13 changes to exploits/shellcodes
ipPulse 1.92 - 'Enter Key' Denial of Service (PoC)
Centova Cast 3.2.12 - Denial of Service (PoC)
scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC)
XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service
BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path
Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation
DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable'
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
Apache Httpd mod_rewrite - Open Redirects
WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
8 changes to exploits/shellcodes
iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)
_GCafé 3.0 - 'gbClienService' Unquoted Service Path
Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path
XML Notepad 2.8.0.4 - XML External Entity Injection
10 changes to exploits/shellcodes
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit_ DEP Bypass)
freeFTP 1.0.8 - Remote Buffer Overflow
freeFTP 1.0.8 - 'PASS' Remote Buffer Overflow
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
TP-Link TL-WR1043ND 2 - Authentication Bypass
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
3 changes to exploits/shellcodes
Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service (PoC)
XNU - Remote Double-Free via Data Race in IPComp Input Path
DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow (DEP Bypass)
7 changes to exploits/shellcodes
DeviceViewer 3.12.0.1 - 'creating user' Denial of Service
Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds
Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow
File Sharing Wizard 1.5.0 - POST SEH Overflow
Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)
Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
2 changes to exploits/shellcodes
Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts
Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts
23 changes to exploits/shellcodes
NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String
Adobe Acrobat CoolType (AFDKO) - Memory Corruption in the Handling of Type 1 Font load/store Operators
Adobe Acrobat CoolType (AFDKO) - Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts
Microsoft Font Subsetting - DLL Returning a Dangling Pointer via MergeFontPackage
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in GetGlyphIdx
Microsoft Font Subsetting - DLL Double Free in MergeFormat12Cmap / MakeFormat12MergedGlyphList
Microsoft Font Subsetting - DLL Heap Corruption in FixSbitSubTables
Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure
Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure
Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1
Adobe Acrobat Reader DC for Windows - Heap-Based Out-of-Bounds read due to Malformed JP2 Stream
Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow While Processing Malformed PDF
Adobe Acrobat Reader DC for Windows - Static Buffer Overflow due to Malformed Font Stream
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed Font Stream
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow in CoolType.dll
Adobe Acrobat Reader DC for Windows - Heap-Based Memory Corruption due to Malformed TTF Font
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream
Adobe Acrobat Reader DC for Windows - free() of Uninitialized Pointer due to Malformed JBIG2Globals Stream
Adobe Acrobat Reader DC for Windows - Double Free due to Malformed JP2 Stream
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities
10 changes to exploits/shellcodes
Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH)
Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)
PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
CentOS Control Web Panel 0.9.8.836 - Privilege Escalation
CentOS Control Web Panel 0.9.8.838 - User Enumeration
20 changes to exploits/shellcodes
Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes
Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes
Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar
Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Unbounded iFD
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator
Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index
Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table
Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Empty ROS Strings
7 changes to exploits/shellcodes
Free SMTP Server 2.5 - Denial of Service (PoC)
Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)
pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
9 changes to exploits/shellcodes
Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)
Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)
Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)
Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)
Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC
9 changes to exploits/shellcodes
Selfie Studio 2.17 - 'Resize Image' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service (PoC)
PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)
Sales ERP 8.1 - Multiple SQL Injection
D-Link DWL-2600AP - Multiple OS Command Injection
Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection
PasteShr 1.6 - Multiple SQL Injection
12 changes to exploits/shellcodes
jetCast Server 2.0 - Denial of Service (PoC)
SpotIM 2.2 - Denial of Service (PoC)
SpotPaltalk 1.1.5 - Denial of Service (PoC)
ASPRunner.NET 10.1 - Denial of Service (PoC)
PHPRunner 10.1 - Denial of Service (PoC)
TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
dotCMS 5.1.1 - HTML Injection
RICOH SP 4510DN Printer - HTML Injection
RICOH SP 4520DN Printer - HTML Injection
CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection
4 changes to exploits/shellcodes
Lyric Video Creator 2.1 - '.mp3' Denial of Service (PoC)
Lyric Maker 2.0.1.0 - Denial of Service (PoC)
Convert Video jetAudio 8.1.7 - Denial of Service (PoC)
Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
4 changes to exploits/shellcodes
NSauditor 3.1.2.0 - 'Community' Denial of Service (PoC)
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)
systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting
5 changes to exploits/shellcodes
ASUS HG100 - Denial of Service
DHCP Server 2.5.2 - Denial of Service (PoC)
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID
MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow
