10) - CAP_SYS_ADMIN x86 Local Privilege Escalation Exploit (1) Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (1) Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2) Linux Kernel < 2.6.34 (Ubuntu 10.10 x86/x64) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (2) Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Info Leak Exploit Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Information Leak Exploit NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1) NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1) - Exploit NetBSD <= 1.4_OpenBSD <= 2.5_Solaris <= 7.0 profil(2) NetBSD <= 1.4 / OpenBSD <= 2.5 /Solaris <= 7.0 profil(2) - Exploit FreeBSD 3.4/4.0/5.0_NetBSD 1.4 Unaligned IP Option Denial of Service FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service FreeBSD 2.2-4.2_NetBSD 1.2-4.5_OpenBSD 2.x ftpd glob() Buffer Overflow FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - glob() Buffer Overflow NetBSD 1.x TalkD User Validation NetBSD 1.x TalkD - User Validation FreeBSD 4.x_NetBSD 1.4.x/1.5.x/1.6_OpenBSD 3 pppd Arbitrary File Permission Modification Race Condition FreeBSD 4.x / NetBSD 1.4.x/1.5.x/1.6 / OpenBSD 3 - pppd Arbitrary File Permission Modification Race Condition Linux Kernel 2.4 - execve() System Call Race Condition PoC Linux Kernel 2.4 - suid execve() System Call Race Condition PoC Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC (1) Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1) Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit (2) Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Local Root Exploit (2) NetBSD 3.1 Ftpd and Tnftpd Port Remote Buffer Overflow NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow OpenBSD 4.6 and NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service OpenBSD 4.6 / NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.0/1/2 x64) - perf_swevent_init Local Root Exploit (3) Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3) Mozilla Firefox SeaMonkey <= 3.6.10 and Thunderbird <= 3.1.4 - 'document.write' Memory Corruption Mozilla Firefox SeaMonkey <= 3.6.10 / Thunderbird <= 3.1.4 - 'document.write' Memory Corruption Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities Linux Kernel <= 3.14.5 (RHEL/CentOS 7) - libfutex Local Root Linux Kernel <= 3.14.5 (RHEL / CentOS 7) - 'libfutex' Local Root Exploit NetBSD 5.1 Multiple 'libc/net' Functions Stack Buffer Overflow NetBSD 5.1 - Multiple 'libc/net' Functions Stack Buffer Overflow VSAT Sailor 900 - Remote Exploit Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept) Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - rootpipe Local Privilege Escalation Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation Apple OS X Entitlements Rootpipe Privilege Escalation Apple OS X Entitlements - 'Rootpipe' Privilege Escalation OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes) OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes) OS X Install.framework suid root Runner Binary Privilege Escalation OS X Install.framework - suid root Runner Binary Privilege Escalation Linux/MIPS Kernel 2.6.36 NetUSB - Remote Code Execution Exploit Linux/MIPS Kernel 2.6.36 - 'NetUSB' Remote Code Execution Exploit Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes) Linux/x86-64 - bindshell (Port 5600) shellcode (81 bytes) Linux Kernel 4.4.x (Ubuntu 16.04) - double-fdput() in bpf(BPF_PROG_LOAD) Local Root Exploit Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Local Root Exploit Exim 4 (Debian/Ubuntu) - Spool Local Root Privilege Escalation Exim 4 (Debian / Ubuntu) - Spool Local Privilege Escalation Windows 7-10 and 2k8-2k12 x86/x64 - Secondary Logon Handle Privilege Escalation (MS16-032) Windows 7-10 and 2008-2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) Internet Explorer 11 (on Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051) Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051) Linux/x86-64 - Syscall Persistent Bind Shell + (Multi-terminal) + Password + Daemon (83_ 148_ 177 bytes) Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes) mail.local(8) (NetBSD) - Local Root Exploit (NetBSD-SA2016-006) Apache 2.4.7 & PHP <= 7.0.2 - openssl_seal() Uninitialized Memory Code Execution	2016-07-23 05:07:15 +00:00
Offensive Security	789febc361	DB: 2016-07-22 ... 4 new exploits Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (1) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (2) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit (3) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Root Exploit (3) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Proof of Concept (2) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Validator (Proof of Concept) (1) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit (1) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Root Exploit (2) Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Elevation (1) Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Escalation (1) Linux Kernel 2.4 - 'uselib()' Privilege Elevation Exploit (2) Linux Kernel 2.4 - 'uselib()' Privilege Escalation Exploit (2) Linux Kernel 2.4 / 2.6 x86_64) - System Call Emulation Exploit Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Local Root Exploit TFTP Server 1.4 - ST Buffer Overflow Exploit (0Day) TFTP Server 1.4 - ST Buffer Overflow Exploit Linux Kernel < 2.6.22 - ftruncate()/open() Local Exploit Linux Kernel < 2.6.22 - ftruncate()/open() Local Root Exploit MuPDF pdf_shade4.c Multiple Stack-Based Buffer Overflows MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack-Based Buffer Overflows (Linux Kernel <= 2.6.34-rc3) ReiserFS xattr (Redhat/Ubuntu 9.10) - Privilege Escalation ReiserFS xattr (Linux Kernel <= 2.6.34-rc3) (Redhat / Ubuntu 9.10) - Privilege Escalation Microsoft ASN.1 Library Bitstring Heap Overflow Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007) Linux Kernel 2.0 / 2.1 / 2.2 - autofs Linux Kernel 2.2 - ldd core Force Reboot Linux Kernel 2.2 - 'ldd core' Force Reboot OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1) OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2) OpenSSH 3.x - Challenge-Response Buffer Overflow Vulnerabilities (1) OpenSSH 3.x - Challenge-Response Buffer Overflow Vulnerabilities (2) Linux Kernel Samba 2.2.8 (Debian/Mandrake) - Share Local Privilege Elevation Linux Kernel Samba 2.2.8 (Debian / Mandrake) - Share Local Privilege Escalation Linux Kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition Local Privilege Escalation (x64) Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Local Privilege Escalation Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow Proof of Concept Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept) Apport/Abrt - Local Root Exploit Apport/Abrt (Ubuntu / Fedora) - Local Root Exploit Ubuntu usb-creator 0.2.x - Local Privilege Escalation usb-creator 0.2.x (Ubuntu 12.04/14.04/14.10) - Local Privilege Escalation Apport/Ubuntu - Local Root Race Condition Apport (Ubuntu 14.04/14.10/15.04) - Local Root Race Condition Linux Kernel 4.4.0-2 (Ubuntu 16.04) - netfilter target_offset OOB Local Root Exploit Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - netfilter target_offset OOB Local Root Exploit TFTP Server 1.4 - WRQ Buffer Overflow Exploit (Egghunter) Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes) TeamPass Passwords Management System 2.1.26 - Arbitrary File Download	2016-07-22 05:05:29 +00:00
Offensive Security	ec03ab428f	DB: 2016-07-21 ... 10 new exploits Microsoft Internet Explorer <= XP SP2 - HTML Help Control Local Zone Bypass Microsoft Internet Explorer XP SP2 - HTML Help Control Local Zone Bypass Mambo <= 4.5.3 & Joomla <= 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit Simplog <= 0.9.3 - (tid) Remote SQL Injection Exploit Simplog 0.9.3 - (tid) SQL Injection Skulltag <= 0.96f - (Version String) Remote Format String PoC OpenTTD <= 0.4.7 - Multiple Vulnerabilities/Denial of Service Exploit Skulltag 0.96f - (Version String) Remote Format String PoC OpenTTD 0.4.7 - Multiple Vulnerabilities Apple Mac OS X Safari <= 2.0.3 (417.9.2) - Multiple Vulnerabilities (PoC) Apple Mac OS X Safari 2.0.3 (417.9.2) - Multiple Vulnerabilities Apple Mac OS X Safari <= 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC Apple Mac OS X Safari 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC Aardvark Topsites PHP <= 4.2.2 - (path) Remote File Inclusion phpMyAgenda <= 3.0 Final (rootagenda) Remote Include Aardvark Topsites PHP <= 4.2.2 - (lostpw.php) Remote Include Exploit Aardvark Topsites PHP 4.2.2 - (path) Remote File Inclusion phpMyAgenda 3.0 Final - (rootagenda) Remote Include Aardvark Topsites PHP 4.2.2 - (lostpw.php) Remote File Inclusion X7 Chat <= 2.0 - (help_file) Remote Commands Execution Exploit X7 Chat 2.0 - (help_file) Remote Command Execution Auction <= 1.3m (phpbb_root_path) Remote File Include Exploit Auction 1.3m - (phpbb_root_path) Remote File Inclusion acFTP FTP Server <= 1.4 - (USER) Remote Buffer Overflow PoC Quake 3 Engine 1.32b R_RemapShader() Remote Client BoF Exploit acFTP FTP Server 1.4 - (USER) Remote Buffer Overflow PoC Quake 3 Engine 1.32b - R_RemapShader() Remote Client BoF Exploit AWStats <= 6.5 - (migrate) Remote Shell Command Injection Exploit AWStats 6.5 - (migrate) Remote Shell Command Injection acFTP FTP Server <= 1.4 - (USER) Remote Denial of Service Exploit acFTP FTP Server 1.4 - (USER) Remote Denial of Service PHP-Fusion <= 6.00.306 - Multiple Vulnerabilities Jetbox CMS <= 2.1 - (relative_script_path) Remote File Inclusion Exploit ACal <= 2.2.6 - (day.php) Remote File Inclusion EQdkp <= 1.3.0 - (dbal.php) Remote File Inclusion PHP-Fusion 6.00.306 - Multiple Vulnerabilities Jetbox CMS 2.1 - (relative_script_path) Remote File Inclusion ACal 2.2.6 - (day.php) Remote File Inclusion EQdkp 1.3.0 - (dbal.php) Remote File Inclusion Microsoft Internet Explorer <= 6.0.2900 SP2 - (CSS Attribute) Denial of Service Microsoft Internet Explorer 6.0.2900 SP2 - (CSS Attribute) Denial of Service Unclassified NewsBoard <= 1.6.1 patch 1 - Arbitrary Local Inclusion Exploit Unclassified NewsBoard 1.6.1 patch 1 - Local File Inclusion Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (1) Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (2) Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (3) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (1) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (2) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (3) Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (4) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (4) Linux Kernel <= 2.6.17.4 - (proc) Local Root Exploit Linux Kernel <= 2.6.17.4 - 'proc' Local Root Exploit Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Exploit Linux Kernel 2.4 / 2.6 x86_64) - System Call Emulation Exploit \o - Local File Inclusion (1st) Keller Web Admin CMS 0.94 Pro - Local File Inclusion (1) PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation PulseAudio setuid (Ubuntu 9.04 / Slackware 12.2.0) - Local Privilege Escalation Linux Kernel < 2.6.36-rc6 (Redhat/Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept Linux Kernel < 2.6.36-rc6 (Redhat / Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept Linux Kernel <= 2.2.18 (RH 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1) Linux Kernel <= 2.2.18 (RH 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1) Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Django CMS 3.3.0 - (Editor Snippet) Persistent XSS Drupal RESTWS Module 7.x - Remote PHP Code Execution (Metasploit) Linux/x86 - execve /bin/sh Shellcode (19 bytes) Wowza Streaming Engine 4.5.0 - Local Privilege Escalation Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation Wowza Streaming Engine 4.5.0 - Add Advanced Admin CSRF Wowza Streaming Engine 4.5.0 - Multiple XSS OpenSSHD <= 7.2p2 - Username Enumeration WordPress Video Player Plugin 1.5.16 - SQL Injection	2016-07-21 05:06:28 +00:00
Offensive Security	965b4bba8f	DB: 2016-07-20 ... 4 new exploits Microsoft Internet Explorer Object Tag Exploit (MS03-020) Microsoft Internet Explorer - Object Tag Exploit (MS03-020) ICQ Pro 2003a Password Bypass Exploit (ca1-icq.asm) ICQ Pro 2003a - Password Bypass Exploit (ca1-icq.asm) Cisco IOS IPv4 Packets Denial of Service Exploit Cisco IOS - IPv4 Packets Denial of Service Exploit Cisco IOS (using hping) Remote Denial of Service Exploit Cisco IOS - (using hping) Remote Denial of Service Exploit Microsoft Windows SQL Server Denial of Service Remote Exploit (MS03-031) Microsoft Windows SQL Server - Denial of Service Remote Exploit (MS03-031) Microsoft Windows RPC DCOM Remote Exploit (18 Targets) Microsoft Windows RPC - DCOM Remote Exploit (18 Targets) man-db 2.4.1 open_cat_stream() Local uid=man Exploit man-db 2.4.1 - open_cat_stream() Local uid=man Exploit Cisco IOS 12.x/11.x HTTP Remote Integer Overflow Exploit Cisco IOS 12.x/11.x - HTTP Remote Integer Overflow Exploit DameWare Mini Remote Control Server SYSTEM Exploit DameWare Mini Remote Control Server - SYSTEM Exploit Microsoft Internet Explorer Object Data Remote Exploit (M03-032) Microsoft Internet Explorer - Object Data Remote Exploit (M03-032) eMule/xMule/LMule OP_SERVERMESSAGE Format String Exploit eMule/xMule/LMule - OP_SERVERMESSAGE Format String Exploit Microsoft WordPerfect Document Converter Exploit (MS03-036) Microsoft WordPerfect Document Converter - Exploit (MS03-036) Roger Wilco 1.x Client Data Buffer Overflow Exploit Roger Wilco 1.x - Client Data Buffer Overflow Exploit Solaris Sadmind Default Configuration Remote Root Exploit Solaris Sadmind - Default Configuration Remote Root Exploit Microsoft Windows Messenger Service Denial of Service Exploit (MS03-043) Microsoft Windows Messenger Service - Denial of Service Exploit (MS03-043) Microsoft Exchange 2000 XEXCH50 Heap Overflow PoC (MS03-046) Microsoft Exchange 2000 - XEXCH50 Heap Overflow PoC (MS03-046) Microsoft Frontpage Server Extensions fp30reg.dll Exploit (MS03-051) Microsoft Frontpage Server Extensions - fp30reg.dll Exploit (MS03-051) Microsoft Windows Workstation Service WKSSVC Remote Exploit (MS03-049) Microsoft Windows Workstation Service - WKSSVC Remote Exploit (MS03-049) Microsoft Windows XP Workstation Service Remote Exploit (MS03-049) Microsoft Windows XP Workstation Service - Remote Exploit (MS03-049) Microsoft Windows Messenger Service Remote Exploit FR (MS03-043) Microsoft Windows Messenger Service - Remote Exploit FR (MS03-043) GateKeeper Pro 4.7 Web proxy Remote Buffer Overflow Exploit GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow Exploit Eudora 6.0.3 Attachment Spoofing Exploit (windows) Foxmail 5.0 PunyLib.dll Remote Stack Overflow Exploit Eudora 6.0.3 - Attachment Spoofing Exploit (Windows) Foxmail 5.0 - PunyLib.dll Remote Stack Overflow Exploit eSignal 7.6 STREAMQUOTE Remote Buffer Overflow Exploit eSignal 7.6 - STREAMQUOTE Remote Buffer Overflow Exploit OpenBSD 2.6 - / 2.7ftpd Remote Exploit OpenBSD 2.6 / 2.7ftpd - Remote Exploit Redhat 6.1 - / 6.2 TTY Flood Users Exploit Redhat 6.1 / 6.2 - TTY Flood Users Exploit Solaris 2.6 - / 7 / 8 Lock Users Out of mailx Exploit Solaris 2.6 / 7 / 8 - Lock Users Out of mailx Exploit Solaris 2.5 - / 2.5.1 getgrnam() Local Overflow Exploit Solaris 2.5 / 2.5.1 - getgrnam() Local Overflow Exploit Solaris 7 - / 8-beta arp Local Overflow Exploit Solaris 7 / 8-beta - arp Local Overflow Exploit Solaris 2.6 - / 2.7 /usr/bin/write Local Overflow Exploit Solaris 2.6 / 2.7 - /usr/bin/write Local Overflow Exploit Cisco Multiple Products Automated Exploit Tool Cisco Multiple Products - Automated Exploit Tool Microsoft Internet Explorer (11 bytes) Denial of Service Exploit Microsoft Internet Explorer - Denial of Service Exploit (11 bytes) PHP <= 4.3.7/ 5.0.0RC3 - memory_limit Remote Exploit PHP <= 4.3.7/5.0.0RC3 - memory_limit Remote Exploit VisualBoyAdvanced 1.7.x - Local Shell Exploit (non suid) (updated) VisualBoyAdvanced 1.7.x - Local Shell Exploit (non suid) GoodTech Telnet Server < 5.0.7 - Remote BoF Exploit (updated) GoodTech Telnet Server < 5.0.7 - Remote BoF Exploit (2) WebAPP 0.9.9.2.1 - Remote Command Execution Exploit (2nd updated) WebAPP 0.9.9.2.1 - Remote Command Execution Exploit (1st) WebAPP 0.9.9.2.1 - Remote Command Execution Exploit (2) WebAPP 0.9.9.2.1 - Remote Command Execution Exploit (1) Maxwebportal <= 1.36 password.asp Change Password Exploit (3 - perl) Maxwebportal <= 1.36 password.asp Change Password Exploit (2 - php) Maxwebportal <= 1.36 password.asp Change Password Exploit (1 - html) Maxwebportal <= 1.36 password.asp Change Password Exploit (3) (perl) Maxwebportal <= 1.36 password.asp Change Password Exploit (2) (php) Maxwebportal <= 1.36 password.asp Change Password Exploit (1) (html) ProRat Server <= 1.9 - (Fix-2) Buffer Overflow Crash Exploit ProRat Server <= 1.9 (Fix-2) - Buffer Overflow Crash Exploit Microsoft Windows DTC Remote Exploit (PoC) (MS05-051) (updated) Microsoft Windows - DTC Remote Exploit (PoC) (MS05-051) (2) phpBB <= 2.0.18 - Remote Bruteforce/Dictionary Attack Tool (updated) phpBB <= 2.0.18 - Remote Bruteforce/Dictionary Attack Tool (2) Microsoft Windows - ACLs Local Privilege Escalation Exploit (Updated) Microsoft Windows - ACLs Local Privilege Escalation Exploit (2) HPE <= 1.0 - (HPEinc) Remote File Include Vulnerabilities (updated) HPE <= 1.0 - (HPEinc) Remote File Include Vulnerabilities (2) phpBB Journals System Mod 1.0.2 [RC2] - Remote File Include Exploit phpBB Journals System Mod 1.0.2 RC2 - Remote File Include Exploit Mozilla Firefox <= 1.5.0.7/ 2.0 - (createRange) Remote DoS Exploit Mozilla Firefox <= 1.5.0.7/2.0 - (createRange) Remote DoS Exploit BrowseDialog Class (ccrpbds6.dll) Multiple Methods DoS Exploit BrowseDialog Class - (ccrpbds6.dll) Multiple Methods DoS Exploit Asterisk <= 1.2.15 - / 1.4.0 pre-auth Remote Denial of Service Exploit Asterisk <= 1.2.15 / 1.4.0 - pre-auth Remote Denial of Service Exploit PHP < 4.4.5 - / 5.2.1 php_binary Session Deserialization Information Leak PHP < 4.4.5 - / 5.2.1 WDDX Session Deserialization Information Leak PHP < 4.4.5 - / 5.2.1 - php_binary Session Deserialization Information Leak PHP < 4.4.5 - / 5.2.1 - WDDX Session Deserialization Information Leak PHP <= 4.4.6 - / 5.2.1 array_user_key_compare() ZVAL dtor Local Exploit PHP <= 4.4.6 / 5.2.1 - array_user_key_compare() ZVAL dtor Local Exploit PHP <= 4.4.6 - / 5.2.1 ext/gd Already Freed Resources Usage Exploit PHP <= 4.4.6 / 5.2.1 - ext/gd Already Freed Resources Usage Exploit Asterisk <= 1.2.16 - / 1.4.1 SIP INVITE Remote Denial of Service Exploit Asterisk <= 1.2.16 / 1.4.1 - SIP INVITE Remote Denial of Service Exploit PHP < 4.4.5 - / 5.2.1 _SESSION unset() Local Exploit PHP < 4.4.5 - / 5.2.1 _SESSION Deserialization Overwrite Exploit PHP < 4.4.5 - / 5.2.1 - _SESSION unset() Local Exploit PHP < 4.4.5 - / 5.2.1 - _SESSION Deserialization Overwrite Exploit PHP 4.4.5 - / 4.4.6 session_decode() Double Free Exploit PoC PHP 4.4.5 / 4.4.6 - session_decode() Double Free Exploit PoC XOOPS Module MyAds Bug Fix <= 2.04jp (index.php) SQL Injection Exploit XOOPS Module MyAds Bug Fix <= 2.04jp - (index.php) SQL Injection Exploit Kaqoo Auction (install_root) Multiple Remote File Include Vulnerabilities Kaqoo Auction - (install_root) Multiple Remote File Include Vulnerabilities Asterisk < 1.2.22 - / 1.4.8 / 2.2.1 chan_skinny Remote Denial of Service Asterisk < 1.2.22 / 1.4.8 / 2.2.1 - chan_skinny Remote Denial of Service Weblogicnet (files_dir) Multiple Remote File Inclusion Vulnerabilities Weblogicnet - (files_dir) Multiple Remote File Inclusion Vulnerabilities PHP <= 4.4.7 - / 5.2.3 MySQL/MySQLi Safe Mode Bypass PHP <= 4.4.7 / 5.2.3 - MySQL/MySQLi Safe Mode Bypass EB Design Pty Ltd (EBCRYPT.DLL 2.0) Multiple Remote Vulnerabilites EB Design Pty Ltd - (EBCRYPT.DLL 2.0) Multiple Remote Vulnerabilites Lama Software (14.12.2007) Multiple Remote File Inclusion Vulnerabilities Lama Software 14.12.2007 - Multiple Remote File Inclusion Vulnerabilities sCssBoard (pwnpack) Multiple Versions Remote Exploit sCssBoard - (pwnpack) Multiple Versions Remote Exploit Data Dynamics ActiveBar (Actbar3.ocx 3.2) Multiple Insecure Methods Data Dynamics ActiveBar (Actbar3.ocx 3.2) - Multiple Insecure Methods Shader TV (Beta) Multiple Remote SQL Injection Vulnerabilities Shader TV (Beta) - Multiple Remote SQL Injection Vulnerabilities Keller Web Admin CMS 0.94 Pro Local File Inclusion Keller Web Admin CMS 0.94 Pro - Local File Inclusion Keller Web Admin CMS 0.94 Pro Local File Inclusion (1st) \o - Local