bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2599 commits 1 branch 0 tags 261 MiB
Commit graph

20 commits

Author SHA1 Message Date
Offensive Security
d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
 2022-11-10 16:39:50 +00:00
Offensive Security
27af25c8c3 DB: 2021-11-02 
19 changes to exploits/shellcodes

jQuery UI 1.12.1 - Denial of Service (DoS)

Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)

Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)

Microsoft Exchange 2019 - Server-Side Request Forgery

KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm

MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting

CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)

WordPress Plugin SuperForms 4.9 - Arbitrary File Upload

Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal

SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)

Web Based Quiz System 1.0 - 'MCQ options' Persistent Cross-Site Scripting

Online Ordering System 1.0 - Arbitrary File Upload

Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)
CouchCMS 2.2.1 - Persistent Cross-Site Scripting
Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC)

MagpieRSS 0.72 - 'url' Command Injection

CouchCMS 2.2.1 - Server-Side Request Forgery

GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting

Montiorr 1.7.6m - Persistent Cross-Site Scripting
 2021-11-02 05:02:13 +00:00
Offensive Security
1cf7d7364a DB: 2021-10-13 
176 changes to exploits/shellcodes

Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)
Sandboxie 5.49.7 - Denial of Service (PoC)
WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
iDailyDiary 4.30 - Denial of Service (PoC)
RarmaRadio 2.72.8 - Denial of Service (PoC)
DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
Color Notes 1.4 - Denial of Service (PoC)
Macaron Notes great notebook 5.5 - Denial of Service (PoC)
My Notes Safe 5.3 - Denial of Service (PoC)
Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
NBMonitor 1.6.8 - Denial of Service (PoC)
Nsauditor 3.2.3 - Denial of Service (PoC)
Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
n+otes 1.6.2 - Denial of Service (PoC)
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
Post-it 5.0.1 - Denial of Service (PoC)
Notex the best notes 6.4 - Denial of Service (PoC)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)

MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution

Visual Studio Code 1.47.1 - Denial of Service (PoC)

DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
Backup Key Recovery 2.2.7 - Denial of Service (PoC)
memono Notepad Version 4.2 - Denial of Service (PoC)

Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)

Dlink DSL2750U - 'Reboot' Command Injection
E-Learning System 1.0 - Authentication Bypass & RCE POC
Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)

ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation

GetSimple CMS 3.3.16 - Reflected XSS to RCE
House Rental and Property Listing 1.0 - Multiple Stored XSS
Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection)

EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting

Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)

Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)

Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)

CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)

WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution

Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover

Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)

Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC)

Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)

Montiorr 1.7.6m - File Upload to XSS

GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE

Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated)
Markdown Explorer 0.1.1 - XSS to RCE
Xmind 2020 - XSS to RCE
Tagstoo 2.0.1 - Stored XSS to RCE
SnipCommand 0.1.0 - XSS to RCE
Moeditor 0.2.0 - XSS to RCE
Marky 0.0.1 - XSS to RCE
StudyMD 0.3.2 - XSS to RCE
Freeter 1.2.1 - XSS to RCE
Markright 1.0 - XSS to RCE
Markdownify 1.2.0 - XSS to RCE
Anote 1.0 - XSS to RCE
Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated)
Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload

Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated)

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)

CHIYU IoT Devices - Denial of Service (DoS)

Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated)

TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal

Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)

Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution
ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection

Dolibarr ERP/CRM 10.0.6 - Login Brute Force

qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated)

Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated)

ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function

Budget and Expense Tracker System 1.0 - Authenticated Bypass
WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)
Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping
Phpwcms 1.9.30 - File Upload to XSS

Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes)
Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)
Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
 2021-10-13 05:02:15 +00:00
Offensive Security
caf7ab9c86 DB: 2021-10-09 
12 changes to exploits/shellcodes

Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC)
IFSC Code Finder Project 1.0 - SQL injection (Unauthenticated)
Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated)
django-unicorn 0.35.3 - Stored Cross-Site Scripting (XSS)
Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation (Unauthenticated)
Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation
Simple Online College Entrance Exam System 1.0 - Account Takeover
Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection
Online Enrollment Management System 1.0 - Authentication Bypass
Online Employees Work From Home Attendance System 1.0 - SQLi Authentication Bypass
Loan Management System 1.0 - SQLi Authentication Bypass
 2021-10-09 05:02:15 +00:00
Offensive Security
f449a4864b DB: 2021-09-23 
8 changes to exploits/shellcodes

