bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2774 commits 1 branch 0 tags 272 MiB
Commit graph

344 commits

Author SHA1 Message Date
Offensive Security
e852f6f799 DB: 2019-09-12 
2 changes to exploits/shellcodes

Enigma NMS 65.0.0 - Cross-Site Request Forgery
Enigma NMS 65.0.0 - OS Command Injection
Enigma NMS 65.0.0 - SQL Injection
Enigma NMS 65.0.0 - Cross-Site Request Forgery
Enigma NMS 65.0.0 - OS Command Injection
Enigma NMS 65.0.0 - SQL Injection
AVCON6 systems management platform - OGNL Remote Command Execution
eWON Flexy - Authentication Bypass
 2019-09-12 05:02:26 +00:00
Offensive Security
45bddc9b1b DB: 2019-09-05 
2 changes to exploits/shellcodes

WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting
 2019-09-05 05:02:54 +00:00
Offensive Security
c0ff0bbedd DB: 2019-08-20 
10 changes to exploits/shellcodes

RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service
Kimai 2 - Persistent Cross-Site Scripting
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
Neo Billing 3.5 - Persistent Cross-Site Scripting
Webmin 1.920 - Remote Code Execution
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection

Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes)
Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)
Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)
 2019-08-20 05:02:44 +00:00
Offensive Security
7e6884af13 DB: 2019-08-15 
12 changes to exploits/shellcodes

Windows PowerShell - Unsanitized Filename Command Execution
ABC2MTEX 1.6.1 - Command Line Stack Overflow

Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion

Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection
D-Link DIR-600M - Authentication Bypass (Metasploit)
WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery
TortoiseSVN 1.12.1 - Remote Code Execution
ManageEngine opManager 12.3.150 - Authenticated Code Execution
 2019-08-15 05:02:48 +00:00
Offensive Security
a32e028b88 DB: 2019-08-13 
17 changes to exploits/shellcodes

VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
Linux - Use-After-Free Reads in show_numa_stats()
WebKit - UXSS via XSLT and Nested Document Replacements

Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Formula Injection
osTicket 1.12 - Persistent Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection

Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)

Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)

Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
 2019-08-13 05:02:31 +00:00
Offensive Security
2b7a0122f2 DB: 2019-08-02 
6 changes to exploits/shellcodes

Ultimate Loan Manager 2.0 - Cross-Site Scripting
WebIncorp ERP - SQL injection
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery

Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes)
Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)
Linux/x86 - Force Reboot Shellcode (51 bytes)
 2019-08-02 05:02:24 +00:00
Offensive Security
00f5094d48 DB: 2019-07-31 
8 changes to exploits/shellcodes

macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects

WP Database Backup < 5.2 - Remote Code Execution (Metasploit)
WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit)
Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)

Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
 2019-07-31 05:02:25 +00:00
Offensive Security
f529fc0415 DB: 2019-07-25 
5 changes to exploits/shellcodes

Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read

Trend Micro Deep Discovery Inspector IDS - Security Bypass
NoviSmart CMS - SQL injection
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery
WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions
 2019-07-25 05:02:07 +00:00
Offensive Security
2935a5c0af DB: 2019-07-17 
10 changes to exploits/shellcodes

Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH)
Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)

PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
CentOS Control Web Panel 0.9.8.836 - Privilege Escalation
CentOS Control Web Panel 0.9.8.838 - User Enumeration
 2019-07-17 05:02:03 +00:00
Offensive Security
4169f5d10e DB: 2019-07-16 
6 changes to exploits/shellcodes

Android 7 - 9 VideoPlayer - 'ihevcd_parse_pps' Out-of-Bounds Write
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)

Streamripper 2.6 - 'Song Pattern' Buffer Overflow
NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities
FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion
 2019-07-16 05:02:16 +00:00
Offensive Security
978c16266a DB: 2019-07-13 
9 changes to exploits/shellcodes

Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData

SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow
Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation

Xymon 4.3.25 - useradm Command Execution (Metasploit)
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
Sahi Pro 8.0.0 - Remote Command Execution
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution

Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)
 2019-07-13 05:02:17 +00:00
Offensive Security
4afcc04eda DB: 2019-07-02 
24 changes to exploits/shellcodes

Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-02 05:01:50 +00:00
Offensive Security
a90736625a DB: 2019-06-26 
7 changes to exploits/shellcodes

SuperDoctor5 - 'NRPE' Remote Code Execution
SAPIDO RB-1732 - Remote Command Execution
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
AZADMIN CMS 1.0 - SQL Injection
BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
 2019-06-26 05:01:53 +00:00
Offensive Security
8cbfa5df7f DB: 2019-06-18 
13 changes to exploits/shellcodes

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
 2019-06-18 05:01:54 +00:00
Offensive Security
35d500a3cb DB: 2019-06-07 
1 changes to exploits/shellcodes

Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion
 2019-06-07 05:01:54 +00:00
Offensive Security
43e70e67d0 DB: 2019-06-04 
3 changes to exploits/shellcodes

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
WordPress Plugin Form Maker 1.13.3 - SQL Injection
 2019-06-04 05:01:58 +00:00
Offensive Security
edfd130ad1 DB: 2019-05-23 
11 changes to exploits/shellcodes

BlueStacks 4.80.0.1060 - Denial of Service (PoC)
RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)
RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)
TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)
TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC)
Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting
Carel pCOWeb < B1.2.1 - Cross-Site Scripting
Carel pCOWeb < B1.2.1 - Credentials Disclosure
Horde Webmail 5.2.22 - Multiple Vulnerabilities
 2019-05-23 05:02:06 +00:00
Offensive Security
6d57564d7c DB: 2019-05-22 
12 changes to exploits/shellcodes

Deluge 1.3.15 - 'URL' Denial of Service (PoC)
Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)
macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
 2019-05-22 05:01:55 +00:00
Offensive Security
b04843e5cb DB: 2019-05-15 
9 changes to exploits/shellcodes

Selfie Studio 2.17 - 'Resize Image' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service (PoC)

PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)
Sales ERP 8.1 - Multiple SQL Injection
D-Link DWL-2600AP - Multiple OS Command Injection
Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection
PasteShr 1.6 - Multiple SQL Injection
 2019-05-15 05:01:56 +00:00
Offensive Security
5a28a97130 DB: 2019-05-11 
12 changes to exploits/shellcodes

jetCast Server 2.0 - Denial of Service (PoC)
SpotIM 2.2 - Denial of Service (PoC)
SpotPaltalk 1.1.5 - Denial of Service (PoC)
ASPRunner.NET 10.1 - Denial of Service (PoC)
PHPRunner 10.1 - Denial of Service (PoC)
TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
dotCMS 5.1.1 - HTML Injection
RICOH SP 4510DN Printer - HTML Injection
RICOH SP 4520DN Printer - HTML Injection
CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection
 2019-05-11 05:02:00 +00:00
Offensive Security
79a9df09f0 DB: 2019-05-07 
13 changes to exploits/shellcodes

iOS 12.1.3 - 'cfprefsd' Memory Corruption

Windows PowerShell ISE - Remote Code Execution
NSClient++ 0.5.2.35 - Privilege Escalation

Windows PowerShell ISE - Remote Code Execution
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
PHPads 2.0 - 'click.php3?bannerID' SQL Injection
microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)
Linux/x86 - shred file Shellcode (72 bytes)
 2019-05-07 05:01:58 +00:00
Offensive Security
2ae6cf2b7f DB: 2019-05-04 
9 changes to exploits/shellcodes

SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service

Windows PowerShell ISE - Remote Code Execution

Blue Angel Software Suite - Command Execution
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
Instagram Auto Follow - Authentication Bypass
Zotonic < 0.47.0 mod_admin - Cross-Site Scripting
Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper
Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes)
 2019-05-04 05:02:03 +00:00
Offensive Security
f3c28b3d62 DB: 2019-05-01 
23 changes to exploits/shellcodes

SpotAuditor 3.6.7 - Denial of Service (PoC)
SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC)
SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)

