exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	c3e827f657	DB: 2020-04-17 8 changes to exploits/shellcodes VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit) TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit) Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit) ThinkPHP - Multiple PHP Injection RCEs (Metasploit) Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit) PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit) DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit) Apache Solr - Remote Code Execution via Velocity Template (Metasploit)	2020-04-17 05:01:48 +00:00
Offensive Security	19615ff704	DB: 2020-04-01 7 changes to exploits/shellcodes FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC) Redis - Replication Code Execution (Metasploit) IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit) DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit) SharePoint Workflows - XOML Injection (Metasploit) Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection	2020-04-01 05:01:47 +00:00
Offensive Security	b84d953124	DB: 2020-03-24 10 changes to exploits/shellcodes ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC) Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC) CyberArk PSMP 10.9.1 - Policy Restriction Bypass PHPMailer < 5.2.18 - Remote Code Execution (Bash) FIBARO System Home Center 5.021 - Remote File Include rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes) Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)	2020-03-24 05:01:50 +00:00
Offensive Security	26b38131c0	DB: 2020-03-20 1 changes to exploits/shellcodes Broadcom Wi-Fi Devices - 'KR00K Information Disclosure	2020-03-20 05:01:50 +00:00
Offensive Security	20e5ee2e94	DB: 2020-03-18 2 changes to exploits/shellcodes Rconfig 3.x - Chained Remote Code Execution (Metasploit) ManageEngine Desktop Central - Java Deserialization (Metasploit)	2020-03-18 05:01:50 +00:00
Offensive Security	4df22c7404	DB: 2020-03-10 13 changes to exploits/shellcodes Microsoft Windows - 'WizardOpium' Local Privilege Escalation OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit) Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit) PHP-FPM - Underflow Remote Code Execution (Metasploit) Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit) Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit) Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit) ManageEngine ServiceDesk Plus 9.3 - User Enumeration 60CycleCMS - 'news.php' SQL Injection Sahi pro 8.x - Directory Traversal Sentrifugo HRMS 3.2 - 'id' SQL Injection	2020-03-10 05:01:44 +00:00
Offensive Security	7531fa6a21	DB: 2020-03-06 3 changes to exploits/shellcodes Exchange Control Panel - Viewstate Deserialization (Metasploit) EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit) netkit-telnet-0.17 telnetd (Fedora 31) - 'BraveStarr' Remote Code Execution	2020-03-06 05:01:47 +00:00
Offensive Security	fcc50f8a35	DB: 2020-01-02 5 changes to exploits/shellcodes Microsoft Windows .Group File - Code Execution nostromo 1.9.6 - Remote Code Execution Shopping Portal ProVersion 3.0 - Authentication Bypass IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal Hospital Management System 4.0 - Authentication Bypass	2020-01-02 05:01:56 +00:00
Offensive Security	cacee46726	DB: 2019-11-21 11 changes to exploits/shellcodes Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Xorg X11 Server - Local Privilege Escalation (Metasploit) FusionPBX - Operator Panel exec.php Command Execution (Metasploit) FreeSWITCH - Event Socket Command Execution (Metasploit) Bludit - Directory Traversal Image File Upload (Metasploit) Pulse Secure VPN - Arbitrary Command Execution (Metasploit) OpenNetAdmin 18.1.1 - Remote Code Execution	2019-11-21 05:01:49 +00:00
Offensive Security	47d2a76f4f	DB: 2019-11-02 7 changes to exploits/shellcodes OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path Nostromo - Directory Traversal Remote Command Execution (Metasploit) TheJshen contentManagementSystem 1.04 - 'id' SQL Injection ownCloud 10.3.0 stable - Cross-Site Request Forgery Apache Solr 8.2.0 - Remote Code Execution	2019-11-02 05:01:41 +00:00
Offensive Security	a464ad083a	DB: 2019-10-23 5 changes to exploits/shellcodes winrar 5.80 - XML External Entity Injection Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit) Moxa EDR-810 - Command Injection / Information Disclosure Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)	2019-10-23 05:01:41 +00:00
Offensive Security	21c1b71372	DB: 2019-10-01 6 changes to exploits/shellcodes GoAhead 2.5.0 - Host Header Injection Cisco Small Business 220 Series - Multiple Vulnerabilities vBulletin 5.x - Remote Command Execution (Metasploit) phpIPAM 1.4 - SQL Injection thesystem 1.0 - Cross-Site Scripting TheSystem 1.0 - Command Injection	2019-10-01 05:01:46 +00:00
Offensive Security	ad97ff4198	DB: 2019-09-07 3 changes to exploits/shellcodes SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2) Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3) SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution FusionPBX 4.4.8 - Remote Code Execution Inventory Webapp - 'itemquery' SQL injection Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)	2019-09-07 05:02:21 +00:00
Offensive Security	6852d5abf3	DB: 2019-08-29 5 changes to exploits/shellcodes Outlook Password Recovery 2.10 - Denial of Service Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection Jobberbase 2.0 CMS - 'jobs-in' SQL Injection WordPress Plugin GoURL.io < 1.4.14 - File Upload	2019-08-29 05:02:22 +00:00
Offensive Security	803c63574c	DB: 2019-08-22 2 changes to exploits/shellcodes LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit) Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)	2019-08-22 05:02:30 +00:00
Offensive Security	a32e028b88	DB: 2019-08-13 17 changes to exploits/shellcodes VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow Linux - Use-After-Free Reads in show_numa_stats() WebKit - UXSS via XSLT and Nested Document Replacements Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit) ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit) ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit) Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit) BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting Cisco Adaptive Security Appliance - Path Traversal (Metasploit) UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion osTicket 1.12 - Persistent Cross-Site Scripting via File Upload osTicket 1.12 - Formula Injection osTicket 1.12 - Persistent Cross-Site Scripting Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)	2019-08-13 05:02:31 +00:00
Offensive Security	d1ba848ff5	DB: 2019-08-06 4 changes to exploits/shellcodes macOS iMessage - Heap Overflow when Deserializing Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit) ARMBot Botnet - Arbitrary Code Execution	2019-08-06 05:02:23 +00:00
Offensive Security	f529fc0415	DB: 2019-07-25 5 changes to exploits/shellcodes Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read Trend Micro Deep Discovery Inspector IDS - Security Bypass NoviSmart CMS - SQL injection Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions	2019-07-25 05:02:07 +00:00
Offensive Security	978c16266a	DB: 2019-07-13 9 changes to exploits/shellcodes Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation Xymon 4.3.25 - useradm Command Execution (Metasploit) Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting Sahi Pro 8.0.0 - Remote Command Execution Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)	2019-07-13 05:02:17 +00:00
Offensive Security	a90736625a	DB: 2019-06-26 7 changes to exploits/shellcodes SuperDoctor5 - 'NRPE' Remote Code Execution SAPIDO RB-1732 - Remote Command Execution Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution AZADMIN CMS 1.0 - SQL Injection BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting	2019-06-26 05:01:53 +00:00
Offensive Security	5a4d21a1cf	DB: 2019-05-09 9 changes to exploits/shellcodes jetAudio 8.1.7.20702 Basic - 'Enter URL' Denial of Service (PoC) MiniFtp - 'parseconf_load_setting' Buffer Overflow Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE) Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit) PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit) Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit) NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass Linux/x86 - execve /bin/sh Shellcode (20 bytes)	2019-05-09 05:02:02 +00:00
Offensive Security	64a6267162	DB: 2019-04-25 4 changes to exploits/shellcodes VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation Google Chrome 72.0.3626.121 / 74.0.3725.0 - 'NewFixedDoubleArray' Integer Overflow Linux/x86 - Rabbit Shellcode Crypter (200 bytes)	2019-04-25 05:02:05 +00:00
Offensive Security	56498e7891	DB: 2019-04-23 10 changes to exploits/shellcodes Ease Audio Converter 5.30 - '.mp4' Denial of Service (PoC) QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC) LabF nfsAxe 3.7 Ping Client - 'Host IP' Buffer Overflow (Direct Ret) ManageEngine Applications Manager 14.0 - Authentication Bypass / Remote Command Execution (Metasploit) WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery / Local File Inclusion 74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User) Msvod 10 - Cross-Site Request Forgery (Change User Information) UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes)	2019-04-23 05:02:04 +00:00
Offensive Security	aaf10d8566	DB: 2019-04-20 4 changes to exploits/shellcodes SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit) Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit) Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection	2019-04-20 05:01:59 +00:00
Offensive Security	be8aa5121b	DB: 2019-04-10 7 changes to exploits/shellcodes Microsoft Windows - AppX Deployment Service Privilege Escalation PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow Apache Axis 1.4 - Remote Code Execution Ashop Shopping Cart Software - 'bannedcustomers.php?blacklistitemid' SQL Injection Linux/x64 - XANAX Encoder Shellcode (127 bytes) Linux/x64 - XANAX Decoder Shellcode (127 bytes)	2019-04-10 05:02:03 +00:00
Offensive Security	23f668ca8d	DB: 2019-04-09 14 changes to exploits/shellcodes FlexHEX 2.71 - SEH Buffer Overflow (Unicode) AllPlayer 7.4 - SEH Buffer Overflow (Unicode) River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation QNAP Netatalk < 3.1.12 - Authentication Bypass Jobgator - 'experience' SQL Injection Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities SaLICru -SLC-20-cube3(5) - HTML Injection CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting Tradebox CryptoCurrency - 'symbol' SQL Injection WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass ManageEngine ServiceDesk Plus 9.3 - User Enumeration	2019-04-09 05:02:03 +00:00
Offensive Security	9d7b2f64d5	DB: 2019-04-04 18 changes to exploits/shellcodes Canarytokens 2019-03-01 - Detection Bypass SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion) WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free WebKitGTK+ - 'ThreadedCompositor' Race Condition Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion AIDA64 Business 5.99.4900 - SEH Buffer Overflow (EggHunter) AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow AIDA64 Extreme / Engineer / Network Audit 5.99.4900 - SEH Buffer Overflow (EggHunter) TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit) PhreeBooks ERP 5.2.3 - Remote Command Execution Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit) iScripts ReserveLogic - SQL Injection Clinic Pro v4 - 'month' SQL Injection Ashop Shopping Cart Software - SQL Injection PhreeBooks ERP 5.2.3 - Arbitrary File Upload	2019-04-04 05:02:18 +00:00
Offensive Security	e4e3f1c741	DB: 2019-03-29 15 changes to exploits/shellcodes Microsoft Visio 2016 16.0.4738.1000 - 'Log in accounts' Denial of Service gnutls 3.6.6 - 'verify_crt()' Use-After-Free Microsoft Windows Task Scheduler (Windows XP/2000) - '.job' (MS04-022) Microsoft Windows Task Scheduler (XP/2000) - '.job' (MS04-022) Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (1) Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (2) Multiple Vendor BIOS - Keyboard Buffer Password Persistence (1) Multiple Vendor BIOS - Keyboard Buffer Password Persistence (2) NXP Semiconductors MIFARE Classic Smartcard - Multiple Security Weaknesses NXP Semiconductors MIFARE Classic Smartcard - Multiple Vulnerabilities Accellion Secure File Transfer Appliance - Multiple Command Restriction Weakness Privilege Escalations Accellion Secure File Transfer Appliance - Multiple Command Restriction / Privilege Escalations EncFS 1.6.0 - Flawed CBC/CFB Cryptography Implementation Weaknesses EncFS 1.6.0 - Flawed CBC/CFB Cryptography Implementation PonyOS 3.0 - VFS Permissions PonyOS 3.0 - ELF Loader Privilege Escalation PonyOS 3.0 - TTY 'ioctl()' Kernel Local Privilege Escalation Linux Kernel (PonyOS 3.0) - VFS Permissions Local Privilege Escalation Linux Kernel (PonyOS 3.0) - ELF Loader Local Privilege Escalation Linux Kernel (PonyOS 3.0) - TTY 'ioctl()' Local Privilege Escalation PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Kernel Privilege Escalation Linux Kernel (PonyOS 4.0) - 'fluttershy' LD_LIBRARY_PATH Local Privilege Escalation Microsoft Windows Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017) Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039) Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS17-017) Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS16-039) Microsoft Windows MSHTML Engine - _Edit_ Remote Code