Offensive Security
eb2b6f5cfd
DB: 2022-01-19
...
12 changes to exploits/shellcodes
WorkTime 10.20 Build 4967 - Unquoted Service Path
Archeevo 5.0 - Local File Inclusion
Online Resort Management System 1.0 - SQLi (Authenticated)
OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
OpenBMCS 2.4 - SQLi (Authenticated)
OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation
OpenBMCS 2.4 - Server Side Request Forgery (SSRF) (Unauthenticated)
OpenBMCS 2.4 - Information Disclosure
Simple Chatbot Application 1.0 - Remote Code Execution (RCE)
Simple Chatbot Application 1.0 - 'message' Blind SQLi
Nyron 1.0 - SQLi (Unauthenticated)
Creston Web Interface 1.0.0.2159 - Credential Disclosure
2022-01-19 05:01:58 +00:00
Offensive Security
6a94460ed6
DB: 2022-01-11
...
8 changes to exploits/shellcodes
VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)
CoreFTP Server build 725 - Directory Traversal (Authenticated)
HTTP Commander 3.1.9 - Stored Cross Site Scripting (XSS)
Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated)
Online Railway Reservation System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)
Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated)
Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
2022-01-11 05:01:55 +00:00
Offensive Security
1472d8e723
DB: 2022-01-06
...
32 changes to exploits/shellcodes
Siemens S7 Layer 2 - Denial of Service (DoS)
TRIGONE Remote System Monitor 3.61 - Unquoted Service Path
Automox Agent 32 - Local Privilege Escalation
ConnectWise Control 19.2.24707 - Username Enumeration
Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow (DoS)
AWebServer GhostBuilding 18 - Denial of Service (DoS)
TermTalk Server 3.24.0.2 - Arbitrary File Read (Unauthenticated)
Dixell XWEB 500 - Arbitrary File Write
Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated)
CMSimple 5.4 - Cross Site Scripting (XSS)
RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated)
RiteCMS 3.1.0 - Arbitrary File Deletion (Authenticated)
RiteCMS 3.1.0 - Remote Code Execution (RCE) (Authenticated)
WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated)
WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection
Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) (Unauthenticated)
Movie Rating System 1.0 - SQLi to RCE (Unauthenticated)
Online Admission System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read (Unauthenticated)
Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)
SAFARI Montage 8.5 - Reflected Cross Site Scripting (XSS)
Nettmp NNT 5.1 - SQLi Authentication Bypass
Hostel Management System 2.1 - Cross Site Scripting (XSS)
Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)
BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
Hospitals Patient Records Management System 1.0 - Account TakeOver
Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
Terramaster TOS 4.2.15 - Remote Code Execution (RCE) (Unauthenticated)
Vodafone H-500-s 3.5.10 - WiFi Password Disclosure
openSIS Student Information System 8.0 - 'multiple' SQL Injection
Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)
WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)
2022-01-06 05:01:54 +00:00
Offensive Security
3d06837f80
DB: 2021-12-16
...
2 changes to exploits/shellcodes
Oliver Library Server v5 - Arbitrary File Download
2021-12-16 05:01:55 +00:00
Offensive Security
27af25c8c3
DB: 2021-11-02
...
19 changes to exploits/shellcodes
jQuery UI 1.12.1 - Denial of Service (DoS)
Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)
Microsoft Exchange 2019 - Server-Side Request Forgery
KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload
Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal
SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)
Web Based Quiz System 1.0 - 'MCQ options' Persistent Cross-Site Scripting
Online Ordering System 1.0 - Arbitrary File Upload
Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)
CouchCMS 2.2.1 - Persistent Cross-Site Scripting
Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC)
MagpieRSS 0.72 - 'url' Command Injection
CouchCMS 2.2.1 - Server-Side Request Forgery
GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting
Montiorr 1.7.6m - Persistent Cross-Site Scripting
2021-11-02 05:02:13 +00:00
Offensive Security
1cf7d7364a
DB: 2021-10-13
...