DeviceViewer 3.12.0.1 - 'user' SEH Overflow
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow
Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit)
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)
Pimcore < 5.71 - Unserialize RCE (Metasploit)
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
HumHub 1.3.12 - Cross-Site Scripting
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
Domoticz 4.10577 - Unauthenticated Remote Command Execution
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
Hyvikk Fleet Manager - Shell Upload
Agent Tesla Botnet - Information Disclosure
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
 2019-05-01 05:02:01 +00:00
Offensive Security
fae7f6fe32 DB: 2019-04-26 
8 changes to exploits/shellcodes

HeidiSQL 10.1.0.5464 - Denial of Service (PoC)
Backup Key Recovery 2.2.4 - Denial of Service (PoC)
JioFi 4G M2S 1.0.2 - Denial of Service
AnMing MP3 CD Burner 2.0 - Denial of Service (PoC)
Lavavo CD Ripper 4.20 - 'License Activation Name' Buffer Overflow (SEH)
RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)
JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting
osTicket 1.11 - Cross-Site Scripting / Local File Inclusion
 2019-04-26 05:02:02 +00:00
Offensive Security
ab1398c24c DB: 2019-04-17 
13 changes to exploits/shellcodes

PCHelpWare V2 1.0.0.5 - 'SC' Denial of Service (PoC)
PCHelpWare V2 1.0.0.5 - 'Group' Denial of Service (PoC)
AdminExpress 1.2.5 - 'Folder Path' Denial of Service (PoC)
Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation
Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation
Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation
Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
 2019-04-17 05:02:03 +00:00
Offensive Security
4bc27f9b2b DB: 2019-04-11 
4 changes to exploits/shellcodes

FTPShell Server 6.83 - 'Account name to ban' Local Buffer
FTPShell Server 6.83 - 'Virtual Path Mapping' Local Buffer
Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting
 2019-04-11 05:02:00 +00:00
Offensive Security
23f668ca8d DB: 2019-04-09 
14 changes to exploits/shellcodes

FlexHEX 2.71 - SEH Buffer Overflow (Unicode)
AllPlayer 7.4 - SEH Buffer Overflow (Unicode)
River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow
Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow
Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation

QNAP Netatalk < 3.1.12 - Authentication Bypass
Jobgator - 'experience' SQL Injection
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
SaLICru -SLC-20-cube3(5) - HTML Injection
CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting
Tradebox CryptoCurrency - 'symbol' SQL Injection
WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
 2019-04-09 05:02:03 +00:00
Offensive Security
764ac4bf5c DB: 2019-04-03 
13 changes to exploits/shellcodes

AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow
Mozilla Firefox 3 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting Vulnerabilities
Google Chrome 0.2.149 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting Vulnerabilities
Inout EasyRooms - SQL Injection
Inout RealEstate - 'city' SQL Injection
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery
LimeSurvey < 3.16 - Remote Code Execution
CMS Made Simple < 2.2.10 - SQL Injection
Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting
phpFileManager 1.7.8 - Local File Inclusion
 2019-04-03 05:02:02 +00:00
Offensive Security
7bd54d5a91 DB: 2019-03-21 
10 changes to exploits/shellcodes

NetShareWatcher 1.5.8.0 - Local SEH Buffer Overflow
Netartmedia PHP Car Dealer - SQL Injection
Netartmedia PHP Real Estate Agency 4.0 - SQL Injection
Netartmedia Jobs Portal 6.1 - SQL Injection
Netartmedia PHP Dating Site - SQL Injection
Netartmedia PHP Business Directory 4.2 - SQL Injection
202CMS v10beta - Multiple SQL Injection
PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery
Netartmedia Deals Portal - 'Email' SQL Injection
 2019-03-21 05:02:08 +00:00
Offensive Security
880bbe402e DB: 2019-03-08 
14991 changes to exploits/shellcodes

HTC Touch - vCard over IP Denial of Service

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities

PeerBlock 1.1 - Blue Screen of Death

WS10 Data Server - SCADA Overflow (PoC)

Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

man-db 2.4.1 - 'open_cat_stream()' Local uid=man

CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

CCProxy 6.2 - 'ping' Remote Buffer Overflow

Savant Web Server 3.1 - Remote Buffer Overflow (2)

