Offensive Security
e2ed64fffa
DB: 2019-02-23
...
5 changes to exploits/shellcodes
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter
Nuuo Central Management - Authenticated SQL Server SQL Injection (Metasploit)
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution
Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation
Teracue ENC-400 - Command Injection / Missing Authentication
2019-02-23 05:01:55 +00:00
Offensive Security
cd868436ff
DB: 2019-02-19
...
25 changes to exploits/shellcodes
Realterm Serial Terminal 2.0.0.70 - Denial of Service
Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH)
NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process
mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers
qdPM 9.1 - 'type' Cross-Site Scripting
qdPM 9.1 - 'search[keywords]' Cross-Site Scripting
Master IP CAM 01 3.3.4.2103 - Remote Command Execution
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
CMSsite 1.0 - 'post' SQL Injection
M/Monit 3.7.2 - Privilege Escalation
Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
Apache CouchDB 2.3.0 - Cross-Site Scripting
ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting
Comodo Dome Firewall 2.7.0 - Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload
WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing
macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)
macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)
macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)
2019-02-19 05:02:08 +00:00
Offensive Security
d622832ea0
DB: 2019-02-12
...
21 changes to exploits/shellcodes
KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflows (PoC) (SEH)
Jzip - Buffer Overflow (Denial of Service) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)
STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC)
STIMS Buffer 1.1.20 - Buffer Overflow (PoC) (SEH Overwrite)
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service)
Zortam Mp3 Media Studio 20.15 - Overflow (PoC) (SEH)
Netatalk 3.1.12 - Authentication Bypass (PoC)
IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)
Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)
IP-Tools 2.50 - Local Buffer Overflow (PoC)
Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite)
FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC)
FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite)
Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC)
Remote Process Explorer 1.0.0.16 - Buffer Overflow (PoC) (SEH Overwrite)
AirDroid 4.2.1.6 - Denial of Service
FutureDj Pro 1.7.2.0 - Denial of Service
NordVPN 6.19.6 - Denial of Service (PoC)
River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH)
Evince - CBT File Command Injection (Metasploit)
Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure
Netatalk - Bypass Authentication
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit)
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
Smoothwall Express 3.1-SP4 - Cross-Site Scripting
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
IPFire 2.21 - Cross-Site Scripting
MyBB Bans List 1.0 - Cross-Site Scripting
VA MAX 8.3.4 - Authenticated Remote Code Execution
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting
Webiness Inventory 2.3 - 'email' SQL Injection
2019-02-12 05:01:49 +00:00
Offensive Security
e965ded980
DB: 2019-02-07
...
5 changes to exploits/shellcodes
Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
osCommerce 2.3.4.1 - 'currency' SQL Injection
osCommerce 2.3.4.1 - 'products_id' SQL Injection
osCommerce 2.3.4.1 - 'reviews_id' SQL Injection
2019-02-07 05:01:45 +00:00
Offensive Security
298b95e694
DB: 2019-02-05
...
10 changes to exploits/shellcodes
MyVideoConverter Pro 3.14 - Denial of Service
River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)
SpotAuditor 3.6.7 - Denial of Service (PoC)
TaskInfo 8.2.0.280 - Denial of Service (PoC)
Tiki Wiki 15.1 - File Upload
ResourceSpace 8.6 - 'watched_searches.php' SQL Injection
SuiteCRM 7.10.7 - 'parentTab' SQL Injection
SuiteCRM 7.10.7 - 'record' SQL Injection
Nessus 8.2.1 - Cross-Site Scripting
pfSense 2.4.4-p1 - Cross-Site Scripting
2019-02-05 05:01:41 +00:00
Offensive Security
68794471c9
DB: 2019-02-01
...