File Inclusion (1st) HRS Multi (picture_pic_bv.asp key) Blind SQL Injection Exploit HRS Multi - (picture_pic_bv.asp key) Blind SQL Injection Exploit Kasra CMS (index.php) Multiple SQL Injection Vulnerabilities Kasra CMS - (index.php) Multiple SQL Injection Vulnerabilities Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - < UDEV 1.4.1 Local Privilege Escalation Exploit (1) Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV < 1.4.1 Local Privilege Escalation Exploit (1) Linux Kernel 2.6.x (<= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10) (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Linux Kernel <= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Mac OS X - Java applet Remote Deserialization Remote PoC (Updated) Mac OS X - Java applet Remote Deserialization Remote PoC (2) ZaoCMS (user_updated.php) Remote Change Password Exploit ZaoCMS - (user_updated.php) Remote Change Password Exploit eZoneScripts Hotornot2 Script (Admin Bypass) Multiple Remote Vulnerabilities eZoneScripts Hotornot2 Script - (Admin Bypass) Multiple Remote Vulnerabilities phpdirectorysource (XSS/SQL) Multiple Vulnerabilities phpdirectorysource - (XSS/SQL) Multiple Vulnerabilities Million-Dollar Pixel Ads Platinum (SQL/XSS) Multiple Vulnerabilities Million-Dollar Pixel Ads Platinum - (SQL/XSS) Multiple Vulnerabilities garagesalesjunkie (SQL/XSS) Multiple Vulnerabilities garagesalesjunkie - (SQL/XSS) Multiple Vulnerabilities Miniweb 2.0 Module Publisher (bSQL-XSS) Multiple Vulnerabilities Miniweb 2.0 Module Publisher - (bSQL/XSS) Multiple Vulnerabilities PHP Script Forum Hoster (Topic Delete/XSS) Multiple Vulnerabilities PHP Script Forum Hoster - (Topic Delete/XSS) Multiple Vulnerabilities Linux Kernel 2.x - sock_sendpage() Local Root Exploit (Android) Linux Kernel 2.x - 'sock_sendpage()' Local Root Exploit (Android) GDivX Zenith Player AviFixer Class (fix.dll 1.0.0.1) Buffer Overflow PoC GDivX Zenith Player AviFixer Class - (fix.dll 1.0.0.1) Buffer Overflow PoC Linux Kernel 2.4.x / 2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SUSE 10 SP2/11 / Ubuntu 8.10) - sock_sendpage() Local Root (PPC) Linux Kernel 2.4.x / 2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SUSE 10 SP2/11 / Ubuntu 8.10) - 'sock_sendpage()' Local Root (PPC) phpMySite (XSS/SQLi) Multiple Vulnerabilities phpMySite - (XSS/SQLi) Multiple Vulnerabilities (Tod Miller's) Sudo/SudoEdit 1.6.x / 1.7.x (<= 1.6.9p21 / <= 1.7.2p4) - Local Root Exploit (Tod Miller's) Sudo/SudoEdit <= 1.6.9p21 / <= 1.7.2p4 - Local Root Exploit Preisschlacht Multi Liveshop System SQL Injection (seite&aid) index.php Preisschlacht Multi Liveshop System - SQL Injection (seite&aid) index.php quality point 1.0 newsfeed (SQL/XSS) Multiple Vulnerabilities quality point 1.0 newsfeed - (SQL/XSS) Multiple Vulnerabilities Open Web Analytics 1.2.3 multi file include Open Web Analytics 1.2.3 - multi file include Scratcher (SQL/XSS) Multiple Remote Scratcher - (SQL/XSS) Multiple Remote phpscripte24 Live Shopping Multi Portal System SQL Injection Exploit phpscripte24 Live Shopping Multi Portal System - SQL Injection Exploit e-webtech (fixed_page.asp) SQL Injection e-webtech - (fixed_page.asp) SQL Injection parlic Design (SQL/XSS/HTML) Multiple Vulnerabilities parlic Design - (SQL/XSS/HTML) Multiple Vulnerabilities MileHigh Creative (SQL/XSS/HTML Injection) Multiple Vulnerabilities MileHigh Creative - (SQL/XSS/HTML Injection) Multiple Vulnerabilities CMScout (XSS/HTML Injection) Multiple Vulnerabilities CMScout - (XSS/HTML Injection) Multiple Vulnerabilities k-search (SQL/XSS) Multiple Vulnerabilities k-search - (SQL/XSS) Multiple Vulnerabilities GuestBook Script PHP (XSS/HTML Injection) Multiple Vulnerabilities GuestBook Script PHP - (XSS/HTML Injection) Multiple Vulnerabilities Max's Guestbook (HTML Injection/XSS) Multiple Vulnerabilities Max's Guestbook - (HTML Injection/XSS) Multiple Vulnerabilities Joomla Component (com_jefaqpro) Multiple Blind SQL Injection Vulnerabilities Joomla Component (com_jefaqpro) - Multiple Blind SQL Injection Vulnerabilities Joomla Component (com_restaurantguide) Multiple Vulnerabilities Joomla Component - (com_restaurantguide) Multiple Vulnerabilities TradeMC E-Ticaret (SQL/XSS) Multiple Vulnerabilities TradeMC E-Ticaret - (SQL/XSS) Multiple Vulnerabilities Projekt Shop (details.php) Multiple SQL Injection Vulnerabilities Projekt Shop - (details.php) Multiple SQL Injection Vulnerabilities CakePHP <= 1.3.5 - / 1.2.8 unserialize() CakePHP <= 1.3.5 / 1.2.8 - unserialize() Rae Media Real Estate Multi Agent SQL Injection Rae Media Real Estate Multi Agent - SQL Injection Solaris ypupdated Command Execution Solaris - ypupdated Command Execution CakePHP <= 1.3.5 - / 1.2.8 Cache Corruption Exploit CakePHP <= 1.3.5 / 1.2.8 - Cache Corruption Exploit Joomla HM-Community (com_hmcommunity) Multiple Vulnerabilities Joomla HM-Community - (com_hmcommunity) Multiple Vulnerabilities Siemens SIMATIC WinCC Flexible (Runtime) Multiple Vulnerabilities Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities CyberLink Multiple Products File Project Handling Stack Buffer Overflow PoC CyberLink Multiple Products - File Project Handling Stack Buffer Overflow PoC Ruby on Rails ActionPack Inline ERB Code Execution Ruby on Rails ActionPack Inline ERB - Code Execution HP-UX 10/11_IRIX 3/4/5/6_OpenSolaris build snv_Solaris 8/9/10_SunOS 4.1 RPC.YPUpdated Command Execution (1) HP-UX 10/11_IRIX 3/4/5/6_OpenSolaris build snv_Solaris 8/9/10_SunOS 4.1 RPC.YPUpdated Command Execution (2) HP-UX 10/11_IRIX 3/4/5/6_OpenSolaris build snv_Solaris 8/9/10_SunOS 4.1 - RPC.YPUpdated Command Execution (1) HP-UX 10/11_IRIX 3/4/5/6_OpenSolaris build snv_Solaris 8/9/10_SunOS 4.1 - RPC.YPUpdated Command Execution (2) ASTPP VoIP Billing (4cf207a) Multiple Vulnerabilities ASTPP VoIP Billing (4cf207a) - Multiple Vulnerabilities Drummond Miles A1Stats 1.0 a1disp2.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 a1disp3.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 a1disp4.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - a1disp2.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - a1disp4.cgi Traversal Arbitrary File Read Symantec Norton Personal Firewall 2002/ Kaspersky Labs Anti-Hacker 1.0/BlackIce Server Protection 3.5/BlackICE Defender 2.9 - Auto Block DoS Weakness Symantec Norton Personal Firewall 2002/Kaspersky Labs Anti-Hacker 1.0/BlackIce Server Protection 3.5/BlackICE Defender 2.9 - Auto Block DoS Weakness Oracle WebCenter Sites (FatWire Content Server) Multiple Vulnerabilities Oracle WebCenter Sites (FatWire Content Server) - Multiple Vulnerabilities Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness Microsoft URLScan 2.5/RSA Security SecurID 5.0 - Configuration Enumeration Weakness WinSyslog Interactive Syslog Server 4.21/ long Message Remote Denial of Service WinSyslog Interactive Syslog Server 4.21 - long Message Remote Denial of Service VocalTec VGW120/ VGW480 Telephony Gateway Remote H.225 - Denial of Service VocalTec VGW120/VGW480 Telephony Gateway Remote H.225 - Denial of Service Web Wiz Multiple Products SQL Injection Web Wiz Multiple Products - SQL Injection RealNetworks Multiple Products Multiple Buffer Overflow Vulnerabilities RealNetworks Multiple Products - Multiple Buffer Overflow Vulnerabilities Geodesic Solutions Multiple Products index.php b Parameter SQL Injection Geodesic Solutions Multiple Products - index.php b Parameter SQL Injection HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload HP ProCurve Manager - SNAC UpdateDomainControllerServlet File Upload Linux Kernel 2.6.x (<= 2.6.17.7) - NFS and EXT3 Combination Remote Denial of Service Linux Kernel <= 2.6.17.7 - NFS and EXT3 Combination Remote Denial of Service Apache HTTP Server (<= 1.3.35 / <= 2.0.58 / <= 2.2.2) - Arbitrary HTTP Request Headers Security Weakness Apache HTTP Server <= 1.3.35 / <= 2.0.58 / <= 2.2.2 - Arbitrary HTTP Request Headers Security Weakness Symantec Multiple Products SymEvent Driver Local Denial of Service Symantec Multiple Products - SymEvent Driver Local Denial of Service FreeBSD 5.x I386_Set_LDT() Multiple Local Denial of Service Vulnerabilities FreeBSD 5.x I386_Set_LDT() - Multiple Local Denial of Service Vulnerabilities Apache + PHP 5.x (< 5.3.12 & < 5.4.2) - cgi-bin Remote Code Execution Exploit Apache + PHP < 5.3.12 & < 5.4.2 - cgi-bin Remote Code Execution Exploit Apache + PHP 5.x (< 5.3.12 & < 5.4.2) - Remote Code Execution (Multithreaded Scanner) Apache + PHP < 5.3.12 & < 5.4.2 - Remote Code Execution (Multithreaded Scanner) PHP Multi User Randomizer 2006.09.13 Configure_Plugin.TPL.php Cross-Site Scripting PHP Multi User Randomizer 2006.09.13 - Configure_Plugin.TPL.php Cross-Site Scripting Symantec Multiple Products SPBBCDrv Driver Local Denial of Service Symantec Multiple Products - SPBBCDrv Driver Local Denial of Service Exponent CMS 0.96.5/ 0.96.6 magpie_debug.php url Parameter XSS Exponent CMS 0.96.5/ 0.96.6 magpie_slashbox.php rss_url Parameter XSS Exponent CMS 0.96.5/ 0.96.6 iconspopup.php icodir Variable Traversal Arbitrary Directory Listing Exponent CMS 0.96.5/0.96.6 - magpie_debug.php url Parameter XSS Exponent CMS 0.96.5/0.96.6 - magpie_slashbox.php rss_url Parameter XSS Exponent CMS 0.96.5/0.96.6 - iconspopup.php icodir Variable Traversal Arbitrary Directory Listing Simple OS CMS 0.1c_beta 'login.php' SQL Injection Simple OS CMS 0.1c_beta - 'login.php' SQL Injection WebcamXP 3.72.440/4.05.280 beta /pocketpc camnum Variable Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 beta /show_gallery_pic id Variable Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 beta - /pocketpc camnum Variable Arbitrary Memory Disclosure WebcamXP 3.72.440/4.05.280 beta - /show_gallery_pic id Variable Arbitrary Memory Disclosure Adobe Flash Player 8/ 9.0.x - SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Adobe Flash Player 8/9.0.x - SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution IBM Maximo 4.1/ 5.2 - 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities IBM Maximo 4.1/5.2 - 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities Symantec Multiple Products Client Proxy ActiveX (CLIproxy.dll) Remote Overflow Symantec Multiple Products - Client Proxy ActiveX (CLIproxy.dll) Remote Overflow Blog Ink (Blink) Multiple SQL Injection Vulnerabilities Blog Ink (Blink) - Multiple SQL Injection Vulnerabilities PHP Scripts Now Multiple Products bios.php rank Parameter XSS PHP Scripts Now Multiple Products bios.php rank Parameter SQL Injection PHP Scripts Now Multiple Products - bios.php rank Parameter XSS PHP Scripts Now Multiple Products - bios.php rank Parameter SQL Injection cformsII 11.5/ 13.1 Plugin for WordPress - 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities cformsII 11.5/13.1 Plugin for WordPress - 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities Native Instruments Multiple Products DLL Loading Arbitrary Code Execution Native Instruments Multiple Products - DLL Loading Arbitrary Code Execution PHP 5.x (< 5.6.2) - Bypass disable_functions Exploit (Shellshock) PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock) PHP 5.x (< 5.3.6) 'Zip' Extension - 'zip_fread()' Function Denial of Service PHP 5.x (< 5.3.6) OpenSSL Extension - openssl_encrypt Function Plaintext Data Memory Leak DoS PHP 5.x (< 5.3.6) OpenSSL Extension - openssl_decrypt Function Ciphertext Data Memory Leak DoS PHP < 5.3.6 'Zip' Extension - 'zip_fread()' Function Denial of Service PHP < 5.3.6 OpenSSL Extension - openssl_encrypt Function Plaintext Data Memory Leak DoS PHP < 5.3.6 OpenSSL Extension - openssl_decrypt Function Ciphertext Data Memory Leak DoS ManageEngine Multiple Products Authenticated File Upload ManageEngine Multiple Products - Authenticated File Upload BlueSoft Multiple Products Multiple SQL Injection Vulnerabilities BlueSoft Multiple Products - Multiple SQL Injection Vulnerabilities Ay Computer Multiple Products Multiple SQL Injection Vulnerabilities Ay Computer Multiple Products - Multiple SQL Injection Vulnerabilities net4visions Multiple Products 'dir' parameters Multiple Cross Site Scripting Vulnerabilities net4visions Multiple Products - 'dir' parameters Multiple Cross Site Scripting Vulnerabilities Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Privilege Escalation (Access /etc/shadow) Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Privilege Escalation (Access /etc/shadow) Webify Multiple Products Multiple HTML Injection and Local File Include Vulnerabilities Webify Multiple Products - Multiple HTML Injection and Local File Include Vulnerabilities AirLive Multiple Products OS Command Injection AirLive Multiple Products - OS Command Injection Sciretech Multiple Products Multiple SQL Injection Vulnerabilities Sciretech Multiple Products - Multiple SQL Injection Vulnerabilities AlienVault Open Source SIEM (OSSIM) Multiple Cross Site Scripting Vulnerabilities AlienVault Open Source SIEM (OSSIM) - Multiple Cross Site Scripting Vulnerabilities Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode (394 bytes) Windows x86 - URLDownloadToFileA() + SetFileAttributesA() + WinExec() + ExitProcess() Shellcode (394 bytes) Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution Riverbed SteelCentral NetProfiler/NetExpress - Remote Code Execution Linux/x86-64 - Syscall Persistent Bind Shell + (Multi-terminal) + Password + Daemon (83_ 148_ 177 bytes) Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String Exploit NewsP Free News Script 1.4.7 - User Credentials Disclosure newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure	2016-07-20 05:02:55 +00:00
Offensive Security	acd30ed451	DB: 2016-07-19	2016-07-19 06:38:52 +00:00
Offensive Security	a9e80c57e9	DB: 2016-07-18 ... 164 new exploits Snitz Forums 3.3.03 - Remote Command Execution Exploit CdRecord <= 2.0 - Mandrake Local Root Exploit Snitz Forums 3.3.03 - Remote Command Execution Exploit CdRecord <= 2.0 - Mandrake Local Root Exploit Webfroot Shoutbox < 2.32 (Apache) Remote Exploit Mandrake Linux 8.2 - /usr/mail Local Exploit Microsoft Windows Media Services - (nsiislog.dll) Remote Exploit Microsoft Windows - (RPC DCOM) Remote Exploit (48 Targets) Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit Microsoft Windows - (RPC2) Universal Exploit & DoS (RPC3) (MS03-039) Eudora 6.0.3 Attachment Spoofing Exploit (windows) Redhat 6.2 /sbin/restore - Exploit Oracle (oidldapd connect) Local Command Line Overflow Exploit Redhat 6.2 /sbin/restore - Exploit Oracle (oidldapd connect) Local Command Line Overflow Exploit CVS - Remote Entry Line Root Heap Overflow Exploit UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit CVS - Remote Entry Line Root Heap Overflow Exploit UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit Microsoft Outlook Express Window Opener Microsoft Outlook Express Javascript Execution Microsoft Outlook Express Window Opener Microsoft Outlook Express Javascript Execution Ping of Death Remote Denial of Service Exploit Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022) Microsoft Internet Explorer Overly Trusted Location Cache Exploit Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022) Microsoft Internet Explorer Overly Trusted Location Cache Exploit Apache HTTPd - Arbitrary Long HTTP Headers DoS (C) Microsoft Internet Explorer Remote Null Pointer Crash (mshtml.dll) CVSTrac Remote Arbitrary Code Execution Exploit LibPNG <= 1.2.5 - png_jmpbuf() Local Buffer Overflow Exploit IPD (Integrity Protection Driver) Local Exploit Bird Chat 1.61 - Denial of Service D-Link DCS-900 Camera Remote IP Address Changer Exploit GD Graphics Library Heap Overflow Proof of Concept Exploit vBulletin LAST.php SQL Injection miniBB - Input Validation Hole ('user') phpBB highlight Arbitrary File Upload (Santy.A) Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search) PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion ZeroBoard Worm Source Code Invision Power Board <= 1.3.1 - Login.php SQL Injection Veritas Backup Exec Remote File Access Exploit (windows) ZENworks 6.5 Desktop/Server Management Remote Stack Overflow MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow ZENworks 6.5 Desktop/Server Management Remote Stack Overflow MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow Microsoft Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) PHP-Nuke <= 7.8 - Search Module Remote SQL Injection Exploit SGI IRIX <= 6.5.28 - (runpriv) Design Error Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit Microsoft Internet Explorer 7 Popup Address Bar Spoofing Weakness Microsoft Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit Invision Community Blog Mod 1.2.4 - SQL Injection Microsoft Windows - (MessageBox) Memory Corruption Local Denial of Service Twilight Webserver 1.3.3.0 (GET) Remote Denial of Service Exploit PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit Microsoft Internet Explorer - Recordset Double Free Memory Exploit (MS07-009) phpGalleryScript 1.0 - (init.gallery.php include_class) RFI Md-Pro <= 1.0.8x (Topics topicid) Remote SQL Injection DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service PoC Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BoF Exploit Woltlab Burning Board Addon JGS-Treffen SQL Injection pSys 0.7.0.a (shownews) Remote SQL Injection JAMM CMS (id) Remote Blind SQL Injection Exploit Clever Copy 3.0 (results.php) Remote SQL Injection Exploit GLLCTS2 (listing.php sort) Remote Blind SQL Injection Exploit PHPMyCart (shop.php cat) Remote SQL Injection Cartweaver 3 (prodId) Remote Blind SQL Injection Exploit Oxygen 2.0 (repquote) Remote SQL Injection MyMarket 1.72 - BlindSQL Injection Exploit easyTrade 2.x - (detail.php id) Remote SQL Injection CaupoShop Classic 1.3 - (saArticle[ID]) Remote SQL Injection AcmlmBoard 1.A2 (pow) Remote SQL Injection Catviz 0.4.0 beta1 - Multiple Remote SQL Injection Vulnerabilities DZCP (deV!L_z Clanportal) <= 1.4.9.6 - Blind SQL Injection Exploit Webspell 4 (Auth Bypass) SQL Injection Microsoft Internet Explorer 7 - Memory Corruption PoC (MS09-002) kloxo 5.75 - Multiple Vulnerabilities Microsoft Office Web Components (Spreadsheet) ActiveX BoF PoC PulseAudio setuid - Local Privilege Escalation Exploit PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation PulseAudio setuid - Local Privilege Escalation Exploit PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X) mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X) eWebeditor Directory Traversal eWebeditor ASP Version - Multiple Vulnerabilities Radasm .rap file Local Buffer Overflow Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) (38 bytes) Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) shellcode (38 bytes) Joomla Component com_event - SQL Injection Aix - execve /bin/sh (88 bytes) BSD - Passive Connection Shellcode bsd/PPC - execve /bin/sh (128 bytes) bsd/x86 - setuid/execve shellcode (30 bytes) bsd/x86 - setuid/portbind shellcode (94 bytes) bsd/x86 - execve /bin/sh multiplatform (27 bytes) bsd/x86 - execve /bin/sh setuid (0) (29 bytes) bsd/x86 - portbind port 31337 (83 bytes) bsd/x86 - portbind port random (143 bytes) bsd/x86 - break chroot (45 bytes) bsd/x86 - execve /bin/sh Crypt /bin/sh (49 bytes) bsd/x86 - execve /bin/sh ENCRYPT* (57 bytes) bsd/x86 - connect (93 bytes) bsd/x86 - cat /etc/master.passwd | mail [email] (92 bytes) bsd/x86 - reverse portbind (129 bytes) bsdi/x86 - execve /bin/sh (45 bytes) bsdi/x86 - execve /bin/sh (46 bytes) AIX - execve /bin/sh shellcode (88 bytes) BSD - Passive Connection Shellcode (124 bytes) BSD/PPC - execve /bin/sh shellcode (128 bytes) BSD/x86 - setuid(0) then execve /bin/sh shellcode (30 bytes) BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes) BSD/x86 - execve /bin/sh multiplatform shellcode (27 bytes) BSD/x86 - execve /bin/sh setuid (0) shellcode (29 bytes) BSD/x86 - portbind port 31337 shellcode (83 bytes) BSD/x86 - portbind port random shellcode (143 bytes) BSD/x86 - break chroot shellcode (45 bytes) BSD/x86 - execve /bin/sh Crypt /bin/sh shellcode (49 bytes) BSD/x86 - execve /bin/sh ENCRYPT* shellcode (57 bytes) BSD/x86 - connect torootteam.host.sk:2222 shellcode (93 bytes) BSD/x86 - cat /etc/master.passwd | mail [email] shellcode (92 bytes) BSD/x86 - reverse 6969 portbind shellcode (129 bytes) BSDi/x86 - execve /bin/sh shellcode (45 bytes) BSDi/x86 - execve /bin/sh shellcode (46 bytes) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (1) bsdi/x86 - execve /bin/sh toupper evasion (97 bytes) FreeBSD i386/AMD64 - Execve /bin/sh (Anti-Debugging) freebsd/x86 - setreuid_ execve(pfctl -d) (56 bytes) freebsd/x86 - connect back.send.exit /etc/passwd (112 bytes) freebsd/x86 - kill all processes (12 bytes) freebsd/x86 - rev connect_ recv_ jmp_ return results (90 bytes) freebsd/x86 - /bin/cat /etc/master.passwd (NULL free) (65 bytes) freebsd/x86 - reverse portbind /bin/sh (89 bytes) freebsd/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes) freebsd/x86 - encrypted shellcode /bin/sh (48 bytes) freebsd/x86 - portbind 4883 with auth shellcode freebsd/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes) freebsd/x86 - execve /bin/sh (23 bytes) freebsd/x86 - execve /bin/sh (2) (23 bytes) freebsd/x86 - execve /bin/sh (37 bytes) freebsd/x86 - kldload /tmp/o.o (74 bytes) freebsd/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes) freebsd/x86 - execve /tmp/sh (34 bytes) freebsd/x86 - connect (102 bytes) freebsd/x86-64 - exec(_/bin/sh_) shellcode (31 bytes) freebsd/x86-64 - execve /bin/sh shellcode (34 bytes) Linux/x86 - execve shellcode generator null byte free Linux/x86 - generate portbind payload Windows XP SP1 - portbind payload (Generator) /bin/sh Polymorphic shellcode with printable ASCII characters Linux/x86 - shellcode null free (Generator) Alphanumeric Shellcode Encoder/Decoder HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes) Multi-Format Shellcode Encoding Tool - Beta 2.0 (Win32) (Generator) iOS Version-independent shellcode Cisco IOS - Connectback Shellcode Cisco IOS - Bind Shellcode 1.0 (116 bytes) Cisco IOS - Tiny Shellcode Cisco IOS - Shellcode And Exploitation Techniques (BlackHat) HPUX - execve /bin/sh (58 bytes) Linux/amd64 - flush iptables rules shellcode (84 bytes) Linux/amd64 - connect-back semi-stealth shellcode (88+ bytes) Linux/MIPS (Linksys WRT54G/GL) - port bind shellcode (276 bytes) BSDi/x86 - execve /bin/sh toupper evasion shellcode (97 bytes) FreeBSD i386 & AMD64 - Execve /bin/sh shellcode (Anti-Debugging) (140 bytes) FreeBSD/x86 - setreuid_ execve(pfctl -d) shellcode (56 bytes) FreeBSD/x86 - connect back.send.exit /etc/passwd shellcode (112 bytes) FreeBSD/x86 - kill all processes shellcode (12 bytes) FreeBSD/x86 - rev connect_ recv_ jmp_ return results shellcode (90 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes) FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh shellcode (89 bytes) FreeBSD/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes) FreeBSD/x86 - encrypted shellcode /bin/sh (48 bytes) FreeBSD/x86 - portbind 4883 with auth shellcode (222 bytes) FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes) FreeBSD/x86 - execve /bin/sh shellcode (23 bytes) FreeBSD/x86 - execve /bin/sh shellcode (2) (23 bytes) FreeBSD/x86 - execve /bin/sh shellcode (37 bytes) FreeBSD/x86 - kldload /tmp/o.o shellcode (74 bytes) FreeBSD/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh shellcode (44 bytes) FreeBSD/x86 - execve /tmp/sh shellcode (34 bytes) FreeBSD/x86 - connect (Port 31337) shellcode (102 bytes) FreeBSD/x86-64 - exec(_/bin/sh_) shellcode (31 bytes) FreeBSD/x86-64 - execve /bin/sh shellcode (34 bytes) Linux/x86 - execve shellcode null byte free (Generator) Linux/x86 - portbind payload shellcode (Generator) Windows XP SP1 - portbind payload shellcode (Generator) (Generator) - /bin/sh Polymorphic shellcode with printable ASCII characters Linux/x86 - cmd shellcode null free (Generator) (Generator) - Alphanumeric Shellcode Encoder/Decoder HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes) Win32 - Multi-Format Shellcode Encoding Tool (Generator) iOS - Version-independent shellcode Cisco IOS - Connectback (Port 21) Shellcode Cisco IOS - Bind Shellcode Password Protected (116 bytes) Cisco IOS - Tiny Shellcode (New TTY_ Privilege level to 15_ No password) HPUX - execve /bin/sh shellcode (58 bytes) Linux/x86-64 - flush iptables rules shellcode (84 bytes) Linux/x86-64 - connect-back semi-stealth shellcode (88+ bytes) Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind shellcode (276 bytes) Linux/MIPS - execve /bin/sh (56 bytes) Linux/PPC - execve /bin/sh (60 bytes) Linux/MIPS - execve /bin/sh shellcode (56 bytes) Linux/PPC - execve /bin/sh shellcode (60 bytes) Linux/PPC - connect back execve /bin/sh (240 bytes) Linux/PPC - execve /bin/sh (112 bytes) Linux/SPARC - connect back (216 bytes) Linux/SPARC - portbind port 8975 (284 bytes) Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh shellcode (240 bytes) Linux/PPC - execve /bin/sh shellcode (112 bytes) Linux/SPARC - connect back (192.168.100.1:2313) shellcode (216 bytes) Linux/SPARC - portbind port 8975 shellcode (284 bytes) Linux/x86 - Port Binding Shellcode (xor-encoded) (152 bytes) Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) (34 bytes) Linux/x86 - bindport 8000 & execve iptables -F (176 bytes) Linux/x86 - bindport 8000 & add user with root access (225+ bytes) Linux/x86 - Bind ASM Code Linux (179 bytes) Linux/x86_64 - setuid(0) + execve(/bin/sh) (49 bytes) Serial port shell binding & busybox Launching shellcode Linux/x86 - File unlinker (18+ bytes) Linux/x86 - Perl script execution (99+ bytes) Linux/x86 - file reader (65+ bytes) Linux/x86 - chmod(_/etc/shadow__666) & exit(0) (30 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) shellcode (34 bytes) Linux/x86 - bindport 8000 & execve iptables -F shellcode (176 bytes) Linux/x86 - bindport 8000 & add user with root access shellcode (225+ bytes) Linux/x86 - 8000 Bind Port ASM Code Linux shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) shellcode (49 bytes) Linux/x86 - Serial port shell binding & busybox Launching shellcode (82 bytes) Linux/x86 - File unlinker shellcode (18+ bytes) Linux/x86 - Perl script execution shellcode (99+ bytes) Linux/x86 - file reader shellcode (65+ bytes) Linux/x86 - chmod(_/etc/shadow__666) & exit(0) shellcode (30 bytes) Linux/x86 - PUSH reboot() (30 bytes) Linux/x86 - PUSH reboot() shellcode (30 bytes) Linux/x86 - connect-back port UDP/54321 live packet capture (151 bytes) Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 (295 bytes) Linux/x86 - edit /etc/sudoers for full access (86 bytes) Ho' Detector - Promiscuous mode detector shellcode (56 bytes) Linux/x86 - connect-back port UDP/54321 live packet capture shellcode (151 bytes) Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 shellcode (295 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access shellcode (86 bytes) Linux/x86 - Ho' Detector - Promiscuous mode detector shellcode (56 bytes) Linux/x86 - iopl(3); asm(cli); while(1){} (12 bytes) Linux/x86 - iopl(3); asm(cli); while(1){} shellcode (12 bytes) Linux/x86 - connect back_ download a file and execute (149 bytes) Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode Linux/x86 - connect back.send.exit /etc/shadow (155 bytes) Linux/x86 - writes a php connectback shell to the fs (508 bytes) Linux/x86 - rm -rf / attempts to block the process from being stopped (132 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off (79 bytes) Linux/x86 - raw-socket ICMP/checksum shell (235 bytes) Linux/x86 - /sbin/iptables -F (40 bytes) Linux/x86 - kill all processes (11 bytes) Linux/x86 - connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes) Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode (39 bytes) Linux/x86 - connect back (Port )8192.send.exit /etc/shadow shellcode (155 bytes) Linux/x86 - writes a php connectback shell (/var/www/cb.php) to the filesystem shellcode (508 bytes) Linux/x86 - rm -rf / attempts to block the process from being stopped shellcode (132 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off shellcode (79 bytes) Linux/x86 - raw-socket ICMP/checksum shell shellcode (235 bytes) Linux/x86 - /sbin/iptables -F shellcode (40 bytes) Linux/x86 - kill all processes shellcode (11 bytes) Linux/x86 - /sbin/ipchains -F (40 bytes) Linux/x86 - set system time to 0 and exit (12 bytes) Linux/x86 - add root user r00t with no password to /etc/passwd (69 bytes) Linux/x86 - chmod 0666 /etc/shadow (36 bytes) Linux/x86 - forkbomb (7 bytes) Linux/x86 - /sbin/ipchains -F shellcode (40 bytes) Linux/x86 - set system time to 0 and exit shellcode (12 bytes) Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes) Linux/x86 - chmod 0666 /etc/shadow shellcode (36 bytes) Linux/x86 - forkbomb shellcode (7 bytes) Linux/x86 - setuid(0) + execve(/bin/sh) (28 bytes) Linux/x86 - execve(/bin/sh) (22 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111+ bytes) Linux/x86 - executes command after setreuid (49+ bytes) Linux/x86 - stdin re-open and /bin/sh exec shellcode Linux/x86 - setuid(0) + execve(/bin/sh) shellcode (28 bytes) Linux/x86 - execve(/bin/sh) shellcode (22 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and execve() shellcode (111+ bytes) Linux/x86 - executes command after setreuid shellcode (49+ bytes) Linux/x86 - stdin re-open and /bin/sh exec shellcode (39 bytes) Linux/x86 - setuid/portbind shellcode (96 bytes) Linux/x86 - portbind (define your own port) (84 bytes) Linux/x86 - setuid/portbind (Port 31337) shellcode (96 bytes) Linux/x86 - portbind (2707) shellcode (84 bytes) Linux/x86 - SET_PORT() portbind (100 bytes) Linux/x86 - SET_IP() Connectback Shellcode (82 bytes) Linux/x86 - execve(/bin/sh) (24 bytes) Linux/x86 - xor-encoded Connect Back Shellcode (371 bytes) Linux/x86 - execve(/bin/sh) + ZIP Header (28 bytes) Linux/x86 - execve(/bin/sh) + RTF Header (30 bytes) Linux/x86 - execve(/bin/sh) + RIFF Header (28 bytes) Linux/x86 - execve(/bin/sh) + Bitmap Header (27 bytes) Linux/x86 - SWAP restore shellcode (109 bytes) Linux/x86 - SWAP store shellcode (99 bytes) Linux/x86 - Password Authentication portbind Shellcode (166 bytes) Linux/x86 - portbind (port 64713) (86 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (25 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (23 bytes) Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) (31 bytes) Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) (37 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) (33 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68+ bytes) Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes) Linux/x86 - SET_IP() Connectback (192.168.13.22:31337) Shellcode (82 bytes) Linux/x86 - execve(/bin/sh) shellcode (24 bytes) Linux/x86 - xor-encoded Connect Back (127.0.0.1:80) Shellcode (371 bytes) Linux/x86 - execve(/bin/sh) + ZIP Header shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + RTF Header shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + RIFF Header shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + Bitmap Header shellcode (27 bytes) Linux/x86 - /tmp/swr to SWAP restore shellcode (109 bytes) Linux/x86 - SWAP store from /tmp/sws shellcode (99 bytes) Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes) Linux/x86 - portbind (port 64713) shellcode (86 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (25 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (23 bytes) Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (31 bytes) Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) shellcode (37 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (33 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and JMP shellcode (68+ bytes) Linux/x86 - execve /bin/sh anti-ids (40 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID (41 bytes) Linux/x86 - execve /bin/sh (encoded by +1) (39 bytes) Linux/x86 - Adduser without Password to /etc/passwd (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh (39 bytes) Linux/x86 - Bind /bin/sh to 31337/tcp (80 bytes) Linux/x86 - Bind /bin/sh to 31337/tcp + fork() (98 bytes) Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) (39 bytes) Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() (40 bytes) Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) (45 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() (32 bytes) Linux/x86 - execve /bin/sh anti-ids shellcode (40 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID shellcode (41 bytes) Linux/x86 - execve /bin/sh shellcode (encoded by +1) (39 bytes) Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh shellcode (39 bytes) Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes) Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) shellcode (39 bytes) Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() shellcode (40 bytes) Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) shellcode (45 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() shellcode (32 bytes) Linux/x86 - normal exit with random (so to speak) return value (5 bytes) Linux/x86 - getppid() + execve(/proc/pid/exe) (51 bytes) Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit (4 bytes) Linux/x86 - reboot() (20 bytes) Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) (31 bytes) Linux/x86 - execve(/bin/sh) / PUSH (23 bytes) Linux/x86 - cat /dev/urandom > /dev/console (63 bytes) Linux/x86 - normal exit with random (so to speak) return value shellcode (5 bytes) Linux/x86 - getppid() + execve(/proc/pid/exe) shellcode (51 bytes) Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes) Linux/x86 - reboot() shellcode (20 bytes) Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) shellcode (31 bytes) Linux/x86 - execve(/bin/sh) / PUSH shellcode (23 bytes) Linux/x86 - cat /dev/urandom > /dev/console shellcode (63 bytes) Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); (15 bytes) Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); (29 bytes) Linux/x86 - _exit(1); (7 bytes) Linux/x86 - read(0_buf_2541); chmod(buf_4755); (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) (36 bytes) Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); shellcode (15 bytes) Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); shellcode (29 bytes) Linux/x86 - _exit(1); shellcode (7 bytes) Linux/x86 - read(0_buf_2541); chmod(buf_4755); shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) shellcode (36 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload (21 bytes) Linux/x86 - examples of long-term payloads hide-wait-change (.s) (187+ bytes) Linux/x86 - examples of long-term payloads hide-wait-change (187+ bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload (45 bytes) Linux/x86 - chroot & standart (66 bytes) Linux/x86 - upload & exec (189 bytes) Linux/x86 - setreuid/execve (31 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload shellcode (21 bytes) Linux/x86 - examples of long-term payloads hide-wait-change shellcode (.s) (187+ bytes) Linux/x86 - examples of long-term payloads hide-wait-change shellcode (187+ bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (45 bytes) Linux/x86 - chroot & standart shellcode (66 bytes) Linux/x86 - upload & exec shellcode (189 bytes) Linux/x86 - setreuid/execve shellcode (31 bytes) Linux/x86 - Radically Self Modifying Code (70 bytes) Linux/x86 - Magic Byte Self Modifying Code (76 bytes) Linux/x86 - execve code (23 bytes) Linux/x86 - execve(_/bin/ash__0_0); (21 bytes) Linux/x86 - execve /bin/sh alphanumeric (392 bytes) Linux/x86 - execve /bin/sh IA32 0xff-less (45 bytes) Linux/x86 - symlink /bin/sh xoring (56 bytes) Linux/x86 - portbind port 5074 toupper (226 bytes) Linux/x86 - add user t00r ENCRYPT (116 bytes) Linux/x86 - chmod 666 shadow ENCRYPT (75 bytes) Linux/x86 - symlink . /bin/sh (32 bytes) Linux/x86 - kill snort (151 bytes) Linux/x86 - shared memory exec (50 bytes) Linux/x86 - iptables -F (45 bytes) Linux/x86 - iptables -F (58 bytes) Linux/x86 - Reverse telnet (134 bytes) Linux/x86 - connect (120 bytes) Linux/x86 - chmod 666 /etc/shadow (41 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy (126 bytes) Linux/x86 - eject /dev/cdrom (64 bytes) Linux/x86 - xterm -ut -display [IP]:0 (132 bytes) Linux/x86 - ipchains -F (49 bytes) Linux/x86 - chmod 666 /etc/shadow (82 bytes) Linux/x86 - execve /bin/sh (29 bytes) Linux/x86 - execve /bin/sh (24 bytes) Linux/x86 - execve /bin/sh (38 bytes) Linux/x86 - execve /bin/sh (30 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) (50 bytes) Linux/x86 - portbind port 5074 (92 bytes) Linux/x86 - portbind port 5074 + fork() (130 bytes) Linux/x86 - add user t00r (82 bytes) Linux/x86 - add user (104 bytes) Linux/x86 - break chroot (34 bytes) Linux/x86 - break chroot (46 bytes) Linux/x86 - break chroot execve /bin/sh (80 bytes) Linux/x86 - execve /bin/sh encrypted (58 bytes) Linux/x86 - execve /bin/sh xor encrypted (55 bytes) Linux/x86 - execve /bin/sh tolower() evasion (41 bytes) execve of /bin/sh after setreuid(0_0) Linux - chroot()/execve() code (80 bytes) Linux/x86 - execve /bin/sh toupper() evasion (55 bytes) Linux/x86 - add user (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh (132 bytes) Linux/x86_64 - bindshell port:4444 shellcode (132 bytes) Linux/x86_64 - execve(/bin/sh) (33 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes) OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes) Linux/x86 & unix/SPARC & irix/mips - execve /bin/sh irx.mips (141 bytes) Linux/x86 & unix/SPARC - execve /bin/sh (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh (38 bytes) netbsd/x86 - kill all processes shellcode (23 bytes) netbsd/x86 - callback shellcode (port 6666) (83 bytes) netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes) netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes) netbsd/x86 - execve /bin/sh (68 bytes) openbsd/x86 - execve(/bin/sh) (23 bytes) openbsd/x86 - portbind port 6969 (148 bytes) openbsd/x86 - add user w00w00 (112 bytes) OS-X/ppc - sync()_ reboot() (32 bytes) OS-X/PPC - execve(/bin/sh)_ exit() (72 bytes) OS-X/PPC - Add user r00t (219 bytes) OS-X/PPC - execve /bin/sh (72 bytes) OS-X/PPC - add inetd backdoor (222 bytes) OS-X/PPC - reboot (28 bytes) OS-X/PPC - setuid(0) + execve /bin/sh (88 bytes) OS-X/PPC - create /tmp/suid (122 bytes) OS-X/PPC - simple write() (75 bytes) OS-X/PPC - execve /usr/X11R6/bin/xterm (141 bytes) sco/x86 - execve(_/bin/sh__ ..._ NULL); (43 bytes) Solaris/SPARC - download and execute (278 bytes) Solaris/SPARC - executes command after setreuid (92+ bytes) Solaris/SPARC - connect-back (with XNOR encoded session) (600 bytes) Solaris/SPARC - setreuid/execve (56 bytes) Solaris/SPARC - portbind (port 6666) (240 bytes) Solaris/SPARC - execve /bin/sh (52 bytes) Solaris/SPARC - portbind port 6789 (228 bytes) Solaris/SPARC - connect-back (204 bytes) Solaris/SPARC - portbinding shellcode Linux/x86 - Radically Self Modifying Code shellcode (70 bytes) Linux/x86 - Magic Byte Self Modifying Code shellcode (76 bytes) Linux/x86 - execve code shellcode (23 bytes) Linux/x86 - execve(_/bin/ash__0_0); shellcode (21 bytes) Linux/x86 - execve /bin/sh alphanumeric shellcode (392 bytes) Linux/x86 - execve /bin/sh IA32 0xff-less shellcode (45 bytes) Linux/x86 - symlink /bin/sh xoring shellcode (56 bytes) Linux/x86 - portbind port 5074 toupper shellcode (226 bytes) Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes) Linux/x86 - chmod 666 shadow ENCRYPT shellcode (75 bytes) Linux/x86 - symlink . /bin/sh shellcode (32 bytes) Linux/x86 - kill snort shellcode (151 bytes) Linux/x86 - shared memory exec shellcode (50 bytes) Linux/x86 - iptables -F shellcode (45 bytes) Linux/x86 - iptables -F shellcode (58 bytes) Linux/x86 - Reverse telnet shellcode (134 bytes) Linux/x86 - connect shellcode (120 bytes) Linux/x86 - chmod 666 /etc/shadow shellcode (41 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy shellcode (126 bytes) Linux/x86 - eject /dev/cdrom shellcode (64 bytes) Linux/x86 - xterm -ut -display [IP]:0 shellcode (132 bytes) Linux/x86 - ipchains -F shellcode (49 bytes) Linux/x86 - chmod 666 /etc/shadow shellcode (82 bytes) Linux/x86 - execve /bin/sh shellcode (29 bytes) Linux/x86 - execve /bin/sh shellcode (24 bytes) Linux/x86 - execve /bin/sh shellcode (38 bytes) Linux/x86 - execve /bin/sh shellcode (30 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) shellcode (50 bytes) Linux/x86 - portbind port 5074 shellcode (92 bytes) Linux/x86 - portbind port 5074 + fork() shellcode (130 bytes) Linux/x86 - Add user _t00r_ shellcode (82 bytes) Linux/x86 - Add user shellcode (104 bytes) Linux/x86 - break chroot shellcode (34 bytes) Linux/x86 - break chroot shellcode (46 bytes) Linux/x86 - break chroot execve /bin/sh shellcode (80 bytes) Linux/x86 - execve /bin/sh encrypted shellcode (58 bytes) Linux/x86 - execve /bin/sh xor encrypted shellcode (55 bytes) Linux/x86 - execve /bin/sh tolower() evasion shellcode (41 bytes) Linux/x86 - execve of /bin/sh after setreuid(0_0) shellcode (46+ bytes) Linux/x86 - chroot()/execve() code shellcode (80 bytes) Linux/x86 - execve /bin/sh toupper() evasion shellcode (55 