176 changes to exploits/shellcodes
Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)
Sandboxie 5.49.7 - Denial of Service (PoC)
WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
iDailyDiary 4.30 - Denial of Service (PoC)
RarmaRadio 2.72.8 - Denial of Service (PoC)
DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
Color Notes 1.4 - Denial of Service (PoC)
Macaron Notes great notebook 5.5 - Denial of Service (PoC)
My Notes Safe 5.3 - Denial of Service (PoC)
Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
NBMonitor 1.6.8 - Denial of Service (PoC)
Nsauditor 3.2.3 - Denial of Service (PoC)
Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
n+otes 1.6.2 - Denial of Service (PoC)
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
Post-it 5.0.1 - Denial of Service (PoC)
Notex the best notes 6.4 - Denial of Service (PoC)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)
MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution
Visual Studio Code 1.47.1 - Denial of Service (PoC)
DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
Backup Key Recovery 2.2.7 - Denial of Service (PoC)
memono Notepad Version 4.2 - Denial of Service (PoC)
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
Dlink DSL2750U - 'Reboot' Command Injection
E-Learning System 1.0 - Authentication Bypass & RCE POC
Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)
ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation
GetSimple CMS 3.3.16 - Reflected XSS to RCE
House Rental and Property Listing 1.0 - Multiple Stored XSS
Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection)
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting
Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)
Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)
CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution
Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover
Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC)
Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)
Montiorr 1.7.6m - File Upload to XSS
GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE
Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated)
Markdown Explorer 0.1.1 - XSS to RCE
Xmind 2020 - XSS to RCE
Tagstoo 2.0.1 - Stored XSS to RCE
SnipCommand 0.1.0 - XSS to RCE
Moeditor 0.2.0 - XSS to RCE
Marky 0.0.1 - XSS to RCE
StudyMD 0.3.2 - XSS to RCE
Freeter 1.2.1 - XSS to RCE
Markright 1.0 - XSS to RCE
Markdownify 1.2.0 - XSS to RCE
Anote 1.0 - XSS to RCE
Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated)
Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload
Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated)
Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)
CHIYU IoT Devices - Denial of Service (DoS)
Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated)
TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal
Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)
Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution
ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection
Dolibarr ERP/CRM 10.0.6 - Login Brute Force
qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated)
Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated)
ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function
Budget and Expense Tracker System 1.0 - Authenticated Bypass
WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)
Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping
Phpwcms 1.9.30 - File Upload to XSS
Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes)
Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)
Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
2021-10-13 05:02:15 +00:00
Offensive Security
c9a65a1f7b
DB: 2021-09-03
...
52 changes to exploits/shellcodes
2021-09-03 21:04:54 +00:00
Offensive Security
b4c96a5864
DB: 2021-09-03
...
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00
Offensive Security
6cbe6ebbb6
DB: 2021-09-03
...
395 changes to exploits/shellcodes
EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC)
Electronics Workbench - '.ewb' Local Stack Overflow (PoC)
BulletProof FTP Client 2.63 - Local Heap Overflow (PoC)
Easy Web Password 1.2 - Local Heap Memory Consumption (PoC)
Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC)
eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC)
Zortam MP3 Media Studio 9.40 - Multiple Memory Corruption Vulnerabilities
ImTOO MPEG Encoder 3.1.53 - '.cue' / '.m3u' Local Buffer Overflow (PoC)
ZoIPer 2.22 - Call-Info Remote Denial of Service
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
PHP - MultiPart Form-Data Denial of Service (PoC)
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
PHP - MultiPart Form-Data Denial of Service (PoC)
Nuked KLan 1.7.7 & SP4 - Denial of Service
AIC Audio Player 1.4.1.587 - Local Crash (PoC)
Xerox 4595 - Denial of Service
WinMerge 2.12.4 - Project File Handling Stack Overflow
Acoustica Mixcraft 1.00 - Local Crash
SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC)
Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption
Spotify 0.8.2.610 - search func Memory Exhaustion
Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC)
WaveSurfer 1.8.8p4 - Memory Corruption (PoC)
DIMIN Viewer 5.4.0 - Crash (PoC)
FreeVimager 4.1.0 - Crash (PoC)
DIMIN Viewer 5.4.0 - Crash (PoC)
FreeVimager 4.1.0 - Crash (PoC)
CoolPlayer+ Portable 2.19.4 - Local Buffer Overflow
Light Audio Player 1.0.14 - Memory Corruption (PoC)
Image Transfer IOS - Remote Crash (PoC)
Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)
VUPlayer 2.49 - '.cue' Universal Buffer Overflow
Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation
IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite
Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflow (SEH)
Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflow
Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal
Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflow (SEH)
Alleycode HTML Editor 2.2.1 - Local Buffer Overflow
GPG2/Kleopatra 2.0.11 - Malformed Certificate
Free WMA MP3 Converter 1.1 - '.wav' Local Buffer Overflow
OtsTurntables Free 1.00.047 - '.olf' Universal Buffer Overflow
Watermark Master 2.2.23 - '.wstyle' Local Buffer Overflow (SEH)
Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (3)
QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2)
CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow
quickshare file share 1.2.1 - Directory Traversal (1)
SPlayer 3.7 (build 2055) - Remote Buffer Overflow
Acunetix 8 build 20120704 - Remote Stack Overflow
Omeka 2.2.1 - Remote Code Execution
D-Link DSL-2740R - Remote DNS Change
D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure
Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure
Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution
TorrentTrader 1.0 RC2 - SQL Injection
WEBInsta CMS 0.3.1 - 'templates_dir' Remote File Inclusion
MiniPort@l 0.1.5 Beta - 'skiny' Remote File Inclusion
PHP DocWriter 0.3 - 'script' Remote File Inclusion
phpBB Journals System Mod 1.0.2 RC2 - Remote File Inclusion
phpBB SpamBlocker Mod 1.0.2 - Remote File Inclusion
RSSonate - 'xml2rss.php' Remote File Inclusion
CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion
RSSonate - 'xml2rss.php' Remote File Inclusion
CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion
QnECMS 2.5.6 - 'adminfolderpath' Remote File Inclusion
BrewBlogger 1.3.1 - 'printLog.php' SQL Injection
e-Ark 1.0 - '/src/ark_inc.php' Remote File Inclusion
awrate.com Message Board 1.0 - 'search.php' Remote File Inclusion
Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion
Gizzar 03162002 - 'index.php' Remote File Inclusion
SH-News 0.93 - 'misc.php' Remote File Inclusion
JSBoard 2.0.10 - 'login.php?table' Local File Inclusion
XOOPS Module WF-Links 1.03 - 'cid' SQL Injection
Scorp Book 1.0 - 'smilies.php?config' Remote File Inclusion
WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion
mxBB Module FAQ & RULES 2.0.0 - Remote File Inclusion
EQdkp 1.3.2 - 'listmembers.php' SQL Injection
FlashBB 1.1.8 - 'sendmsg.php' Remote File Inclusion
SimpleBlog 3.0 - 'comments_get.asp?id' SQL Injection
Pakupaku CMS 0.4 - Arbitrary File Upload / Local File Inclusion
CCMS 3.1 Demo - SQL Injection
MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass
BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection
AuraCMS 1.62 - Multiple SQL Injections
sCssBoard (Multiple Versions) - 'pwnpack' Remote s
EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion
RevokeBB 1.0 RC11 - 'Search' SQL Injection
Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion
CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection
PHPortal 1.2 - Multiple Remote File Inclusions
Libera CMS 1.12 - 'cookie' SQL Injection
Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload
WCMS 1.0b - Arbitrary Add Admin
FOSS Gallery Admin 1.0 - Arbitrary File Upload
MemHT Portal 4.0.1 - SQL Injection / Code Execution
Mediatheka 4.2 - Blind SQL Injection
Pligg 9.9.5b - Arbitrary File Upload / SQL Injection
XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution
Joomla! Component Casino 0.3.1 - Multiple SQL Injections s
ZeusCart 2.3 - 'maincatid' SQL Injection
ASP Football Pool 2.3 - Remote Database Disclosure
LightNEasy sql/no-db 2.2.x - System Configuration Disclosure
Zen Cart 1.3.8 - Remote Code Execution
Joomla! Component com_pinboard - 'task' SQL Injection
Joomla! Component com_bookflip - 'book_id' SQL Injection
Messages Library 2.0 - Arbitrary Delete Message
Arab Portal 2.2 - Blind Cookie Authentication Bypass
Joomla! Plugin JD-WordPress 2.0 RC2 - Remote File Inclusion
REZERVI 3.0.2 - Remote Command Execution
Joomla! Component BF Quiz 1.0 - SQL Injection (2)
E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection
AJ Matrix DNA - SQL Injection
Joomla! Component JE Story Submit - Local File Inclusion
CF Image Hosting Script 1.3.82 - File Disclosure
hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting
CMSLogik 1.2.1 - Multiple Vulnerabilities
C.P.Sub 4.5 - Authentication Bypass
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload
Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection
WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload
PHPMailer < 5.2.20 - Remote Code Execution
phpIPAM 1.4 - SQL Injection
Joomla! 3.9.0 < 3.9.7 - CSV Injection
2021-09-03 14:58:20 +00:00
Offensive Security
36c084c351
DB: 2021-09-03
...
45419 changes to exploits/shellcodes
2 new exploits/shellcodes
Too many to list!
2021-09-03 13:39:06 +00:00
Offensive Security
4e7ab00187
DB: 2021-08-20
...
204 changes to exploits/shellcodes
Charity Management System CMS 1.0 - Multiple Vulnerabilities
2021-08-20 05:01:51 +00:00
Offensive Security
e6cd1b38eb
DB: 2021-03-30
...
9 changes to exploits/shellcodes
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
vsftpd 3.0.3 - Remote Denial of Service
WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)
Concrete5 8.5.4 - 'name' Stored XSS
Equipment Inventory System 1.0 - 'multiple' Stored XSS
Budget Management System 1.0 - 'Budget title' Stored XSS
Novel Boutique House-plus 3.5.1 - Arbitrary File Download
SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow
2021-03-30 05:01:56 +00:00
Offensive Security
1f32ac253c
DB: 2021-03-19
...
9 changes to exploits/shellcodes
VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
WordPress Plugin Wp-FileManager 6.8 - RCE
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC)
rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)
VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS
SEO Panel 4.8.0 - 'order_col' Blind SQL Injection
Hestia Control Panel 1.3.2 - Arbitrary File Write
rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated)
2021-03-19 05:02:05 +00:00
Offensive Security
9a9ff3d288
DB: 2021-03-10
...