13 changes to exploits/shellcodes
Anyburn 4.3 - 'Convert image to file format' Denial of Service
Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC)
AMAC Address Change 5.4 - Denial of Service (PoC)
ASPRunner Professional 6.0.766 - Denial of Service (PoC)
FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC)
LanHelper 1.74 - Denial of Service (PoC)
macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File
macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass)
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) (DEP Bypass)
R 3.5.0 - Local Buffer Overflow (SEH)
UltraISO 9.7.1.3519 - 'Output FileName' Local Buffer Overflow (SEH)
2019-02-01 05:01:49 +00:00
Offensive Security
f700c5347d
DB: 2019-01-31
...
8 changes to exploits/shellcodes
Advanced File Manager 3.4.1 - Denial of Service (PoC)
iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure
IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)
Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)
HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass)
HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH)
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass)
PDF Signer 3.0 - SSTI to RCE via CSRF Cookie
PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)
Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection
Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes)
2019-01-31 05:01:49 +00:00
Offensive Security
b68cbec24d
DB: 2019-01-29
...
26 changes to exploits/shellcodes
Sricam gSOAP 2.8 - Denial of Service
Smart VPN 1.1.3.0 - Denial of Service (PoC)
MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)
BEWARD Intercom 2.3.1 - Credentials Disclosure
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference
CMSsite 1.0 - 'cat_id' SQL Injection
CMSsite 1.0 - 'search' SQL Injection
Cisco RV300 / RV320 - Information Disclosure
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
Newsbull Haber Script 1.0.0 - 'search' SQL Injection
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection
Teameyo Project Management System 1.0 - SQL Injection
Mess Management System 1.0 - SQL Injection
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection
Linux/x86 - exit(0) Shellcode (5 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2)
Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes)
Linux/ARM - Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
2019-01-29 05:01:52 +00:00
Offensive Security
5a69ff88a0
DB: 2019-01-26
...
6 changes to exploits/shellcodes
Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
GreenCMS 2.x - SQL Injection
GreenCMS 2.x - Arbitrary File Download
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
2019-01-26 05:01:42 +00:00
Offensive Security
40d3df51a4
DB: 2019-01-19
...
18 changes to exploits/shellcodes
Watchr 1.1.0.0 - Denial of Service (PoC)
One Search 1.1.0.0 - Denial of Service (PoC)
Eco Search 1.0.2.0 - Denial of Service (PoC)
7 Tik 1.0.1.0 - Denial of Service (PoC)
VPN Browser+ 1.1.0.0 - Denial of Service (PoC)
FastTube 1.0.1.0 - Denial of Service (PoC)
Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
Microsoft Edge Chakra - 'InitClass' Type Confusion
Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free
Webmin 1.900 - Remote Command Execution (Metasploit)
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion
phpTransformer 2016.9 - SQL Injection
phpTransformer 2016.9 - Directory Traversal
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload
2019-01-19 05:01:57 +00:00
Offensive Security
fade9b8cd4
DB: 2019-01-18
...
3 changes to exploits/shellcodes
Microsoft Windows CONTACT - Remote Code Execution
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
2019-01-18 05:01:43 +00:00
Offensive Security
fa261f0558
DB: 2019-01-17
...
18 changes to exploits/shellcodes
Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
Roxy Fileman 1.4.5 - Arbitrary File Download
doorGets CMS 7.0 - Arbitrary File Download
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
2019-01-17 05:01:45 +00:00
Offensive Security
6ffdcaaa8b
DB: 2019-01-11
...
12 changes to exploits/shellcodes
RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)
PEAR Archive_Tar < 1.4.4 - PHP Object Injection
eBrigade ERP 4.5 - Arbitrary File Download
Matrix MLM Script 1.0 - Information Disclosure
doitX 1.0 - 'search' SQL Injection
Shield CMS 2.2 - 'email' SQL Injection
Architectural 1.0 - 'email' SQL Injection
MLMPro 1.0 - SQL Injection
Event Calendar 3.7.4 - 'id' SQL Injection
Event Locations 1.0.1 - 'id' SQL Injection
eBrigade ERP 4.5 - SQL Injection
OpenSource ERP 6.3.1. - SQL Injection
2019-01-11 05:01:47 +00:00
Offensive Security
c2a1585898
DB: 2019-01-10
...