bytes) Linux/x86 - Add user _z_ shellcode (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh shellcode (132 bytes) Linux/x86-64 - bindshell port:4444 shellcode (132 bytes) Linux/x86-64 - execve(/bin/sh) shellcode (33 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (99 bytes) OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (121 bytes) Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh shellcode (141 bytes) Linux/x86 & Unix/SPARC - execve /bin/sh shellcode (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh shellcode (38 bytes) NetBSD/x86 - kill all processes shellcode (23 bytes) NetBSD/x86 - callback shellcode (port 6666) (83 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (30 bytes) NetBSD/x86 - execve /bin/sh shellcode (68 bytes) OpenBSD/x86 - execve(/bin/sh) ( shellcode 23 bytes) OpenBSD/x86 - portbind port 6969 shellcode (148 bytes) OpenBSD/x86 - Add user _w00w00_ (112 shellcode bytes) OS-X/PPC - sync()_ reboot() shellcode (32 bytes) OS-X/PPC - execve(/bin/sh)_ exit() shellcode (72 bytes) OS-X/PPC - Add user _r00t_ shellcode (219 bytes) OS-X/PPC - execve /bin/sh shellcode (72 bytes) OS-X/PPC - Add inetd backdoor shellcode (222 bytes) OS-X/PPC - reboot shellcode (28 bytes) OS-X/PPC - setuid(0) + execve /bin/sh shellcode (88 bytes) OS-X/PPC - create /tmp/suid shellcode (122 bytes) OS-X/PPC - simple write() shellcode (75 bytes) OS-X/PPC - execve /usr/X11R6/bin/xterm shellcode (141 bytes) SCO/x86 - execve(_/bin/sh__ ..._ NULL); shellcode (43 bytes) Solaris/SPARC - download and execute shellcode (278 bytes) Solaris/SPARC - executes command after setreuid shellcode (92+ bytes) Solaris/SPARC - connect-back (with XNOR encoded session) shellcode (600 bytes) Solaris/SPARC - setreuid/execve shellcode (56 bytes) Solaris/SPARC - portbind (port 6666) shellcode (240 bytes) Solaris/SPARC - execve /bin/sh shellcode (52 bytes) Solaris/SPARC - portbind port 6789 shellcode (228 bytes) Solaris/SPARC - connect-bac shellcode k (204 bytes) Solaris/SPARC - portbinding shellcode (240 bytes) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes) Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes) Solaris/x86 - execve /bin/sh toupper evasion (84 bytes) Solaris/x86 - add services and execve inetd (201 bytes) Unixware - execve /bin/sh (95 bytes) Windows 5.0 < 7.0 x86 - null-free bindshell Win32/XP SP2 (EN) - cmd.exe (23 bytes) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes) Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) shellcode (59 bytes) Solaris/x86 - execve /bin/sh toupper evasion shellcode (84 bytes) Solaris/x86 - Add services and execve inetd shellcode (201 bytes) UnixWare - execve /bin/sh shellcode (95 bytes) Windows 5.0 < 7.0 x86 - null-free bindshell shellcode Win32/XP SP2 (EN) - cmd.exe shellcode (23 bytes) Win32 -SEH omelet shellcode Win32 - telnetbind by Winexec (111 bytes) Win32 - PEB!NtGlobalFlags shellcode (14 bytes) Win32 XP SP2 FR - Sellcode cmd.exe (32 bytes) Win32/XP SP2 - cmd.exe (57 bytes) Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes) Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) (49 bytes) Win32 - connectback_ receive_ save and execute shellcode Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Tiny Download and Exec Shellcode (192 bytes) Win32 - download and execute (124 bytes) Win32 (NT/XP) - IsDebuggerPresent ShellCode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box (110 bytes) Win32 - WinExec() Command Parameter (104+ bytes) Win32 - Download & Exec Shellcode (226+ bytes) Windows NT/2000/XP - useradd shellcode for russian systems (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes) Windows 9x/NT/2000/XP - PEB method (29 bytes) Windows 9x/NT/2000/XP - PEB method (31 bytes) Windows 9x/NT/2000/XP - PEB method (35 bytes) Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes) Windows XP/2000/2003 - Download File and Exec (241 bytes) Windows XP - download and exec source Windows XP SP1 - Portshell on port 58821 (116 bytes) Windows - (DCOM RPC2) Universal Shellcode Win64 - (URLDownloadToFileA) download and execute (218+ bytes) Linux/x86 - kill all processes (9 bytes) Linux - setuid(0) & execve(_/sbin/poweroff -f_) (47 bytes) Linux - setuid(0) and cat /etc/shadow Linux - chmod(/etc/shadow_ 0666) & exit() (33 bytes) Linux - Linux/x86 execve() (51bytes) Win32 - SEH omelet shellcode Win32 - telnetbind by Winexec shellcode (111 bytes) Win32 - PEB!NtGlobalFlags shellcode (14 bytes) Win32 XP SP2 FR - Sellcode cmd.exe shellcode (32 bytes) Win32/XP SP2 - cmd.exe shellcode (57 bytes) Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric shellcode (67 bytes) Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) shellcode (49 bytes) Win32 - connectback_ receive_ save and execute shellcode Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Tiny Download and Exec Shellcode (192 bytes) Win32 - download and execute shellcode (124 bytes) Win32/NT/XP - IsDebuggerPresent ShellCode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box shellcode (110 bytes) Win32 - WinExec() Command Parameter shellcode (104+ bytes) Win32 - Download & Exec Shellcode (226+ bytes) Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes) Windows 9x/NT/2000/XP - PEB method shellcode (29 bytes) Windows 9x/NT/2000/XP - PEB method shellcode (31 bytes) Windows 9x/NT/2000/XP - PEB method shellcode (35 bytes) Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes) Windows XP/2000/2003 - Download File and Exec shellcode (241 bytes) Windows XP - download and exec source shellcode Windows XP SP1 - Portshell on port 58821 shellcode (116 bytes) Windows - (DCOM RPC2) Universal Shellcode Win64 - (URLDownloadToFileA) download and execute shellcode (218+ bytes) Linux/x86 - kill all processes shellcode (9 bytes) Linux/x86 - setuid(0) & execve(_/sbin/poweroff -f_) shellcode (47 bytes) Linux/x86 - setuid(0) and cat /etc/shadow shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) & exit() shellcode (33 bytes) Linux/x86 - Linux/x86 execve() shellcode (51 bytes) Windows XP SP2 - PEB ISbeingdebugged shellcode Linux/x86 - overwrite MBR on /dev/sda with _LOL!' (43 bytes) Win32 XP SP3 - ShellExecuteA shellcode Linux - setreuid (0_0) & execve(/bin/rm /etc/shadow) Win32 XP SP3 - addFirewallRule freebsd/x86 - portbind shellcode (167 bytes) Win32/XP SP2 - calc.exe (45 bytes) Linux/x86 - unlink(/etc/passwd) & exit() (35 bytes) Win32/XP SP2 (EN + AR) - cmd.exe (23 bytes) Linux/x86 - chmod 666 /etc/shadow (27 bytes) Linux/x86 - break chroot (79 bytes) Linux/x86 - fork bomb (6 bytes) Linux/x86 - append _/etc/passwd_ & exit() (107 bytes) Windows XP SP2 - PEB ISbeingdebugged shellcode (56 bytes) Linux/x86 - overwrite MBR on /dev/sda with _LOL!' shellcode (43 bytes) Win32 XP SP3 - ShellExecuteA shellcode Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) shellcode Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 shellcode FreeBSD/x86 - portbind (Port 1337) shellcode (167 bytes) Win32/XP SP2 - calc.exe shellcode (45 bytes) Linux/x86 - unlink(/etc/passwd) & exit() shellcode (35 bytes) Win32/XP SP2 (EN + AR) - cmd.exe shellcode (23 bytes) Linux/x86 - chmod 666 /etc/shadow shellcode (27 bytes) Linux/x86 - break chroot shellcode (79 bytes) Linux/x86 - fork bomb shellcode (6 bytes) Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes) Linux/x86 - eject /dev/cdrom (42 bytes) Win32 XP SP2 FR - calc (19 bytes) Linux/x86 - eject /dev/cdrom shellcode (42 bytes) Win32 XP SP2 FR - calc shellcode (19 bytes) Linux/x86 - ip6tables -F (47 bytes) Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes) Linux i686 - pacman -R <package> (59 bytes) Linux - bin/cat /etc/passwd (43 bytes) Win32 XP SP3 English - cmd.exe (26 bytes) Win32 XP SP2 Turkish - cmd.exe (26 bytes) Linux/x86 - /bin/sh (8 bytes) Linux/x86 - execve /bin/sh (21 bytes) Windows XP Home Edition SP2 English - calc.exe (37 bytes) Windows XP Home Edition SP3 English - calc.exe (37 bytes) Linux/x86 - disabled modsecurity (64 bytes) Win32 - JITed stage-0 shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Linux/x86 - ip6tables -F shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) shellcode (64 bytes) Linux/i686 - pacman -R <package> shellcode (59 bytes) Linux/x86 - bin/cat /etc/passwd shellcode (43 bytes) Win32 XP SP3 English - cmd.exe shellcode (26 bytes) Win32 XP SP2 Turkish - cmd.exe shellcode (26 bytes) Linux/x86 - /bin/sh shellcode (8 bytes) Linux/x86 - execve /bin/sh shellcode (21 bytes) Windows XP Home Edition SP2 English - calc.exe shellcode (37 bytes) Windows XP Home Edition SP3 English - calc.exe shellcode (37 bytes) Linux/x86 - disabled modsecurity shellcode (64 bytes) Win32 - JITed stage-0 shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes) Win32 - MessageBox (Metasploit) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes) Win32 - MessageBox shellcode (Metasploit) chmod(_/etc/shadow__ 0666) shellcode (36 bytes) execve(_/bin/sh_) shellcode (25 bytes) DoS-Badger-Game shellcode (6 bytes) SLoc-DoS shellcode (55 bytes) execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) chmod(_/etc/shadow__ 0777) Shellcode(33 bytes) chmod(_/etc/shadow__ 0777) shellcode (29 bytes) Linux/x86 - chmod(_/etc/shadow__ 0666) shellcode (36 bytes) Linux/x86-64 - execve(_/bin/sh_) shellcode (25 bytes) Linux/x86 - DoS-Badger-Game shellcode (6 bytes) Linux/x86 - SLoc-DoS shellcode (55 bytes) Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) shellcode (29 bytes) Linux/x86 - polymorphic forkbombe (30 bytes) Linux/x86 - forkbomb setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86_64 - reboot(POWER_OFF) shellcode (19 bytes) Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes) Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) (33 bytes) Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes) Windows XP SP2 FR - Download and Exec Shellcode Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes) Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) (27 bytes) Linux/x86 - polymorphic forkbombe shellcode (30 bytes) Linux/x86 - forkbomb shellcode (6 bytes) Linux/x86 - setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86-64 - reboot(POWER_OFF) shellcode (19 bytes) Linux/x86-64 - execve(_/bin/sh_); shellcode (30 bytes) Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) shellcode (33 bytes) Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) shellcode (57 bytes) Windows XP SP2 FR - Download and Exec Shellcode Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); shellcode (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) shellcode (45 bytes) Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) shellcode (27 bytes) Solaris/x86 - Reboot() (37 bytes) Solaris/x86 - Remote Download file (79 bytes) Linux/x86 - Disable randomize stack addresse (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83 Solaris/x86 - Reboot() shellcode (37 bytes) Solaris/x86 - Remote Download file shellcode (79 bytes) Linux/x86 - Disable randomize stack addresse shellcode (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes) Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes) Linux/x86 - Shellcode Polymorphic - setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes) change mode 0777 of _/etc/shadow_ with sys_chmod syscall (39 bytes) Linux/x86 - kill all running process (11 bytes) change mode 0777 of _/etc/passwd_ with sys_chmod syscall (39 bytes) Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes) Linux/x86 - Polymorphic setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes) Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes) Linux/x86 - kill all running process shellcode (11 bytes) Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - hard / unclean reboot (29 bytes) Linux/x86 - hard / unclean reboot (33 bytes) Solaris/x86 - SystemV killall command (39 bytes) Linux/x86 - hard / unclean reboot shellcode (29 bytes) Linux/x86 - hard / unclean reboot shellcode (33 bytes) Solaris/x86 - SystemV killall command shellcode (39 bytes) Linux/x86 - give all user root access when execute /bin/sh (45 bytes) Linux/x86 - give all user root access when execute /bin/sh shellcode (45 bytes) Linux/x86 - netcat connect back port 8080 (76 bytes) Linux/x86 - netcat connect back port 8080 shellcode (76 bytes) Windows - MessageBoxA Shellcode Windows - MessageBoxA Shellcode (238 bytes) Solaris/x86 - Sync() & reboot() & exit(0) (48 bytes) Solaris/x86 - Sync() & reboot() & exit(0) shellcode (48 bytes) Linux/x86_64 - Disable ASLR Security (143 bytes) Linux/x86-64 - Disable ASLR Security shellcode (143 bytes) Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) (131 bytes) Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) shellcode (131 bytes) Linux/x86_64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes) Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) shellcode (63 bytes) Linux/x86_64 - Add root user with password (390 bytes) Linux/x86-64 - Add root user _shell-storm_ with password _leet_ shellcode (390 bytes) Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess (176+ bytes) Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess shellcode (176+ bytes) Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes) Linux/ARM - setuid(0) & kill(-1_ SIGKILL) shellcode (28 bytes) Linux/ARM - execve(_/bin/sh___/bin/sh__0) (30 bytes) Linux/ARM - execve(_/bin/sh___/bin/sh__0) shellcode (30 bytes) Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) (84 bytes) Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) shellcode (84 bytes) Linux/ARM - Disable ASLR Security (102 bytes) Linux/ARM - Disable ASLR Security shellcode (102 bytes) Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded (78 bytes) Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded shellcode (78 bytes) Linux/x86 - bind shell port 64533 (97 bytes) Linux/x86 - bind shell port 64533 shellcode (97 bytes) Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode (161 bytes) Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes) Linux - 125 bind port to 6778 XOR encoded polymorphic Linux - 125 bind port to 6778 XOR encoded polymorphic shellcode (125 bytes) Linux - nc -lp 31337 -e /bin//sh polymorphic shellcode (91 bytes) Linux - _nc -lp 31337 -e /bin//sh_ polymorphic shellcode (91 bytes) Win32 - Write-to-file Shellcode Win32 - Write-to-file Shellcode (278 bytes) Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) shellcode (49 bytes) Linux/x86 - netcat bindshell port 8080 (75 bytes) Linux/x86 - netcat bindshell port 8080 shellcode (75 bytes) Mini-Stream RM-MP3 Converter 3.1.2.1 - (.pls) Stack Buffer Overflow universal PHP-Nuke 8.1 SEO Arabic - Remote File Include bds/x86 - bindshell on port 2525 shellcode (167 bytes) BSD/x86 - bindshell on port 2525 shellcode (167 bytes) Win32 - Shellcode Checksum Routine (18 bytes) Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) (27 bytes) Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (27 bytes) Integard Home and Pro 2 - Remote HTTP Buffer Overflow Exploit Audiotran 1.4.2.4 SEH Overflow Exploit Joomla Component (com_elite_experts) SQL Injection Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes) Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes) Traidnt UP - Cross-Site Request Forgery Add Admin Account Allpc 2.5 osCommerce - (SQL/XSS) Multiple Vulnerabilities Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes) Win32 - add new local administrator (326 bytes) Win32/XP Pro SP3 (EN) 32-bit - Add new local administrator _secuid0_ shellcode (113 bytes) Win32 - Add new local administrator shellcode _secuid0_ (326 bytes) HP Data Protector Media Operations NULL Pointer Dereference Remote DoS AnyDVD <= 6.7.1.0 - Denial of Service ARM - Bindshell port 0x1337 ARM - Bind Connect UDP Port 68 ARM - Loader Port 0x1337 ARM - ifconfig eth0 and Assign Address ARM - Bindshell port 0x1337shellcode ARM - Bind Connect UDP Port 68 shellcode ARM - Loader Port 0x1337 shellcode ARM - ifconfig eth0 and Assign Address 192.168.0.2 shellcode Linux/ARM - add root user with password (151 bytes) Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes) OS-X/Intel - setuid shell x86_64 (51 bytes) OS-X/Intel - setuid shell x86_64 shellcode (51 bytes) Create a New User with UID 0 - ARM (Metasploit) ARM - Create a New User with UID 0 shellcode (Metasploit) (Generator) (66+ bytes) Windows Win32k Pointer Dereferencement PoC (MS10-098) Win32 - speaking shellcode bds/x86 - connect back Shellcode (81 bytes) bds/x86 - portbind + fork shellcode (111 bytes) bsd/x86 - connect back Shellcode (81 bytes) BSD/x86 - 31337 portbind + fork shellcode (111 bytes) Win32 - eggsearch shellcode (33 bytes) Arkeia Backup Client Type 77 - Overflow (Win32) Oracle 9i XDB FTP PASS Overflow (Win32) SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow SHTTPD <= 1.34 - URI-Encoded POST Request Overflow (Win32) Icecast <= 2.0.1 - Header Overwrite (Win32) McAfee ePolicy Orchestrator / ProtectionPilot Overflow Oracle 9i XDB HTTP PASS Overflow (Win32) Linux/SuperH - sh4 - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) (43 bytes) Linux/SuperH (sh4) - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) shellcode (43 bytes) Linux/x86 - netcat bindshell port 6666 (69 bytes) Linux/x86 - netcat bindshell port 6666 shellcode (69 bytes) OS-X/Intel - reverse_tcp shell x86_64 (131 bytes) OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes) Windows - WinExec add new local administrator + ExitProcess Shellcode (279 bytes) Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes) Linux/x86 - ASLR deactivation (83 bytes) Linux/x86 - ASLR deactivation shellcode (83 bytes) Linux/x86 - ConnectBack with SSL connection (422 bytes) Linux/x86 - ConnectBack with SSL connection shellcode (422 bytes) SuperH (sh4) - Add root user with password (143 bytes) Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes) Win32/PerfectXp-pc1/SP3 TR - Add Admin Shellcode (112 bytes) Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes) Linux/MIPS - execve (52 bytes) Linux/MIPS - execve shellcode (52 bytes) QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS Linux/SuperH - sh4 - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) (27 bytes) Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) shellcode (27 bytes) Linux/MIPS - execve /bin/sh (48 bytes) Linux/MIPS - add user(UID 0) with password (164 bytes) Linux/MIPS - execve /bin/sh shellcode (48 bytes) Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes) Linux/x86_64 - execve(/bin/sh) (52 bytes) Linux/x86-64 - execve(/bin/sh) shellcode (52 bytes) Linux/MIPS - reboot() (32 bytes) Linux/MIPS - reboot() shellcode (32 bytes) GdiDrawStream BSoD using Safari Linux/x86 - Polymorphic ShellCode - setuid(0)+setgid(0)+add user 'iph' without password to /etc/passwd Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd Linux/x86 - Search For php/html Writable Files and Add Your Code (380+ bytes) Linux/x86 - Search For php/html Writable Files and Add Your Code shellcode (380+ bytes) Linux/x86_64 - add user with passwd (189 bytes) Linux/x86-64 - Add user _t0r_ with password _Winner_ shellcode (189 bytes) Linux/x86 - execve(/bin/dash) (42 bytes) Linux/x86 - execve(/bin/dash) shellcode (42 bytes) Linux/x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes) Linux/x86 - chmod 666 /etc/passwd & /etc/shadow shellcode (57 bytes) Microsoft Windows Kernel - Intel x64 SYSRET PoC Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) (72 bytes) Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) (41 bytes) Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) shellcode (72 bytes) Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (30 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) shellcode (41 bytes) Windows XP Pro SP3 - Full ROP calc shellcode Windows XP Pro SP3 - Full ROP calc shellcode (428 bytes) Novell Client 2 SP3 - nicm.sys Local Privilege Escalation MIPS Little Endian - Shellcode MIPS - (Little Endian) system() Shellcode (80 bytes) Windows RT ARM - Bind Shell (Port 4444) Windows RT ARM - Bind Shell (Port 4444) shellcode Linux Kernel <= 3.7.6 (Redhat x86/x64) - 'MSR' Driver Local Privilege Escalation Linux/x86 - Multi-Egghunter Linux/x86 - Multi-Egghunter shellcode MIPS Little Endian - Reverse Shell Shellcode (Linux) Linux/MIPS - (Little Endian) Reverse Shell (192.168.1.177:31337) Shellcode (200 bytes) Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation Windows - Add Admin User Shellcode (194 bytes) Windows - Add Admin User _BroK3n_ Shellcode (194 bytes) Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035) OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - ptrace/sysret