bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2774 commits 1 branch 0 tags 258 MiB
Commit graph

32 commits

Author SHA1 Message Date
Exploit-DB
2f07358143 DB: 2023-04-15 
16 changes to exploits/shellcodes/ghdb

InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal

Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation
Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery
Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password
Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation
Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure

Google Chrome Browser 111.0.5563.64 - AXPlatformNodeCocoa Fatal OOM/Crash (macOS)

Bludit 4.0.0-rc-2 - Account takeover

Microsoft Windows 11 - 'cmd.exe' Denial of Service
 2023-04-15 00:16:19 +00:00
Exploit-DB
85954a8fad DB: 2023-04-09 
34 changes to exploits/shellcodes/ghdb

ENTAB ERP 1.0 - Username PII leak

ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)

ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)

FortiRecorder 6.4.3 - Denial of Service

Schneider Electric v1.0 - Directory traversal & Broken Authentication

Altenergy Power Control Software C1.2.5 - OS command injection

Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)

Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)

Google Chrome  109.0.5414.74 - Code Execution via missing lib file (Ubuntu)

Lucee Scheduled Job v1.0 -  Command Execution

Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)

Adobe Connect 11.4.5 - Local File Disclosure

Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)

Suprema BioStar 2 v2.8.16 - SQL Injection

Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)

dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)

GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure

Icinga Web 2.10 - Arbitrary File Disclosure

Joomla! v4.2.8 - Unauthenticated information disclosure

Medicine Tracker System v1.0 - Sql Injection

Online Appointment System V1.0 - Cross-Site Scripting (XSS)

Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)

pfsenseCE v2.6.0 - Anti-brute force protection bypass

Restaurant Management System 1.0  - SQL Injection

WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)

Microsoft Windows 11 - 'cmd.exe' Denial of Service

ActFax 10.10 - Unquoted Path Services

ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path

RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution

Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation
 2023-04-09 00:16:30 +00:00
Exploit-DB
99cef8d064 DB: 2023-04-08 
11 changes to exploits/shellcodes/ghdb

Snitz Forum v1.0 - Blind SQL Injection

Franklin Fueling Systems  TS-550 - Exploit and Default Password

Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing

MAC 1200R - Directory Traversal

Docker based datastores for IBM Instana 241-2 243-0 - No Authentication

IBM Aspera Faspex 4.4.1 - YAML deserialization (RCE)

ChurchCRM 4.5.1 - Authenticated SQL Injection

NotrinosERP 0.7 - Authenticated Blind SQL Injection

Rukovoditel 3.3.1 - Remote Code Execution (RCE)

Wondershare Dr Fone 12.9.6 - Privilege Escalation
 2023-04-08 00:16:27 +00:00
Exploit-DB
9b56e8731e DB: 2023-04-01 
25 changes to exploits/shellcodes/ghdb

EQ Enterprise management system v2.2.0 - SQL Injection

qubes-mirage-firewall  v0.8.3 - Denial Of Service (DoS)

ASKEY RTF3505VW-N1 - Privilege Escalation

Bangresto 1.0 - SQL Injection

Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)

Cacti v1.2.22 - Remote Command Execution (RCE)
Judging Management System v1.0 - Authentication Bypass
Judging Management System v1.0 - Remote Code Execution (RCE)

rconfig 3.9.7 - Sql Injection (Authenticated)

Senayan Library Management System v9.0.0 - SQL Injection

Spitfire CMS 1.0.475 - PHP Object Injection

Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)

WooCommerce v7.1.0 - Remote Code Execution(RCE)

CoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service Path
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x  -  Denial Of Service (DoS)
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x  - Authorization Bypass (IDOR)
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authentication Bypass
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Cross-Site Request Forgery
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution (RCE)
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Unauthenticated Factory Reset
SOUND4 Server Service 4.1.102 - Local Privilege Escalation

macOS/x64 - Execve Null-Free Shellcode
 2023-04-01 00:16:31 +00:00
Exploit-DB
79023d1f9c DB: 2023-03-26 
22 changes to exploits/shellcodes/ghdb

Password Manager for IIS v2.0 - XSS

DLink DIR 819 A1 - Denial of Service

D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution

Abantecart v1.3.2 - Authenticated Remote Code Execution

Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)

Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution

Employee Performance Evaluation System v1.0 - File Inclusion and RCE

GuppY CMS v6.00.10 - Remote Code Execution

Human Resources Management System v1.0 - Multiple SQLi

ImpressCMS v1.4.3 - Authenticated SQL Injection

Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal

MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution

NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi

Online Diagnostic Lab Management System v1.0 - Remote Code Execution (RCE) (Unauthenticated)

PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS

SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution

Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection

Yoga Class Registration System v1.0 - Multiple SQLi

NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle

_camp_ Raspberry Pi camera server 1.0 -  Authentication Bypass

System Mechanic v15.5.0.61 - Arbitrary Read/Write
 2023-03-26 00:16:30 +00:00
Exploit-DB
a1ff73f948 DB: 2023-03-24 
6 changes to exploits/shellcodes/ghdb

wkhtmltopdf 0.12.6 -  Server Side Request Forgery

Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities

WorkOrder CMS 0.1.0 - SQL Injection

Bitbucket v7.0.0 -  RCE

MAN-EAM-0003 V3.2.4 - XXE
 2023-03-24 00:16:21 +00:00
Offensive Security
d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
 2022-11-10 16:39:50 +00:00
Offensive Security
358c35770a DB: 2021-10-26 
17 changes to exploits/shellcodes

Netgear Genie 2.4.64 - Unquoted Service Path
OpenClinic GA 5.194.18 - Local Privilege Escalation
Gestionale Open 11.00.00 - Local Privilege Escalation

Hikvision Web Server Build 210702 - Command Injection
WordPress Plugin TaxoPress 3.0.7.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
Engineers Online Portal 1.0 - File Upload Remote Code Execution (RCE)
Build Smart ERP 21.0817 - 'eidValue' SQL Injection (Unauthenticated)
Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (2)
Balbooa Joomla Forms Builder 2.0.6 - SQL Injection (Unauthenticated)
Online Event Booking and Reservation System 1.0 - 'reason' Stored Cross-Site Scripting (XSS)
Engineers Online Portal 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)
Engineers Online Portal 1.0 - 'multiple' Authentication Bypass
Engineers Online Portal 1.0 - 'id' SQL Injection
WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting (XSS)
WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting (XSS)
Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)
phpMyAdmin 4.8.1 - Remote Code Execution (RCE)
 2021-10-26 05:02:12 +00:00
Offensive Security
b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
 2021-09-03 20:19:21 +00:00
Offensive Security
6cbe6ebbb6 DB: 2021-09-03 
395 changes to exploits/shellcodes

EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC)

Electronics Workbench - '.ewb' Local Stack Overflow (PoC)

BulletProof FTP Client 2.63 - Local Heap Overflow (PoC)

Easy Web Password 1.2 - Local Heap Memory Consumption (PoC)

Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC)

eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC)

Zortam MP3 Media Studio 9.40 - Multiple Memory Corruption Vulnerabilities

ImTOO MPEG Encoder 3.1.53 - '.cue' / '.m3u' Local Buffer Overflow (PoC)

ZoIPer 2.22 - Call-Info Remote Denial of Service
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
PHP - MultiPart Form-Data Denial of Service (PoC)
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
PHP - MultiPart Form-Data Denial of Service (PoC)

Nuked KLan 1.7.7 & SP4 - Denial of Service

AIC Audio Player 1.4.1.587 - Local Crash (PoC)

Xerox 4595 - Denial of Service

WinMerge 2.12.4 - Project File Handling Stack Overflow

Acoustica Mixcraft 1.00 - Local Crash

SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC)

Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption

Spotify 0.8.2.610 - search func Memory Exhaustion

Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC)

WaveSurfer 1.8.8p4 - Memory Corruption (PoC)
DIMIN Viewer 5.4.0 - Crash (PoC)
FreeVimager 4.1.0 - Crash (PoC)
DIMIN Viewer 5.4.0 - Crash (PoC)
FreeVimager 4.1.0 - Crash (PoC)

CoolPlayer+ Portable 2.19.4 - Local Buffer Overflow

Light Audio Player 1.0.14 - Memory Corruption (PoC)

Image Transfer IOS - Remote Crash (PoC)

Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH)

VUPlayer 2.49 - '.cue' Universal Buffer Overflow

Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation

IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite

Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflow (SEH)

Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflow

Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal

Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflow (SEH)

Alleycode HTML Editor 2.2.1 - Local Buffer Overflow

GPG2/Kleopatra 2.0.11 - Malformed Certificate

Free WMA MP3 Converter 1.1 - '.wav' Local Buffer Overflow

OtsTurntables Free 1.00.047 - '.olf' Universal Buffer Overflow

Watermark Master 2.2.23 - '.wstyle' Local Buffer Overflow (SEH)

Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation

MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2)

eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (3)

QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2)

CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow

quickshare file share 1.2.1 - Directory Traversal (1)

SPlayer 3.7 (build 2055) - Remote Buffer Overflow

Acunetix 8 build 20120704 - Remote Stack Overflow

Omeka 2.2.1 - Remote Code Execution

D-Link DSL-2740R - Remote DNS Change
D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure
Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure
D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure
Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure

Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution

TorrentTrader 1.0 RC2 - SQL Injection

WEBInsta CMS 0.3.1 - 'templates_dir' Remote File Inclusion

MiniPort@l 0.1.5 Beta - 'skiny' Remote File Inclusion

PHP DocWriter 0.3 - 'script' Remote File Inclusion

phpBB Journals System Mod 1.0.2 RC2 - Remote File Inclusion

phpBB SpamBlocker Mod 1.0.2 - Remote File Inclusion
RSSonate - 'xml2rss.php' Remote File Inclusion
CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion
RSSonate - 'xml2rss.php' Remote File Inclusion
CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion

QnECMS 2.5.6 - 'adminfolderpath' Remote File Inclusion

BrewBlogger 1.3.1 - 'printLog.php' SQL Injection

e-Ark 1.0 - '/src/ark_inc.php' Remote File Inclusion

awrate.com Message Board 1.0 - 'search.php' Remote File Inclusion

Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion

Gizzar 03162002 - 'index.php' Remote File Inclusion

SH-News 0.93 - 'misc.php' Remote File Inclusion

JSBoard 2.0.10 - 'login.php?table' Local File Inclusion

XOOPS Module WF-Links 1.03 - 'cid' SQL Injection

Scorp Book 1.0 - 'smilies.php?config' Remote File Inclusion

WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion

mxBB Module FAQ & RULES 2.0.0 - Remote File Inclusion

EQdkp 1.3.2 - 'listmembers.php' SQL Injection

FlashBB 1.1.8 - 'sendmsg.php' Remote File Inclusion

SimpleBlog 3.0 - 'comments_get.asp?id' SQL Injection

Pakupaku CMS 0.4 - Arbitrary File Upload / Local File Inclusion

CCMS 3.1 Demo - SQL Injection

MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass

BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection

AuraCMS 1.62 - Multiple SQL Injections

sCssBoard (Multiple Versions) - 'pwnpack' Remote s

EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion

RevokeBB 1.0 RC11 - 'Search' SQL Injection

Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion

CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection

PHPortal 1.2 - Multiple Remote File Inclusions

Libera CMS 1.12 - 'cookie' SQL Injection

Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload

WCMS 1.0b - Arbitrary Add Admin

FOSS Gallery Admin 1.0 - Arbitrary File Upload

MemHT Portal 4.0.1 - SQL Injection / Code Execution

Mediatheka 4.2 - Blind SQL Injection

Pligg 9.9.5b - Arbitrary File Upload / SQL Injection

XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution

Joomla! Component Casino 0.3.1 - Multiple SQL Injections s

ZeusCart 2.3 - 'maincatid' SQL Injection

ASP Football Pool 2.3 - Remote Database Disclosure

LightNEasy sql/no-db 2.2.x - System Configuration Disclosure

Zen Cart 1.3.8 - Remote Code Execution

Joomla! Component com_pinboard - 'task' SQL Injection

Joomla! Component com_bookflip - 'book_id' SQL Injection

Messages Library 2.0 - Arbitrary Delete Message

Arab Portal 2.2 - Blind Cookie Authentication Bypass

Joomla! Plugin JD-WordPress 2.0 RC2 - Remote File Inclusion

REZERVI 3.0.2 - Remote Command Execution

Joomla! Component BF Quiz 1.0 - SQL Injection (2)

E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection

AJ Matrix DNA - SQL Injection

Joomla! Component JE Story Submit - Local File Inclusion

CF Image Hosting Script 1.3.82 - File Disclosure

hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting

CMSLogik 1.2.1 - Multiple Vulnerabilities

C.P.Sub 4.5 - Authentication Bypass

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload

Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection

WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload

PHPMailer < 5.2.20 - Remote Code Execution

phpIPAM 1.4 - SQL Injection

Joomla! 3.9.0 < 3.9.7 - CSV Injection
 2021-09-03 14:58:20 +00:00
Offensive Security
36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
 2021-09-03 13:39:06 +00:00
Offensive Security
4e7ab00187 DB: 2021-08-20 
204 changes to exploits/shellcodes

Charity Management System CMS 1.0 - Multiple Vulnerabilities
 2021-08-20 05:01:51 +00:00
Offensive Security
c0e7247938 DB: 2020-07-11 
5 changes to exploits/shellcodes

FrootVPN 4.8 - 'frootvpn' Unquoted Service Path

Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution

HelloWeb 2.0 - Arbitrary File Download

Barangay Management System 1.0 - Authentication Bypass
 2020-07-11 05:02:09 +00:00
Offensive Security
72f1d24f1a DB: 2020-03-17 
5 changes to exploits/shellcodes

Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)
MiladWorkShop VIP System 1.0 - 'lang' SQL Injection
PHPKB Multi-Language 9 - Authenticated Remote Code Execution
PHPKB Multi-Language 9 - Authenticated Directory Traversal
PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution
 2020-03-17 05:01:49 +00:00
Offensive Security
a497fe32ec DB: 2020-01-25 
6 changes to exploits/shellcodes

Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)

Ricoh Printer Drivers - Local Privilege Escalation
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
Webtareas 2.0 - 'id' SQL Injection
OLK Web Store 2020 - Cross-Site Request Forgery
Genexis Platinum-4410 2.1 - Authentication Bypass
 2020-01-25 05:02:04 +00:00
Offensive Security
b7471ba451 DB: 2019-12-19 
9 changes to exploits/shellcodes

XnView 2.49.1 - 'Research' Denial of Service (PoC)
macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()

AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow

OpenMRS - Java Deserialization RCE (Metasploit)
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting
Telerik UI - Remote Code Execution via Insecure Deserialization
 2019-12-19 05:01:59 +00:00
Offensive Security
3e9ff5a927 DB: 2019-11-19 
13 changes to exploits/shellcodes

iSmartViewPro 1.3.34 - Denial of Service (PoC)
Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path
MobileGo 8.5.0 - Insecure File Permissions
NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths

nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
Crystal Live HTTP Server 6.01 - Directory Traversal
Centova Cast 3.2.11 - Arbitrary File Download
TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)
TemaTres 3.0 - 'value' Persistent Cross-site Scripting
 2019-11-19 05:01:40 +00:00
Offensive Security
2c0d2ff550 DB: 2019-08-17 
5 changes to exploits/shellcodes

GetGo Download Manager 6.2.2.3300 - Denial of Service
EyesOfNetwork 5.1 - Authenticated Remote Command Execution
Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion
Integria IMS 5.0.86 - Arbitrary File Upload
Web Wiz Forums 12.01 - 'PF' SQL Injection
 2019-08-17 05:02:29 +00:00
Offensive Security
79a9df09f0 DB: 2019-05-07 
13 changes to exploits/shellcodes

iOS 12.1.3 - 'cfprefsd' Memory Corruption

Windows PowerShell ISE - Remote Code Execution
NSClient++ 0.5.2.35 - Privilege Escalation

Windows PowerShell ISE - Remote Code Execution
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
PHPads 2.0 - 'click.php3?bannerID' SQL Injection
microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)
Linux/x86 - shred file Shellcode (72 bytes)
 2019-05-07 05:01:58 +00:00
Offensive Security
880bbe402e DB: 2019-03-08 
14991 changes to exploits/shellcodes

HTC Touch - vCard over IP Denial of Service

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities

PeerBlock 1.1 - Blue Screen of Death

WS10 Data Server - SCADA Overflow (PoC)

Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

man-db 2.4.1 - 'open_cat_stream()' Local uid=man

CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

CCProxy 6.2 - 'ping' Remote Buffer Overflow

Savant Web Server 3.1 - Remote Buffer Overflow (2)

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3  - Remote Code Execution

Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
 2019-03-08 05:01:50 +00:00
Offensive Security
1982f33252 DB: 2019-02-13 
16 changes to exploits/shellcodes

AirDroid 4.2.1.6 - Denial of Service

River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
Android - binder Use-After-Free via fdget() Optimization
Android - binder Use-After-Free of VMA via race Between reclaim and munmap
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow
River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
Ubuntu snapd < 2.37.1 - Local Privilege Escalation
IPFire 2.21 - Cross-Site Scripting
MyBB Bans List 1.0 - Cross-Site Scripting
IPFire 2.21 - Cross-Site Scripting
MyBB Bans List 1.0 - Cross-Site Scripting

Webiness Inventory 2.3 - 'email' SQL Injection
OPNsense < 19.1.1 - Cross-Site Scripting
Jenkins 2.150.2 -  Remote Command Execution (Metasploit)
BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution
LayerBB 1.1.2 - Cross-Site Scripting
 2019-02-13 05:01:49 +00:00
Offensive Security
363500a603 DB: 2018-11-06 
13 changes to exploits/shellcodes

Softros LAN Messenger 9.2 - Denial of Service (PoC)
Microsoft Internet Explorer 11 - Null Pointer Dereference
LiquidVPN 1.36 / 1.37 - Privilege Escalation
Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
SiAdmin 1.1 - 'id' SQL Injection
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
WebVet 0.1a - 'id' SQL Injection
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
Mongo Web Admin 6.0 - Information Disclosure
PHP Proxy 3.0.3 - Local File Inclusion
Royal TS/X - Information Disclosure
Voovi Social Networking Script 1.0 - 'user' SQL Injection
 2018-11-06 05:01:40 +00:00
Offensive Security
ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
 2018-09-25 05:01:51 +00:00
Offensive Security
96e4f1686b DB: 2018-05-30 
9 changes to exploits/shellcodes

GNU Barcode 0.99 - Buffer Overflow
GNU Barcode 0.99 - Memory Leak
IssueTrak 7.0 - SQL Injection
Sitemakin SLAC 1.0 -  'my_item_search' SQL Injection
NUUO NVRmini2 / NVRsolo - Arbitrary File Upload
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
Facebook Clone Script 1.0.5 - 'search' SQL Injection
Facebook Clone Script 1.0.5 - Cross-Site Request Forgery
 2018-05-30 05:01:46 +00:00
Offensive Security
c0126aa27f DB: 2018-05-25 
16 changes to exploits/shellcodes

DynoRoot DHCP - Client Command Injection
DynoRoot DHCP Client - Command Injection
Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution
Flash ActiveX 18.0.0.194 - Code Execution
Microsoft Internet Explorer 11 - javascript Code Execution
Flash ActiveX 28.0.0.137 - Code Execution (1)
Flash ActiveX 28.0.0.137 - Code Execution (2)
GNU glibc < 2.27 - Local Buffer Overflow