Execution Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter) Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Linux Kernel 2.2 - TCP/IP Spoof IP Microsoft Windows Media Encoder (Windows XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) Microsoft Windows Media Encoder (XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass Weakness (1) Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass Weakness (2) Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (1) Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (2) Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation Weakness (1) Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation Weakness (2) Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation (1) Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation (2) PHP 5.2.6 - 'create_function()' Code Injection Weakness (2) PHP 5.2.6 - 'create_function()' Code Injection Weakness (1) PHP 5.2.6 - 'create_function()' Code Injection (2) PHP 5.2.6 - 'create_function()' Code Injection (1) GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness (1) GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness (2) GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy (1) GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy (2) WebKit - Insufficient Entropy Random Number Generator Weakness (1) WebKit - Insufficient Entropy Random Number Generator Weakness (2) WebKit - Insufficient Entropy Random Number Generator (1) WebKit - Insufficient Entropy Random Number Generator (2) SonicWALL - SessId Cookie Brute Force Weakness Admin Session Hijacking SonicWALL - 'SessId' Cookie Brute Force / Admin Session Hijacking Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit) elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit) Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit) Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit) CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit) Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit) Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure Weakness (1) Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure Weakness (2) Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (1) Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (2) LemonLDAP:NG 0.9.3.1 - User Enumeration Weakness / Cross-Site Scripting LemonLDAP:NG 0.9.3.1 - User Enumeration / Cross-Site Scripting Novell Teaming 1.0 - User Enumeration Weakness / Multiple Cross-Site Scripting Vulnerabilities Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities MotoCMS - admin/data/users.xml Access Restriction Weakness Information Disclosure MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure Coppermine Gallery < 1.5.44 - Directory Traversal Weaknesses Coppermine Gallery < 1.5.44 - Directory Traversal Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change Tenda W308R v2 Wireless Router 5.07.48 - (Cookie Session) Remote DNS Change Cobub Razor 0.8.0 - Physical path Leakage Cobub Razor 0.8.0 - Physical Path Leakage Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion Airbnb Clone Script - Multiple SQL Injection Fat Free CRM 0.19.0 - HTML Injection WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion i-doit 1.12 - 'qr.php' Cross-Site Scripting Job Portal 3.1 - 'job_submit' SQL Injection BigTree 4.3.4 CMS - Multiple SQL Injection Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection	2019-03-29 05:01:59 +00:00
Offensive Security	2a394cba09	DB: 2019-03-19 4 changes to exploits/shellcodes WinMPG Video Convert 9.3.5 - Denial of Service WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 - Denial of Service BMC Patrol Agent - Privilege Escalation Code Execution Execution (Metasploit) TheCarProject v2 - Multiple SQL Injection	2019-03-19 05:01:56 +00:00
Offensive Security	b4e61d43c1	DB: 2019-03-15 6 changes to exploits/shellcodes Microsoft Windows - .reg File / Dialog Box Message Spoofing Microsoft Windows - '.reg' File / Dialog Box Message Spoofing FTPGetter Standard 5.97.0.177 - Remote Code Execution Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password) Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution	2019-03-15 05:01:51 +00:00