Local Privilege Escalation MQAC.sys Arbitrary Write Privilege Escalation Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes) Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh shellcode (378 bytes) VirtualBox 3D Acceleration Virtual Machine Escape Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes) Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes) Connect Back (139 bytes) Linux/x86-64 - Connect Back shellcode (139 bytes) Linux/x86 - Add map in /etc/hosts file Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) shellcode (77 bytes) Microsoft Bluetooth Personal Area Networking - (BthPan.sys) Privilege Escalation MS14-060 Microsoft Windows OLE Package Manager Code Execution Position independent & Alphanumeric 64-bit execve(_/bin/sh\0__NULL_NULL); (87 bytes) Linux/x86-64 - Position independent & Alphanumeric execve(_/bin/sh\0__NULL_NULL); shellcode (87 bytes) Offset2lib: Bypassing Full ASLR On 64 bit Linux Linux/x86 - rmdir (37 bytes) Linux/x86 - rmdir shellcode (37 bytes) Linux/x64 - Bind TCP port shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password) Linux/x64 - Reverse TCP connect (77 to 85 bytes / 90 to 98 bytes with password) Linux/x86-64 - Reverse TCP connect shellcode (77 to 85 bytes / 90 to 98 bytes with password) RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Linux/MIPS - execve (36 bytes) Linux/MIPS - execve /bin/sh shellcode (36 bytes) Windows XP x86-64 - Download & execute (Generator) Windows XP x86-64 - Download & execute shellcode (Generator) Linux Kernel <= 3.17.5 - IRET Instruction #SS Fault Handling Crash PoC Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow (55 bytes) Linux/MIPS - (Little Endian) Chmod 666 /etc/shadow shellcode (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd shellcode (55 bytes) Reads Data From /etc/passwd To /tmp/outfile (118 bytes) Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile shellcode (118 bytes) Linux/x86 - ROT13 encoded execve(_/bin/sh_) (68 bytes) Linux/x86 - ROT13 encoded execve(_/bin/sh_) shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated (84 bytes) Linux/x86 - Obfuscated map google.com to 127.1.1.1 (98 bytes) Linux/x86 - Obfuscated execve(_/bin/sh_) (40 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated shellcode (84 bytes) Linux/x86 - Obfuscated map google.com to 127.1.1.1 shellcode (98 bytes) Linux/x86 - Obfuscated execve(_/bin/sh_) shellcode (40 bytes) Linux/x86 - Reverse TCP Shell (72 bytes) Linux/x86 - TCP Bind Shell (96 bytes) Linux/x86 - Reverse TCP Shell shellcode (72 bytes) Linux/x86 - TCP Bind Shel shellcode l (96 bytes) Linux - Disable ASLR (84 bytes) Linux/x86 - Disable ASLR shellcode (84 bytes) Linux/x86 - Egg-hunter (20 bytes) Linux/x86 - Egg-hunter shellcode (20 bytes) Create 'my.txt' Working Directory (37 bytes) Linux/x86 - Create 'my.txt' Working Directory shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) (49 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) shellcode (49 bytes) Win32/XP SP3 - Create (_file.txt_) (83 bytes) Win32/XP SP3 - Restart computer Linux - custom execve-shellcode Encoder/Decoder Win32/XP SP3 - Create (_file.txt_) shellcode (83 bytes) Win32/XP SP3 - Restart computer shellcode (57 bytes) Linux/x86 - custom execve-shellcode Encoder/Decoder Linux/x86_64 - Execve /bin/sh Shellcode Via Push (23 bytes) Linux/x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes) Linux/x86 - exit(0) (6 bytes) Linux/x86 - exit(0) shellcode (6 bytes) Windows 8.0 < 8.1 x64 - TrackPopupMenu Privilege Escalation (MS14-058) Linux/x86 - chmod() 777 /etc/shadow & exit() (33 bytes) Linux/x86 - chmod() 777 /etc/shadow & exit() shellcode (33 bytes) Linux/x86 - /etc/passwd Reader (58 bytes) Linux/x86 - /etc/passwd Reader shellcode (58 bytes) Linux/x86 - mkdir HACK & chmod 777 and exit(0) (29 bytes) Linux/x86 - Netcat BindShell Port 5555 (60 bytes) Linux/x86 - mkdir HACK & chmod 777 and exit(0) shellcode (29 bytes) Linux/x86 - Netcat BindShell Port 5555 shellcode (60 bytes) Linux/x86_64 - execve(/bin/sh) (30 bytes) Linux/x86-64 - execve(/bin/sh) shellcode (30 bytes) Linux/x86 - Download & Execute Linux/x86 - Reboot (28 bytes) Linux/x86 - Download & Execute shellcode Linux/x86 - Reboot shellcode (28 bytes) Linux/x86 - execve /bin/sh (23 bytes) Linux/x86 - execve /bin/sh shellcode (23 bytes) Linux 64bit - Encoded execve shellcode Linux/x86-64 - Encoded execve shellcode (57 bytes) encoded 64 bit execve shellcode Linux/x86-64 - encoded execve shellcode (57 bytes) Win32/XP SP3 (TR) - MessageBox (24 bytes) Win32/XP SP3 (TR) - MessageBox shellcode (24 bytes) Windows XP SP3 x86 / 2003 SP2 x86 - NDProxy Privilege Escalation (MS14-002) Windows x86 - user32!MessageBox _Hello World!_ Null-Free (199 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes) Symantec Endpoint Protection Manager Authentication Bypass and Code Execution Adobe Flash XMLSocket Destructor Not Cleared Before Setting User Data in connect Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash Shared Object Type Confusion Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash Shared Object Type Confusion Windows 2003 x64 - Token Stealing shellcode (59 bytes) OS-X x64 - /bin/sh Shellcode - NULL Byte Free (34 bytes) OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes) Mainframe/System Z - Bind Shell Mainframe/System Z - Bind Shell shellcode (2488 bytes) ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC Linux/x86 - execve(/bin/bash) (31 bytes) Linux/x86 - execve(/bin/bash) shellcode (31 bytes) Linux/x86 - Create file with permission 7775 and exit (Shell Generator) Linux/x86 - Create file with permission 7775 and exit shellcode (Generator) Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) (75 bytes) Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) shellcode (75 bytes) OS-X x64 - tcp bind shellcode_ NULL byte free (144 bytes) OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes) Linux/x86_64 - /bin/sh Linux/x86-64 - /bin/sh shellcode Android Shellcode Telnetd with Parameters Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes) Microsoft Windows - Font Driver Buffer Overflow (MS15-078) Linux/x86_64 - execve Shellcode (22 bytes) Linux/x86-64 - execve Shellcode (22 bytes) Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Windows Kernel - DeferWindowPos Use-After-Free (MS15-073) Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073) Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061) Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061) Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061) Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Windows Kernel - DeferWindowPos Use-After-Free (MS15-073) Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073) Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061) Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061) Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061) Windows Kernel - WindowStation Use-After-Free (MS15-061) Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061) Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Windows Kernel - FlashWindowEx​ Memory Corruption (MS15-097) Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097) Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Windows Kernel - WindowStation Use-After-Free (MS15-061) Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061) Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Windows Kernel - FlashWindowEx​ Memory Corruption (MS15-097) Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097) Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097) Truecrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application) Linux/x86_64 - Bindshell with Password (92 bytes) Linux/x86-64 - Bindshell with Password shellcode (92 bytes) Symantec pcAnywhere 12.5.0 Windows x86 - Remote Code Execution Linux/x64 - egghunter (24 bytes) Linux/x86-64 - egghunter shellcode (24 bytes) Linux/x86_64 - Polymorphic execve Shellcode (31 bytes) Linux/x86-64 - Polymorphic execve Shellcode (31 bytes) Windows XP<10 - Null-Free WinExec Shellcode (Python) Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator) win32k Desktop and Clipboard - Null Pointer Derefence win32k Clipboard Bitmap - Use-After-Free win32k Desktop and Clipboard - Null Pointer Derefence win32k Clipboard Bitmap - Use-After-Free Microsoft Windows 8.1 - win32k Local Privilege Escalation (MS15-010) Adobe Flash Selection.SetSelection - Use-After-Free Adobe Flash Sound.setTransform - Use-After-Free Linux/x64 - Bind TCP Port Shellcode (103 bytes) Linux/x86-64 - Bind TCP Port Shellcode (103 bytes) Linux/x86_64 - bind TCP port shellcode (103 bytes) TCP Bindshell with Password Prompt (162 bytes) Linux/x86-64 - bind TCP port shellcode (103 bytes) Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes) TCP Reverse Shell with Password Prompt (151 bytes) Linux/x86-64 - TCP Reverse Shell with Password Prompt shellcode (151 bytes) Linux/x86_64 - Egghunter (18 bytes) Linux/x86 - Egg-hunter (13 bytes) Linux/x86-64 - Egghunter shellcode (18 bytes) Linux/x86 - Egg-hunter shellcode (13 bytes) Adobe Flash - Use-After-Free When Setting Stage Linux/x86_64 - xor/not/div Encoded execve Shellcode (54 bytes) Linux/x86-64 - xor/not/div Encoded execve Shellcode (54 bytes) Linux x86 & x86_64 - reverse_tcp Shellcode Linux x86 & x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes) Linux x86 & x86_64 - tcp_bind Shellcode Linux x86 & x86_64 - Read etc/passwd Shellcode Linux x86 & x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes) Linux x86 & x86_64 - Read /etc/passwd Shellcode (156 bytes) Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (1) (122 bytes) Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (1) (122 bytes) Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (2) (135 bytes) Linux/x86 - Download & Execute Shellcode Linux/x86_64 - Polymorphic Execve-Stack (47 bytes) Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (2) (135 bytes) Linux/x86 - Download & Execute Shellcode (135 bytes) Linux/x86-64 - Polymorphic Execve-Stack shellcode (47 bytes) Microsoft Windows - afd.sys Dangling Pointer Privilege Escalation (MS14-040) Linux/ARM - Connect back to {ip:port} with /bin/sh (95 bytes) Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh shellcode (95 bytes) Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes) Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes) Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation Microsoft Windows 7 x64 - afd.sys Privilege Escalation (MS14-040) Linux/x86_64 - Reverse Shell Shellcode Linux/x86-64 - Reverse Shell Shellcode Linux/x86_64 - execve(/bin/sh) (26 bytes) Linux/x86-64 - execve(/bin/sh) shellcode (26 bytes) Linux/x86_64 - execve(/bin/sh) (25 bytes) Linux/x86_64 - execve(/bin/bash) (33 bytes) Linux/x86-64 - execve(/bin/sh) shellcode (25 bytes) Linux/x86-64 - execve(/bin/bash) shellcode (33 bytes) Linux/x86_64 - bindshell (Pori: 5600) (81 bytes) Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes) Linux/x86_64 - Read /etc/passwd (65 bytes) Linux/x86-64 - Read /etc/passwd shellcode (65 bytes) Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039) Linux/x86_64 - bindshell (Port 5600) (86 bytes) Linux/x86-64 - bindshell (Port 5600) shellcode (86 bytes) Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode (394 bytes) Linux/x86 - Reverse TCP Shellcode (IPv6) Linux/x86 - Bind TCP Port 1472 (IPv6) (1250 bytes) Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes) Linux/x86 - Bind TCP Port 1472 (IPv6) shellcode (1250 bytes) Linux/x64 - Bind Shell Shellcode (Generator) PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit) Linux/x86-64 - Bind Shell Shellcode (Generator) PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit) Win32 .Net Framework - Execute Native x86 Shellcode Linux/x86_64 - Bind TCP Port 1472 (IPv6) Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes) Linux/x86_64 - Reverse TCP (IPv6) Linux/x86-64 - Reverse TCP shellcode (IPv6) (203 bytes) Linux/x86 - Bindshell with Configurable Port (87 bytes) Linux/x86 - Bindshell with Configurable Port shellcode (87 bytes) Linux/x86_64 - Null-Free Reverse TCP Shell Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes) Linux/x86_64 - Information Stealer Shellcode Linux/x86-64 - Information Stealer Shellcode (399 bytes) Linux/x86 - TCP Bind Shell Port 4444 (656 bytes) Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes) Linux/x86_64 - XOR Encode execve Shellcode Linux/x86-64 - XOR Encode execve Shellcode Windows x86 - WinExec(_cmd.exe__0) Shellcode Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Windows x86 - system(_systeminfo_) Shellcode Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Windows - Custom Font Disable Policy Bypass PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit) Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Linux/x86_64 - /etc/passwd File Sender Shellcode Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes) Windows 7 SP1 x86 - Privilege Escalation (MS16-014) Linux 64bit - NetCat Bind Shell Shellcode (64 bytes) Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes) Linux/x86 - TCP Bind Shell Port 4444 (98 bytes) Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes) Linux 64bit - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes) Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes) Linux/x86_64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes) Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password shellcode (172 bytes) Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 shellcode (68 bytes)	2016-07-18 05:02:52 +00:00
Offensive Security	b51e0f27d5	DB: 2016-07-17 ... 52 new exploits Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) (38 bytes) Linux/x86 - unlink(/etc/passwd) & exit() (35 bytes) Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes) Linux i686 - pacman -R <package> (59 bytes) Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes) Linux i686 - pacman -R <package> (59 bytes) JITed stage-0 shellcode JITed exec notepad Shellcode Win32 - JITed stage-0 shellcode Win32 - JITed exec notepad Shellcode Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) JITed egg-hunter stage-0 shellcode Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Windows - JITed egg-hunter stage-0 shellcode Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes) Linux/x86 - nc -lvve/bin/sh -p13377 shellcode Linux/x86 - polymorphic forkbombe - (30 bytes) Linux/x86 - forkbomb Linux/x86 - polymorphic forkbombe (30 bytes) Linux/x86 - forkbomb Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes) Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes) Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes) Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes) Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes) Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes) Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes) Linux/x86 - Disable randomize stack addresse (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83 Linux/x86 - alphanumeric Bomb FORK Shellcode (117 bytes) Linux/x86 - Disable randomize stack addresse (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83 Linux/x86 - alphanumeric Bomb FORK Shellcode (117 bytes) Linux/x86 - Shellcode Polymorphic - setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes) Linux/x86 - kill all running process (11 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes) Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes) Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes) Linux/x86 - unlink _/etc/shadow_ shellcode (33 bytes) Linux/x86 - hard / unclean reboot (29 bytes) Linux/x86 - hard / unclean reboot (33 bytes) Linux/x86 - unlink _/etc/shadow_ shellcode (33 bytes) Linux/x86 - hard / unclean reboot (29 bytes) Linux/x86 - hard / unclean reboot (33 bytes) Linux/x86 - chown root:root /bin/sh shellcode (48 bytes) Linux/x86 - give all user root access when execute /bin/sh (45 bytes) Linux/x86 - chown root:root /bin/sh shellcode (48 bytes) Linux/x86 - give all user root access when execute /bin/sh (45 bytes) Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes) Linux/ARM - execve(_/bin/sh___/bin/sh__0) (30 bytes) Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) (84 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/ARM - Disable ASLR Security (102 bytes) Linux/x86 - bind shell port 64533 (97 bytes) Safari JS JITed shellcode - exec calc (ASLR/DEP bypass) Windows - Safari JS JITed shellcode - exec calc (ASLR/DEP bypass) Win32 - Write-to-file Shellcode Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes) Linux/x86 - netcat bindshell port 8080 (75 bytes) Shellcode Checksum Routine (18 bytes) Win32 - Shellcode Checksum Routine (18 bytes) Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes) Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes) Win32 - add new local administrator (326 bytes) Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes) Win32 - add new local administrator (326 bytes) Win32 - speaking shellcode Linux/x86 - netcat bindshell port 6666 (69 bytes) DNS Reverse Download and Exec Shellcode Windows - DNS Reverse Download and Exec Shellcode Linux/x86_32 - ConnectBack with SSL connection (422 bytes) Linux/x86 - ConnectBack with SSL connection (422 bytes) Linux/x86 - egghunt shellcode (29 bytes) Linux/MIPS - execve /bin/sh (48 bytes) Linux/MIPS - add user(UID 0) with password (164 bytes) Linux/MIPS - execve /bin/sh (48 bytes) Linux/MIPS - add user(UID 0) with password (164 bytes) Linux/x86 - execve(/bin/dash) (42 bytes) Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes) Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes) Linux/x86 - rmdir (37 bytes) Linux/MIPS - execve (36 bytes) Windows XP x86-64 - Download & execute (Generator) Linux/x86 - /etc/passwd Reader (58 bytes) Linux - execve /bin/sh (23 bytes) Linux/x86 - execve /bin/sh (23 bytes) Linux/x86/x86_64 - reverse_tcp Shellcode Linux x86 & x86_64 - reverse_tcp Shellcode Linux/x86/x86_64 - tcp_bind Shellcode Linux/x86/x86_64 - Read etc/passwd Shellcode Linux x86 & x86_64 - tcp_bind Shellcode Linux x86 & x86_64 - Read etc/passwd Shellcode .Net Framework - Execute Native x86 Shellcode Win32 .Net Framework - Execute Native x86 Shellcode	2016-07-17 05:07:02 +00:00