4 changes to exploits/shellcodes
FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path
Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path
bVPN 2.5.1 - 'waselvpnserv' Unquoted Service Path
Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2)
2021-03-10 05:01:56 +00:00
Offensive Security
75667550f6
DB: 2021-03-02
...
5 changes to exploits/shellcodes
WiFi Mouse 1.7.8.5 - Remote Code Execution
FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
VMware vCenter Server 7.0 - Unauthenticated File Upload
Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)
Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)
2021-03-02 05:02:01 +00:00
Offensive Security
b9c4ec0226
DB: 2021-02-27
...
4 changes to exploits/shellcodes
Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module)
Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)
Triconsole 3.75 - Reflected XSS
LightCMS 1.3.4 - 'exclusive' Stored XSS
2021-02-27 05:01:56 +00:00
Offensive Security
0ec0dacc0e
DB: 2021-02-26
...
3 changes to exploits/shellcodes
ASUS Remote Link 1.1.2.13 - Remote Code Execution
Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS)
2021-02-26 05:01:57 +00:00
Offensive Security
338282491b
DB: 2021-02-25
...
8 changes to exploits/shellcodes
SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path
Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path
python jsonpickle 2.0.0 - Remote Code Execution
Unified Remote 3.9.0.2463 - Remote Code Execution
LayerBB 1.1.4 - 'search_query' SQL Injection
Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)
2021-02-25 05:01:54 +00:00
Offensive Security
44132fc90b
DB: 2021-02-24
...
4 changes to exploits/shellcodes
HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
Monica 2.19.1 - 'last_name' Stored XSS
Batflat CMS 1.3.6 - 'multiple' Stored XSS
2021-02-24 05:01:57 +00:00
Offensive Security
3fa3a8be65
DB: 2021-01-26
...
8 changes to exploits/shellcodes
MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
Library System 1.0 - 'category' SQL Injection
Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
2021-01-26 05:01:58 +00:00
Offensive Security
206c9f4f7e
DB: 2021-01-09
...
9 changes to exploits/shellcodes
dnsrecon 0.10.0 - CSV Injection
PHP Handicapper - 'Process_signup.php' HTTP Response Splitting
PHP Handicapper (2005) - 'Process_signup.php' HTTP Response Splitting
Life Insurance Management System 1.0 - Multiple Stored XSS
Online Doctor Appointment System 1.0 - Multiple Stored XSS
Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)
Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)
2021-01-09 05:01:55 +00:00
Offensive Security
42b9ff04f0
DB: 2020-12-11
...
7 changes to exploits/shellcodes
PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path
Barcodes generator 1.0 - 'name' Stored Cross Site Scripting
OpenCart 3.0.3.6 - Cross Site Request Forgery
Openfire 4.6.0 - 'path' Stored XSS
Library Management System 2.0 - Auth Bypass SQL Injection
WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting
2020-12-11 05:01:59 +00:00
Offensive Security
c5f0b6dbf5
DB: 2020-12-10
...
9 changes to exploits/shellcodes
Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption
SmarterMail Build 6985 - Remote Code Execution
Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow (SEH)
Huawei HedEx Lite 200R006C00SPC005 - Path Traversal
VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation
VestaCP 0.9.8-26 - 'backup' Information Disclosure
Task Management System 1.0 - 'First Name and Last Name' Stored XSS
Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution
Task Management System 1.0 - 'id' SQL Injection
2020-12-10 05:02:01 +00:00
Offensive Security
9dd5a95a94
DB: 2020-12-08
...
18 changes to exploits/shellcodes
TapinRadio 2.13.7 - Denial of Service (PoC)
RarmaRadio 2.72.5 - Denial of Service (PoC)
Realtek Audio Service 1.0.0.55 - 'RtkAudioService64.exe' Unquoted Service Path
Realtek Andrea RT Filters 1.0.64.7 - 'AERTSr64.EXE' Unquoted Service Path
Rumble Mail Server 0.51.3135 - 'rumble_win32.exe' Unquoted Service Path
Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell)
Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow
Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution
Joomla! 1.5 < 3.4.6 - Object Injection 'x-forwarded-for' Header Remote Code Execution
Eaton Intelligent Power Manager 1.6 - Directory Traversal
PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting
Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities
Employee Record Management System 1.1 - Login Bypass SQL Injection
User Registration & Login and User Management System 2.1 - Cross Site Request Forgery
Cyber Cafe Management System Project (CCMS) 1.0 - Persistent Cross-Site Scripting
Savsoft Quiz 5 - 'Skype ID' Stored XSS
vBulletin 5.6.3 - 'group' Cross Site Scripting
2020-12-08 05:01:56 +00:00
Offensive Security
d560e654b7
DB: 2020-12-04
...
9 changes to exploits/shellcodes
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Online Matrimonial Project 1.0 - Authenticated Remote Code Execution
Coastercms 5.8.18 - Stored XSS
EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass
mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting
Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion
Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure
Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting
2020-12-04 05:01:55 +00:00
Offensive Security
216721f32c
DB: 2020-12-01
...
