exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	bfebc3fa5a	DB: 2018-01-20 62 changes to exploits/shellcodes macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability' Peercast < 0.1211 - Format String Trillian Pro < 2.01 - Design Error dbPowerAmp < 2.0/10.0 - Buffer Overflow PsychoStats < 2.2.4 Beta - Cross Site Scripting MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution GitStack 2.3.10 - Unauthenticated Remote Code Execution Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection (PoC) Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC) Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities DUWare Multiple Products - Multiple Vulnerabilities AutoRank PHP < 2.0.4 - SQL Injection (PoC) ASPapp Multiple Products - Multiple Vulnerabilities osCommerce < 2.2-MS2 - Multiple Vulnerabilities PostNuke < 0.726 Phoenix - Multiple Vulnerabilities MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities phpGedView < 2.65 beta 5 - Multiple Vulnerabilities phpShop < 0.6.1-b - Multiple Vulnerabilities Invision Power Board (IP.Board) < 1.3 - SQL Injection phpBB < 2.0.6d - Cross Site Scripting Phorum < 5.0.3 Beta - Cross Site Scripting vBulletin < 3.0.0 RC4 - Cross Site Scripting Mambo < 4.5 - Multiple Vulnerabilities phpBB < 2.0.7a - Multiple Vulnerabilities Invision Power Top Site List < 1.1 RC 2 - SQL Injection Invision Gallery < 1.0.1 - SQL Injection PhotoPost < 4.6 - Multiple Vulnerabilities TikiWiki < 1.8.1 - Multiple Vulnerabilities phpBugTracker < 0.9.1 - Multiple Vulnerabilities OpenBB < 1.0.6 - Multiple Vulnerabilities PHPX < 3.26 - Multiple Vulnerabilities Invision Power Board (IP.Board) < 1.3.1 - Design Error HelpCenter Live! < 1.2.7 - Multiple Vulnerabilities LiveWorld Multiple Products - Cross Site Scripting WHM.AutoPilot < 2.4.6.5 - Multiple Vulnerabilities PHP-Calendar < 0.10.1 - Arbitrary File Inclusion PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities ReviewPost < 2.84 - Multiple Vulnerabilities PhotoPost < 4.85 - Multiple Vulnerabilities AZBB < 1.0.07d - Multiple Vulnerabilities Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities Burning Board < 2.3.1 - SQL Injection XOOPS < 2.0.11 - Multiple Vulnerabilities PEAR XML_RPC < 1.3.0 - Remote Code Execution PHPXMLRPC < 1.1 - Remote Code Execution SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite XPCOM - Race Condition ADOdb < 4.71 - Cross Site Scripting Geeklog < 1.4.0 - Multiple Vulnerabilities PEAR LiveUser < 0.16.8 - Arbitrary File Access Mambo < 4.5.3h - Multiple Vulnerabilities phpRPC < 0.7 - Remote Code Execution Gallery 2 < 2.0.2 - Multiple Vulnerabilities PHPLib < 7.4 - SQL Injection SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite CubeCart < 3.0.12 - Multiple Vulnerabilities Claroline < 1.7.7 - Arbitrary File Inclusion X-Cart < 4.1.3 - Arbitrary Variable Overwrite Mambo < 4.5.4 - SQL Injection Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities D-Link DNS-343 ShareCenter < 1.05 - Command Injection D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)	2018-01-20 05:01:49 +00:00

Author

SHA1

Message

Date

Offensive Security

880bbe402e

DB: 2019-03-08

14991 changes to exploits/shellcodes

HTC Touch - vCard over IP Denial of Service

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities

PeerBlock 1.1 - Blue Screen of Death

WS10 Data Server - SCADA Overflow (PoC)

Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

man-db 2.4.1 - 'open_cat_stream()' Local uid=man

CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

CCProxy 6.2 - 'ping' Remote Buffer Overflow

Savant Web Server 3.1 - Remote Buffer Overflow (2)

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3  - Remote Code Execution

Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)

2019-03-08 05:01:50 +00:00

Offensive Security

bfebc3fa5a

DB: 2018-01-20

62 changes to exploits/shellcodes

macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability'
Peercast < 0.1211 - Format String
Trillian Pro < 2.01 - Design Error
dbPowerAmp < 2.0/10.0 - Buffer Overflow
PsychoStats < 2.2.4 Beta - Cross Site Scripting

MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution
GitStack 2.3.10 - Unauthenticated Remote Code Execution
Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection	 (PoC)
Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC)
Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities
DUWare Multiple Products - Multiple Vulnerabilities
AutoRank PHP < 2.0.4 - SQL Injection (PoC)
ASPapp Multiple Products - Multiple Vulnerabilities
osCommerce < 2.2-MS2 - Multiple Vulnerabilities
PostNuke < 0.726 Phoenix - Multiple Vulnerabilities
MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities
phpGedView < 2.65 beta 5 - Multiple Vulnerabilities
phpShop < 0.6.1-b - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 1.3 - SQL Injection
phpBB < 2.0.6d - Cross Site Scripting
Phorum < 5.0.3 Beta - Cross Site Scripting
vBulletin < 3.0.0 RC4 - Cross Site Scripting
Mambo < 4.5 - Multiple Vulnerabilities
phpBB < 2.0.7a - Multiple Vulnerabilities
Invision Power Top Site List < 1.1 RC 2 - SQL Injection
Invision Gallery < 1.0.1 - SQL Injection
PhotoPost < 4.6 - Multiple Vulnerabilities
TikiWiki < 1.8.1 - Multiple Vulnerabilities
phpBugTracker < 0.9.1 - Multiple Vulnerabilities
OpenBB < 1.0.6 - Multiple Vulnerabilities
PHPX < 3.26 - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 1.3.1 - Design Error
HelpCenter Live! < 1.2.7 - Multiple Vulnerabilities
LiveWorld Multiple Products - Cross Site Scripting
WHM.AutoPilot < 2.4.6.5 - Multiple Vulnerabilities
PHP-Calendar < 0.10.1 - Arbitrary File Inclusion
PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities
ReviewPost < 2.84 - Multiple Vulnerabilities
PhotoPost < 4.85 - Multiple Vulnerabilities
AZBB < 1.0.07d - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities
Burning Board < 2.3.1 - SQL Injection
XOOPS < 2.0.11 - Multiple Vulnerabilities
PEAR XML_RPC < 1.3.0 - Remote Code Execution
PHPXMLRPC < 1.1 - Remote Code Execution
SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
XPCOM - Race Condition
ADOdb < 4.71 - Cross Site Scripting
Geeklog < 1.4.0 - Multiple Vulnerabilities
PEAR LiveUser < 0.16.8 - Arbitrary File Access
Mambo < 4.5.3h - Multiple Vulnerabilities
phpRPC < 0.7 - Remote Code Execution
Gallery 2 < 2.0.2 - Multiple Vulnerabilities
PHPLib < 7.4 - SQL Injection
SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite
CubeCart < 3.0.12 - Multiple Vulnerabilities
Claroline < 1.7.7 - Arbitrary File Inclusion
X-Cart < 4.1.3 - Arbitrary Variable Overwrite
Mambo < 4.5.4 - SQL Injection
Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities
D-Link DNS-343 ShareCenter < 1.05 - Command Injection
D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)

2018-01-20 05:01:49 +00:00

2 commits