Offensive Security	0a9242663c	DB: 2016-07-16 ... 2 new exploits BSD Passive Connection Shellcode BSD - Passive Connection Shellcode FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging FreeBSD i386/AMD64 - Execve /bin/sh (Anti-Debugging) freebsd/x86 rev connect_ recv_ jmp_ return results (90 bytes) freebsd/x86 - rev connect_ recv_ jmp_ return results (90 bytes) freebsd/x86 portbind 4883 with auth shellcode freebsd/x86 - portbind 4883 with auth shellcode freebsd/x86 - execve /bin/sh (23 bytes) (2) freebsd/x86 - execve /bin/sh (2) (23 bytes) freebsd/x86 chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes) freebsd/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes) Windows xp/sp1 generate portbind payload Windows XP SP1 - portbind payload (Generator) Linux/x86 - shellcode generator / null free Alphanumeric Shellcode Encoder Decoder Utility for generating HTTP/1.x requests for shellcodes Multi-Format Shellcode Encoding Tool - Beta 2.0 (w32) Linux/x86 - shellcode null free (Generator) Alphanumeric Shellcode Encoder/Decoder HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes) Multi-Format Shellcode Encoding Tool - Beta 2.0 (Win32) (Generator) Cisco IOS Connectback Shellcode 1.0 Cisco IOS Bind Shellcode 1.0 Cisco IOS Tiny Shellcode 1.0 Cisco IOS Shellcode And Exploitation Techniques (BlackHat) Cisco IOS - Connectback Shellcode Cisco IOS - Bind Shellcode 1.0 (116 bytes) Cisco IOS - Tiny Shellcode Cisco IOS - Shellcode And Exploitation Techniques (BlackHat) Linux/mips - (Linksys WRT54G/GL) port bind shellcode (276 bytes) Linux/mips - (Linksys WRT54G/GL) execve shellcode (60 bytes) Linux/mips - execve /bin/sh (56 bytes) Linux/ppc - execve /bin/sh (60 bytes) Linux/ppc - read & exec shellcode (32 bytes) Linux/ppc - connect back execve /bin/sh (240 bytes) Linux/ppc - execve /bin/sh (112 bytes) Linux/MIPS (Linksys WRT54G/GL) - port bind shellcode (276 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve shellcode (60 bytes) Linux/MIPS - execve /bin/sh (56 bytes) Linux/PPC - execve /bin/sh (60 bytes) Linux/PPC - read & exec shellcode (32 bytes) Linux/PPC - connect back execve /bin/sh (240 bytes) Linux/PPC - execve /bin/sh (112 bytes) Linux/x86 - listens for shellcode on tcp/5555 and jumps to it Linux/x86 - listens for shellcode on tcp/5555 and jumps to it (83 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) (49 bytes) Linux/x86_64 - setuid(0) + execve(/bin/sh) (49 bytes) Linux/x86 - File unlinker (18 bytes + file path length) Linux/x86 - Perl script execution (99 bytes + script length) Linux/x86 - file reader (65 bytes + pathname) Linux/x86 - File unlinker (18+ bytes) Linux/x86 - Perl script execution (99+ bytes) Linux/x86 - file reader (65+ bytes) Linux x86 shellcode obfuscator Linux/x86 - shellcode obfuscator Linux/86 setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode Linux/x86 - rm -rf / attempts to block the process from being stopped Linux/x86 - rm -rf / attempts to block the process from being stopped (132 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111 bytes+) Linux/x86 - executes command after setreuid (9 + 40 bytes + cmd) Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111+ bytes) Linux/x86 - executes command after setreuid (49+ bytes) Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68 bytes+) Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68+ bytes) Linux/x86 - examples of long-term payloads hide-wait-change (.s) Linux/x86 - examples of long-term payloads hide-wait-change 187 bytes+ Linux/x86 - examples of long-term payloads hide-wait-change (.s) (187+ bytes) Linux/x86 - examples of long-term payloads hide-wait-change (187+ bytes) Linux - chroot()/execve() code Linux - chroot()/execve() code (80 bytes) Linux/x86-64 - bindshell port:4444 shellcode (132 bytes) Linux/x86-64 - execve(/bin/sh) (33 bytes) Linux/PPC/x86 execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes) OS-X/PPC/x86 execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes) Linux/x86 - unix/SPARC irix/mips execve /bin/sh irx.mips (141 bytes) Linux/x86 - unix/SPARC execve /bin/sh (80 bytes) Linux/x86 - bsd/x86 execve /bin/sh (38 bytes) netbsd/x86 kill all processes shellcode (23 bytes) netbsd/x86 callback shellcode (port 6666) (83 bytes) netbsd/x86 setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes) netbsd/x86 setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes) netbsd/x86 execve /bin/sh (68 bytes) openbsd/x86 execve(/bin/sh) (23 bytes) openbsd/x86 portbind port 6969 (148 bytes) openbsd/x86 add user w00w00 (112 bytes) OS-X/ppc sync()_ reboot() (32 bytes) OS-X/PPC execve(/bin/sh)_ exit() (72 bytes) OS-X/PPC Add user r00t (219 bytes) OS-X/PPC execve /bin/sh (72 bytes) OS-X/PPC add inetd backdoor (222 bytes) OS-X/PPC reboot (28 bytes) OS-X/PPC setuid(0) + execve /bin/sh (88 bytes) OS-X/PPC create /tmp/suid (122 bytes) OS-X/PPC simple write() (75 bytes) OS-X/PPC execve /usr/X11R6/bin/xterm (141 bytes) sco/x86 execve(_/bin/sh__ ..._ NULL); (43 bytes) Solaris/sparc download and execute (278 bytes) Solaris/sparc executes command after setreuid (92 bytes + cmd) Solaris/sparc connect-back (with XNOR encoded session) (600 bytes) Solaris/sparc setreuid/execve (56 bytes) Solaris/sparc portbind (port 6666) (240 bytes) Solaris/SPARC execve /bin/sh (52 bytes) Solaris/SPARC portbind port 6789 (228 bytes) Solaris/SPARC connect-back (204 bytes) Solaris/SPARC portbinding shellcode Solaris/x86 portbind/tcp shellcode generator Solaris/x86 setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes) Solaris/x86 setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes) Solaris/x86 execve /bin/sh toupper evasion (84 bytes) Solaris/x86 add services and execve inetd (201 bytes) Linux/x86_64 - bindshell port:4444 shellcode (132 bytes) Linux/x86_64 - execve(/bin/sh) (33 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes) OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes) Linux/x86 & unix/SPARC & irix/mips - execve /bin/sh irx.mips (141 bytes) Linux/x86 & unix/SPARC - execve /bin/sh (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh (38 bytes) netbsd/x86 - kill all processes shellcode (23 bytes) netbsd/x86 - callback shellcode (port 6666) (83 bytes) netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes) netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes) netbsd/x86 - execve /bin/sh (68 bytes) openbsd/x86 - execve(/bin/sh) (23 bytes) openbsd/x86 - portbind port 6969 (148 bytes) openbsd/x86 - add user w00w00 (112 bytes) OS-X/ppc - sync()_ reboot() (32 bytes) OS-X/PPC - execve(/bin/sh)_ exit() (72 bytes) OS-X/PPC - Add user r00t (219 bytes) OS-X/PPC - execve /bin/sh (72 bytes) OS-X/PPC - add inetd backdoor (222 bytes) OS-X/PPC - reboot (28 bytes) OS-X/PPC - setuid(0) + execve /bin/sh (88 bytes) OS-X/PPC - create /tmp/suid (122 bytes) OS-X/PPC - simple write() (75 bytes) OS-X/PPC - execve /usr/X11R6/bin/xterm (141 bytes) sco/x86 - execve(_/bin/sh__ ..._ NULL); (43 bytes) Solaris/SPARC - download and execute (278 bytes) Solaris/SPARC - executes command after setreuid (92+ bytes) Solaris/SPARC - connect-back (with XNOR encoded session) (600 bytes) Solaris/SPARC - setreuid/execve (56 bytes) Solaris/SPARC - portbind (port 6666) (240 bytes) Solaris/SPARC - execve /bin/sh (52 bytes) Solaris/SPARC - portbind port 6789 (228 bytes) Solaris/SPARC - connect-back (204 bytes) Solaris/SPARC - portbinding shellcode Solaris/x86 - portbind/tcp shellcode (Generator) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes) Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes) Solaris/x86 - execve /bin/sh toupper evasion (84 bytes) Solaris/x86 - add services and execve inetd (201 bytes) Win32/XP SP2 (En) - cmd.exe (23 bytes) Win32/XP SP2 (EN) - cmd.exe (23 bytes) Win32 SEH omelet shellcode 0.1 Win32 -SEH omelet shellcode Win32 PEB!NtGlobalFlags shellcode (14 bytes) Win32 - PEB!NtGlobalFlags shellcode (14 bytes) Win32 PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes) Win32 PEB Kernel32.dll ImageBase Finder (Ascii Printable) (49 bytes) Win32 connectback_ receive_ save and execute shellcode Win32 Download and Execute Shellcode Generator (browsers edition) Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes) Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) (49 bytes) Win32 - connectback_ receive_ save and execute shellcode Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 IsDebuggerPresent ShellCode (NT/XP) (39 bytes) Win32 (NT/XP) - IsDebuggerPresent ShellCode (39 bytes) Win32 - Download & Exec Shellcode (226 bytes+) Win32 - Download & Exec Shellcode (226+ bytes) Windows 9x/NT/2000/XP Reverse Generic Shellcode without Loader (249 bytes) Windows 9x/NT/2000/XP PEB method (29 bytes) Windows 9x/NT/2000/XP PEB method (31 bytes) Windows 9x/NT/2000/XP PEB method (35 bytes) Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes) Windows 9x/NT/2000/XP - PEB method (29 bytes) Windows 9x/NT/2000/XP - PEB method (31 bytes) Windows 9x/NT/2000/XP - PEB method (35 bytes) Windows/XP download and exec source Windows XP - download and exec source Microsoft Windows - (DCOM RPC2) Universal Shellcode Windows - (DCOM RPC2) Universal Shellcode Linux - setuid(0) & execve(_/sbin/poweroff -f_) Linux - setuid(0) & execve(_/sbin/poweroff -f_) (47 bytes) Win xp sp2 PEB ISbeingdebugged shellcode Windows XP SP2 - PEB ISbeingdebugged shellcode Win32 XP SP3 ShellExecuteA shellcode Win32 XP SP3 - ShellExecuteA shellcode Win32 XP SP3 addFirewallRule freebsd/x86 portbind shellcode (167 bytes) Win32 XP SP3 - addFirewallRule freebsd/x86 - portbind shellcode (167 bytes) Win32/XP SP2 (En + Ar) - cmd.exe (23 bytes) Win32/XP SP2 (EN + AR) - cmd.exe (23 bytes) Windows XP Pro Sp2 English _Message-Box_ Shellcode Windows XP Pro Sp2 English _Wordpad_ Shellcode Windows XP Pro SP2 English - _Message-Box_ Shellcode Null-Free (16 bytes) Windows XP Pro SP2 English - _Wordpad_ Shellcode Null Free (12 bytes) Linux x86 - polymorphic shellcode ip6tables -F (71 bytes) Linux x86 - ip6tables -F (47 bytes) Linux/x86 - polymorphic shellcode ip6tables -F (71 bytes) Linux/x86 - ip6tables -F (47 bytes) Linux x86 - /bin/sh (8 bytes) Linux x86 - execve /bin/sh (21 bytes) Linux/x86 - /bin/sh (8 bytes) Linux/x86 - execve /bin/sh (21 bytes) Linux x86 - disabled modsecurity (64 bytes) Linux/x86 - disabled modsecurity (64 bytes) Win32 Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Win32/XP SP3 (Ru) - WinExec+ExitProcess cmd shellcode (12 bytes) Shellcode - Win32 MessageBox (Metasploit) JITed egg-hunter stage-0 shellcode Adjusted universal for XP/Vista/Windows 7 Linux x86 - nc -lvve/bin/sh -p13377 shellcode Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes) Win32 - MessageBox (Metasploit) Windows XP/Vista/Windows 7 - JITed egg-hunter stage-0 shellcode Adjusted universal Linux/x86 - nc -lvve/bin/sh -p13377 shellcode Linux write() & exit(0) shellcode genearator with customizable text Linux x86 - polymorphic forkbombe - (30 bytes) Linux x86 forkbombe Linux - write() & exit(0) shellcode genearator with customizable text Linux/x86 - polymorphic forkbombe - (30 bytes) Linux/x86 - forkbomb Linux/x86_64 execve(_/bin/sh_); shellcode (30 bytes) Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes) Linux x86 - execve(_/bin/bash___-p__NULL) (33 bytes) Linux x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) (33 bytes) Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes) Linux x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes) Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes) Windows 7 Pro SP1 64 Fr (Beep) Shellcode (39 bytes) Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes) change mode 0777 of _/etc/shadow_ with sys_chmod syscall Linux/x86 - kill all running process change mode 0777 of _/etc/passwd_ with sys_chmod syscall Linux x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes) Linux x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes) Windows 7 x64 (cmd) Shellcode (61 bytes) Linux x86 - unlink _/etc/shadow_ shellcode (33 bytes) Linux x86 - hard / unclean reboot (29 bytes) Linux x86 - hard / unclean reboot (33 bytes) change mode 0777 of _/etc/shadow_ with sys_chmod syscall (39 bytes) Linux/x86 - kill all running process (11 bytes) change mode 0777 of _/etc/passwd_ with sys_chmod syscall (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes) Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - unlink _/etc/shadow_ shellcode (33 bytes) Linux/x86 - hard / unclean reboot (29 bytes) Linux/x86 - hard / unclean reboot (33 bytes) Linux - chown root:root /bin/sh x86 shellcode (48 bytes) Linux/x86 - chown root:root /bin/sh shellcode (48 bytes) Linux x86 - netcat connect back port 8080 (76 bytes) Linux/x86 - netcat connect back port 8080 (76 bytes) Allwin MessageBoxA Shellcode Windows - MessageBoxA Shellcode Linux/x86-64 - Disable ASLR Security (143 bytes) Linux/x86_64 - Disable ASLR Security (143 bytes) Polymorphic Bindport 31337 with setreuid (0_0) linux/x86 Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) (131 bytes) Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes) Linux/x86_64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes) Linux/x86-64 - Add root user with password (390 bytes) Linux/x86_64 - Add root user with password (390 bytes) ShellCode WinXP SP3 SPA URLDownloadToFileA + CreateProcessA + ExitProcess Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess (176+ bytes) Polymorphic /bin/sh x86 linux shellcode Linux/x86 - Polymorphic /bin/sh shellcode (116 bytes) Linux/ARM chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux x86 - bind shell port 64533 (97 bytes) Linux/x86 - bind shell port 64533 (97 bytes) 125 bind port to 6778 XOR encoded polymorphic linux shellcode Linux - 125 bind port to 6778 XOR encoded polymorphic ARM Polymorphic - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode Generator ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (Generator) Win32 - Write-to-file Shellcode Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes) Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes) Linux x86 - netcat bindshell port 8080 (75 bytes) Linux/x86 - netcat bindshell port 8080 (75 bytes) Linux x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes) Linux/x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes) Shellcode Checksum Routine Shellcode Checksum Routine (18 bytes) Win32/XP SP3 (Tr) - Add Admin Account Shellcode (127 bytes) Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes) Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM) Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM) Windows Mobile 6.5 TR Phone Call Shellcode Windows Mobile 6.5 TR - Phone Call Shellcode Win32/xp pro sp3 (EN) 32-bit - add new local administrator (113 bytes) Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes) ARM Bindshell port 0x1337 ARM Bind Connect UDP Port 68 ARM Loader Port 0x1337 ARM ifconfig eth0 and Assign Address ARM - Bindshell port 0x1337 ARM - Bind Connect UDP Port 68 ARM - Loader Port 0x1337 ARM - ifconfig eth0 and Assign Address w32 speaking shellcode Win32 - speaking shellcode BSD x86 connect back Shellcode (81 bytes) BSD x86 portbind + fork shellcode (111 bytes) bds/x86 - connect back Shellcode (81 bytes) bds/x86 - portbind + fork shellcode (111 bytes) OS-X/Intel reverse_tcp shell x86_64 (131 bytes) OS-X/Intel - reverse_tcp shell x86_64 (131 bytes) Allwin WinExec add new local administrator + ExitProcess Shellcode Windows - WinExec add new local administrator + ExitProcess Shellcode (279 bytes) Linux x86 - ASLR deactivation (83 bytes) Linux/x86 - ASLR deactivation (83 bytes) Linux/x86-32 - ConnectBack with SSL connection (422 bytes) Linux/x86_32 - ConnectBack with SSL connection (422 bytes) SuperH (sh4) Add root user with password SuperH (sh4) - Add root user with password (143 bytes) Linux x86 egghunt shellcode Linux/x86 - egghunt shellcode (29 bytes) OSX - Universal ROP shellcode OS-X - Universal ROP shellcode 52 byte Linux MIPS execve Linux/MIPS - execve (52 bytes) MIPS Linux XOR Shellcode Encoder (60 bytes) Linux/MIPS - XOR Shellcode Encoder (60 bytes) Linux/x86-64 - execve(/bin/sh) (52 bytes) Linux/x86_64 - execve(/bin/sh) (52 bytes) Linux/x86 - Search For php/html Writable Files and Add Your Code Linux/x86 - Search For php/html Writable Files and Add Your Code (380+ bytes) Linux x86_64 - add user with passwd (189 bytes) Linux/x86_64 - add user with passwd (189 bytes) Linux x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes) Linux/x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes) ntop 1.x - -i Local Format String ntop 1.x - i Local Format String (Raspberry Pi) Linux/ARM - reverse_shell (tcp_10.1.1.2_0x1337) (Raspberry Pi) Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes) (Raspberry Pi) Linux/ARM - chmod(_/etc/shadow__ 0777) (41 bytes) Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) (72 bytes) Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) (41 bytes) Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode Windows - URLDownloadToFile + WinExec + ExitProcess Shellcode MIPS Little Endian Shellcode MIPS Little Endian - Shellcode Media Player Classic 6.4.9 - - FLI File Remote Buffer Overflow Media Player Classic 6.4.9 - FLI File Remote Buffer Overflow Linux x86 - Socket Re-use Shellcode (50 bytes) Linux/x86 - Socket Re-use Shellcode (50 bytes) Linux x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes) Obfuscated Shellcode Linux x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes) Mouse Media Script 1.6 - - Stored XSS Mouse Media Script 1.6 - Stored XSS Linux x86 - rmdir (37 bytes) Linux/x86 - rmdir (37 bytes) Linux x64 - Bind TCP port shellcode (81 bytes_ 96 with password) Linux/x64 - Bind TCP port shellcode (81 bytes / 96 bytes with password) Linux x64 - Reverse TCP connect (77 to 85 bytes_ 90 to 98 with password) Linux/x64 - Reverse TCP connect (77 to 85 bytes / 90 to 98 bytes with password) Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 Bytes) Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 Bytes) Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Linux MIPS - execve (36 bytes) Linux/MIPS - execve (36 bytes) Win x86-64 - Download & execute (Generator) Windows XP x86-64 - Download & execute (Generator) Linux x86 - Egg-hunter (20 bytes) Linux x86 - Typewriter Shellcode Generator Linux/x86 - Egg-hunter (20 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - execve _/bin/sh_ - shellcode (35 bytes) Linux/x86 - execve _/bin/sh_ shellcode (35 bytes) Linux custom execve-shellcode Encoder/Decoder Linux - custom execve-shellcode Encoder/Decoder Linux x86 - Execve /bin/sh Shellcode Via Push (21 bytes) Linux x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes) Linux/x86 - Execve /bin/sh Shellcode Via Push (21 bytes) Linux/x86_64 - Execve /bin/sh Shellcode Via Push (23 bytes) Linux x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - execve /bin/sh shellcode (21 bytes) (2) Linux/x86 - execve /bin/sh shellcode (2) (21 bytes) Linux - execve(/bin/sh) (30 bytes) Linux/x86_64 - execve(/bin/sh) (30 bytes) Linux 64 bit - Encoded execve shellcode Linux 64bit - Encoded execve shellcode Linux x86 /bin/sh ROT7 Encoded Shellcode Linux/x86 - /bin/sh ROT7 Encoded Shellcode Win32/xp[TR] sp3 - MessageBox (24 bytes) Win32/XP SP3 (TR) - MessageBox (24 bytes) Linux x86 - Egg Hunter Shellcode (19 bytes) Linux/x86 - Egg Hunter Shellcode (19 bytes) Windows x86 - user32!MessageBox _Hello World!_ (199 Bytes Null-Free) Windows x86 - user32!MessageBox _Hello World!_ Null-Free (199 bytes) Linux x86 - /bin/sh ROL/ROR Encoded Shellcode Linux/x86 - /bin/sh ROL/ROR Encoded Shellcode OS X x64 /bin/sh Shellcode - NULL Byte Free (34 bytes) OS-X x64 - /bin/sh Shellcode - NULL Byte Free (34 bytes) Mainframe/System Z Bind Shell Mainframe/System Z - Bind Shell Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) (75 bytes) OS X x64 - tcp bind shellcode_ NULL byte free (144 bytes) OS-X x64 - tcp bind shellcode_ NULL byte free (144 bytes) Linux x86_64 - /bin/sh Linux/x86_64 - /bin/sh Linux x86_64 - execve Shellcode (22 bytes) Linux/x86_64 - execve Shellcode (22 bytes) Linux x86_64 - Bindshell with Password (92 bytes) Linux/x86_64 - Bindshell with Password (92 bytes) Linux x64 - egghunter (24 bytes) Linux/x64 - egghunter (24 bytes) Linux x86_64 - Polymorphic execve Shellcode (31 bytes) Linux/x86_64 - Polymorphic execve Shellcode (31 bytes) Windows XP-10 - Null-Free WinExec Shellcode (Python) Windows XP<10 - Null-Free WinExec Shellcode (Python) x64 Linux Bind TCP Port Shellcode Linux/x64 - Bind TCP Port Shellcode (103 bytes) x86_64 Linux bind TCP port shellcode Linux/x86_64 - bind TCP port shellcode (103 bytes) Linux/x86 - execve _/bin/sh_ - shellcode 24 byte Linux/x86 - execve _/bin/sh_ shellcode (24 bytes) Linux x86_64 - Egghunter (18 bytes) Linux x86 - Egg-hunter (13 bytes) Linux/x86_64 - Egghunter (18 bytes) Linux/x86 - Egg-hunter (13 bytes) WordPress Booking Calendar Contact Form Plugin <=1.1.23 - Unauthenticated SQL injection WordPress Booking Calendar Contact Form Plugin <= 1.1.23 - Unauthenticated SQL injection x86_64 Linux xor/not/div Encoded execve Shellcode Linux/x86_64 - xor/not/div Encoded execve Shellcode (54 bytes) WordPress Booking Calendar Contact Form Plugin <=1.1.23 - Shortcode SQL Injection WordPress Booking Calendar Contact Form Plugin <= 1.1.23 - Shortcode SQL Injection Linux x86/x86_64 reverse_tcp Shellcode Linux/x86/x86_64 - reverse_tcp Shellcode Linux x86/x86_64 tcp_bind Shellcode Linux x86/x86_64 Read etc/passwd Shellcode Linux/x86/x86_64 - tcp_bind Shellcode Linux/x86/x86_64 - Read etc/passwd Shellcode WordPress Booking Calendar Contact Form <=1.1.24 - Multiple Vulnerabilities WordPress Booking Calendar Contact Form <= 1.1.24 - Multiple Vulnerabilities x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version (1) Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (1) (122 bytes) x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version (2) Linux x86 Download & Execute Shellcode Linux x86_64 - Polymorphic Execve-Stack (47 bytes) Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (2) (135 bytes) Linux/x86 - Download & Execute Shellcode Linux/x86_64 - Polymorphic Execve-Stack (47 bytes) Linux x86_64 - Reverse Shell Shellcode Linux/x86_64 - Reverse Shell Shellcode Linux/x86_x64 - execve(/bin/sh) (26 bytes) Linux/x86_64 - execve(/bin/sh) (26 bytes) Linux/x86_x64 - execve(/bin/sh) (25 bytes) Linux/x86_x64 - execve(/bin/bash) (33 bytes) Linux/x86_64 - execve(/bin/sh) (25 bytes) Linux/x86_64 - execve(/bin/bash) (33 bytes) Linux/x86_64 - bindshell (PORT: 5600) (81 bytes) Linux/x86_64 - bindshell (Pori: 5600) (81 bytes) Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode Linux x86 Reverse TCP Shellcode (ipv6) Linux x86 Shellcode - Bind TCP Port 1472 (ipv6) Linux/x86 - Reverse TCP Shellcode (IPv6) Linux/x86 - Bind TCP Port 1472 (IPv6) (1250 bytes) Linux x64 - Bind Shell Shellcode Generator Linux/x64 - Bind Shell Shellcode (Generator) Windows Null-Free Shellcode - Primitive Keylogger to File (431 (0x01AF) bytes) Windows - Null-Free Shellcode Primitive Keylogger to File (431 (0x01AF) bytes) .Net Framework Execute Native x86 Shellcode .Net Framework - Execute Native x86 Shellcode Linux x86_64 Shellcode - Bind TCP Port 1472 (ipv6) Linux/x86_64 - Bind TCP Port 1472 (IPv6) Linux x86_64 Shellcode - Reverse TCP (ipv6) Linux/x86_64 - Reverse TCP (IPv6) Windows - Null-Free Shellcode - Functional Keylogger to File (601 (0x0259) bytes) Windows - Null-Free Shellcode Functional Keylogger to File (601 (0x0259) bytes) Linux x86_64 Shellcode Null-Free Reverse TCP Shell Linux/x86_64 - Null-Free Reverse TCP Shell Linux x86_64 Information Stealer Shellcode Linux/x86_64 - Information Stealer Shellcode Linux x86 - TCP Bind Shell Port 4444 (656 bytes) Linux/x86 - TCP Bind Shell Port 4444 (656 bytes) Linux x86_64 XOR Encode execve Shellcode Linux/x86_64 - XOR Encode execve Shellcode Linux/Windows/BSD x86_64 execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Windows x86 WinExec(_cmd.exe__0) Shellcode Linux x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Windows x86 - WinExec(_cmd.exe__0) Shellcode Linux/x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Windows x86 system(_systeminfo_) Shellcode Windows x86 - system(_systeminfo_) Shellcode Windows x86 ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode Linux x86 /bin/sh Shellcode + ASLR Bruteforce Linux/x86 - /bin/sh Shellcode + ASLR Bruteforce Linux x86_64 /etc/passwd File Sender Shellcode Linux/x86_64 - /etc/passwd File Sender Shellcode Linux x86 - TCP Bind Shell Port 4444 (98 bytes) Linux/x86 - TCP Bind Shell Port 4444 (98 bytes) Linux x86 - TCP Reverse Shellcode (75 bytes) Linux/x86 - TCP Reverse Shellcode (75 bytes) Linux x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes) Linux/x86_64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes) Linux x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure	2016-07-16 05:06:26 +00:00