10 changes to exploits/shellcodes
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
MDwiki < 0.6.2 - Cross-Site Scripting
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
BlogEngine 3.3 - XML External Entity Injection
Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
2019-01-10 05:01:43 +00:00
Offensive Security
0b8f4f786a
DB: 2019-01-09
...
3 changes to exploits/shellcodes
Wireshark - 'get_t61_string' Heap Out-of-Bounds Read
CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation
Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection
2019-01-09 05:01:54 +00:00
Offensive Security
e8dcb9f022
DB: 2019-01-03
...
12 changes to exploits/shellcodes
EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
WebKit JSC - 'AbstractValue::set' Use-After-Free
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write
Ayukov NFTP FTP Client 2.0 - Buffer Overflow
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection
Frog CMS 0.9.5 - Cross-Site Scripting
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
WSTMart 2.0.8 - Cross-Site Scripting
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
WSTMart 2.0.8 - Cross-Site Scripting
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection
Craft CMS 3.0.25 - Cross-Site Scripting
bludit Pages Editor 3.0.0 - Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
bludit Pages Editor 3.0.0 - Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
Vtiger CRM 7.1.0 - Remote Code Execution
2019-01-03 05:01:43 +00:00
Offensive Security
1b31850a46
DB: 2018-12-25
...
15 changes to exploits/shellcodes
Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)
Google Chrome 70 - SQLite Magellan Crash (PoC)
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
Keybase keybase-redirector - '$PATH' Local Privilege Escalation
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
Netatalk - Bypass Authentication
Kubernetes - (Unauthenticated) Arbitrary Requests
Kubernetes - (Authenticated) Arbitrary Requests
WSTMart 2.0.8 - Cross-Site Scripting
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)
Linux/x86 - Kill All Processes Shellcode (14 bytes)
2018-12-25 05:01:44 +00:00
Offensive Security
0275ca3128
DB: 2018-12-22
...
6 changes to exploits/shellcodes
AnyBurn 4.3 - Local Buffer Overflow Denial of Service
AnyBurn 4.3 - Local Buffer Overflow (PoC)
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service
SQLScan 1.0 - Denial of Service (PoC)
AnyBurn 4.3 - Local Buffer Overflow (SEH)
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read
Netatalk < 3.1.12 - Authentication Bypass
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
2018-12-22 05:01:56 +00:00
Offensive Security
1ddc5edd5d
DB: 2018-12-21
...
6 changes to exploits/shellcodes
VBScript - VbsErase Reference Leak Use-After-Free
VBScript - MSXML Execution Policy Bypass
LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)
XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)
Erlang - Port Mapper Daemon Cookie RCE (Metasploit)
2018-12-21 05:01:52 +00:00
Offensive Security
aedf107ce9
DB: 2018-12-20
...
12 changes to exploits/shellcodes
MiniShare Server 1.3.2 - Remote Denial of Service
MiniShare 1.3.2 - Remote Denial of Service
MiniShare 1.5.5 - Local Buffer Overflow (SEH)
MiniShare 1.5.5 - 'users.txt' Local Buffer Overflow (SEH)
Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure
PassFab RAR 9.3.2 - Buffer Overflow (SEH)
LanSpy 2.0.1.159 - Local Buffer Overflow
PDF Explorer 1.5.66.2 - Buffer Overflow (SEH)
MiniShare HTTP 1.5.5 - Remote Buffer Overflow
MiniShare 1.5.5 - Remote Buffer Overflow
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)
Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting
Integria IMS 5.0.83 - Cross-Site Request Forgery
Bolt CMS < 3.6.2 - Cross-Site Scripting
Yeswiki Cercopitheque - 'id' SQL Injection
IBM Operational Decision Manager 8.x - XML External Entity Injection
Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)
2018-12-20 05:01:43 +00:00
Offensive Security
e3c06fe0f7
DB: 2018-12-15
...