4 changes to exploits/shellcodes
YATinyWinFTP - Denial of Service (PoC)
ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure
Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
Intelbras Router RF 301K 1.1.2 - Authentication Bypass
2020-12-01 05:01:56 +00:00
Offensive Security
1306b3ff5f
DB: 2020-11-27
...
2 changes to exploits/shellcodes
Pure-FTPd 1.0.48 - Remote Denial of Service
Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution
2020-11-27 05:01:55 +00:00
Offensive Security
e57ba82919
DB: 2020-11-19
...
3 changes to exploits/shellcodes
ZeroLogon - Netlogon Elevation of Privilege
Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting (Authenticated)
BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery
2020-11-19 05:02:00 +00:00
Offensive Security
66d1f19fa5
DB: 2020-11-18
...
17 changes to exploits/shellcodes
Internet Explorer 11 - Use-After-Free
Microsoft Internet Explorer 11 - Use-After-Free
LCD_Service 1.0.1.0 - 'LCD_Service' Unquote Service Path
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
Aerospike Database 5.1.0.3 - OS Command Execution
Apache Struts 2.5.20 - Double OGNL evaluation
Car Rental Management System 1.0 - 'id' SQL Injection (Authenticated)
Online Doctor Appointment Booking System PHP and Mysql 1.0 - 'q' SQL Injection
EgavilanMedia User Registration & Login System with Admin Panel Exploit - SQLi Auth Bypass
SugarCRM 6.5.18 - Persistent Cross-Site Scripting
WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting
Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting
2020-11-18 05:01:57 +00:00
Offensive Security
3774170267
DB: 2020-11-11
...
4 changes to exploits/shellcodes
Car Rental Management System 1.0 - SQL injection + Arbitrary File Upload
ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection
2020-11-11 05:01:56 +00:00
Offensive Security
00b27610c8
DB: 2020-09-24
...
2 changes to exploits/shellcodes
Online Food Ordering System 1.0 - Remote Code Execution
2020-09-24 05:02:05 +00:00
Offensive Security
133dc9fc81
DB: 2020-09-18
...
1 changes to exploits/shellcodes
Microsoft SQL Server Reporting Services 2016 - Remote Code Execution
2020-09-18 05:02:05 +00:00
Offensive Security
720fabd066
DB: 2020-07-28
...
114 changes to exploits/shellcodes
Notepad++ < 7.7 (x64) - Denial of Service
winrar 5.80 64bit - Denial of Service
WinRAR 5.80 (x64) - Denial of Service
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter 'target_offset' Out-of-Bounds Privilege Escalation
TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Windows 7 SP1 (x86) - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Word 2007 (x86) - Information Disclosure
IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation
ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution
Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation
MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation
Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)
Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path
DEWESoft X3 SP1 (64-bit) - Remote Command Execution
DEWESoft X3 SP1 (x64) - Remote Command Execution
CompleteFTP Professional 12.1.3 - Remote Code Execution
TeamCity Agent XML-RPC 10.0 - Remote Code Execution
eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution
FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x86 - Kill All Processes Shellcode (14 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
2020-07-28 05:01:59 +00:00
Offensive Security
1979df6cb3
DB: 2020-06-19
...
51 changes to exploits/shellcodes
Tor Browser < 0.3.2.10 - Use After Free (PoC)
Notepad++ < 7.7 (x64) - Denial of Service
SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
InputMapper 1.6.10 - Denial of Service
SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)
XnConvert 1.82 - Denial of Service (PoC)
SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC)
SpotDialup 1.6.7 - 'Key' Denial of Service (PoC)
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
FreeBSD 12.0 - 'fd' Local Privilege Escalation
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH)
DeviceViewer 3.12.0.1 - Arbitrary Password Change
Winrar 5.80 - XML External Entity Injection
Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution
Siemens TIA Portal - Remote Command Execution
Android 7 < 9 - Remote Code Execution
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)
CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit)
MyBB < 1.8.21 - Remote Code Execution
Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation
Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)
Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery
Publisure Hybrid - Multiple Vulnerabilities
NetGain EM Plus 10.1.68 - Remote Command Execution
Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion
DotNetNuke 9.3.2 - Cross-Site Scripting
VehicleWorkshop 1.0 - 'bookingid' SQL Injection
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload
WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion
WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting
WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
Joomla! 3.9.0 < 3.9.7 - CSV Injection
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
Wing FTP Server - Authenticated CSRF (Delete Admin)
WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification
UADMIN Botnet 1.0 - 'link' SQL Injection
Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload
Wordpress Plugin PicUploader 1.0 - Remote File Upload
PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution
WordPress Plugin Helpful 2.4.11 - SQL Injection
Prestashop 1.7.6.4 - Cross-Site Request Forgery
WordPress Plugin Simple File List 5.4 - Remote Code Execution
Library CMS Powerful Book Management System 2.2.0 - Session Fixation
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection
Beauty Parlour Management System 1.0 - Authentication Bypass
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes)
Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
2020-06-19 05:02:01 +00:00
Offensive Security
34b629388a
DB: 2020-06-03
...