Offensive Security	790ba4b35e	DB: 2019-03-09 5 changes to exploits/shellcodes Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) phpBB 3.2.3 - Remote Code Execution OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting McAfee ePO 5.9.1 - Registered Executable Local Access Bypass DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery Linux/x86 - INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes)	2019-03-09 05:02:48 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	d622832ea0	DB: 2019-02-12 21 changes to exploits/shellcodes KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC) KnFTP 1.0.0 Server - Multiple Buffer Overflows (PoC) (SEH) Jzip - Buffer Overflow (Denial of Service) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC) STIMS Buffer 1.1.20 - Buffer Overflow (PoC) (SEH Overwrite) Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service) Zortam Mp3 Media Studio 20.15 - Overflow (PoC) (SEH) Netatalk 3.1.12 - Authentication Bypass (PoC) IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC) Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC) IP-Tools 2.50 - Local Buffer Overflow (PoC) Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite) FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC) FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite) Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC) Remote Process Explorer 1.0.0.16 - Buffer Overflow (PoC) (SEH Overwrite) AirDroid 4.2.1.6 - Denial of Service FutureDj Pro 1.7.2.0 - Denial of Service NordVPN 6.19.6 - Denial of Service (PoC) River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH) IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter) River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH) Evince - CBT File Command Injection (Metasploit) Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure Netatalk - Bypass Authentication Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit) NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit) Indusoft Web Studio 8.1 SP2 - Remote Code Execution Smoothwall Express 3.1-SP4 - Cross-Site Scripting Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset IPFire 2.21 - Cross-Site Scripting MyBB Bans List 1.0 - Cross-Site Scripting VA MAX 8.3.4 - Authenticated Remote Code Execution CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting Webiness Inventory 2.3 - 'email' SQL Injection	2019-02-12 05:01:49 +00:00
Offensive Security	40d3df51a4	DB: 2019-01-19 18 changes to exploits/shellcodes Watchr 1.1.0.0 - Denial of Service (PoC) One Search 1.1.0.0 - Denial of Service (PoC) Eco Search 1.0.2.0 - Denial of Service (PoC) 7 Tik 1.0.1.0 - Denial of Service (PoC) VPN Browser+ 1.1.0.0 - Denial of Service (PoC) FastTube 1.0.1.0 - Denial of Service (PoC) Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion Microsoft Edge Chakra - 'InitClass' Type Confusion Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free Webmin 1.900 - Remote Command Execution (Metasploit) SCP Client - Multiple Vulnerabilities (SSHtranger Things) SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion phpTransformer 2016.9 - SQL Injection phpTransformer 2016.9 - Directory Traversal Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload	2019-01-19 05:01:57 +00:00
Offensive Security	1b31850a46	DB: 2018-12-25 15 changes to exploits/shellcodes Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC) Google Chrome 70 - SQLite Magellan Crash (PoC) Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read Keybase keybase-redirector - '$PATH' Local Privilege Escalation Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC) Netatalk - Bypass Authentication Kubernetes - (Unauthenticated) Arbitrary Requests Kubernetes - (Authenticated) Arbitrary Requests WSTMart 2.0.8 - Cross-Site Scripting WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin) FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read PhpSpreadsheet < 1.5.0 - XML External Entity (XXE) Linux/x86 - Kill All Processes Shellcode (14 bytes)	2018-12-25 05:01:44 +00:00
Offensive Security	0275ca3128	DB: 2018-12-22 6 changes to exploits/shellcodes AnyBurn 4.3 - Local Buffer Overflow Denial of Service AnyBurn 4.3 - Local Buffer Overflow (PoC) Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service SQLScan 1.0 - Denial of Service (PoC) AnyBurn 4.3 - Local Buffer Overflow (SEH) Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read Netatalk < 3.1.12 - Authentication Bypass ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)	2018-12-22 05:01:56 +00:00
Offensive Security	1ddc5edd5d	DB: 2018-12-21 6 changes to exploits/shellcodes VBScript - VbsErase Reference Leak Use-After-Free VBScript - MSXML Execution Policy Bypass LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter) XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH) Erlang - Port Mapper Daemon Cookie RCE (Metasploit)	2018-12-21 05:01:52 +00:00
