bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1184 commits 1 branch 0 tags 351 MiB
Commit graph

1184 commits

This branch
This branch
All branches
Author SHA1 Message Date
Offensive Security
8f7e041fcc DB: 2017-03-29 
6 new exploits

MikroTik RouterBoard 6.38.5 - Denial of Service
VX Search Enterprise 9.5.12 - 'Verify Email' Buffer Overflow
Microsoft Outlook - HTML Email Denial of Service

Intermec PM43 Industrial Printer - Privilege Escalation

DzSoft PHP Editor 4.2.7 - File Enumeration

Linux/x86-64 - execve(_/bin/sh_) Shellcode (21 Bytes)
 2017-03-29 05:01:19 +00:00
Offensive Security
1f8c35c0c0 DB: 2017-03-28 
25 new exploits

Samba < 3.6.2 (x86) - Denial of Serviec (PoC)
Samba < 3.6.2 (x86) - Denial of Service (PoC)
Microsoft Visual Studio 2015 update 3 - Denial of Service
Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow
Apple Safari - 'DateTimeFormat.format' Type Confusion
Apple Safari - Builtin JavaScript Allows Function.caller to be Used in Strict Mode
Apple Safari - Out-of-Bounds Read when Calling Bound Function

QNAP QTS < 4.2.4 - Domain Privilege Escalation
Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
Github Enterprise - Default Session Secret And Deserialization (Metasploit)

B2B Alibaba Clone Script - SQL Injection
B2B Alibaba Clone Script - 'IndustryID' Parameter SQL Injection
Just Another Video Script 1.4.3 - SQL Injection
Adult Tube Video Script - SQL Injection
Alibaba Clone Script - SQL Injection
B2B Marketplace Script 2.0 - SQL Injection
Php Real Estate Property Script - SQL Injection
Courier Tracking Software 6.0 - SQL Injection
Parcel Delivery Booking Script 1.0 - SQL Injection
Delux Same Day Delivery Script 1.0 - SQL Injection
Hotel Booking Script 1.0 - SQL Injection
Tour Package Booking 1.0 - SQL Injection
Professional Bus Booking Script - 'hid_Busid' Parameter SQL Injection
CouponPHP CMS 3.1 - 'code' Parameter SQL Injection
EyesOfNetwork (EON) 5.0 - Remote Code Execution
EyesOfNetwork (EON) 5.0 - SQL Injection
Nuxeo 6.0 / 7.1 / 7.2 / 7.3 - Remote Code Execution (Metasploit)
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
 2017-03-28 05:01:16 +00:00
Offensive Security
d2c8c83204 DB: 2017-03-27 
1 new exploits

Linux/x86 - Reverse /bin/bash Shellcode (110 bytes)
 2017-03-27 05:01:17 +00:00
Offensive Security
f3bbe1df4c DB: 2017-03-26 
2 new exploits

Forticlient 5.2.3 Windows 10 x64 (Pre Anniversary) - Privilege Escalation
Forticlient 5.2.3 Windows 10 x64 (Post Anniversary) - Privilege Escalation
 2017-03-26 05:01:16 +00:00
Offensive Security
570f8aec26 DB: 2017-03-25 
6 new exploits

wifirxpower - Local Buffer Overflow
Miele Professional PG 8528 - Directory Traversal
NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow (Metasploit)
Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit)
Gr8 Tutorial Script - SQL Injection
Gr8 Gallery Script - SQL Injection
 2017-03-25 05:01:17 +00:00
Offensive Security
3ad96f313d DB: 2017-03-24 
39 new exploits

Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection (Metasploit)
Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)
Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit)
Microsoft Silverlight - ScriptObject Unsafe Memory Access (MS13-022/MS13-087) (Metasploit)
EMC Replication Manager < 5.3 - Command Execution (Metasploit)
MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)
Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070) (Metasploit)
CA Arcserve D2D - GWT RPC Credential Information Disclosure (Metasploit)
Lenovo System Update - Privilege Escalation (Metasploit)
Firebird - Relational Database CNCT Group Number Buffer Overflow (Metasploit)
HP Intelligent Management Center < 5.0 E0102 - UAM Buffer Overflow (Metasploit)
VMware Host Guest Client Redirector - DLL Side Loading (Metasploit)
CADA 3S CoDeSys Gateway Server - Directory Traversal (Metasploit)
MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit)

SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit)
Ceragon FibeAir IP-10 - SSH Private Key Exposure (Metasploit)
ExaGrid - Known SSH Key and Default Password (Metasploit)
GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)
Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)
Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit)
SSH - User Code Execution (Metasploit)
Redmine SCM Repository - Arbitrary Command Execution (Metasploit)

Linux/x86 - Bind Shell Shellcode (42 bytes)
Linux/x86 - Bind Shell Shellcode (44 bytes)
Joomla! Component Modern Booking 1.0 - 'coupon' Parameter SQL Injection
Flippa Clone - SQL Injection
Centreon < 2.5.1 / Centreon Enterprise Server < 2.2 - SQL Injection / Command Injection (Metasploit)
D-Link/TRENDnet - NCC Service Command Injection (Metasploit)
Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)
MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit)
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'license.php' Remote Command Execution (Metasploit)
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - 'welcome' Remote Command Execution (Metasploit)
PHPMailer < 5.2.19 - Sendmail Argument Injection (Metasploit)
SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)
WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - Unauthenticated File Upload (Metasploit)
SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit)
WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)
Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)
 2017-03-24 05:01:16 +00:00
Offensive Security
8b5b662af9 DB: 2017-03-23 
8 new exploits

SpyCamLizard 1.230 - Denial of Service
APNGDis 2.8 - 'chunk size descriptor' Heap Buffer Overflow
APNGDis 2.8 - 'image width / height chunk' Heap Buffer Overflow
APNGDis 2.8 - 'filename' Stack Buffer Overflow
Disk Sorter Enterprise 9.5.12 - 'GET' Buffer Overflow (SEH)
SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit)
GLink Word Link Script 1.2.3 - SQL Injection
Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities
 2017-03-23 05:01:16 +00:00
Offensive Security
93635f1158 DB: 2017-03-22 
1 new exploits

Joomla! Component Extra Search 2.2.8 - 'establename' Parameter SQL Injection
 2017-03-22 05:01:16 +00:00
Offensive Security
07432556e0 DB: 2017-03-21 
26 new exploits

FTPShell Client 6.53 - Local Buffer Overflow
FTPShell Client 6.53 - 'Session name' Local Buffer Overflow
FTPShell Server 6.56 - 'ChangePassword' Buffer Overflow
ExtraPuTTY 0.29-RC2 - Denial of Service
Google Nest Cam 5.2.1
 - Buffer Overflow Conditions Over Bluetooth LE
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017)
Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011)
Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Buffer Overflow in 'USP10!FillAlternatesList' (MS17-011)
Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011)
Microsoft GDI+ - 'gdiplus!GetRECTSForPlayback' Out-of-Bounds Read (MS17-013)
Microsoft Color Management Module 'icm32.dll' - 'icm32!Fill_ushort_ELUTs_from_lut16Tag' Out-of-Bounds Read (MS17-013)
Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013)
Microsoft Color Management Module 'icm32.dll' - 'icm32!LHCalc3toX_Di16_Do16_Lut8_G32' Out-of-Bounds Read (MS17-013)
Mozilla Firefox - 'table' Use-After-Free
Microsoft Internet Explorer - 'textarea.defaultValue' Memory Disclosure (MS17-006)

HttpServer 1.0 - Directory Traversal

Cobbler 2.8.0 - Authenticated Remote Code Execution
Joomla! Component JooCart 2.x - 'product_id' Parameter SQL Injection
Joomla! Component jCart for OpenCart 2.0 - 'product_id' Parameter SQL Injection
phplist 3.2.6 - SQL Injection
D-Link DGS-1510 - Multiple Vulnerabilities
 2017-03-21 05:01:17 +00:00
Offensive Security
e3778e5508 DB: 2017-03-20 
5 new exploits

Linux/x86 - Bind Shell Shellcode (51 bytes)
Linux/x86 - Bind Shell Shellcode (42 bytes)
Linux/x86 - File Reader Shellcode (54 Bytes)
iFdate Social Dating Script 2.0 - SQL Injection
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation
Omegle Clone - SQL Injection
Secure Download Links - 'dc' Parameter SQL Injection
 2017-03-20 05:01:17 +00:00
Offensive Security
4da96605a4 DB: 2017-03-18 
8 new exploits

Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow

FTPShell Client 6.53 - Local Buffer Overflow
Linux/x86 - Encoded exceve(_/bin/sh_) Shellcode (44 Bytes)
Linux/x86 - Bind Shell Shellcode (51 bytes)
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
AXIS Communications - Cross-Site Scripting / Content Injection
AXIS Multiple Products - Cross-Site Request Forgery
Departmental Store Management System 1.2 - SQL Injection
 2017-03-18 05:01:24 +00:00
g0tmi1k
5b8d706b7d Merge pull request #81 from g0tmi1k/searchsploit 
Remove leading slash on path results & add manual references in
 2017-03-17 10:56:15 +00:00
g0tmi1k
19f77d26f4 Remove leading slash on path results & add manual references in 2017-03-17 10:55:36 +00:00
g0tmi1k
641870e4f7 Merge pull request #79 from x42en/master 
Detailed JSON output
 2017-03-17 09:25:01 +00:00
Offensive Security
c51cc48e0e DB: 2017-03-17 
2 new exploits

Microsoft Edge 38.14393.0.0 - JavaScript Engine Use-After-Free

Windows DVD Maker 6.1.7 - XML External Entity Injection
 2017-03-17 05:01:19 +00:00
Ben Mz
0c1feefa49 show more detailed results with JSON output 2017-03-17 00:57:20 +01:00
Offensive Security
66117c63f5 DB: 2017-03-16 
16 new exploits

Adobe Flash - Metadata Parsing Out-of-Bounds Read
Adobe Flash - MovieClip Attach init Object Use-After-Free
Adobe Flash - ATF Thumbnailing Heap Overflow
Adobe Flash - ATF Planar Decompression Heap Overflow
Adobe Flash - AVC Header Slicing Heap Overflow
Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow

USBPcap - Privilege Escalation
USBPcap 1.1.0.0 (WireShark 2.2.5) - Privilege Escalation
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation
Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)

Cisco Firepower Management Console 6.0 - Post Authentication UserAdd
Cisco Firepower Management Console 6.0 - Post Authentication UserAdd (Metasploit)
IBM WebSphere - RCE Java Deserialization (Metasploit)
Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit)
Joomla! Component Vik Appointments 1.5 - SQL Injection
Joomla! Component Vik Rent Items 1.3 - SQL Injection
Joomla! Component Vik Rent Car 1.11 - SQL Injection
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution
Steam Profile Integration 2.0.11 - SQL injection
Sitecore CMS 8.1 Update-3 - Cross-Site Scripting
 2017-03-16 05:01:20 +00:00
g0tmi1k
c321071567 Merge pull request #74 from rofl0r/patch-1 
make searchploit work with non-gnu grep
 2017-03-15 13:44:28 +00:00
Offensive Security
c7382d10cd DB: 2017-03-15 
4 new exploits

MikroTik Router - ARP Table OverFlow Denial Of Service

Netgear R7000 and R6400 - cgi-bin Command Injection (Metasploit)
Netgear R7000 and R6400 - 'cgi-bin' Command Injection (Metasploit)

D-Link DI-524 - Cross-Site Request Forgery
Joomla! Component Simple Membership 3.3.3 - 'userId' Parameter SQL Injection
Joomla! Component Advertisement Board 3.0.4 - 'id' Parameter SQL Injection
 2017-03-15 05:01:18 +00:00
Offensive Security
8359f0a6a2 DB: 2017-03-14 
5 new exploits

Cerberus FTP Server  8.0.10.1 - Denial of Service

VirtualBox - Cooperating VMs can Escape from Shared Folder

Netgear R7000 and R6400 - cgi-bin Command Injection (Metasploit)

Car Workshop System - SQL Injection

Fiyo CMS 2.0.6.1 - Privilege Escalation
 2017-03-14 05:01:18 +00:00
Offensive Security
d36dc6b95d DB: 2017-03-12 
14 new exploits

MobaXterm Personal Edition 9.4 - Directory Traversal

Windows x86 - Hide Console Window Shellcode (182 bytes)
e107 <= 2.1.4 - 'keyword' Blind SQL Injection
Domain Marketplace Script - SQL Injection
Global In - SQL Injection
Global In - Arbitrary File Upload
Vanelo - SQL Injection
Mirage - SQL Injection
Pet Listing Script 3.0 - SQL Injection
Property Listing Script 3.1 - SQL Injection
Travel Tours Script 2.0 - SQL Injection
Yacht Listing Script 2.0 - SQL Injection
Yellow Pages Script 3.2 - 'category_id' Parameter SQL Injection
PHP Forum Script 3.0 - SQL Injection
 2017-03-12 05:01:18 +00:00
Offensive Security
f2327bc214 DB: 2017-03-11 
5 new exploits