16 changes to exploits/shellcodes
Angry IP Scanner 3.5.3 - Denial of Service (PoC)
UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC)
Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)
Cisco RV110W - Password Disclosure / Command Execution
Safari - Proxy Object Type Confusion (Metasploit)
Adminer 4.3.1 - Server-Side Request Forgery
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)
Huawei Router HG532e - Command Execution
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
Double Your Bitcoin Script Automatic - Authentication Bypass
2018-12-15 05:01:46 +00:00
Offensive Security
04a490a7c2
DB: 2018-12-14
...
3 changes to exploits/shellcodes
Linux - 'userfaultfd' Bypasses tmpfs File Permissions
WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains
CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
2018-12-14 05:01:46 +00:00
Offensive Security
a07949d1c7
DB: 2018-12-12
...
21 changes to exploits/shellcodes
SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting
Tourism Website Blog - Remote Code Execution / SQL Injection
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
ZTE ZXHN H168N - Improper Access Restrictions
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting
Apache OFBiz 16.11.05 - Cross-Site Scripting
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
Adobe ColdFusion 2018 - Arbitrary File Upload
Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
2018-12-12 05:01:43 +00:00
Offensive Security
60710bbfd9
DB: 2018-12-05
...
19 changes to exploits/shellcodes
Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
Wireshark - 'find_signature' Heap Out-of-Bounds Read
Xorg X11 Server (AIX) - Local Privilege Escalation
Emacs - movemail Privilege Escalation (Metasploit)
OpenSSH < 7.7 - User Enumeration (2)
HP Intelligent Management - Java Deserialization RCE (Metasploit)
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
KeyBase Botnet 1.5 - SQL Injection
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting
Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
2018-12-05 05:01:44 +00:00
Offensive Security
62445895aa
DB: 2018-11-30
...
8 changes to exploits/shellcodes
WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object
Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit)
Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
PHP imap_open - Remote Code Execution (Metasploit)
TeamCity Agent - XML-RPC Command Execution (Metasploit)
2018-11-30 05:01:41 +00:00
Offensive Security
dfd1e454e1
DB: 2018-11-28
...
10 changes to exploits/shellcodes
MariaDB Client 10.1.26 - Denial of Service (PoC)
Arm Whois 3.11 - Buffer Overflow (ASLR)
Xorg X11 Server - SUID privilege escalation (Metasploit)
ELBA5 5.8.0 - Remote Code Execution
Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
Ticketly 1.0 - 'kind_id' SQL Injection
No-Cms 1.0 - 'order_by' SQL Injection
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
2018-11-28 11:08:29 +00:00
Offensive Security
e3299ef341
DB: 2018-11-21
...
4 changes to exploits/shellcodes
macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)
Qpopper 4.0.x - poppassd Privilege Escalation
Qpopper 4.0.x - 'poppassd' Privilege Escalation
HP-UX 11.0/11.11 - swxxx Privilege Escalation
HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation
ABRT - raceabrt Privilege Escalation(Metasploit)
ABRT - 'raceabrt' Privilege Escalation (Metasploit)
ImageMagick - Memory Leak
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Simple E-Document 1.31 - 'username' SQL Injection
2-Plan Team 1.0.4 - Arbitrary File Upload
PHP Mass Mail 1.0 - Arbitrary File Upload
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
Helpdezk 1.1.1 - Arbitrary File Upload
DomainMOD 4.11.01 - Cross-Site Scripting
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Simple E-Document 1.31 - 'username' SQL Injection
2-Plan Team 1.0.4 - Arbitrary File Upload
PHP Mass Mail 1.0 - Arbitrary File Upload
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
Helpdezk 1.1.1 - Arbitrary File Upload
DomainMOD 4.11.01 - Cross-Site Scripting
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)
2018-11-21 05:01:38 +00:00
Offensive Security
268e737bb6
DB: 2018-11-16
...