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3  - Remote Code Execution

Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
 2019-03-08 05:01:50 +00:00
Offensive Security
a37e3008e5 DB: 2019-03-05 
20 changes to exploits/shellcodes

Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion

FileZilla 3.40.0 - 'Local search' / 'Local site' Denial of Service (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1)

STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)

symphony CMS 2.3 - Multiple Vulnerabilities
Symphony CMS 2.3 - Multiple Vulnerabilities

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities

Raisecom  XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

zzzphp CMS 1.6.1 - Cross-Site Request Forgery

Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload)

Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)

OOP CMS BLOG 1.0 - Multiple SQL Injection

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery
CMSsite 1.0 - Multiple Cross-Site Request Forgery
elFinder 2.1.47 - Command Injection vulnerability in the PHP connector
MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal
Bolt CMS 3.6.4 - Cross-Site Scripting
Craft CMS 3.1.12 Pro - Cross-Site Scripting
WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities
Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting

Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes)

Linux/x64 - Kill All Processes Shellcode (11 bytes)

Linux/x86 - iptables -F Shellcode (43 bytes)
 2019-03-05 05:01:50 +00:00
Offensive Security
e2ed64fffa DB: 2019-02-23 
5 changes to exploits/shellcodes

WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter

Nuuo Central Management - Authenticated SQL Server SQL Injection (Metasploit)
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution
Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation
Teracue ENC-400 - Command Injection / Missing Authentication
 2019-02-23 05:01:55 +00:00
Offensive Security
5f3f5c8f09 DB: 2019-02-15 
18 changes to exploits/shellcodes

Core FTP/SFTP Server 1.2 Build 589.42 - 'User domain' Denial of Service (PoC)
MediaMonkey 4.1.23 - '.mp3' URL Denial of Service (PoC)
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS)

runc < 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (1)
exacqVision ESM 5.12.2 - Privilege Escalation
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)

Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)
DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting
DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting
DomainMOD 4.11.01 - 'category.php CatagoryName_ StakeHolder' Cross-Site Scripting
DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting
DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting
WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection
LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)
 2019-02-15 05:01:54 +00:00
Offensive Security
a4b18dada5 DB: 2019-02-14 
11 changes to exploits/shellcodes

AirDroid 4.2.1.6 - Denial of Service

NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)
runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
Ubuntu snapd < 2.37.1 - Local Privilege Escalation
runc < 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)
snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2)

Netatalk < 3.1.12 - Authentication Bypass
Netatalk 3.1.12 - Authentication Bypass
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)
Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting
PilusCart 1.4.1 - 'send' SQL Injection
 2019-02-14 05:01:54 +00:00
Offensive Security
d622832ea0 DB: 2019-02-12 
21 changes to exploits/shellcodes

KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (SEH) (PoC)
KnFTP 1.0.0 Server - Multiple Buffer Overflows (PoC) (SEH)

Jzip - Buffer Overflow (Denial of Service) (SEH Unicode)
Jzip -  Buffer Overflow (PoC) (SEH Unicode)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (Denial of Service) (SEH) (PoC)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (Denial of Service) (SEH) (PoC)
Mediacoder 0.8.33 build 5680 - '.m3u'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst'  Buffer Overflow (PoC) (SEH Overwrite)

STIMS Buffer 1.1.20 - Buffer Overflow (Denial of Service) (SEH) (PoC)
STIMS Buffer 1.1.20 - Buffer Overflow (PoC) (SEH Overwrite)

Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service)
Zortam Mp3 Media Studio 20.15 - Overflow (PoC) (SEH)

Netatalk 3.1.12 - Authentication Bypass (PoC)
IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)
Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)
IP-Tools 2.50 - Local Buffer Overflow (PoC)
Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite)

FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC)
FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite)

Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC)
Remote Process Explorer 1.0.0.16 - Buffer Overflow (PoC) (SEH Overwrite)
AirDroid 4.2.1.6 - Denial of Service
FutureDj Pro 1.7.2.0 - Denial of Service
NordVPN 6.19.6 - Denial of Service (PoC)
River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH)
Evince - CBT File Command Injection (Metasploit)
Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure

Netatalk - Bypass Authentication
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit)
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
Smoothwall Express 3.1-SP4 - Cross-Site Scripting
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
IPFire 2.21 - Cross-Site Scripting
MyBB Bans List 1.0 - Cross-Site Scripting
VA MAX 8.3.4 - Authenticated Remote Code Execution
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting
Webiness Inventory 2.3 - 'email' SQL Injection
 2019-02-12 05:01:49 +00:00
Offensive Security
d667cf901c DB: 2019-02-06 
11 changes to exploits/shellcodes

Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC)
River Past Audio Converter 7.7.16 - Denial of Service (PoC)
ResourceSpace 8.6 - 'watched_searches.php' SQL Injection
SuiteCRM 7.10.7 - 'parentTab' SQL Injection
SuiteCRM 7.10.7 - 'record' SQL Injection
ResourceSpace 8.6 - 'watched_searches.php' SQL Injection
SuiteCRM 7.10.7 - 'parentTab' SQL Injection
SuiteCRM 7.10.7 - 'record' SQL Injection
BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery
devolo dLAN 550 duo+ Starter Kit - Remote Code Execution
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
OpenMRS Platform < 2.24.0 - Insecure Object Deserialization

Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)
 2019-02-06 05:01:42 +00:00
Offensive Security
f700c5347d DB: 2019-01-31 
8 changes to exploits/shellcodes

Advanced File Manager 3.4.1 - Denial of Service (PoC)
iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure
IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)
Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)
HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass)
HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH)
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass)

PDF Signer 3.0 - SSTI to RCE via CSRF Cookie
PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)
Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection

Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes)
 2019-01-31 05:01:49 +00:00
Offensive Security
b68cbec24d DB: 2019-01-29 
26 changes to exploits/shellcodes

Sricam gSOAP 2.8 - Denial of Service
Smart VPN 1.1.3.0 - Denial of Service (PoC)
MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)
BEWARD Intercom 2.3.1 - Credentials Disclosure
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference
CMSsite 1.0 - 'cat_id' SQL Injection
CMSsite 1.0 - 'search' SQL Injection
Cisco RV300 / RV320 - Information Disclosure
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
Newsbull Haber Script 1.0.0 - 'search' SQL Injection
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection
Teameyo Project Management System 1.0 - SQL Injection
Mess Management System 1.0 - SQL Injection
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection

Linux/x86 - exit(0) Shellcode (5 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2)
Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes)
Linux/ARM -  Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
 2019-01-29 05:01:52 +00:00
Offensive Security
5a69ff88a0 DB: 2019-01-26 
6 changes to exploits/shellcodes

Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
GreenCMS 2.x - SQL Injection
GreenCMS 2.x - Arbitrary File Download
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
 2019-01-26 05:01:42 +00:00
Offensive Security
6e7548ed0d DB: 2019-01-25 
10 changes to exploits/shellcodes

Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)

AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
Joomla! Component J-CruisePortal 6.0.4 - SQL Injection
Joomla! Component JHotelReservation 6.0.7 - SQL Injection
SimplePress CMS 1.0.7 - SQL Injection
SirsiDynix e-Library 3.5.x - Cross-Site Scripting
Splunk Enterprise 7.2.3 - Authenticated Custom App RCE
ImpressCMS 1.3.11 - 'bid' SQL Injection
Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
 2019-01-25 05:01:41 +00:00
Offensive Security
fa261f0558 DB: 2019-01-17 
18 changes to exploits/shellcodes

Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
Roxy Fileman 1.4.5 - Arbitrary File Download
doorGets CMS 7.0 - Arbitrary File Download
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
 2019-01-17 05:01:45 +00:00
Offensive Security
518c704a2f DB: 2019-01-15 
32 changes to exploits/shellcodes

xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation

Hootoo HT-05 - Remote Code Execution (Metasploit)
Across DR-810 ROM-0 - Backup File Disclosure
i-doit CMDB 1.12 - Arbitrary File Download
i-doit CMDB 1.12 - SQL Injection
Horde Imp - 'imap_open' Remote Command Execution
Modern POS 1.3 - Arbitrary File Download
Modern POS 1.3 - SQL Injection
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
Find a Place CMS Directory 1.5 - SQL Injection
Cleanto 5.0 - SQL Injection
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
HealthNode Hospital Management System 1.0 - SQL Injection
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
ThinkPHP 5.X - Remote Command Execution
Real Estate Custom Script 2.0 - SQL Injection
Job Portal Platform 1.0 - SQL Injection
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
AudioCode 400HD - Command Injection
 2019-01-15 05:01:52 +00:00
Offensive Security
c2a1585898 DB: 2019-01-10 
10 changes to exploits/shellcodes

Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
MDwiki < 0.6.2 - Cross-Site Scripting
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
BlogEngine 3.3 - XML External Entity Injection

Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
 2019-01-10 05:01:43 +00:00
Offensive Security
deaee53895 DB: 2019-01-08 
19 changes to exploits/shellcodes

Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference
BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC)
SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)

KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation

Mailcleaner - Authenticated Remote Code Execution (Metasploit)
Embed Video Scripts - Persistent Cross-Site Scripting
All in One Video Downloader 1.2 - Authenticated SQL Injection
LayerBB 1.1.1 - Persistent Cross-Site Scripting
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting
Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection
Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)
 2019-01-08 05:01:58 +00:00
Offensive Security
e3c06fe0f7 DB: 2018-12-15 
16 changes to exploits/shellcodes

Angry IP Scanner 3.5.3 - Denial of Service (PoC)
UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC)

Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)
Cisco RV110W - Password Disclosure / Command Execution
Safari - Proxy Object Type Confusion (Metasploit)

Adminer 4.3.1 - Server-Side Request Forgery
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)
Huawei Router HG532e - Command Execution
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
Double Your Bitcoin Script Automatic - Authentication Bypass
 2018-12-15 05:01:46 +00:00
Offensive Security
a07949d1c7 DB: 2018-12-12 
21 changes to exploits/shellcodes

SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation

DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting

Tourism Website Blog - Remote Code Execution / SQL Injection
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
ZTE ZXHN H168N - Improper Access Restrictions
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting
Apache OFBiz 16.11.05 - Cross-Site Scripting
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
Adobe ColdFusion 2018 - Arbitrary File Upload

Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
 2018-12-12 05:01:43 +00:00
Offensive Security
60710bbfd9 DB: 2018-12-05 
19 changes to exploits/shellcodes

Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
Wireshark - 'find_signature' Heap Out-of-Bounds Read
Xorg X11 Server (AIX) - Local Privilege Escalation
Emacs - movemail Privilege Escalation (Metasploit)
OpenSSH < 7.7 - User Enumeration (2)
HP Intelligent Management - Java Deserialization RCE (Metasploit)
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
KeyBase Botnet 1.5 - SQL Injection
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting

Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
 2018-12-05 05:01:44 +00:00
Offensive Security
0a4925cc93 DB: 2018-12-04 
10 changes to exploits/shellcodes

Mozilla Firefox 63.0.1 - Denial of Service (PoC)
Budabot 4.0 - Denial of Service (PoC)

CyberArk 9.7 - Memory Disclosure
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
Apache Superset 0.23 - Remote Code Execution
Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
 2018-12-04 05:01:48 +00:00
Offensive Security
7cc86c322f DB: 2018-12-01 
8 changes to exploits/shellcodes

Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
VBScript - 'rtFilter' Out-of-Bounds Read
HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation

Apache Spark - Unauthenticated Command Execution (Metasploit)
Schneider Electric PLC - Session Calculation Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
 2018-12-01 05:01:40 +00:00
Offensive Security
dfd1e454e1 DB: 2018-11-28 
10 changes to exploits/shellcodes

MariaDB Client 10.1.26 - Denial of Service (PoC)
Arm Whois 3.11 - Buffer Overflow (ASLR)
Xorg X11 Server - SUID privilege escalation (Metasploit)
ELBA5 5.8.0 - Remote Code Execution
Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
Ticketly 1.0 - 'kind_id' SQL Injection
No-Cms 1.0 - 'order_by' SQL Injection
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
 2018-11-28 11:08:29 +00:00