Price Comparison Script 2017.1.8 - SQL Injection
Clickbank Affiliate Marketplace Script 2017 - SQL Injection
Kinsey Infor/Lawson / ESBUS - SQL Injection
WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery
dnaLIMS DNA Sequencing - Directory Traversal / Session Hijacking / Cross-Site Scripting
 2017-03-11 05:01:19 +00:00
Offensive Security
6e7ec5be32 DB: 2017-03-10 
20 new exploits

Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service

Apache Struts2 - Skill Name Remote Code Execution
Apache Struts 2 - Skill Name Remote Code Execution
Linux - Reverse Shell Shellcode (65 bytes)
Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)
Linux - TCP Reverse Shell Shellcode (65 bytes)
Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)

Windows x86 - Executable Directory Search Shellcode (130 bytes)

Apache Struts2 < 2.3.1 - Multiple Vulnerabilities
Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities
Country on Sale Script - SQL Injection
Media Search Engine Script - 'search' Parameter SQL Injection
Soundify 1.1 - 'tid' Parameter SQL Injection
BistroStays 3.0 - 'guests' Parameter SQL Injection
Nlance 2.2 - SQL Injection
Busewe 1.2 - SQL Injection
Fashmark 1.2 - 'category' Parameter SQL Injection
TradeMart 1.1 - SQL Injection
Drupal 7.x Module Services - Remote Code Execution
WordPress Plugin Mac Photo Gallery 3.0 - Arbitrary File Download
WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection
WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download
WordPress Plugin PICA Photo Gallery 1.0 - SQL Injection
Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution
FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery
 2017-03-10 05:01:18 +00:00
Offensive Security
06a7933be4 DB: 2017-03-09 
8 new exploits

USBPcap - Privilege Escalation

Linux - Reverse Shell Shellcode (66 bytes)
Linux - Reverse Shell Shellcode (65 bytes)
Themeforest Clone Script - SQL Injection
Graphicriver Clone Script - SQL Injection
Codecanyon Clone Script - SQL Injection
Audiojungle Clone Script - SQL Injection
Videohive Clone Script - SQL Injection
Envato Clone Script - SQL Injection
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
 2017-03-09 05:01:19 +00:00
Offensive Security
6883068111 DB: 2017-03-08 
5 new exploits

Evostream Media Server 1.7.1  (x64) - Denial of Service

Azure Data Expert Ultimate  2.2.16 - Buffer Overflow
Mini CMS 1.1 - 'name' Parameter SQL Injection
Daily Deals Script 1.0 - 'id' Parameter SQL Injection
Bull/IBM AIX Clusterwatch/Watchware - Multiple Vulnerabilities
 2017-03-08 05:01:19 +00:00
Offensive Security
9aef664a7e DB: 2017-03-07 
31 new exploits

iSQL 1.0 - isql_main.c Buffer Overflow (PoC)
iSQL 1.0 - 'isql_main.c' Buffer Overflow (PoC)
Memcached 1.4.33 - 'Crash' PoC
Memcached 1.4.33 - 'Add' PoC
Memcached 1.4.33 - 'sasl' PoC
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC)
Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)

Microsoft Windows gdi32.dll - EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure
Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure

Microsoft Office PowerPoint 2010 GDI - 'GDI32!ConvertDxArray' Insufficient Bounds Check
Microsoft Office PowerPoint 2010 - GDI 'GDI32!ConvertDxArray' Insufficient Bounds Check

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)

Conext ComBox 865-1058 - Denial of Service

Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)
Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051)

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition PoC (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access)

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition PoC (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition (PoC) (Write Access)

CyberGhost 6.0.4.2205 - Privilege Escalation

FTPShell Client 6.53 - Buffer Overflow

Linux/x86-64 - /bin/sh Shellcode
Linux/x86-64 - /bin/sh Shellcode (34 bytes)

Linux/x86-64 - Reverse Shell Shellcode
Linux/x86-64 - Reverse Shell Shellcode (134 bytes)

Linux/x86-64 - XOR Encode execve Shellcode
Linux/x86-64 - XOR Encode execve Shellcode (84 bytes)
Linux/x86_64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86_64 - execve /bin/sh Shellcode (22 bytes)
Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)