21 changes to exploits/shellcodes
Notepad3 1.0.2.350 - Denial of Service (PoC)
PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / Disable Functions Bypass
PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass
PHP 5.2.4 ionCube - 'ioncube_read_file' Safe Mode / Disable Functions Bypass
PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass
PHP 5.x COM - Safe Mode / Disable Functions Bypass
VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation
VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation
Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation
Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation
Libuser - 'roothelper' Privilege Escalation (Metasploit)
Libuser - 'roothelper' Local Privilege Escalation (Metasploit)
Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)
Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)
Sun Solaris 11.3 AVS - Local Kernel root Exploit
Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation
PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass
Webkit (Safari) - Universal Cross-site Scripting
Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting
PHP < 5.6.2 - 'Shellshock' 'disable_functions()' Bypass Command Injection
PHP < 5.6.2 - 'Shellshock' Safe Mode / Disable Functions Bypass / Command Injection
PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function
PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' Disable Functions Bypass / Load Dynamic Library
PHP Imagick 3.3.0 - disable_functions Bypass
Imagick 3.3.0 (PHP 5.4) - Disable Functions Bypass
Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)
PHP-Proxy 5.1.0 - Local File Inclusion
BitZoom 1.0 - 'rollno' SQL Injection
Net-Billetterie 2.9 - 'login' SQL Injection
Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection
EverSync 0.5 - Arbitrary File Download
Meneame English Pligg 5.8 - 'search' SQL Injection
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Simple E-Document 1.31 - 'username' SQL Injection
2-Plan Team 1.0.4 - Arbitrary File Upload
PHP Mass Mail 1.0 - Arbitrary File Upload
Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
2018-11-16 05:01:40 +00:00
Offensive Security
ef70ec156b
DB: 2018-10-31
...
22 changes to exploits/shellcodes
ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
SIPp 3.3.990 - Local Buffer Overflow (PoC)
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
xorg-x11-server 1.20.3 - Privilege Escalation
Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)
Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
Electricks eCommerce 1.0 - 'prodid' SQL Injection
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
Webiness Inventory 2.9 - Arbitrary File Upload
NETGEAR WiFi Router R6120 - Credential Disclosure
MyBB Downloads 2.0.3 - SQL Injection
Expense Management 1.0 - Arbitrary File Upload
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
Notes Manager 1.0 - Arbitrary File Upload
Instagram Clone 1.0 - Arbitrary File Upload
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
CI User Login and Management 1.0 - Arbitrary File Upload
Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)
2018-10-31 05:01:53 +00:00
Offensive Security
bbbf700308
DB: 2018-10-27
...
5 changes to exploits/shellcodes
xorg-x11-server < 1.20.3 - Local Privilege Escalation
Quick Count 2.0 - 'txtInstID' SQL Injection
MPS Box 0.1.8.0 - Arbitrary File Upload
Delta Sql 1.8.2 - 'id' SQL Injection
Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
2018-10-27 05:01:46 +00:00
Offensive Security
dac8dd4731
DB: 2018-10-25
...
15 changes to exploits/shellcodes
Adult Filter 1.0 - Denial of Service (PoC)
Microsoft Data Sharing - Local Privilege Escalation (PoC)
Webmin 1.5 - Web Brute Force (CGI)
exim 4.90 - Remote Code Execution
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
SG ERP 1.0 - 'info' SQL Injection
Fifa Master XLS 2.3.2 - 'usw' SQL Injection
Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
Apache OFBiz 16.11.04 - XML External Entity Injection
D-Link Routers - Command Injection
D-Link Routers - Plaintext Password
D-Link Routers - Directory Traversal
Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes
2018-10-25 05:01:46 +00:00
Offensive Security
defa138d04
DB: 2018-10-23
...