TotalAV 5.15.69 - Unquoted Service Path
Simple Attendance System 1.0 - Unauthenticated Blind SQLi
Filerun 2021.03.26 - Remote Code Execution (RCE) (Authenticated)
e107 CMS 2.3.0 - Remote Code Execution (RCE) (Authenticated)
OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)
Cloudron 6.2 - 'returnTo ' Cross Site Scripting (Reflected)
Sentry 8.2.0 - Remote Code Execution (RCE) (Authenticated)
Online Reviewer System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
 2021-09-23 05:02:08 +00:00
Offensive Security
b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
 2021-09-03 20:19:21 +00:00
Offensive Security
36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
 2021-09-03 13:39:06 +00:00
Offensive Security
1514ca02a7 DB: 2021-07-07 
13 changes to exploits/shellcodes

Huawei dg8045 - Authentication Bypass
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal
perfexcrm 1.10 - 'State' Stored Cross-site scripting (XSS)
Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated)
Netgear DGN2200v1 - Remote Command Execution (RCE) (Unauthenticated)
Black Box Kvm Extender 3.4.31307 - Local File Inclusion
Pallets Werkzeug 0.15.4 - Path Traversal
Billing System Project 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exam Hall Management System 1.0 - Unrestricted File Upload (Unauthenticated)
Visual Tools DVR VX16 4.2.28 - Local Privilege Escalation
Phone Shop Sales Managements System 1.0 - Authentication Bypass (SQLi)
Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution
 2021-07-07 05:02:02 +00:00
Offensive Security
b7bdc3f375 DB: 2021-06-03 
7 changes to exploits/shellcodes

Intel(R) Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Service Path
Thecus N4800Eco Nas Server Control Panel - Comand Injection
Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution
GetSimple CMS 3.3.4 - Information Disclosure
Products.PluggableAuthService 2.6.0 - Open Redirect
Seo Panel 4.8.0 - 'search_name' Reflected XSS
Seo Panel 4.8.0 - 'category' Reflected XSS
 2021-06-03 05:01:55 +00:00
Offensive Security
092f2f0697 DB: 2021-04-27 
6 changes to exploits/shellcodes

SEO Panel 4.8.0 - 'order_col' Blind SQL Injection
SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (1)

Hasura GraphQL 1.3.3 - Remote Code Execution
OpenPLC 3 - Remote Code Execution (Authenticated)
SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2)
 2021-04-27 05:02:00 +00:00
Offensive Security
dade976f06 DB: 2021-01-30 
12 changes to exploits/shellcodes

Apache - Arbitrary Long HTTP Headers Denial of Service (Perl)
Apache - Arbitrary Long HTTP Headers (Denial of Service)

Microsoft Internet Explorer - Denial of Service (11 bytes)
Microsoft Internet Explorer - Denial of Service

Apache - Arbitrary Long HTTP Headers Denial of Service (C)
Apache - Arbitrary Long HTTP Headers Denial of Service
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)
phpBB 2.0.15 - Register Multiple Users (Denial of Service)
XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)
XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)
XChat 2.6.7 (Windows) - Remote Denial of Service

Opera 9 IRC Client - Remote Denial of Service (Python)
Opera 9 IRC Client - Remote Denial of Service

Xfire 1.6.4 - Remote Denial of Service (Perl)
Xfire 1.6.4 - Remote Denial of Service

Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)
Microsoft Windows - NAT Helper Components Remote Denial of Service

Apple CFNetwork - HTTP Response Denial of Service (Ruby)
Apple CFNetwork - HTTP Response Denial of Service

PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service (Python)
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service

PHP Hosting Directory 2.0 - Database Disclosure (Python)
PHP Hosting Directory 2.0 - Database Disclosure
Ascend R 4.5 Ci12 - Denial of Service (C)
Ascend R 4.5 Ci12 - Denial of Service (Perl)
Ascend R 4.5 Ci12 - Denial of Service

BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Python)
BulletProof FTP Client 2010 - Buffer Overflow (SEH)

RedHat 6.2 Restore and Dump - Local Privilege Escalation (Perl)
RedHat 6.2 Restore and Dump - Local Privilege Escalation

Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Bash)
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation

Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Perl)
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation

ARPUS/Ce - Local Overflow (setuid) (Perl)
ARPUS/Ce - Local Overflow (setuid)

Xmame 0.102 - 'lang' Local Buffer Overflow (C)
Xmame 0.102 - 'lang' Local Buffer Overflow

CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
Browser3D 3.5 - '.sfs' Local Stack Overflow (C)
Browser3D 3.5 - '.sfs' Local Stack Overflow (Perl)
Browser3D 3.5 - '.sfs' Local Stack Overflow

CastRipper 2.50.70 - '.m3u' Universal Stack Overflow (Python)
CastRipper 2.50.70 - '.m3u' Universal Stack Overflow

Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation (Python)
Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Perl)
Soritong 1.0 - Universal Buffer Overflow (Python)
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Python)
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow
Soritong 1.0 - Universal Buffer Overflow
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow

Apple Mac OSX 10.8.4 - Local Privilege Escalation (Python)
Apple Mac OSX 10.8.4 - Local Privilege Escalation

BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby)
BulletProof FTP Client 2010 - Local Buffer Overflow (SEH)

Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032) (C#)
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032)

10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)
10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH) (ROP)

B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)
B64dec 1.1.2 - Buffer Overflow (SEH Overflow + EggHunter)

10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)

Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (PHP)
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure

Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Perl)
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure

Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2) (Perl)
Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2)

Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070) (Python)
Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070)

3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode (Perl)
3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Python)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Perl)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow

3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow

OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Perl)
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH

OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Python)
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH

Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution (Python)
Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution

IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (C)
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow

BIND 9.x - Remote DNS Cache Poisoning (Python)
BIND 9.x - Remote DNS Cache Poisoning

Microsoft Internet Explorer 7 - Memory Corruption (MS09-002) (Python)
Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)

EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (Perl)
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow

Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (PHP)
Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass

Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow (Perl)
Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow

Endian Firewall < 3.0.0 - OS Command Injection (Python)
Endian Firewall < 3.0.0 - OS Command Injection
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (C)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (Perl)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution

phpBB 2.0.12 - Change User Rights Authentication Bypass (C)
phpBB 2.0.12 - Change User Rights Authentication Bypass
Maxwebportal 1.36 - 'Password.asp' Change Password (3) (Perl)
Maxwebportal 1.36 - 'Password.asp' Change Password (2) (PHP)
Maxwebportal 1.36 - 'Password.asp' Change Password (3)
Maxwebportal 1.36 - 'Password.asp' Change Password (2)

phpStat 1.5 - 'setup.php' Authentication Bypass (Perl)
phpStat 1.5 - 'setup.php' Authentication Bypass

SimpleBBS 1.1 - Remote Command Execution (C)
SimpleBBS 1.1 - Remote Command Execution
DataLife Engine 4.1 - SQL Injection (Perl)
DataLife Engine 4.1 - SQL Injection (PHP)
DataLife Engine 4.1 - SQL Injection

cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP)
cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (PHP)
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (Perl)
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution

webSPELL 4.2.0d (Linux) - Local File Disclosure (C)
webSPELL 4.2.0d (Linux) - Local File Disclosure

Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload
PHPMailer < 5.2.18 - Remote Code Execution (Bash)
PHPMailer < 5.2.18 - Remote Code Execution (PHP)
PHPMailer < 5.2.18 - Remote Code Execution

PHPMailer < 5.2.18 - Remote Code Execution (Python)
PHPMailer < 5.2.18 - Remote Code Execution

WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection

Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload
BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
Online Grading System 1.0 - 'uname' SQL Injection
Quick.CMS 6.7 - Remote Code Execution (Authenticated)
Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover
MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
Simple Public Chat Room 1.0 - Authentication Bypass SQLi
Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)
 2021-01-30 05:01:55 +00:00
Offensive Security
99b2cc4c13 DB: 2020-10-24 
17 changes to exploits/shellcodes

Online Library Management System 1.0 - Arbitrary File Upload
Ajenti 2.1.36 - Remote Code Execution (Authenticated)
Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection
Car Rental Management System 1.0 - Arbitrary File Upload
User Registration & Login and User Management System 2.1 - SQL Injection
Point of Sales 1.0 - 'id' SQL Injection
Lot Reservation Management System 1.0 - Authentication Bypass
Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)
Gym Management System 1.0 - 'id' SQL Injection
Point of Sales 1.0 - 'username' SQL Injection
School Faculty Scheduling System 1.0 - 'id' SQL Injection
School Faculty Scheduling System 1.0 - 'username' SQL Injection
Gym Management System 1.0 - Authentication Bypass
Gym Management System 1.0 - Stored Cross Site Scripting
Bludit 3.9.2 - Auth Bruteforce Bypass
TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)
 2020-10-24 05:02:08 +00:00
Offensive Security
97ece9d27b DB: 2020-10-17 
11 changes to exploits/shellcodes

Employee Management System 1.0 - Cross Site Scripting (Stored)
Employee Management System 1.0 - Authentication Bypass
Alumni Management System 1.0 - Authentication Bypass
Company Visitor Management System (CVMS) 1.0 - Authentication Bypass
Restaurant Reservation System 1.0 - 'date' SQL Injection (Authenticated)
aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)
Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated)
Hotel Management System 1.0 - Remote Code Execution (Authenticated)
Seat Reservation System 1.0 - Unauthenticated SQL Injection
CS-Cart 1.3.3 - 'classes_dir' LFI
CS-Cart 1.3.3 - authenticated RCE
 2020-10-17 05:02:09 +00:00
Offensive Security
9384c59418 DB: 2020-08-05 
4 changes to exploits/shellcodes

Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service (PoC)
RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)
Pi-hole 4.3.2 - Remote Code Execution (Authenticated)
Daily Expenses Management System 1.0 - 'username' SQL Injection
 2020-08-05 05:01:47 +00:00
Offensive Security
95c6eeab79 DB: 2020-01-07 
33 changes to exploits/shellcodes

NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
SpotIE 2.9.5 - 'Key' Denial of Service (PoC)
Dnss Domain Name Search Software - 'Key' Denial of Service (PoC)
BlueAuditor 1.7.2.0 - 'Name' Denial of Service (PoC)
ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service (PoC)
NetShareWatcher 1.5.8.0 - 'Key' Denial of Service (PoC)
Dnss Domain Name Search Software - 'Name' Denial of Service (PoC)
TextCrawler Pro3.1.1 - Denial of Service (PoC)
RemShutdown 2.9.0.0 - 'Key' Denial of Service (PoC)
Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service (PoC)
RemShutdown 2.9.0.0 - 'Name' Denial of Service (PoC)
NBMonitor 1.6.6.0 - 'Key' Denial of Service (PoC)
Office Product Key Finder 1.5.4 - Denial of Service (PoC)
SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service (PoC)
SpotMSN 2.4.6 - 'Name' Denial of Service (PoC)
SpotIM 2.2 - 'Name' Denial Of Service
FTPGetter Professional 5.97.0.223 -  Denial of Service (PoC)
Duplicate Cleaner Pro 4 - Denial of Service (PoC)
Microsoft Outlook VCF cards - Denial of Service (PoC)
Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path
Windows - Shell COM Server Registrar Local Privilege Escalation
Dairy Farm Shop Management System 1.0 - 'username' SQL Injection
Complaint Management System 4.0 - 'cid' SQL injection
IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting
Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)
Hostel Management System 2.0 - 'id' SQL Injection
elaniin CMS 1.0 - Authentication Bypass
Small CRM 2.0 - Authentication Bypass
Voyager 1.3.0 - Directory Traversal
Codoforum 4.8.3 - Persistent Cross-Site Scripting
Django < 3.0 < 2.2 < 1.11 - Account Hijack

Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
 2020-01-07 05:02:07 +00:00
Offensive Security
7c5ad20e72 DB: 2019-10-15 
6 changes to exploits/shellcodes

SpotAuditor 5.3.1.0 - Denial of Service
ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service

Uplay 92.0.0.6280 - Local Privilege Escalation
Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting
Ajenti 2.1.31 - Remote Code Execution
Kirona-DRS 5.5.3.5 - Information Disclosure
 2019-10-15 05:01:47 +00:00
Offensive Security
21c1b71372 DB: 2019-10-01 
6 changes to exploits/shellcodes

GoAhead 2.5.0 - Host Header Injection
Cisco Small Business 220 Series - Multiple Vulnerabilities
vBulletin 5.x - Remote Command Execution (Metasploit)
phpIPAM 1.4 - SQL Injection
thesystem 1.0 - Cross-Site Scripting
TheSystem 1.0 - Command Injection
 2019-10-01 05:01:46 +00:00
Offensive Security
880bbe402e DB: 2019-03-08 
14991 changes to exploits/shellcodes

HTC Touch - vCard over IP Denial of Service

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities

PeerBlock 1.1 - Blue Screen of Death

WS10 Data Server - SCADA Overflow (PoC)

Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

man-db 2.4.1 - 'open_cat_stream()' Local uid=man

CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

CCProxy 6.2 - 'ping' Remote Buffer Overflow

Savant Web Server 3.1 - Remote Buffer Overflow (2)

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3  - Remote Code Execution

Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
 2019-03-08 05:01:50 +00:00
Offensive Security
f3f1427938 DB: 2019-02-16 
9 changes to exploits/shellcodes

ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS)
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC)
AirMore 1.6.1 - Denial of Service (PoC)
Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC)
Navicat for Oracle 12.1.15 - _Password_ Denial of Service (PoC)
VSCO 1.1.1.0 - Denial of Service (PoC)
Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference

Webiness Inventory 2.3 - SQL Injection
Webiness Inventory 2.3 - 'order' SQL Injection
MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery
Jinja2 2.10 - 'from_string' Server Side Template Injection
qdPM 9.1 - 'search_by_extrafields[]' SQL Injection
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload
 2019-02-16 05:01:55 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00