Linux/x86_64 - Random Listener Shellcode (54 bytes)
Linux/x86-64 - Random Listener Shellcode (54 bytes)

Wordpress < 4.7.1 - Username Enumeration
WordPress < 4.7.1 - Username Enumeration
Advanced Bus Booking Script 2.04 - SQL Injection
Entrepreneur Bus Booking Script 3.03 - 'hid_Busid' Parameter SQL Injection
Single Theater Booking Script - 'newsid' Parameter SQL Injection
Responsive Events & Movie Ticket Booking Script - SQL Injection
Online Cinema and Event Booking Script 2.01 - 'newsid' Parameter SQL Injection
Redbus Clone Script 3.05 - 'hid_Busid' Parameter SQL Injection
Groupon Clone Script 3.01 - 'catid' Parameter SQL Injection
Naukri Clone Script 3.02 - 'type' Parameter SQL Injection
Yellow Pages Clone Script 1.3.4 - SQL Injection
Advanced Matrimonial Script 2.0.3 - SQL Injection
Advanced Real Estate Script 4.0.6 - SQL Injection
PHP Classifieds Rental Script 3.6.0 - 'scatid' Parameter SQL Injection
Entrepreneur B2B Script 2.0.4 - 'id' Parameter SQL Injection
PHP Matrimonial Script 3.0 - SQL Injection
MLM Binary Plan Script 2.0.5 - SQL Injection
MLM Forced Matrix 2.0.7 - SQL Injection
MLM Forex Market Plan Script 2.0.1 - SQL Injection
MLM Membership Plan Script 2.0.5 - SQL Injection
Multireligion Responsive Matrimonial Script 4.7.1 - SQL Injection
Network Community Script 3.0.2 - SQL Injection
PHP B2B Script 3.05 - SQL Injection
Responsive Matrimonial Script 4.0.1 - SQL Injection
Schools Alert Management Script 2.01 - 'list_id' Parameter SQL Injection
Select Your College Script 2.01 - SQL Injection
Social Network Script 3.01 - 'id' Parameter SQL Injection
Website Broker Script 3.02 - 'view' Parameter SQL Injection
WordPress Multiple Plugins - Arbitrary File Upload
Deluge Web UI 1.3.13 - Cross-Site Request Forgery
 2017-03-07 05:01:20 +00:00
Offensive Security
4811e36301 DB: 2017-03-06 
9 new exploits

Linux/x86-64 - Polymorphic Flush IPTables Shellcode (47 bytes)
Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes)
Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes)

Joomla! Component com_jumi - (fileid) Blind SQL Injection
Joomla! Component Jumi - 'fileid' Parameter Blind SQL Injection
EPSON TMNet WebConfig 1.00 - Cross-Site Scripting
Joomla! Component JUX EventOn 1.0.1 - 'id' Parameter SQL Injection
Joomla! Component Monthly Archive 3.6.4 - 'author_form' Parameter SQL Injection
Joomla! Component AYS Quiz 1.0 - 'id' Parameter SQL Injection
Joomla! Component Content ConstructionKit 1.1 - SQL Injection
Joomla! Component AltaUserPoints 1.1 - 'userid' Parameter SQL Injection
 2017-03-06 05:01:18 +00:00
Offensive Security
d3106003d4 DB: 2017-03-04 
5 new exploits

Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes)
Wordpress < 4.7.1 - Username Enumeration
NetGain Enterprise Manager 7.2.562 - 'Ping' Command Injection
Joomla! Component Coupon 3.5 - SQL Injection
pfSense 2.3.2 - Cross-Site Scripting / Cross-Site Request Forgery
 2017-03-04 05:01:19 +00:00
Offensive Security
a3ee969c7d DB: 2017-03-03 
5 new exploits

Php Classified OLX Clone Script - 'category' Parameter SQL Injection
Joomla! Component Abstract 2.1 - SQL Injection
Joomla! Component StreetGuessr Game 1.0 - SQL Injection
Joomla! Component Guesser 1.0.4 - 'type' Parameter SQL Injection
Joomla! Component Recipe Manager 2.2 - 'id' Parameter SQL Injection
 2017-03-03 05:01:17 +00:00
Offensive Security
846ce42eca DB: 2017-03-02 
14 new exploits