Offensive Security	0d018828aa	DB: 2016-07-15	2016-07-15 06:29:45 +00:00
Offensive Security	13e9ec719b	DB: 2016-07-14 ... 17 new exploits Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (2) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (3) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (4) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (5) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (6) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (7) Adobe Flash Player 22.0.0.192 - DefineBitsJPEG2 Memory Corruption Adobe Flash Player 22.0.0.192 - DefineSprite Memory Corruption Adobe Flash Player 22.0.0.192 - TAG Memory Corruption Adobe Flash Player 22.0.0.192 - SceneAndFrameData Memory Corruption Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode GSX Analyzer 10.12 and 11 - Main.swf Hardcoded Superadmin Credentials MS16-032 Secondary Logon Handle Privilege Escalation Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution Apache Archiva 1.3.9 - Multiple CSRF Vulnerabilities Linux x86 Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10	2016-07-14 05:05:01 +00:00
Offensive Security	5cf8f533ae	DB: 2016-07-13	2016-07-13 05:07:07 +00:00
Offensive Security	fc4bc08825	DB: 2016-07-12 ... 15 new exploits Apache HTTPd - Arbitrary Long HTTP Headers DoS Apache HTTPd - Arbitrary Long HTTP Headers DoS (Perl) Apache HTTPd - Arbitrary Long HTTP Headers DoS Apache HTTPd - Arbitrary Long HTTP Headers DoS (C) Mercury Mail 4.01 (Pegasus) IMAP Buffer Overflow Exploit (c code) Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow Exploit (C) (1) Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (2) (c code) Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (C) (2) Webhints <= 1.03 - Remote Command Execution Exploit (perl code) (1) Webhints <= 1.03 - Remote Command Execution Exploit (c code) (2) Webhints <= 1.03 - Remote Command Execution Exploit (perl code) (3) Webhints <= 1.03 - Remote Command Execution Exploit (Perl) (1) Webhints <= 1.03 - Remote Command Execution Exploit (C) (2) Webhints <= 1.03 - Remote Command Execution Exploit (Perl) (3) phpBB <= 2.0.15 - Register Multiple Users Denial of Service (Perl Code) phpBB <= 2.0.15 - Register Multiple Users Denial of Service (C Code) phpBB <= 2.0.15 - Register Multiple Users Denial of Service (Perl) phpBB <= 2.0.15 - Register Multiple Users Denial of Service (C) SimpleBBS <= 1.1 - Remote Commands Execution Exploit (c code) SimpleBBS <= 1.1 - Remote Commands Execution Exploit (C) Xmame 0.102 (-lang) Local Buffer Overflow Exploit (c code) Xmame 0.102 - (lang) Local Buffer Overflow Exploit (C) aFAQ 1.0 (faqDsp.asp catcode) Remote SQL Injection Vulnerability aFAQ 1.0 - (faqDsp.asp catcode) Remote SQL Injection Vulnerability Apple CFNetwork HTTP Response Denial of Service Exploit (rb code) Apple CFNetwork - HTTP Response Denial of Service Exploit (RB) PhpBlock a8.4 (PATH_TO_CODE) Remote File Inclusion Vulnerability PhpBlock a8.4 - (PATH_TO_CODE) Remote File Inclusion Vulnerability WebPortal CMS <= 0.7.4 (code) Remote Code Execution Vulnerability WebPortal CMS <= 0.7.4 - (code) Remote Code Execution Vulnerability emergecolab 1.0 (sitecode) Local File Inclusion Vulnerability emergecolab 1.0 - (sitecode) Local File Inclusion Vulnerability Simple Machines Forums (BBCode) Cookie Stealing Vulnerability Simple Machines Forums - (BBCode) Cookie Stealing Vulnerability Movie PHP Script 2.0 (init.php anticode) Code Execution Vulnerability Movie PHP Script 2.0 - (init.php anticode) Code Execution Vulnerability Kjtechforce mailman b1 (code) SQL Injection Delete Row Vulnerability Kjtechforce mailman b1 - (code) SQL Injection Delete Row Vulnerability WordPress Activity Log Plugin 2.3.1 - Persistent XSS IPS Community Suite 4.1.12.3 - PHP Code Injection Adobe Flash - ATF Processing Overflow Adobe Flash - JXR Processing Double Free Adobe Flash - LMZA Property Decoding Heap Corruption Adobe Flash - ATF Image Packing Overflow Tiki Wiki 15.1 - Unauthenticated File Upload Vulnerability (msf) Ho' Detector (Promiscuous mode detector shellcode) (56 bytes) Ho' Detector - Promiscuous mode detector shellcode (56 bytes) MS16-016 mrxdav.sys WebDav Local Privilege Escalation Ruby on Rails ActionPack Inline ERB Code Execution Lan Messenger sending PM Buffer Overflow (UNICODE) - Overwrite SEH Lan Messenger - sending PM Buffer Overflow (UNICODE) Overwrite SEH Tiki Wiki CMS 15.0 - Arbitrary File Download Belkin Router AC1200 Firmware 1.00.27 - Authentication Bypass WordPress All in One SEO Pack Plugin 2.3.6.1 - Persistent XSS Device42 WAN Emulator 2.3 Traceroute Command Injection Device42 WAN Emulator 2.3 Ping Command Injection Device42 WAN Emulator 2.3 - Traceroute Command Injection Device42 WAN Emulator 2.3 - Ping Command Injection Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash Dell KACE K1000 File Upload Dell KACE K1000 - File Upload Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection Dell SonicWALL Scrutinizer 11.01 - methodDetail SQL Injection Valve Steam 3.42.16.13 - Local Privilege Escalation Beauty Parlour & SPA Saloon Management System - Blind SQL Injection Clinic Management System - Blind SQL Injection Linux x86-64 Continuously-Probing Reverse Shell via Socket + Port-range + Password - 172 Bytes	2016-07-12 05:05:04 +00:00
Offensive Security	76bc268c80	DB: 2016-07-11	2016-07-11 05:06:57 +00:00
Offensive Security	c9a818eb76	DB: 2016-07-10	2016-07-10 05:03:45 +00:00
Offensive Security	29f0764fac	DB: 2016-07-09 ... 9 new exploits Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit Joomla <= 1.0.9 - (Weblinks) Remote Blind SQL Injection Exploit Microsoft Excel Malformed FEATHEADER Record Exploit (MS09-067) Microsoft Excel - Malformed FEATHEADER Record Exploit (MS09-067) Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability Seo Panel 2.2.0 - Cookie-Rendered Persistent XSS Vulnerability VLC AMV Dangling Pointer Vulnerability VLC - AMV Dangling Pointer Vulnerability Movable Type 4.2x_ 4.3x Web Upgrade Remote Code Execution Movable Type 4.2x_ 4.3x - Web Upgrade Remote Code Execution Roxio CinePlayer 3.2 SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability Roxio CinePlayer 3.2 - SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability HP Client Automation Command Injection HP Client - Automation Command Injection Persistent Systems Client Automation Command Injection RCE Persistent Systems Client Automation - Command Injection RCE ElasticSearch Unauthenticated Remote Code Execution ElasticSearch - Unauthenticated Remote Code Execution ElasticSearch Search Groovy Sandbox Bypass ElasticSearch - Search Groovy Sandbox Bypass Fedora abrt Race Condition Exploit Fedora - abrt Race Condition Exploit ProFTPD 1.3.5 Mod_Copy Command Execution ProFTPD 1.3.5 - Mod_Copy Command Execution Windows ClientCopyImage Win32k Exploit Microsoft Windows - ClientCopyImage Win32k Exploit Wolf CMS Arbitrary File Upload To Command Execution Wolf CMS - Arbitrary File Upload To Command Execution Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Kaseya VSA uploader.aspx Arbitrary File Upload Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload Samsung Galaxy S6 - Samsung Gallery Bitmap Decoding Crash Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux 2 (MS16-008) Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008) Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008) Microsoft Windows 7 SP1 x86 - WebDAV Privilege Escalation (MS16-016) Microsoft Windows 7 SP1 x86 - WebDAV Privilege Escalation (MS16-016) (1) NETGEAR ProSafe Network Management System 300 Arbitrary File Upload NETGEAR ProSafe Network Management System 300 - Arbitrary File Upload Windows - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032) Microsoft Windows 8.1/10 - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032) OS X / iOS Suid Binary Logic Error Kernel Code Execution OS X / iOS - Suid Binary Logic Error Kernel Code Execution Novell ServiceDesk Authenticated File Upload Novell ServiceDesk - Authenticated File Upload Mach Race OS X Local Privilege Escalation Exploit Mach Race OS X - Local Privilege Escalation Exploit Oracle ATS Arbitrary File Upload Oracle Application Testing Suite (ATS) - Arbitrary File Upload Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit) HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit) WordPress Lazy Content Slider Plugin 3.4 - (Add Catetory) CSRF Hide.Me VPN Client 1.2.4 - Privilege Escalation InstantHMI 6.1 - Privilege Escalation Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash PoC Microsoft WinDbg logviewer.exe - Crash PoC Linux x86 TCP Reverse Shellcode - 75 bytes php Real Estate Script 3 - Arbitrary File Disclosure CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval Streamo Online Radio And TV Streaming CMS - SQL Injection	2016-07-09 05:06:22 +00:00
Offensive Security	c7daadde64	DB: 2016-07-08 ... 8 new exploits WordPress Q and A (Focus Plus) FAQ Plugin 1.3.9.7 - Multiple Vulnerabilities WordPress Huge-IT Image Gallery Plugin 1.8.9 - Multiple Vulnerabilities Codoforum 3.4 - Stored Cross-Site Scripting MediaCoder 0.8.43.5830 - .m3u Buffer Overflow SEH Exploit VUPlayer 2.49 - .m3u Buffer Overflow Exploit (Win 7 DEP Bypass) Core FTP LE 2.2 - Path Field Local Buffer Overflow OPAC KpwinSQL - Multiple Vulnerabilities GE Proficy HMI/SCADA CIMPLICITY 8.2 - Local Privilege Escalation	2016-07-08 05:06:14 +00:00
Offensive Security	52cf6a3185	DB: 2016-07-07 ... 9 new exploits CIMA DocuClass ECM - Multiple Vulnerabilities 24online SMS_2500i 8.3.6 build 9.0 - SQL Injection Linux 64bit Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) - 176 bytes Advanced Webhost Billing System (AWBS) 2.9.6 - Multiple Vulnerabilities PaKnPost Pro 1.14 - Multiple Vulnerabilities GNU Wget < 1.18 - Arbitrary File Upload/Remote Code Execution OpenFire 3.10.2 - 4.0.1 - Multiple Vulnerabilities Samsung Android JACK - Privilege Escalation Nagios XI Chained Remote Code Execution	2016-07-07 05:06:28 +00:00
Offensive Security	49a443eece	DB: 2016-07-06	2016-07-06 05:02:46 +00:00
Offensive Security	b530dd470e	DB: 2016-07-05 ... 8 new exploits BigDump - (Cross Site Scripting/SQL Injection/Arbitrary File Upload) Multiple Vulnerabilities BigDump 0.29b and 0.32b - Multiple Vulnerabilities Linux - netfilter IPT_SO_SET_REPLACE Memory Corruption Linux Kernel 3.10_ 3.18 + 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption Debian Exim - Spool Local Root Privilege Escalation Ubuntu 16.04 local root exploit - netfilter target_offset OOB Linux Kernel 4.4.0-2 (Ubuntu 16.04) - netfilter target_offset OOB Local Root Exploit XpoLog Center 6 - Remote Command Execution CSRF Ktools Photostore 4.7.5 - Multiple Vulnerabilities Linux 64bit NetCat Bind Shell Shellcode - 64 bytes WordPress Real3D FlipBook Plugin - Multiple Vulnerabilities Linux x86 TCP Bind Shell Port 4444 - 98 bytes WebCalendar 1.2.7 - Multiple Vulnerabilities eCardMAX 10.5 - Multiple Vulnerabilities	2016-07-05 05:06:28 +00:00
Offensive Security	aeca36b114	DB: 2016-07-04 ... 1 new exploits Ubuntu 16.04 local root exploit - netfilter target_offset OOB	2016-07-04 05:05:27 +00:00
Offensive Security	58c236d738	DB: 2016-07-02 ... 1 new exploits Sudo 1.3.1 - 1.6.8p - Pathname Validation Local Root Exploit (OpenBSD) Sudo 1.3.1 - 1.6.8p (OpenBSD) - Pathname Validation Local Root Exploit Seattle Lab Software Emurl 2.0 Email Account Access Vulnerability Seattle Lab Software Emurl 2.0 - Email Account Access Vulnerability Phoenix Exploit Kit - Remote Code Execution	2016-07-02 05:02:45 +00:00
Offensive Security	0fddce018e	DB: 2016-07-01 ... 2 new exploits phpBookingCalendar <= 1.0c - (details_view.php) Remote SQL Injection TFT Gallery <= 0.10 - Password Disclosure Remote Exploit phpBookingCalendar 1.0c - (details_view.php) SQL Injection TFT Gallery 0.10 - Password Disclosure Remote Exploit Seattle Lab Mail 5.5 - POP3 Buffer Overflow Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow Ktools Photostore 4.7.5 - Blind SQL Injection Easy RM to MP3 Converter 2.7.3.700 - (.m3u) Exploit with Universal DEP+ASLR Bypass	2016-07-01 05:05:35 +00:00
Offensive Security	f74a7dfb7e	DB: 2016-06-30 ... 13 new exploits Symantec Antivirus - Multiple Remote Memory Corruption Unpacking RAR Symantec Antivirus - Remote Stack Buffer Overflow in dec2lha Library Symantec Antivirus - Heap Overflow Modifying MIME Messages Symantec Antivirus - Integer Overflow in TNEF Decoder Symantec Antivirus - Missing Bounds Checks in dec2zip ALPkOldFormatDecompressor::UnShrink Symantec Antivirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow Windows 7 SP1 x86 - Privilege Escalation (MS16-014) Lenovo ThinkPad - System Management Mode Arbitrary Code Execution Exploit Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities WordPress Ultimate Membership Pro Plugin 3.3 - SQL Injection Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution Ubiquiti Administration Portal - CSRF to Remote Command Execution Concrete5 5.7.3.1 - (Application::dispatch) Local File Inclusion	2016-06-30 05:05:39 +00:00
Offensive Security	94e65060ad	DB: 2016-06-29 ... 2 new exploits Linux x86_64 /etc/passwd File Sender Shellcode Untangle NGFW 12.1.0 beta - execEvil() Command Injection	2016-06-29 05:06:40 +00:00
Offensive Security	e9145685e4	DB: 2016-06-28 ... 14 new exploits Linux Netcat Reverse Shell - 32bit - 77 bytes XM Easy Personal FTP Server 5.8 - (HELP) Remote DoS Vulnerability Linux x86_64 execve Shellcode - 15 bytes WordPress Ultimate Product Catalog Plugin 3.8.6 - Arbitrary File Upload OPAC KpwinSQL - SQL Injection Magnet Networks Tesley CPVA 642 Router – Weak WPA-PSK Passphrase Algorithm Option CloudGate CG0192-11897 - Multiple Vulnerabilities Kagao 3.0 - Multiple Vulnerabilities Panda Security Multiple Products - Privilege Escalation MyLittleForum 2.3.5 - PHP Command Injection iBilling 3.7.0 - Stored and Reflected XSS PInfo 0.6.9-5.1 - Local Buffer Overflow BigTree CMS 4.2.11 - SQL Injection HNB 1.9.18-10 - Local Buffer Overflow Linux x86 /bin/sh Shellcode + ASLR Bruteforce SugarCRM 6.5.18 - PHP Code Injection Riverbed SteelCentral NetProfiler & NetExpress 10.8.7 - Multiple Vulnerabilities	2016-06-28 05:03:46 +00:00
Offensive Security	3739831fb2	DB: 2016-06-24 ... 16 new exploits Banner Exchange Script 1.0 - (targetid) Blind SQL Injection Vulnerability PHP 5.3.3 - ibase_gen_id() off-by-one Overflow Vulnerability ARM Bindshell port 0x1337 ARM Bind Connect UDP Port 68 ARM Loader Port 0x1337 ARM ifconfig eth0 and Assign Address ARM Bindshell port 0x1337 ARM Bind Connect UDP Port 68 ARM Loader Port 0x1337 ARM ifconfig eth0 and Assign Address G Data TotalCare 2011 - NtOpenKey Race Condition Vulnerability ImpressPages CMS 3.8 - Stored XSS Vulnerability Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Vulnerability Linux Netcat Reverse Shell - 32bit - 77 bytes PrestaShop 1.4.4.1 modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php Multiple Parameter XSS PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Parameter XSS Getsimple CMS 3.3.10 - Arbitrary File Upload op5 v7.1.9 Configuration Command Execution op5 7.1.9 - Configuration Command Execution Alibaba Clone B2B Script - Arbitrary File Disclosure XuezhuLi FileSharing - Directory Traversal XuezhuLi FileSharing - (Add User) CSRF FinderView - Multiple Vulnerabilities	2016-06-24 05:06:19 +00:00
Offensive Security	412cc0a204	DB: 2016-06-23 ... 4 new exploits Linux Kernel 2.4 - uselib() Privilege Elevation Exploit (2) Linux Kernel 2.4 - 'uselib()' Privilege Elevation Exploit (2) Linux Kernel 2.4.x / 2.6.x - uselib() Local Privilege Escalation Exploit (3) Linux Kernel 2.4.x / 2.6.x - 'uselib()' Local Privilege Escalation Exploit (3) Linux Kernel 2.6.23 <= 2.6.24 - vmsplice Local Root Exploit (1) Linux Kernel 2.6.23 <= 2.6.24 - 'vmsplice' Local Root Exploit (1) Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV Local Privilege Escalation Exploit (1) Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - < UDEV 1.4.1 Local Privilege Escalation Exploit (1) Linux Kernel 2.x - 'sock_sendpage()' Local Root Exploit (2) Linux Kernel 2.x - 'sock_sendpage()' Local Root Exploit (4) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' ring0 Root Exploit (3) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' ring0 Root Exploit (5) Linux Kernel 2.4 / 2.6 (Fedora 11) - 'sock_sendpage()' Local Root Exploit (4) Linux Kernel 2.4 / 2.6 (Fedora 11) - 'sock_sendpage()' Local Root Exploit (2) Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Local Root Exploit (5) Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Local Root Exploit (3) Linux Kernel 2.4.1-2.4.37 / 2.6.1-2.6.32-rc5 - Pipe.c Privilege Escalation (3) Linux Kernel 2.4.1-2.4.37 / 2.6.1-2.6.32-rc5 - 'Pipe.c' Privilege Escalation (3) Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation (1) Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation Exploit Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation Exploit (2) UNICOS 9/MAX 1.3/mk 1.5_AIX <= 4.2_libc <= 5.2.18_RedHat 4_IRIX 6_Slackware 3 NLS Vuln(1) UNICOS 9/MAX 1.3/mk 1.5_AIX <= 4.2_libc <= 5.2.18_RedHat 4_IRIX 6_Slackware 3 NLS Vuln(2) UNICOS 9/MAX 1.3/mk 1.5_AIX <= 4.2_libc <= 5.2.18_RedHat 4_IRIX 6_Slackware 3 NLS Vulnerability (1) UNICOS 9/MAX 1.3/mk 1.5_AIX <= 4.2_libc <= 5.2.18_RedHat 4_IRIX 6_Slackware 3 NLS Vulnerability (2) Linux Kernel 3.3 < 3.8 (Ubuntu/Fedora 18) - SOCK_DIAG Local Root Exploit (3) Linux Kernel 3.3 < 3.8 (Ubuntu / Fedora 18) - 'sock_diag_handlers()' Local Root Exploit (3) Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root (2) Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root (1) Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root (2) Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (MSF) Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (MSF) Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (Metasploit) Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (Metasploit) PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (MSF) PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit) Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (msf) Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit) Poison Ivy 2.1.x C2 Buffer Overflow (msf) Poison Ivy 2.1.x C2 Buffer Overflow (Metasploit) Bomgar Remote Support Unauthenticated Code Execution (msf) Bomgar Remote Support Unauthenticated Code Execution (Metasploit) Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (msf) Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (Metasploit) DarkComet Server Remote File Download Exploit (msf) DarkComet Server Remote File Download Exploit (Metasploit) PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit) Wolf CMS 0.8.2 - Arbitrary File Upload Exploit (Metasploit) Windows x86 ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode	2016-06-23 05:06:16 +00:00