Offensive Security	62445895aa	DB: 2018-11-30 8 changes to exploits/shellcodes WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit) Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit) Mac OS X - libxpc MITM Privilege Escalation (Metasploit) PHP imap_open - Remote Code Execution (Metasploit) TeamCity Agent - XML-RPC Command Execution (Metasploit)	2018-11-30 05:01:41 +00:00
Offensive Security	268e737bb6	DB: 2018-11-16 21 changes to exploits/shellcodes Notepad3 1.0.2.350 - Denial of Service (PoC) PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / Disable Functions Bypass PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass PHP 5.2.4 ionCube - 'ioncube_read_file' Safe Mode / Disable Functions Bypass PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass PHP 5.x COM - Safe Mode / Disable Functions Bypass VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation Libuser - 'roothelper' Privilege Escalation (Metasploit) Libuser - 'roothelper' Local Privilege Escalation (Metasploit) Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit) Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit) Sun Solaris 11.3 AVS - Local Kernel root Exploit Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass Webkit (Safari) - Universal Cross-site Scripting Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting PHP < 5.6.2 - 'Shellshock' 'disable_functions()' Bypass Command Injection PHP < 5.6.2 - 'Shellshock' Safe Mode / Disable Functions Bypass / Command Injection PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' Disable Functions Bypass / Load Dynamic Library PHP Imagick 3.3.0 - disable_functions Bypass Imagick 3.3.0 (PHP 5.4) - Disable Functions Bypass Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin) PHP-Proxy 5.1.0 - Local File Inclusion BitZoom 1.0 - 'rollno' SQL Injection Net-Billetterie 2.9 - 'login' SQL Injection Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection EverSync 0.5 - Arbitrary File Download Meneame English Pligg 5.8 - 'search' SQL Injection Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Simple E-Document 1.31 - 'username' SQL Injection 2-Plan Team 1.0.4 - Arbitrary File Upload PHP Mass Mail 1.0 - Arbitrary File Upload Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting	2018-11-16 05:01:40 +00:00
Offensive Security	ef70ec156b	DB: 2018-10-31 22 changes to exploits/shellcodes ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC) SIPp 3.3.990 - Local Buffer Overflow (PoC) R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass) xorg-x11-server 1.20.3 - Privilege Escalation Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit) Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection Electricks eCommerce 1.0 - 'prodid' SQL Injection phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection Webiness Inventory 2.9 - Arbitrary File Upload NETGEAR WiFi Router R6120 - Credential Disclosure MyBB Downloads 2.0.3 - SQL Injection Expense Management 1.0 - Arbitrary File Upload University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin) Notes Manager 1.0 - Arbitrary File Upload Instagram Clone 1.0 - Arbitrary File Upload Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection CI User Login and Management 1.0 - Arbitrary File Upload Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)	2018-10-31 05:01:53 +00:00
Offensive Security	dac8dd4731	DB: 2018-10-25 15 changes to exploits/shellcodes Adult Filter 1.0 - Denial of Service (PoC) Microsoft Data Sharing - Local Privilege Escalation (PoC) Webmin 1.5 - Web Brute Force (CGI) exim 4.90 - Remote Code Execution School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection SG ERP 1.0 - 'info' SQL Injection Fifa Master XLS 2.3.2 - 'usw' SQL Injection Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Apache OFBiz 16.11.04 - XML External Entity Injection D-Link Routers - Command Injection D-Link Routers - Plaintext Password D-Link Routers - Directory Traversal Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes	2018-10-25 05:01:46 +00:00