3 changes to exploits/shellcodes
Microsoft Windows - 'SMBGhost' Remote Code Execution
Clinic Management System 1.0 - Authentication Bypass
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)
2020-06-03 05:01:54 +00:00
Offensive Security
4fbd3630c8
DB: 2020-05-26
...
6 changes to exploits/shellcodes
GoldWave - Buffer Overflow (SEH Unicode)
Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)
Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)
Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)
Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting
Online Discussion Forum Site 1.0 - Remote Code Execution
2020-05-26 05:01:56 +00:00
Offensive Security
ccea007282
DB: 2020-05-01
...
81 changes to exploits/shellcodes
WordPress 2.9 - Denial of Service
WordPress Core 2.9 - Denial of Service
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)
IBM AIX 4.3.1 - 'adb' Denial of Service
Jzip - Buffer Overflow (PoC) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
WordPress 4.0 - Denial of Service
WordPress < 4.0.1 - Denial of Service
WordPress Core 4.0 - Denial of Service
WordPress Core < 4.0.1 - Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)
Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
PHPFreeChat 1.7 - Denial of Service
XenForo 2 - CSS Loader Denial of Service
MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)
Wansview 1.0.2 - Denial of Service (PoC)
StyleWriter 4 1.0 - Denial of Service (PoC)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Snes9K 0.0.9z - Denial of Service (PoC)
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)
Windows PowerShell - Unsanitized Filename Command Execution
Microsoft Windows PowerShell - Unsanitized Filename Command Execution
QEMU - Denial of Service
Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Bematech Printer MP-4200 - Denial of Service
Cisco WLC 2504 8.9 - Denial of Service (PoC)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)
WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
Tautulli 2.1.9 - Denial of Service (Metasploit)
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
TP-Link Archer C50 3 - Denial of Service (PoC)
Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)
Cisco IP Phone 11.7 - Denial of service (PoC)
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass
IBM AIX 4.3.1 - 'adb' Denial of Service
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)
AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)
Wansview 1.0.2 - Denial of Service (PoC)
StyleWriter 4 1.0 - Denial of Service (PoC)
Any Sound Recorder 2.93 - Denial of Service (PoC)
Snes9K 0.0.9z - Denial of Service (PoC)
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation
Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows NTFS - Privileged File Access Enumeration
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
Microsoft Windows NTFS - Privileged File Access Enumeration
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)
Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
_GCafé 3.0 - 'gbClienService' Unquoted Service Path
_GCafé 3.0 - 'gbClienService' Unquoted Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Windows - Shell COM Server Registrar Local Privilege Escalation
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation
Windows Kernel - Information Disclosure
Microsoft Windows Kernel - Information Disclosure
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path
Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service
Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting
WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
Windows PowerShell ISE - Remote Code Execution
Microsoft Windows PowerShell ISE - Remote Code Execution
QEMU - Denial of Service
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
WordPress 1.2 - HTTP Splitting
WordPress Core 1.2 - HTTP Splitting
WordPress 1.5.1.1 - SQL Injection
WordPress Core 1.5.1.1 - SQL Injection
WordPress 1.5.1.1 - 'add new admin' SQL Injection
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection
WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress 1.5.1.3 - Remote Code Execution
WordPress 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress Core 1.5.1.3 - Remote Code Execution
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress 2.0.5 - Trackback UTF-7 SQL Injection
WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection
WordPress 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress 2.1.2 - 'xmlrpc' SQL Injection
WordPress Core 2.1.2 - 'xmlrpc' SQL Injection
WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress 2.2 - 'xmlrpc.php' SQL Injection
WordPress Core 2.2 - 'xmlrpc.php' SQL Injection
WordPress 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress 2.3.1 - Charset SQL Injection
WordPress Core 2.3.1 - Charset SQL Injection
Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection
Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection
WordPress 2.6.1 - SQL Column Truncation
WordPress Core 2.6.1 - SQL Column Truncation
WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress 2.8.1 - 'url' Cross-Site Scripting
WordPress Core 2.8.1 - 'url' Cross-Site Scripting
WordPress 2.8.3 - Remote Admin Reset Password
WordPress Core 2.8.3 - Remote Admin Reset Password
WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress 2.9 - Failure to Restrict URL Access
WordPress Core 2.9 - Failure to Restrict URL Access
Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection
Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion
WordPress 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress 3.1.3 - SQL Injection
WordPress Core 3.1.3 - SQL Injection
WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities
WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting
WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress 1.5 - 'post.php' Cross-Site Scripting
WordPress Core 1.5 - 'post.php' Cross-Site Scripting
WordPress 2.0 - Comment Post HTML Injection
WordPress Core 2.0 - Comment Post HTML Injection
WordPress 2.0.5 - 'functions.php' Remote File Inclusion
WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion
WordPress 1.x/2.0.x - 'template.php' HTML Injection
WordPress Core 1.x/2.0.x - 'template.php' HTML Injection
WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress 2.1.1 - 'post.php' Cross-Site Scripting
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting
WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress 2.1.1 - Arbitrary Command Execution
WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress Core 2.1.1 - Arbitrary Command Execution
WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress 2.2 - 'Request_URI' Cross-Site Scripting
WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting
WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress 2.3.1 - Unauthorized Post Access
WordPress Core 2.3.1 - Unauthorized Post Access
WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress 2.3.3 - 'cat' Directory Traversal
WordPress Core 2.3.3 - 'cat' Directory Traversal
WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 4.2 - Persistent Cross-Site Scripting
WordPress Core 4.2 - Persistent Cross-Site Scripting
WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress 3.4.2 - Cross-Site Request Forgery
WordPress Core 3.4.2 - Cross-Site Request Forgery
Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress 4.5.3 - Directory Traversal / Denial of Service
WordPress Core 4.5.3 - Directory Traversal / Denial of Service
PHPFreeChat 1.7 - Denial of Service
WordPress 4.7.0/4.7.1 - Content Injection (Python)
WordPress 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress < 4.7.1 - Username Enumeration
WordPress Core < 4.7.1 - Username Enumeration
WordPress Multiple Plugins - Arbitrary File Upload
Multiple WordPress Plugins - Arbitrary File Upload
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download
Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal
Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection
Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
WordPress 4.6 - Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
WordPress Core 4.6 - Remote Code Execution
WordPress Core < 4.7.4 - Unauthorized Password Reset
XenForo 2 - CSS Loader Denial of Service
Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion
Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)
Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla! Component Ek Rishta 2.10 - SQL Injection
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection
Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress CherryFramework Themes 3.1.4 - Backup File Download
WordPress Theme CherryFramework 3.1.4 - Backup File Download
WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting
Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
phpBB 3.2.3 - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution
60CycleCMS - 'news.php' SQL Injection
60CycleCMS - 'news.php' SQL Injection
Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution
Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
Centreon 19.04 - Remote Code Execution
Centreon 19.04 - Remote Code Execution
WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery
Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress 5.2.3 - Cross-Site Host Modification
WordPress Core 5.2.3 - Cross-Site Host Modification
Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution
WordPress Arforms 3.7.1 - Directory Traversal
WordPress Plugin Arforms 3.7.1 - Directory Traversal
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution
Joomla 3.9.13 - 'Host' Header Injection
Joomla! 3.9.13 - 'Host' Header Injection
Bematech Printer MP-4200 - Denial of Service
Cisco WLC 2504 8.9 - Denial of Service (PoC)
NopCommerce 4.2.0 - Privilege Escalation
NopCommerce 4.2.0 - Privilege Escalation
WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service
Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal ( Metasploit )
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal (Metasploit)
Tautulli 2.1.9 - Denial of Service ( Metasploit )
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting
WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
Cacti 1.2.8 - Authenticated Remote Code Execution
Cacti 1.2.8 - Authenticated Remote Code Execution
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
Wordpress Plugin Search Meter 2.13.2 - CSV injection
WordPress Plugin Search Meter 2.13.2 - CSV injection
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
TP-Link Archer C50 3 - Denial of Service (PoC)
Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)
Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution
Cisco IP Phone 11.7 - Denial of service (PoC)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
2020-05-01 05:02:03 +00:00
Offensive Security
0f5a9de36d
DB: 2020-04-29
...
8 changes to exploits/shellcodes
Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution
Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit)
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
CloudMe 1.11.2 - Buffer Overflow (PoC)
School ERP Pro 1.0 - 'es_messagesid' SQL Injection
School ERP Pro 1.0 - Remote Code Execution
2020-04-29 05:01:47 +00:00
Offensive Security
1c5c38825d
DB: 2020-04-22
...
10 changes to exploits/shellcodes
Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation
WordPress 2.0.2 - 'cache' Remote Shell Injection
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption
WordPress Core 2.0.2 - 'cache' Remote Shell Injection
CSZ CMS 1.2.7 - Persistent Cross-Site Scripting
PMB 5.6 - 'logid' SQL Injection
CSZ CMS 1.2.7 - 'title' HTML Injection
IQrouter 3.3.1 Firmware - Remote Code Execution
NSClient++ 0.5.2.35 - Authenticated Remote Code Execution
jizhi CMS 1.6.7 - Arbitrary File Download
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
2020-04-22 05:01:47 +00:00
Offensive Security
c3e827f657
DB: 2020-04-17
...
8 changes to exploits/shellcodes
VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)
TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)
Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
Apache Solr - Remote Code Execution via Velocity Template (Metasploit)
2020-04-17 05:01:48 +00:00
Offensive Security
19615ff704
DB: 2020-04-01
...