NewsBee CMS 1.4 - Cross-Site Request Forgery
ASP.NET jVideo Kit - 'query' SQL Injection
PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting
OpenDaylight - SQL Injection
Timber 1.1 - Cross-Site Request Forgery
Honeywell XL Web Controller - Cross-Site Scripting
EU MRV Regulatory Complete Solution 1 - Authentication Bypass

Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes)
Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)
 2018-05-25 05:01:45 +00:00
Offensive Security
1873a7d234 DB: 2018-05-17 
12 changes to exploits/shellcodes

WhatsApp 2.18.31 - Memory Corruption
Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation
Libuser - roothelper Privilege Escalation (Metasploit)

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution
MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery
VirtueMart 3.1.14 - Persistent Cross-Site Scripting
Rockwell Scada System 27.011 - Cross-Site Scripting
Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting
Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery
totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery
WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery
RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting
 2018-05-17 05:01:47 +00:00
Offensive Security
a13c4ea572 DB: 2018-03-31 
23 changes to exploits/shellcodes

SysGauge 4.5.18 - Local Denial of Service
Systematic SitAware - NVG Denial of Service
Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH)
Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow
Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow
Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow

Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow

osTicket 1.10 - SQL Injection
osTicket 1.10 - SQL Injection (PoC)
Open-AuditIT Professional 2.1 - Cross-Site Request Forgery
Homematic CCU2 2.29.23 - Arbitrary File Write
MiniCMS 1.10 - Cross-Site Request Forgery
WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting
WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection
Homematic CCU2 2.29.23 - Remote Command Execution
Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection
WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure
Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change
osCommerce 2.3.4.1 - Remote Code Execution
Tenda W316R Wireless Router 5.07.50 - Remote DNS Change
D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass
Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change
Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit)
Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC)
 2018-03-31 05:01:49 +00:00
Offensive Security
6885f2dcc7 DB: 2018-03-01 
26 changes to exploits/shellcodes

Sony Playstation 4 (PS4) 5.01 < 5.05 - WebKit Code Execution (PoC)
FreeBSD Kernel (FreeBSD 10.2 < 10.3 x64) - 'SETFKEY' (PoC)
FreeBSD Kernel (FreeBSD 10.2 x64) - 'sendmsg' Kernel Heap Overflow (PoC)
Apple iOS 11.2.5 / watchOS 4.2.2 / tvOS 11.2.5 - 'bluetoothd' Memory Corruption

Apple iOS - '.pdf' Jailbreak
Apple iOS - '.pdf' Local Privilege Escalation / Jailbreak

Foxit Reader 4.0 - '.pdf' Jailbreak
Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow / Jailbreak

Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' File Handling Local Command Execution
Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution

Sony Playstation 4 4.05 FW - Local Kernel Loader
Sony Playstation 4 (PS4) 4.05 - Jailbreak (WebKit / 'namedobj ' Kernel Loader)

Sony Playstation 4 4.55 FW - Local Kernel
Sony Playstation 4 (PS4) 4.07 < 4.55 - 'bpf' Local Kernel Code Execution (PoC)
Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC)
Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC)
Sony Playstation 3 (PS3) < 2.50 - WebKit Code Execution (PoC)
WebKitGTK 2.1.2  (Ubuntu 14.04) - Heap based Buffer Overflow
Linux Kernel - 'BadIRET' Local Privilege Escalation
Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader
Nintendo Switch - WebKit Code Execution (PoC)

Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak
Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation / Jailbreak

Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55)

EPIC MyChart - SQL Injection
EPIC MyChart - X-Path Injection

Routers2 2.24 - Cross-Site Scripting
 2018-03-01 05:01:48 +00:00
Offensive Security
ed38447971 DB: 2018-02-17 
45 changes to exploits/shellcodes

Microsoft Edge - 'UnmapViewOfFile' ACG Bypass
JBoss Remoting 6.14.18 - Denial of Service
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service

ABRT - raceabrt Privilege Escalation(Metasploit)

Joomla! Component Fastball 1.1.0 < 1.2 - SQL Injection
Joomla! Component Fastball 1.1.0 < 1.2 - 'league' SQL Injection

Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
EPIC MyChart - SQL Injection
TV - Video Subscription - Authentication Bypass SQL Injection
UserSpice 4.3 - Blind SQL Injection
Twig < 2.4.4 - Server Side Template Injection
Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting
Joomla! Component Advertisement Board 3.1.0 - 'catname' SQL Injection
Joomla! Component Aist 2.0 - 'id' SQL Injection
Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection
Joomla! Component DT Register 3.2.7 - 'id' SQL Injection
Joomla! Component Fastball 2.5 - 'season' SQL Injection
Joomla! Component File Download Tracker 3.0 - SQL Injection
Joomla! Component Form Maker 3.6.12 - SQL Injection
Joomla! Component Gallery WD 1.3.6 - SQL Injection
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection
Joomla! Component JB Bus 2.3 - 'order_number' SQL Injection
Joomla! Component jGive 2.0.9 - SQL Injection
Joomla! Component JomEstate PRO 3.7 - 'id' SQL Injection
Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection
Joomla! Component JS Autoz 1.0.9 - SQL Injection
Joomla! Component JS Jobs 1.1.9 - SQL Injection
Joomla! Component JTicketing 2.0.16 - SQL Injection
Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
Joomla! Component NeoRecruit 4.1 - SQL Injection
Joomla! Component Project Log 1.5.3 - 'search' SQL Injection
Joomla! Component Realpin 1.5.04 - SQL Injection
Joomla! Component SimpleCalendar 3.1.9 - SQL Injection
Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection
Joomla! Component Solidres 2.5.1 - SQL Injection
Joomla! Component Staff Master 1.0 RC 1 - SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection
Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component Saxum Astro 4.0.14 - SQL Injection
Joomla! Component Saxum Numerology 3.0.4 - SQL Injection
Joomla! Component SquadManagement 1.0.3 - SQL Injection
Joomla! Component Saxum Picker 3.2.10 - SQL Injection
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery
PHIMS - Hospital Management Information System - 'Password' SQL Injection
PSNews Website 1.0.0 - 'Keywords' SQL Injection
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
 2018-02-17 05:01:49 +00:00
Offensive Security
cf96346519 DB: 2018-01-25 
124 changes to exploits/shellcodes

Airsensor M520 - HTTPD Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)
Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)

Samsung DVR SHR2040 - HTTPD Remote Denial of Service Denial of Service (PoC)
Samsung DVR SHR2040 - HTTPd Remote Denial of Service Denial of Service (PoC)

Novell ZenWorks 10/11 - TFTPD Remote Code Execution
Novell ZENworks 10/11 - TFTPD Remote Code Execution

Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi
Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi

WhitSoft SlimServe HTTPd 1.1 - Get Denial of Service
WhitSoft SlimServe HTTPd 1.1 - 'GET_ Denial of Service

GoAhead Software GoAhead WebServer (Windows) 2.1 - Denial of Service
GoAhead Web Server 2.1 (Windows) - Denial of Service

Anti-Web HTTPD 2.2 Script - Engine File Opening Denial of Service
Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service

Rosiello Security Sphiro HTTPD 0.1B - Remote Heap Buffer Overflow
Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow

D-Link DWL-G700AP 2.00/2.01 - HTTPD Denial of Service
D-Link DWL-G700AP 2.00/2.01 - HTTPd Denial of Service

Lorex LH300 Series - ActiveX Buffer Overflow (PoC)

Debut Embedded httpd 1.20 - Denial of Service
Debut Embedded HTTPd 1.20 - Denial of Service

Xorg 1.4 < 1.11.2 - File Permission Change
X.Org xorg 1.4 < 1.11.2 - File Permission Change

Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit)
Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit)

ICU library 52 < 54 - Multiple Vulnerabilities

rooter VDSL Device - Goahead WebServer Disclosure
FS4104-AW VDSL Device (Rooter) - GoAhead WebServer Disclosure

Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal
Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal

Simple HTTPd 1.42 - PUT Request Remote Buffer Overflow
Simple HTTPd 1.42 - 'PUT' Remote Buffer Overflow

Debian 2.1 - httpd
Debian 2.1 - HTTPd

Apache 0.8.x/1.0.x / NCSA httpd 1.x - test-cgi Directory Listing
Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing

Inso DynaWeb httpd 3.1/4.0.2/4.1 - Format String
Inso DynaWeb HTTPd 3.1/4.0.2/4.1 - Format String

W3C CERN httpd 3.0 Proxy - Cross-Site Scripting
W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting

ATP httpd 0.4 - Single Byte Buffer Overflow
ATP HTTPd 0.4 - Single Byte Buffer Overflow

AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow
AN HTTPD 1.38/1.39/1.40/1.41 - 'SOCKS4' Buffer Overflow
Light HTTPd 0.1 - GET Buffer Overflow (1)
Light HTTPd 0.1 - GET Buffer Overflow (2)
Light HTTPd 0.1 - 'GET' Buffer Overflow (1)
Light HTTPd 0.1 - 'GET' Buffer Overflow (2)

Light HTTPD 0.1 (Windows) - Remote Buffer Overflow
Light HTTPd 0.1 (Windows) - Remote Buffer Overflow

Ultra Mini HTTPD 1.21 - Remote Stack Buffer Overflow
Ultra Mini HTTPd 1.21 - Remote Stack Buffer Overflow

Ultra Mini HTTPD - Remote Stack Buffer Overflow (Metasploit)
Ultra Mini HTTPd - Remote Stack Buffer Overflow (Metasploit)

BusyBox 1.01 - HTTPD Directory Traversal
BusyBox 1.01 - HTTPd Directory Traversal

Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1)
Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (1)

Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2)
Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (2)
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock'  Remote Command Injection
Apache mod_cgi - 'Shellshock'  Remote Command Injection
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection
Apache mod_cgi - 'Shellshock' Remote Command Injection

IPFire - 'Shellshock'  Bash Environment Variable Command Injection (Metasploit)
IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)

AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution

GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit)
GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)

GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution
GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution

NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit)

Getsimple 2.01 - Local File Inclusion
Getsimple CMS 2.01 - Local File Inclusion

Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)
Novell ZENworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)