Offensive Security	b311000a22	DB: 2018-10-09 16 changes to exploits/shellcodes net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC) net-snmp 5.7.3 - Authenticated Denial of Service (PoC) Linux - Kernel Pointer Leak via BPF Android - sdcardfs Changes current->fs Without Proper Locking 360 3.5.0.1033 - Sandbox Escape Git Submodule - Arbitrary Code Execution Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit) Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit) Cisco Prime Infrastructure - Unauthenticated Remote Code Execution Unitrends UEB - HTTP API Remote Code Execution (Metasploit) Navigate CMS - Unauthenticated Remote Code Execution (Metasploit) FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Imperva SecureSphere 13 - Remote Command Execution Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)	2018-10-09 05:01:44 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	87053f010c	DB: 2018-09-11 12 changes to exploits/shellcodes SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH) Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH) Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH) Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH) Any Sound Recorder 2.93 - Denial of Service (PoC) Zenmap (Nmap) 7.70 - Denial of Service (PoC) Ghostscript - Failed Restore Command Execution (Metasploit) VirtualBox 5.2.6.r120293 - VM Escape Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit) RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities RPi Cam Control < 6.3.14 - Multiple Vulnerabilities LW-N605R 12.20.2.1486 - Remote Code Execution RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution	2018-09-11 05:01:54 +00:00
Offensive Security	32f471140a	DB: 2018-09-06 18 changes to exploits/shellcodes Microsoft people 10.1807.2131.0 - Denial of service (PoC) GNU glibc < 2.27 - Local Buffer Overflow UltraISO 9.7.1.3519 - Buffer Overflow (SEH) JBoss 4.2.x/4.3.x - Information Disclosure Git < 2.17.1 - Remote Code Execution FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH) Monstra CMS 3.0.4 - Remote Code Execution OpenDaylight - SQL Injection Tenda ADSL Router D152 - Cross-Site Scripting Pivotal Spring Java Framework < 5.0 - Remote Code Execution	2018-09-06 05:01:55 +00:00
Offensive Security	18e2848633	DB: 2018-08-28 25 changes to exploits/shellcodes Firefox 55.0.3 - Denial of Service (PoC) Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC) Libpango 1.40.8 - Denial of Service (PoC) Adobe Flash - AVC Processing Out-of-Bounds Read Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP) CuteFTP 5.0 - Buffer Overflow Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit) OpenSSH 7.7 - Username Enumeration OpenSSH 2.3 < 7.7 - Username Enumeration Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) Node.JS - 'node-serialize' Remote Code Execution Electron WebPreferences - Remote Code Execution HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit) Auditor Website 2.0.1 - Cross-Site Scripting Basic B2B Script 2.0.0 - Cross-Site Scripting Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting Sentrifugo HRMS 3.2 - 'deptid' SQL Injection WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin) RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin) LiteCart 2.1.2 - Arbitrary File Upload Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection Responsive FileManager < 9.13.4 - Directory Traversal WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection	2018-08-28 05:01:59 +00:00
Offensive Security	addac3a875	DB: 2018-08-07 9 changes to exploits/shellcodes mySCADA myPRO 7 - Hard-Coded Credentials Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload Open-AudIT Community 2.2.6 - Cross-Site Scripting Subrion CMS 4.2.1 - Cross-Site Scripting LAMS < 3.1 - Cross-Site Scripting onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) CMS ISWEB 3.5.3 - Directory Traversal Monstra 3.0.4 - Cross-Site Scripting	2018-08-07 05:01:44 +00:00
Offensive Security	1f88d0a67a	DB: 2018-07-18 10 changes to exploits/shellcodes Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials QNAP Q'Center - change_passwd Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs RCE (Metasploit) Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)	2018-07-18 05:01:47 +00:00
Offensive Security	42f3759885	DB: 2018-05-21 6 changes to exploits/shellcodes Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass) mySCADA myPRO 7 - Hard-Coded Credentials D-Link DSL-3782 - Authentication Bypass Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection	2018-05-21 05:01:47 +00:00
Offensive Security	5aca1b9763	DB: 2018-05-18 8 changes to exploits/shellcodes Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall Libuser - roothelper Privilege Escalation (Metasploit) Libuser - 'roothelper' Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Jenkins CLI - HTTP Java Deserialization (Metasploit) Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit) NodAPS 4.0 - SQL injection / Cross-Site Request Forgery Intelbras NCLOUD 300 1.0 - Authentication bypass SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery	2018-05-18 05:01:49 +00:00

1 2

69 commits