17 changes to exploits/shellcodes
Modbus Poll 7.2.2 - Denial of Service (PoC)
AudaCity 2.3 - Denial of Service (PoC)
Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking
Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas
Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
Countly - Persistent Cross-Site Scripting
Countly - Cross-Site Scripting
MySQL Edit Table 1.0 - 'id' SQL Injection
School ERP Ultimate 2018 - Arbitrary File Download
Oracle Siebel CRM 8.1.1 - CSV Injection
The Open ISES Project 3.30A - 'tick_lat' SQL Injection
School ERP Ultimate 2018 - 'fid' SQL Injection
eNdonesia Portal 8.7 - 'artid' SQL Injection
The Open ISES Project 3.30A - Arbitrary File Download
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
2018-10-23 05:01:48 +00:00
Offensive Security
9d143a6b42
DB: 2018-10-13
...
22 changes to exploits/shellcodes
Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection
Wikidforum 2.20 - Cross-Site Scripting
WAGO 750-881 01.09.18 - Cross-Site Scripting
E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
Phoenix Contact WebVisit 6.40.00 - Password Disclosure
HaPe PKH 1.1 - 'id' SQL Injection
LUYA CMS 1.0.12 - Cross-Site Scripting
Phoenix Contact WebVisit 2985725 - Authentication Bypass
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
CAMALEON CMS 2.4 - Cross-Site Scripting
HaPe PKH 1.1 - Arbitrary File Upload
SugarCRM 6.5.26 - Cross-Site Scripting
FluxBB < 1.5.6 - SQL Injection
2018-10-13 05:01:46 +00:00
Offensive Security
b311000a22
DB: 2018-10-09
...
16 changes to exploits/shellcodes
net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)
net-snmp 5.7.3 - Authenticated Denial of Service (PoC)
Linux - Kernel Pointer Leak via BPF
Android - sdcardfs Changes current->fs Without Proper Locking
360 3.5.0.1033 - Sandbox Escape
Git Submodule - Arbitrary Code Execution
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)
Cisco Prime Infrastructure - Unauthenticated Remote Code Execution
Unitrends UEB - HTTP API Remote Code Execution (Metasploit)
Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
Imperva SecureSphere 13 - Remote Command Execution
Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
2018-10-09 05:01:44 +00:00
Offensive Security
4e39fa0f91
DB: 2018-09-26
...
35 changes to exploits/shellcodes
WebKit - 'WebCore::SVGAnimateElementBase::resetAnimatedType' Use-After-Free
WebKit - 'WebCore::AXObjectCache::handleMenuItemSelected' Use-After-Free
WebKit - 'WebCore::Node::ensureRareData' Use-After-Free
WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read
WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free
WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free
WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free
WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free
WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free
Easy PhoroResQ 1.0 - Buffer Overflow
Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit)
Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH)
Collectric CMU 1.0 - 'lang' SQL injection
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
RICOH MP C2003 Printer - Cross-Site Scripting
Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection
Super Cms Blog Pro 1.0 - SQL Injection
Joomla! Component Raffle Factory 3.5.2 - SQL Injection
Joomla! Component Music Collection 3.0.3 - SQL Injection
Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection
Joomla! Component Questions 1.4.3 - SQL Injection
Joomla! Component Jobs Factory 2.0.4 - SQL Injection
Joomla! Component Social Factory 3.8.3 - SQL Injection
RICOH MP C6503 Plus Printer - Cross-Site Scripting
Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component Swap Factory 2.2.1 - SQL Injection
Joomla! Component Collection Factory 4.1.9 - SQL Injection
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection
Joomla! Component Timetable Schedule 3.6.8 - SQL Injection
RICOH MP 305+ Printer - Cross-Site Scripting
RICOH MP C406Z Printer - Cross-Site Scripting
Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) + sigaction() Shellcode (52 Bytes)
2018-09-26 05:02:43 +00:00
Offensive Security
ed0e1e4d44
DB: 2018-09-25
...
1979 changes to exploits/shellcodes
Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)
Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection
Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities
Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass
Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection
Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload
Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection
Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure
Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)
Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting
Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
2018-09-25 05:01:51 +00:00
Offensive Security
4d86f9e781
DB: 2018-09-22
...