ManageEngine DesktopCentral 8.0.0 build < 80293 - Arbitrary File Upload
ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File Upload
ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution
ManageEngine EventLog Analyzer - Multiple Vulnerabilities
ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)

Bash CGI - 'Shellshock' Remote Command Injection  (Metasploit)
Bash CGI - 'Shellshock' Remote Command Injection (Metasploit)

Getsimple 3.0 - 'set' Local File Inclusion
Getsimple CMS 3.0 - 'set' Local File Inclusion

ZENworks Configuration Management 11.3.1 - Remote Code Execution
Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution

Kaseya Virtual System Administrator - Multiple Vulnerabilities (1)
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)

Getsimple - 'path' Local File Inclusion
Getsimple CMS 3.1.2 - 'path' Local File Inclusion

Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit)
SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit)

ManageEngine Password Manager Pro and ManageEngine IT360 - SQL Injection
ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection
BMC Track-It! 11.4 - Multiple Vulnerabilities
Billion / TrueOnline / ZyXEL Routers - Multiple Vulnerabilities
SysAid Help Desk 14.4 - Multiple Vulnerabilities
Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities
GetSimple CMS 3.3.1 - Cross-Site Scripting
CMS Made Simple 1.11.9 - Multiple Vulnerabilities
ManageEngine Desktop Central - Create Administrator
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)
ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities
ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities

Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload

Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)
FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
FreeBSD/x64 - exec /bin/sh Shellcode (31 bytes)
FreeBSD/x64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)
Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)

Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)
Linux/x64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)

Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (33 bytes)

NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes)

Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes)

Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)
Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)
UnixWare - execve(/bin/sh) Shellcode (95 bytes)
Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)
UnixWare - execve(/bin/sh) Shellcode (95 bytes)

Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode
Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode

Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)
Windows/x64 - URLDownloadToFileA(http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)

Windows/x86 (XP SP3) - ShellExecuteA Shellcode
Windows/x86 (XP SP3) - ShellExecuteA() Shellcode

Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)
Windows  (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)
Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)

Windows/x86 - JITed Stage-0 Shellcode

Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes)
Windows/x86 (XP SP2) - WinExec(write.exe) + ExitProcess Shellcode (16 bytes)
Windows/x86 - MessageBox Shellcode (Metasploit)
Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode
Windows/x86 - MessageBox Shellcode (Generator) (Metasploit)
Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode
Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (30 bytes)

Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)

Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)
Windows/x64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)
Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)

Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes)
Windows/x64 (7) - cmd.exe Shellcode (61 bytes)

Windows - MessageBoxA Shellcode (238 bytes)
Windows - MessageBoxA() Shellcode (238 bytes)

Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)
Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator)
Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)
Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes)
Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)
Windows (XP SP3) (Spanish) - URLDownloadToFileA() + CreateProcessA() + ExitProcess() Shellcode (176+ bytes) (Generator)
Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)
Windows - WinExec(cmd.exe) + ExitProcess Shellcode (195 bytes)

Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)

Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)
Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)

Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes)
Windows (XP SP3) (English) - MessageBoxA() Shellcode (87 bytes)
OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)
ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)
OSX/x64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)
ARM - Add Root User Shellcode (66+ bytes) (Generator) (Metasploit)

Windows/x86 - Eggsearch Shellcode (33 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)

Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)

OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode
OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode

Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (52 bytes)

Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes)
Linux/x64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes)

Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)
Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)

Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode
Windows (2000/XP/7) - URLDownloadToFile(http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode

Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes)

Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir() Shellcode (37 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir() Shellcode (37 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)

Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)

Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)
Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)

Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)

Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes)
Linux/x64 - execve(/bin/sh) Via Push Shellcode (23 bytes)

Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)
Linux/x64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)
Linux/x86-64 - execve() Encoded Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode
Linux/x64 - execve() Encoded Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode (Generator)
Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode
Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes)
OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)
Windows/x86 - user32!MessageBox(Hello World!) + Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode (Generator)
Windows/x64 (2003) - Token Stealing Shellcode (59 bytes)
OSX/x64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)
OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86-64 - execve() Shellcode (22 bytes)
Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes)
Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes)
Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - execve() Shellcode (22 bytes)
Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x64 - Egghunter (0x6b634068) Shellcode (24 bytes)
Linux/x64 - execve() + Polymorphic Shellcode (31 bytes)
Windows (XP < 10) - Command Generator WinExec() + Null-Free Shellcode (Generator)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)
Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)
Linux x86/x64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)

Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes)
Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1)
Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)
Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (25 bytes) (1)
Linux/x64 - execve(/bin/bash) Shellcode (33 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)
Linux/x64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)
Windows/x86 - URLDownloadToFileA(http://192.168.86.130/sample.exe) + SetFileAttributesA(pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)

Linux/x86-64 - Bind TCP Shell Shellcode (Generator)
Linux/x64 - Bind TCP Shell Shellcode (Generator)
Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)
Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)

Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x64 - execve() + XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)
Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)

Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)
Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)

Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)

Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)
Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)

Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)
Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)