Offensive Security	0fe9b46f79	DB: 2016-06-22 ... 14 new exploits Linux Kernel <= 2.4.22 - 'do_brk' Local Root Exploit (2) Linux Kernel <= 2.4.22 - 'do_brk()' Local Root Exploit (2) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap' Local Proof of Concept (1) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap' Local Proof of Concept (2) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (1) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (2) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit (3) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit (1) Linux Kernel <= 2.4.29-rc2 - uselib() Privilege Elevation Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Elevation (1) Linux Kernel 2.4 - uselib() Privilege Elevation Exploit Linux Kernel 2.4 - uselib() Privilege Elevation Exploit (2) Linux Kernel 2.4.x / 2.6.x - uselib() Local Privilege Escalation Exploit Linux Kernel 2.4.x / 2.6.x - uselib() Local Privilege Escalation Exploit (3) Linux Kernel 2.6.17 <= 2.6.24.1 - vmsplice Local Root Exploit Linux Kernel 2.6.23 <= 2.6.24 - vmsplice Local Root Exploit Linux Kernel 2.6.17 <= 2.6.24.1 - 'vmsplice' Local Root Exploit (2) Linux Kernel 2.6.23 <= 2.6.24 - vmsplice Local Root Exploit (1) Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV Local Privilege Escalation Exploit Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV Local Privilege Escalation Exploit (1) Linux Kernel 2.6 UDEV < 141 (Gentoo / Ubuntu 8.10/9.04) - Local Privilege Escalation Exploit Linux Kernel 2.6 (Gentoo / Ubuntu 8.10/9.04) - UDEV < 141 Local Privilege Escalation Exploit (2) Linux Kernel 2.x (Redhat) - sock_sendpage() Ring0 Local Root Exploit (1) Linux Kernel 2.x - sock_sendpage() Local Root Exploit (2) Linux Kernel 2.x (Redhat) - 'sock_sendpage()' Ring0 Local Root Exploit (1) Linux Kernel 2.x - 'sock_sendpage()' Local Root Exploit (2) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - sock_sendpage() ring0 Root Exploit (1) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' ring0 Root Exploit (3) Linux Kernel <= 2.6.30 - atalk_getname() 8-bytes Stack Disclosure Exploit Linux Kernel <= 2.6.30 - 'atalk_getname()' 8-bytes Stack Disclosure Exploit (1) Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit (1) Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit (2) Linux Kernel < 2.6.19 (x86/x64) - udp_sendmsg Local Root Exploit Linux Kernel < 2.6.19 (Debian 4) - udp_sendmsg Local Root Exploit Linux Kernel < 2.6.19 (x86/x64) - udp_sendmsg Local Root Exploit (2) Linux Kernel < 2.6.19 (Debian 4) - 'udp_sendmsg' Local Root Exploit (3) Linux Kernel 2.4 / 2.6 (Fedora 11) - sock_sendpage() Local Root Exploit (2) Linux Kernel 2.4 / 2.6 (Fedora 11) - 'sock_sendpage()' Local Root Exploit (4) Linux Kernel 2.4 / 2.6 - sock_sendpage() Local Root Exploit (3) Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Local Root Exploit (5) Linux Kernel 2.4.1-2.4.37 / 2.6.1-2.6.32-rc5 - Pipe.c Privilege Escalation Linux Kernel 2.4.1-2.4.37 / 2.6.1-2.6.32-rc5 - Pipe.c Privilege Escalation (3) Linux Kernel <= 2.6.32 - 'pipe.c' Local Privilege Escalation Vulnerability Linux Kernel <= 2.6.32 - 'pipe.c' Local Privilege Escalation Vulnerability (4) Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full Nelson' Local Privilege Escalation Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation Linux Kernel <= 2.6.37 - Local Kernel Denial of Service Linux Kernel <= 2.6.37 - Local Kernel Denial of Service (1) Linux Kernel < 2.6.37-rc2 - TCP_MAXSEG Kernel Panic DoS Linux Kernel < 2.6.37-rc2 - TCP_MAXSEG Kernel Panic DoS (2) Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - Econet Privilege Escalation Exploit Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation Exploit Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - Mempodipper Local Root (1) Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Local Root (1) Linux Kernel 2.0/2.1_ Digital UNIX <= 4.0 D_ FreeBSD <= 2.2.4_ HP HP-UX 10.20/11.0_ IBM AIX <= 3.2.5_ NetBSD 1.2_ Solaris <= 2.5.1 - Smurf Denial of Service Vulnerability Linux Kernel 2.0/2.1 (Digital UNIX <= 4.0 D / FreeBSD <= 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX <= 3.2.5 / NetBSD 1.2 / Solaris <= 2.5.1) - Smurf Denial of Service Vulnerability Linux Kernel <= 2.3_ BSD/OS <= 4.0_ FreeBSD <= 3.2_ NetBSD <= 1.4 - Shared Memory Denial of Service Vulnerability Linux Kernel <= 2.3 (BSD/OS <= 4.0 / FreeBSD <= 3.2 / NetBSD <= 1.4) - Shared Memory Denial of Service Vulnerability Linux Kernel 2.2.12/2.2.14/2.3.99_ RedHat 6.x - Socket Denial of Service Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1) Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2) Linux Kernel 2.2.x <= 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Local Root 'sendmail' Vulnerability (1) Linux Kernel 2.2.x <= 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2) Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86_64) - sock_diag_handlers[] Local Root Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86_64) - 'sock_diag_handlers[]' Local Root (1) Linux Kernel <= 3.7.10 (Ubuntu 12.10 x64) - sock_diag_handlers Local Root Exploit Linux Kernel <= 3.7.10 (Ubuntu 12.10 x64) - 'sock_diag_handlers' Local Root Exploit (2) Linux Kernel 2.6.x - SYS_EPoll_Wait Local Integer Overflow Local Root Vulnerability (1) Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow Local Root Vulnerability (1) Linux Kernel 2.6.32 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit Linux Kernel 2.6.32 <= 3.x.x (CentOS) - 'PERF_EVENTS' Local Root Exploit (1) Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit (2) Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat - Proof of Concept Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat - Proof of Concept (1) Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - Arbitrary Write with CONFIG_X86_X32 Exploit Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Local Root Exploit Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - Arbitrary Write with 'CONFIG_X86_X32' Exploit (2) Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Local Root Exploit (3) Linux Kernel 2.6.x - 'fput()' NULL Pointer Dereference Local Denial of Service Vulnerabilty Linux Kernel 3.3 < 3.8 (Ubuntu/Fedora 18) - SOCK_DIAG Local Root Exploit Linux Kernel 3.3 < 3.8 (Ubuntu/Fedora 18) - SOCK_DIAG Local Root Exploit (3) Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.(0_1_2) x64) - perf_swevent_init Local Root Exploit Linux Kernel 2.6.x - 'fasync_helper()' Local Privilege Escalation Vulnerability Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.0/1/2 x64) - perf_swevent_init Local Root Exploit (3) Linux Kernel < 2.6.28 - 'fasync_helper()' Local Privilege Escalation Vulnerability Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - Mempodipper Local Root (2) Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - 'Mempodipper.c' Local Root (2) Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root Shell Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Local Root Shell Linux Kernel <= 4.3.3 (Ubuntu 14.04/15.10) - overlayfs Local Root Exploit Linux Kernel <= 4.3.3 (Ubuntu 14.04/15.10) - 'overlayfs' Local Root Exploit (1) Linux Kernel <= 4.3.3 - overlayfs Local Privilege Escalation Linux Kernel <= 4.3.3 - 'overlayfs' Local Privilege Escalation (2) DarkComet Server Remote File Download Exploit (msf) Banshee 2.6.2 - .mp3 Crash PoC IonizeCMS 1.0.8 - (Add Admin) CSRF Yona CMS - (Add Admin) CSRF Joomla Publisher Pro (com_publisher) Component - SQL Injection Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap-Based Out-of-Bounds Reads/Memory Disclosure (MS16-074) Windows Kernel - ATMFD.DLL NamedEscape 0x250C Pool Corruption (MS16-074) Linux - ecryptfs and /proc/$pid/environ Privilege Escalation Windows - Custom Font Disable Policy Bypass Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063) SAP NetWeaver AS JAVA 7.1 - 7.5 - ctcprotocol Servlet XXE SAP NetWeaver AS JAVA 7.1 - 7.5 - Directory Traversal Radiant CMS 1.1.3 - Mutiple Persistent XSS Vulnerabilities YetiForce CRM < 3.1 - Persistent XSS	2016-06-22 05:06:31 +00:00
Offensive Security	da158cde92	DB: 2016-06-21 ... 11 new exploits Linux Kernel 2.2. / 2.4.x - /proc Filesystem Potential Information Disclosure Vulnerability Linux Kernel 2.2.x / 2.4.x - /proc Filesystem Potential Information Disclosure Vulnerability WordPress Ultimate Product Catalog Plugin 3.8.1 - Privilege Escalation Linux x86_64 execve Shellcode - 15 bytes sNews CMS 1.7.1 - Multiple Vulnerabilities Joomla BT Media (com_bt_media) Component - SQL Injection Premium SEO Pack 1.9.1.3 - wp_options Overwrite Windows XP - 10 - Download & Execute Shellcode Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (msf) Airia - (Add Content) CSRF Airia - Webshell Upload Exploit Symphony CMS 2.6.7 - Session Fixation ACROS Security 0patch 2016.05.19.539 - (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation	2016-06-21 05:03:48 +00:00
Offensive Security	a7daa4c3b6	DB: 2016-06-19	2016-06-19 05:05:20 +00:00
Offensive Security	929e1cb538	DB: 2016-06-18 ... 5 new exploits WordPress Gravity Forms Plugin 1.8.19 - Arbitrary File Upload Vicidial 2.11 - Scripts Stored XSS phpATM 1.32 - Remote Command Execution (Shell Upload) on Windows Servers phpATM 1.32 - Multiple Vulnerabilities op5 v7.1.9 Configuration Command Execution	2016-06-18 05:02:53 +00:00
Offensive Security	2815f48e25	DB: 2016-06-17 ... 12 new exploits Linux x86_64 - Reverse Shell Shellcode Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal Solarwinds Virtualization Manager - Privilege Escalation Blat 3.2.14 - Stack Overflow Linux/x86 - Bindshell with Configurable Port - 87 bytes Linux x86_64 Shellcode Null-Free Reverse TCP Shell Linux x86 TCP Bind Shell Port 4444 (656 bytes) Tiki-Wiki CMS Calendar 14.2_ 12.5 LTS_ 9.11 LTS_ and 6.15 - Remote Code Execution Linux/Windows/BSD x86_64 execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode ATCOM PBX IP01_ IP08 _ IP4G_ IP2G4A - Authentication Bypass Roxy Fileman 1.4.4 - Arbitrary File Upload SlimCMS 0.1 - CSRF (Change Admin Password)	2016-06-17 05:05:00 +00:00
Offensive Security	33dd246d8a	DB: 2016-06-16 ... 14 new exploits Ultrabenosaurus ChatBoard - Stored XSS Ultrabenosaurus ChatBoard - CSRF (Send Message) w2wiki - Multiple XSS Vulnerabilities Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities Dokeos 2.2.1 - Blind SQL Injection Joomla En Masse (com_enmasse) Component 5.1 - 6.4 - SQL Injection AdobeUpdateService 3.6.0.248 - Unquoted Service Path Privilege Escalation BookingWizz Booking System < 5.5 - Multiple Vulnerabilities jbFileManager - Directory Traversal PHPLive 4.4.8 - 4.5.4 - Password Recovery SQL Injection Bomgar Remote Support Unauthenticated Code Execution (msf) Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (1) Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (2) Google Chrome - GPU Process MailboxManagerImpl Double-Read	2016-06-16 05:02:53 +00:00
Offensive Security	6c005f3b2b	DB: 2016-06-15 ... 3 new exploits Easy RM to MP3 Converter 2.7.3.700 - (.m3u) Exploit with Universal DEP+ASLR Bypass Apache Continuum Arbitrary Command Execution WordPress Social Stream Plugin 1.5.15 - wp_options Overwrite Oracle Orakill.exe 11.2.0 - Buffer Overflow	2016-06-15 05:06:23 +00:00
Offensive Security	264d15855e	DB: 2016-06-14 ... 14 new exploits FRticket Ticket System - Stored XSS Viart Shopping Cart 5.0 - CSRF Shell Upload Easy RM to MP3 Converter 2.7.3.700 - (.m3u) Exploit with Universal DEP+ASLR Bypass Dream Gallery 2.0 - Admin Panel Authentication Bypass Grid Gallery 1.0 - Admin Panel Authentication Bypass Joomla PayPlans (com_payplans) Extension 3.3.6 - SQL Injection Zabbix 2.2 - 3.0.3 - RCE with API JSON-RPC iSQL 1.0 - Shell Command Injection iSQL 1.0 - isql_main.c Buffer Overflow PoC Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap-Based Memory Corruption Foxit PDF Reader 1.0.1.0925 - CPDF_DIBSource::TranslateScanline24bpp Out-of-Bounds Read Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator= Invalid Read Foxit PDF Reader 1.0.1.0925 -kdu_core::kdu_codestream::get_subsampling Memory Corruption Foxit PDF Reader 1.0.1.0925 - CFX_BaseSegmentedArray::IterateIndex Memory Corruption	2016-06-14 05:03:54 +00:00
Offensive Security	076ef173f9	DB: 2016-06-11 ... 23 new exploits Poison Ivy 2.1.x C2 Buffer Overflow (msf) Matrix42 Remote Control Host 3.20.0031 - Unquoted Path Privilege Escalation Dell OpenManage Server Administrator 8.3 - XML External Entity Exploit Mobiketa 1.0 - CSRF Add Admin Exploit miniMySQLAdmin 1.1.3 - CSRF Execute SQL Query phpMyFAQ 2.9.0 - Stored XSS Windows x86 system(_systeminfo_) Shellcode Armadito Antimalware - Backdoor/Bypass Riot Games League of Legends - Insecure File Permissions Privilege Escalation IPFire proxy.cgi RCE IPFire Bash Environment Variable Injection (Shellshock) Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution OS X Kernel - Exploitable NULL Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Android - /system/bin/sdcard Stack Buffer Overflow OS X Kernel - Exploitable NULL Pointer Dereference in AppleMuxControl.kext OS X Kernel - Exploitable NULL Pointer Dereference in AppleGraphicsDeviceControl OS X Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource OS X Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value OS X Kernel - Exploitable NULL Pointer Dereference in IOAudioEngine OS X Kernel - OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type OS X Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2 OS X/iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient OS X Kernel - Stack Buffer Overflow in GeForce GPU Driver	2016-06-11 05:06:22 +00:00
Offensive Security	4bc4dc0218	DB: 2016-06-10 ... 1 new exploits Microsoft Word (Win/Mac) - Crash PoC	2016-06-10 05:06:43 +00:00
Offensive Security	74f927013e	DB: 2016-06-09 ... 1 new exploits Drale DBTableViewer 100123 - Blind SQL Injection	2016-06-09 05:02:54 +00:00
Offensive Security	858079a4fe	DB: 2016-06-08 ... 5 new exploits Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root (2) Windows x86 WinExec(_cmd.exe__0) Shellcode Linux x86 /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) League of Legends Screensaver - Unquoted Service Path Privilege Escalation League of Legends Screensaver - Insecure File Permissions Privilege Escalation Cisco EPC 3928 - Multiple Vulnerabilities	2016-06-08 05:05:38 +00:00
Offensive Security	62962d90b0	DB: 2016-06-07 ... 16 new exploits Linux Kernel < 2.6.34 (Ubuntu 11.10 x86 & x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2) Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2) Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit) Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit) Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root WordPress Simple Backup Plugin 2.7.11 - Multiple Vulnerabilities Dream Gallery 1.0 - CSRF Add Admin Exploit Apache Continuum 1.4.2 - Multiple Vulnerabilities Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - ShellShock Exploit Valve Steam 3.42.16.13 - Local Privilege Escalation ArticleSetup 1.00 - CSRF Change Admin Password Electroweb Online Examination System 1.0 - SQL Injection WordPress WP Mobile Detector Plugin 3.5 - Arbitrary File Upload WordPress Creative Multi-Purpose Theme 9.1.3 - Stored XSS WordPress WP PRO Advertising System Plugin 4.6.18 - SQL Injection WordPress Newspaper Theme 6.7.1 - Privilege Escalation WordPress Uncode Theme 1.3.1 - Arbitrary File Upload WordPress Double Opt-In for Download Plugin 2.0.9 - SQL Injection Notilus Travel Solution Software 2012 R3 - SQL Injection rConfig 3.1.1 - Local File Inclusion Nagios XI 5.2.7 - Multiple Vulnerabilities	2016-06-07 05:07:41 +00:00
Offensive Security	2808c59ead	DB: 2016-06-04	2016-06-04 05:06:24 +00:00
Offensive Security	2dba371921	DB: 2016-06-03 ... 4 new exploits Linux Kernel 2.4 / 2.6 x86-64 - System Call Emulation Exploit Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Exploit Linux Kernel 2.6.x (<= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10) (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Linux Kernel 2.6.x (<= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10) (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10) (x86-64) - set_selection() UTF-8 Off By One Local Exploit Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6) - (32-bit) ip_append_data() ring0 Root Exploit Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit Linux Kernel < 2.6.36-rc4-git2 - x86_64 ia32syscall Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (x86_64) (Redhat) - compat Local Root Exploit Linux Kernel < 2.6.36-rc4-git2 (x86_64) - ia32syscall Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (Redhat x86_64) - compat Local Root Exploit Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 11.10) - Local Privilege Escalation Exploit (2) Linux Kernel < 2.6.34 (Ubuntu 11.10 x86 & x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2) Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) (Gentoo / Ubuntu) - Mempodipper Local Root (1) Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - Mempodipper Local Root (1) Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86-64) - sock_diag_handlers[] Local Root Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86_64) - sock_diag_handlers[] Local Root Linux Kernel <= 3.7.10 (Ubuntu 12.10) (64-Bit) - sock_diag_handlers Local Root Exploit Linux Kernel <= 3.7.10 (Ubuntu 12.10 x64) - sock_diag_handlers Local Root Exploit Linux Kernel < 3.8.9 - x86_64 perf_swevent_init Local Root Exploit Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit Linux Kernel <= 3.7.6 (Redhat) (32bit/64bit) - 'MSR' Driver Local Privilege Escalation Linux Kernel <= 3.7.6 (Redhat x86/x64) - 'MSR' Driver Local Privilege Escalation Systrace 1.x (64-Bit) - Aware Linux Kernel Privilege Escalation Vulnerability Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation Vulnerability Linux Kernel 2.6.x - (64 bit) Personality Handling Local Denial of Service Vulnerability Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service Vulnerability Linux Kernel < 3.2.0-23 (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - ptrace/sysret Local Privilege Escalation Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) - Mempodipper Local Root (2) Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - Mempodipper Local Root (2) Joomla SecurityCheck Extension 2.8.9 - Multiple Vulnerabilities Liferay CE < 6.2 CE GA6 - Stored XSS Relay Ajax Directory Manager relayb01-071706_ 1.5.1_ 1.5.3 - Unauthenticated File Upload Websockify (C Implementation) 0.8.0 - Buffer Overflow	2016-06-03 05:02:50 +00:00
Offensive Security	3a855523ef	DB: 2016-06-02 ... 2 new exploits GeekLog 2.x ImageImageMagick.php Remote File Inclusion Vulnerability GeekLog 2.x - ImageImageMagick.php Remote File Inclusion Vulnerability ImageMagick 6.x PNM Image Decoding Remote Buffer Overflow Vulnerability ImageMagick 6.x - .PNM Image Decoding Remote Buffer Overflow Vulnerability ImageMagick 6.x SGI Image File Remote Heap Buffer Overflow Vulnerability ImageMagick 6.x - .SGI Image File Remote Heap Buffer Overflow Vulnerability ImageMagick < 6.9.3-9 - Multiple Vulnerabilities ImageMagick <= 6.9.3-9 / <= 7.0.1-0 - Multiple Vulnerabilities (ImageTragick) ImageMagick Delegate Arbitrary Command Execution ImageMagick <= 6.9.3-9 / <= 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities Wireshark - erf_meta_read_tag SIGSEGV	2016-06-02 05:03:04 +00:00
Offensive Security	8164665ff7	DB: 2016-06-01 ... 6 new exploits FlatPress 1.0.3 - CSRF Arbitrary File Upload AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities ProcessMaker 3.0.1.7 - Multiple vulnerabilities CCextractor 0.80 - Crash PoC Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (msf) TCPDump 4.5.1 - Crash PoC	2016-06-01 05:01:50 +00:00
Offensive Security	22d168d0bc	DB: 2016-05-31 ... 3 new exploits MySQL 5.5.45 - procedure analyse Function Denial of Service Open Source Real Estate Script 3.6.0 - SQL Injection Linux x86_64 XOR Encode execve Shellcode	2016-05-31 05:03:26 +00:00
Offensive Security	ab85a62fd6	DB: 2016-05-28 ... 1 new exploits PHP Realestate Script Script 4.9.0 - SQL Injection	2016-05-28 05:05:01 +00:00