2 changes to exploits/shellcodes
WebRTC - VP9 Processing Use-After-Free
WebRTC - FEC Out-of-Bounds Read
2018-09-22 05:01:43 +00:00
Offensive Security
87053f010c
DB: 2018-09-11
...
12 changes to exploits/shellcodes
SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH)
Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH)
Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Zenmap (Nmap) 7.70 - Denial of Service (PoC)
Ghostscript - Failed Restore Command Execution (Metasploit)
VirtualBox 5.2.6.r120293 - VM Escape
Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)
RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities
RPi Cam Control < 6.3.14 - Multiple Vulnerabilities
LW-N605R 12.20.2.1486 - Remote Code Execution
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
2018-09-11 05:01:54 +00:00
Offensive Security
32f471140a
DB: 2018-09-06
...
18 changes to exploits/shellcodes
Microsoft people 10.1807.2131.0 - Denial of service (PoC)
GNU glibc < 2.27 - Local Buffer Overflow
UltraISO 9.7.1.3519 - Buffer Overflow (SEH)
JBoss 4.2.x/4.3.x - Information Disclosure
Git < 2.17.1 - Remote Code Execution
FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution
FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)
Monstra CMS 3.0.4 - Remote Code Execution
OpenDaylight - SQL Injection
Tenda ADSL Router D152 - Cross-Site Scripting
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
2018-09-06 05:01:55 +00:00
Offensive Security
18e2848633
DB: 2018-08-28
...
25 changes to exploits/shellcodes
Firefox 55.0.3 - Denial of Service (PoC)
Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)
Libpango 1.40.8 - Denial of Service (PoC)
Adobe Flash - AVC Processing Out-of-Bounds Read
Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
CuteFTP 5.0 - Buffer Overflow
Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)
OpenSSH 7.7 - Username Enumeration
OpenSSH 2.3 < 7.7 - Username Enumeration
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)
Node.JS - 'node-serialize' Remote Code Execution
Electron WebPreferences - Remote Code Execution
HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)
Auditor Website 2.0.1 - Cross-Site Scripting
Basic B2B Script 2.0.0 - Cross-Site Scripting
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting
Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
LiteCart 2.1.2 - Arbitrary File Upload
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
Responsive FileManager < 9.13.4 - Directory Traversal
WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection
2018-08-28 05:01:59 +00:00
Offensive Security
1e34c2b6a5
DB: 2018-08-14
...
11 changes to exploits/shellcodes
IP Finder 1.5 - Denial of Service (PoC)
Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)
PLC Wireless Router GPN2.4P21-C-CN - Denial of Service
Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow
PostgreSQL 9.4-0.5.3 - Privilege Escalation
Android - Directory Traversal over USB via Injection in blkid Output
Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution
Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)
Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking)
Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)
IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting
Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)
2018-08-14 05:01:45 +00:00
Offensive Security
1d21694058
DB: 2018-08-10
...
13 changes to exploits/shellcodes
reSIProcate 1.10.2 - Heap Overflow
CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)
AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read
Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)
Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)
Responsive Filemanager 9.13.1 - Server-Side Request Forgery
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection
Sitecore.Net 8.1 - Directory Traversal
Monstra 3.0.4 - Cross-Site Scripting
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
2018-08-10 05:01:46 +00:00
Offensive Security
addac3a875
DB: 2018-08-07
...
9 changes to exploits/shellcodes
mySCADA myPRO 7 - Hard-Coded Credentials
Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload
Open-AudIT Community 2.2.6 - Cross-Site Scripting
Subrion CMS 4.2.1 - Cross-Site Scripting
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
CMS ISWEB 3.5.3 - Directory Traversal
Monstra 3.0.4 - Cross-Site Scripting
2018-08-07 05:01:44 +00:00
Offensive Security
903bf974eb
DB: 2018-08-02
...