Windows/x86 - MessageBoxA Shellcode (242 bytes)
Windows/x86 - MessageBoxA() Shellcode (242 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes)
Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)
Linux/x64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)
Linux/x64 - Read /etc/passwd Shellcode (82 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - sethostname(Rooted !) + killall Shellcode (33 bytes)

Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes)
Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)
Windows/x64 - WinExec(cmd.exe) Shellcode (93 bytes)
Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)
Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)
Windows/x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir() Shellcode (25 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes)
Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x64 - mkdir() Shellcode (25 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (22 bytes)

Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)

Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)
Linux/x64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)
Linux/x64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)
Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)
Linux/x64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes)
FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
FreeBSD/x64 - execve(/bin/sh) Shellcode (28 bytes)
FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x86-64 - shutdown -h now Shellcode (65 bytes)
Linux/x86-64 - shutdown -h now Shellcode (64 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)
Linux/x64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)
Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x64 - shutdown -h now Shellcode (65 bytes)
Linux/x64 - shutdown -h now Shellcode (64 bytes)
Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)

Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes)
Windows/x86-64 (10) - Egghunter Shellcode (45 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2)
Windows/x64 (10) - Egghunter Shellcode (45 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (2)
Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1)
Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Windows - cmd.exe Shellcode (718 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (1)

Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (24 bytes)

Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)
Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/x64 - Kill All Processes Shellcode (19 bytes)
Linux/x64 - Fork Bomb Shellcode (11 bytes)

Linux/x86-64 - mkdir(evil) Shellcode (30 bytes)
Linux/x64 - mkdir(evil) Shellcode (30 bytes)

Windows/x86-64 - API Hooking Shellcode (117 bytes)
Windows/x64 - API Hooking Shellcode (117 bytes)
 2018-01-25 18:22:06 +00:00
Offensive Security
bfebc3fa5a DB: 2018-01-20 
62 changes to exploits/shellcodes

macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability'
Peercast < 0.1211 - Format String
Trillian Pro < 2.01 - Design Error
dbPowerAmp < 2.0/10.0 - Buffer Overflow
PsychoStats < 2.2.4 Beta - Cross Site Scripting

MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution
GitStack 2.3.10 - Unauthenticated Remote Code Execution
Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection	 (PoC)
Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC)
Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities
DUWare Multiple Products - Multiple Vulnerabilities
AutoRank PHP < 2.0.4 - SQL Injection (PoC)
ASPapp Multiple Products - Multiple Vulnerabilities
osCommerce < 2.2-MS2 - Multiple Vulnerabilities
PostNuke < 0.726 Phoenix - Multiple Vulnerabilities
MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities
phpGedView < 2.65 beta 5 - Multiple Vulnerabilities
phpShop < 0.6.1-b - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 1.3 - SQL Injection
phpBB < 2.0.6d - Cross Site Scripting
Phorum < 5.0.3 Beta - Cross Site Scripting
vBulletin < 3.0.0 RC4 - Cross Site Scripting
Mambo < 4.5 - Multiple Vulnerabilities
phpBB < 2.0.7a - Multiple Vulnerabilities
Invision Power Top Site List < 1.1 RC 2 - SQL Injection
Invision Gallery < 1.0.1 - SQL Injection
PhotoPost < 4.6 - Multiple Vulnerabilities
TikiWiki < 1.8.1 - Multiple Vulnerabilities
phpBugTracker < 0.9.1 - Multiple Vulnerabilities
OpenBB < 1.0.6 - Multiple Vulnerabilities
PHPX < 3.26 - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 1.3.1 - Design Error
HelpCenter Live! < 1.2.7 - Multiple Vulnerabilities
LiveWorld Multiple Products - Cross Site Scripting
WHM.AutoPilot < 2.4.6.5 - Multiple Vulnerabilities
PHP-Calendar < 0.10.1 - Arbitrary File Inclusion
PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities
ReviewPost < 2.84 - Multiple Vulnerabilities
PhotoPost < 4.85 - Multiple Vulnerabilities
AZBB < 1.0.07d - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities
Burning Board < 2.3.1 - SQL Injection
XOOPS < 2.0.11 - Multiple Vulnerabilities
PEAR XML_RPC < 1.3.0 - Remote Code Execution
PHPXMLRPC < 1.1 - Remote Code Execution
SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
XPCOM - Race Condition
ADOdb < 4.71 - Cross Site Scripting
Geeklog < 1.4.0 - Multiple Vulnerabilities
PEAR LiveUser < 0.16.8 - Arbitrary File Access
Mambo < 4.5.3h - Multiple Vulnerabilities
phpRPC < 0.7 - Remote Code Execution
Gallery 2 < 2.0.2 - Multiple Vulnerabilities
PHPLib < 7.4 - SQL Injection
SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite
CubeCart < 3.0.12 - Multiple Vulnerabilities
Claroline < 1.7.7 - Arbitrary File Inclusion
X-Cart < 4.1.3 - Arbitrary Variable Overwrite
Mambo < 4.5.4 - SQL Injection
Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities
D-Link DNS-343 ShareCenter < 1.05 - Command Injection
D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)
 2018-01-20 05:01:49 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00