bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1947 commits 1 branch 0 tags 258 MiB
Commit graph

7 commits

Author SHA1 Message Date
Offensive Security
7c5ad20e72 DB: 2019-10-15 
6 changes to exploits/shellcodes

SpotAuditor 5.3.1.0 - Denial of Service
ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service

Uplay 92.0.0.6280 - Local Privilege Escalation
Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting
Ajenti 2.1.31 - Remote Code Execution
Kirona-DRS 5.5.3.5 - Information Disclosure
 2019-10-15 05:01:47 +00:00
Offensive Security
21c1b71372 DB: 2019-10-01 
6 changes to exploits/shellcodes

GoAhead 2.5.0 - Host Header Injection
Cisco Small Business 220 Series - Multiple Vulnerabilities
vBulletin 5.x - Remote Command Execution (Metasploit)
phpIPAM 1.4 - SQL Injection
thesystem 1.0 - Cross-Site Scripting
TheSystem 1.0 - Command Injection
 2019-10-01 05:01:46 +00:00
Offensive Security
9d7b2f64d5 DB: 2019-04-04 
18 changes to exploits/shellcodes

Canarytokens 2019-03-01 - Detection Bypass
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)
WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion
iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free
WebKitGTK+ - 'ThreadedCompositor' Race Condition
Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion

AIDA64 Business 5.99.4900 - SEH Buffer Overflow (EggHunter)

AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow
AIDA64 Extreme / Engineer / Network Audit 5.99.4900 - SEH Buffer Overflow (EggHunter)
TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit)
PhreeBooks ERP 5.2.3 - Remote Command Execution
Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
iScripts ReserveLogic - SQL Injection
Clinic Pro v4 - 'month' SQL Injection
Ashop Shopping Cart Software - SQL Injection
PhreeBooks ERP 5.2.3 - Arbitrary File Upload
 2019-04-04 05:02:18 +00:00
Offensive Security
880bbe402e DB: 2019-03-08 
14991 changes to exploits/shellcodes

HTC Touch - vCard over IP Denial of Service

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities

PeerBlock 1.1 - Blue Screen of Death

WS10 Data Server - SCADA Overflow (PoC)

Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

man-db 2.4.1 - 'open_cat_stream()' Local uid=man

CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

CCProxy 6.2 - 'ping' Remote Buffer Overflow

Savant Web Server 3.1 - Remote Buffer Overflow (2)

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3  - Remote Code Execution

Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
 2019-03-08 05:01:50 +00:00
Offensive Security
f3f1427938 DB: 2019-02-16 
9 changes to exploits/shellcodes

ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS)
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC)
AirMore 1.6.1 - Denial of Service (PoC)
Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC)
Navicat for Oracle 12.1.15 - _Password_ Denial of Service (PoC)
VSCO 1.1.1.0 - Denial of Service (PoC)
Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference

Webiness Inventory 2.3 - SQL Injection
Webiness Inventory 2.3 - 'order' SQL Injection
MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery
Jinja2 2.10 - 'from_string' Server Side Template Injection
qdPM 9.1 - 'search_by_extrafields[]' SQL Injection
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload
 2019-02-16 05:01:55 +00:00
Offensive Security
deaee53895 DB: 2019-01-08 
19 changes to exploits/shellcodes

Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference
BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC)
SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)

KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation

Mailcleaner - Authenticated Remote Code Execution (Metasploit)
Embed Video Scripts - Persistent Cross-Site Scripting
All in One Video Downloader 1.2 - Authenticated SQL Injection
LayerBB 1.1.1 - Persistent Cross-Site Scripting
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting
Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection
Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)
 2019-01-08 05:01:58 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00