10 changes to exploits/shellcodes
ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)
Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)
WebRTC - VP8 Block Decoding Use-After-Free
WebRTC - FEC Processing Overflow
WebRTC - H264 NAL Packet Processing Type Confusion
Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH)
Axis Network Camera - .srv to parhand RCE (Metasploit)
SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit)
Synology DiskStation Manager 4.1 - Directory Traversal
Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)
2018-08-02 05:02:43 +00:00
Offensive Security
582d8f748e
DB: 2018-07-28
...
6 changes to exploits/shellcodes
QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)
NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC)
Skia - Heap Overflow in SkScan::FillPath due to Precision Error
WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)
Wordpress Background Takeover < 4.1.4 - Directory Traversal
WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal
Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion
WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion
WordPress Form Maker Plugin 1.12.24 - SQL Injection
WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection
WordPress Plugin Form Maker 1.12.24 - SQL Injection
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection
Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
Online Trade 1 - Information Disclosure
SoftNAS Cloud < 4.0.3 - OS Command Injection
2018-07-28 05:01:47 +00:00
Offensive Security
bf0a56a02f
DB: 2018-07-20
...
6 changes to exploits/shellcodes
Google Chrome - Swiftshader Texture Allocation Integer Overflow
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors
Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak
Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)
WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting
MyBB New Threads Plugin 1.1 - Cross-Site Scripting
2018-07-20 05:01:44 +00:00
Offensive Security
a2ac269de5
DB: 2018-07-19
...
8 changes to exploits/shellcodes
JavaScript Core - Arbitrary Code Execution
QNAP Q'Center - change_passwd Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs RCE (Metasploit)
QNAP Q'Center - 'change_passwd' Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit)
HomeMatic Zentrale CCU2 - Remote Code Execution
MailGust 1.9 - Board Takeover SQL Injection
MailGust 1.9 - Board Takeover (SQL Injection)
Cyphor 0.19 - Board Takeover SQL Injection
Cyphor 0.19 - Board Takeover (SQL Injection)
versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection
versatileBulletinBoard 1.00 RC2 - Board Takeover (SQL Injection)
WordPress 2.6.1 - SQL Column Truncation Admin Takeover
WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)
Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover
Invision Power Board 1.x?/2.x/3.x - Admin Takeover
Joomla! < 3.6.4 - Admin TakeOver
Joomla! < 3.6.4 - Admin Takeover
PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation
PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation
Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection
Open-AudIT Community 2.1.1 - Cross-Site Scripting
FTP2FTP 1.0 - Arbitrary File Download
Modx Revolution < 2.6.4 - Remote Code Execution
2018-07-19 05:01:43 +00:00
Offensive Security
1f88d0a67a
DB: 2018-07-18
...
10 changes to exploits/shellcodes
Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass
Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials
QNAP Q'Center - change_passwd Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs RCE (Metasploit)
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root
Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)
2018-07-18 05:01:47 +00:00
Offensive Security
a657b64301
DB: 2018-07-17
...
7 changes to exploits/shellcodes
macOS/iOS - JavaScript Injection Bug in OfficeImporter
Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass
Microsoft Enterprise Mode Site List Manager - XML External Entity Injection
Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)
Hadoop YARN ResourceManager - Command Execution (Metasploit)
VelotiSmart WiFi B-380 Camera - Directory Traversal
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting
Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)
2018-07-17 05:01:49 +00:00
Offensive Security
e76244b41a
DB: 2018-07-13
...
8 changes to exploits/shellcodes
Adobe Flash Player 10.0.22 and AIR - 'intf_count' Integer Overflow
Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow
Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes
Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read
Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions
VLC media player 2.2.8 - Arbitrary Code Execution (PoC)
Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation
212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities
212Cafe Board 0.08 Beta / 6.30 Beta - Multiple Cross-Site Scripting Vulnerabilities
123 Flash Chat - Multiple Vulnerabilities
123 Flash Chat 7.8 - Multiple Vulnerabilities
Dicoogle PACS 2.5.0 - Directory Traversal
2018-07-13 05:02:00 +00:00