7 changes to exploits/shellcodes
FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)
Redis - Replication Code Execution (Metasploit)
IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)
DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit)
SharePoint Workflows - XOML Injection (Metasploit)
Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection
Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection
2020-04-01 05:01:47 +00:00
Offensive Security
4df22c7404
DB: 2020-03-10
...
13 changes to exploits/shellcodes
Microsoft Windows - 'WizardOpium' Local Privilege Escalation
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)
PHP-FPM - Underflow Remote Code Execution (Metasploit)
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
60CycleCMS - 'news.php' SQL Injection
Sahi pro 8.x - Directory Traversal
Sentrifugo HRMS 3.2 - 'id' SQL Injection
2020-03-10 05:01:44 +00:00
Offensive Security
7531fa6a21
DB: 2020-03-06
...
3 changes to exploits/shellcodes
Exchange Control Panel - Viewstate Deserialization (Metasploit)
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
netkit-telnet-0.17 telnetd (Fedora 31) - 'BraveStarr' Remote Code Execution
2020-03-06 05:01:47 +00:00
Offensive Security
afe5797b88
DB: 2020-03-03
...
12 changes to exploits/shellcodes
Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
Wing FTP Server 6.2.3 - Privilege Escalation
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
Joplin Desktop 1.0.184 - Cross-Site Scripting
Netis WF2419 2.2.36123 - Remote Code Execution
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
Wing FTP Server 6.2.5 - Privilege Escalation
TP LINK TL-WR849N - Remote Code Execution
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
2020-03-03 05:01:48 +00:00
Offensive Security
228a37da9c
DB: 2020-02-18
...
15 changes to exploits/shellcodes
HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path
TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path
Cuckoo Clock v5.0 - Buffer Overflow
Anviz CrossChex - Buffer Overflow (Metasploit)
SOPlanning 1.45 - 'by' SQL Injection
Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
Avaya Aura Communication Manager 5.2 - Remote Code Execution
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
SOPlanning 1.45 - 'users' SQL Injection
LabVantage 8.3 - Information Disclosure
2020-02-18 05:01:54 +00:00
Offensive Security
ea7a01d8fb
DB: 2020-02-12
...
18 changes to exploits/shellcodes
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)
Sudo 1.8.25p - Buffer Overflow
Torrent iPod Video Converter 1.51 - Stack Overflow
DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow
freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path
FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path
Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path
DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow
Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path
Disk Savvy Enterprise 12.3.18 - Unquoted Service Path
Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution
Microsoft SharePoint - Deserialization Remote Code Execution
CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
2020-02-12 05:01:58 +00:00
Offensive Security
e3e102da5b
DB: 2019-12-21
...
4 changes to exploits/shellcodes
Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC)
FreeSWITCH 1.10.1 - Command Execution
phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting
2019-12-21 05:01:57 +00:00
Offensive Security
30a6a01b6c
DB: 2019-12-07
...
3 changes to exploits/shellcodes
Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite
Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow
Verot 2.0.3 - Remote Code Execution
2019-12-07 05:02:08 +00:00
Offensive Security
c8181201fd
DB: 2019-11-13
...
38 changes to exploits/shellcodes
Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path
Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path
Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path
RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path
Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH)
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
eMerge E3 Access Controller 4.6.07 - Remote Code Execution
eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)
CBAS-Web 19.0.0 - Information Disclosure
Prima FlexAir Access Control 2.3.38 - Remote Code Execution
Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting
Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting
Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting
eMerge E3 1.00-06 - Unauthenticated Directory Traversal
eMerge E3 1.00-06 - Privilege Escalation
eMerge E3 1.00-06 - Remote Code Execution
eMerge E3 1.00-06 - Cross-Site Request Forgery
Atlassian Confluence 6.15.1 - Directory Traversal
eMerge E3 1.00-06 - Arbitrary File Upload
eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting
eMerge50P 5000P 4.6.07 - Remote Code Execution
CBAS-Web 19.0.0 - Remote Code Execution
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)
CBAS-Web 19.0.0 - Username Enumeration
CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection
Joomla 3.9.13 - 'Host' Header Injection
Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting
Prima Access Control 2.3.35 - Arbitrary File Upload
Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)
Optergy 2.3.0a - Remote Code Execution
FlexAir Access Control 2.4.9api3 - Remote Code Execution
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)
Optergy 2.3.0a - Username Disclosure
Optergy 2.3.0a - Remote Code Execution (Backdoor)
Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting
FlexAir Access Control 2.3.35 - Authentication Bypass
Bematech Printer MP-4200 - Denial of Service
2019-11-13 05:01:43 +00:00
Offensive Security
7e9d444235
DB: 2019-11-12
...
8 changes to exploits/shellcodes
iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)
_GCafé 3.0 - 'gbClienService' Unquoted Service Path
Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path
XML Notepad 2.8.0.4 - XML External Entity Injection
2019-11-12 05:01:40 +00:00