SysGauge 1.5.18 - Buffer Overflow
WePresent WiPG-1500 - Backdoor Account

Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes)
DLink DSL-2730U Wireless N 150 - Cross-Site Request Forgery
Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting
WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery
SchoolDir - SQL Injection
Rage Faces Script 1.3 - SQL Injection
Meme Maker Script 2.1 - 'user' Parameter SQL Injection
 2017-03-02 05:01:19 +00:00
Offensive Security
7fa7a111c4 DB: 2017-03-01 
5 new exploits

BlueIris 4.5.1.4 - Denial of Service
Synchronet BBS 3.16c - Denial of Service

Cisco AnyConnect Secure Mobility Client 4.3.04027 - Privilege Escalation

Linux/x86-64 - Reverse Shell Shellcode (84 bytes)

NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery
 2017-03-01 05:01:18 +00:00
Offensive Security
026ded7298 DB: 2017-02-28 
12 new exploits

MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit)
Windows x86 - Executable Directory Search Shellcode (130 bytes)
Linux/x86_64 - Random Listener Shellcode (54 bytes)
NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution
Joomla! Component Gnosis 1.1.2 - 'id' Parameter SQL Injection
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection
Joomla! Component My MSG 3.2.1 - SQL Injection
Joomla! Component Spinner 360 1.3.0 - SQL Injection
Joomla! Component JomSocial - SQL Injection
Grails PDF Plugin 0.6 - XML External Entity Injection
Joomla! Component OneVote! 1.0 - SQL Injection
 2017-02-28 05:01:17 +00:00
Offensive Security
3f1035a488 DB: 2017-02-27 
2 new exploits

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation
 2017-02-27 05:01:20 +00:00
Offensive Security
5d75646fa8 DB: 2017-02-26 
1 new exploits

Joomla! Component Intranet Attendance Track 2.6.5 - SQL Injection
 2017-02-26 05:01:19 +00:00
Offensive Security
438afbcaf8 DB: 2017-02-25 
12 new exploits

Microsoft Edge and Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion
Joomla! Component JooDatabase 3.1.0 - SQL Injection
Joomla! Component JO Facebook Gallery 4.5 - SQL Injection
Joomla! Component AJAX Search for K2 2.2 - SQL Injection
Joomla! Component Community Surveys 4.3 - SQL Injection
Joomla! Component Community Polls 4.5.0 - SQL Injection
Apple WebKit 10.0.2 - 'FrameLoader::clear' Universal Cross-Site Scripting
Joomla! Component GPS Tools 4.0.1 - SQL Injection
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass
Joomla! Component Community Quiz 4.3.5 - SQL Injection
Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting
memcache-viewer - Cross-Site Scripting
 2017-02-25 05:01:19 +00:00
Offensive Security
3710b90d25 DB: 2017-02-24 
6 new exploits

macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read

Linux/x86-64 - Egghunter Shellcode (38 bytes)
WordPress Plugin Mail Masta 1.0 - SQL Injection
Joomla! Component Store for K2 3.8.2 - SQL Injection
Joomla! Component UserExtranet 1.3.1 - SQL Injection
Joomla! Component MultiTier 3.1 - SQL Injection
 2017-02-24 05:01:18 +00:00
Offensive Security
c7c1c7d92e DB: 2017-02-23 
13 new exploits

EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)
EasyCom For PHP 4.0.0 - Denial of Service
Google Chrome - 'layout' Out-of-Bounds Read

Shutter 0.93.1 - Code Execution

DiskSavvy Enterprise - GET Buffer Overflow (Metasploit)
Disk Savvy Enterprise - GET Buffer Overflow (Metasploit)

Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH)
Joomla! Component ContentMap 1.3.8 - 'contentid' Parameter SQL Injection
Joomla! Component VehicleManager 3.9 - SQL Injection
Joomla! Component RealEstateManager 3.9 - SQL Injection
Joomla! Component BookLibrary 3.6.1 - SQL Injection
Joomla! Component MediaLibrary Basic 3.5 - SQL Injection
Lock Photos Album&Videos Safe 4.3 - Directory Traversal
ProjectSend r754 - Insecure Direct Object Reference
Teradici Management Console 2.2.0 - Privilege Escalation
 2017-02-23 05:01:18 +00:00
Offensive Security
ad7bd81657 DB: 2017-02-22 
21 new exploits

Microsoft Office PowerPoint 2010 - 'MSO!Ordinal5429' Missing Length Check Heap Corruption
Microsoft Office PowerPoint 2010 - MSO/OART Heap Out-of-Bounds Access
Microsoft Office PowerPoint 2010 GDI - 'GDI32!ConvertDxArray' Insufficient Bounds Check
Adobe Flash - MP4 AMF Parsing Overflow
Adobe Flash - SWF Stack Corruption
Adobe Flash - Use-After-Free in Applying Bitmap Filter
Adobe Flash - YUVPlane Decoding Heap Overflow
DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery
Joomla! Component J-HotelPortal 6.0.2 - 'review_id' Parameter SQL Injection
Joomla! Component J-CruiseReservation Standard 3.0 - 'city' Parameter SQL Injection
Joomla! Component Eventix Events Calendar 1.0 - SQL Injection
Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - 'review_id' Parameter SQL Injection
Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection
Joomla! Component Magic Deals Web 1.2.0 - SQL Injection
Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection
Joomla! Component AppointmentBookingPro 4.0.1 - SQL Injection
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)
Sonicwall 8.1.0.2-14sv - 'extensionsettings.cgi' Remote Command Injection (Metasploit)
Sonicwall 8.1.0.2-14sv - 'viewcert.cgi' Remote Command Injection (Metasploit)
AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit)
 2017-02-22 05:01:19 +00:00
Offensive Security
4195f70ade DB: 2017-02-21 
6 new exploits

EFS Easy Chat Server - Authentication Request Buffer Overflow (SEH)
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (SEH)

EFS Easy Chat Server - Cross-Site Request Forgery (Change Admin Password)
EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password)

EFS Easy Chat Server - Authentication Request Buffer Overflow (Perl)
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (Perl)

yaws 1.89 - Directory Traversal
Yaws 1.89 - Directory Traversal

Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)

Jogjacamp JProfile Gold - (id_news) SQL Injection
Jogjacamp JProfile Gold - 'id_news' Parameter SQL Injection

RSS News AutoPilot Script 1.0.1 / 3.0.3 - Cross-Site Request Forgery
Joomla! Component MaQma Helpdesk 4.2.7 - 'id' Parameter SQL Injection
Joomla! Component PayPal IPN for DOCman 3.1 - 'id' Parameter SQL Injection
Album Lock 4.0 iOS - Directory Traversal
Tenda N3 Wireless N150 Home Router - Authentication Bypass
 2017-02-21 05:01:20 +00:00
Offensive Security
ae0dd9fa7c DB: 2017-02-20 
14 new exploits

Linux - Reverse Shell Shellcode (66 bytes)

Joomla! Component com_Joomlaoc - 'id' SQL Injection
Joomla! Component Joomloc 1.0 - 'id' Parameter SQL Injection

Joomla! Component com_awdwall 1.5.4 - Local File Inclusion / SQL Injection
Joomla! Component AWDwall 1.5.4 - Local File Inclusion / SQL Injection

Joomla! Component 'com_osproperty' 2.0.2 - Unrestricted Arbitrary File Upload
Joomla! Component com_osproperty 2.0.2 - Unrestricted Arbitrary File Upload

Horde 3.3.5 - Administration Interface admin/PHPshell.php PATH_INFO Parameter Cross-Site Scripting
Horde 3.3.5 - Cross-Site Scripting
Joomla! Component Joomloc-CAT 4.1.3 - 'ville' Parameter SQL Injection
Joomla! Component Joomloc-Lite 1.3.2 - 'site_id' Parameter SQL Injection
Joomla! Component JomWALL 4.0 - 'wuid' Parameter SQL Injection
Joomla! Component OS Property 3.0.8 - SQL Injection
Joomla! Component EShop 2.5.1 - 'id' Parameter SQL Injection
Joomla! Component OS Services Booking 2.5.1 - SQL Injection
Joomla! Component Room Management 1.0 - SQL Injection
Joomla! Component Bazaar Platform 3.0 - SQL Injection
Joomla! Component Google Map Store Locator 4.4 - SQL Injection
Joomla! Component Most Wanted Real Estate 1.1.0 - SQL Injection
NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution
Sawmill Enterprise 8.7.9 - Authentication Bypass
PHPShell 2.4 - Session Fixation
 2017-02-20 05:01:17 +00:00
Offensive Security
2d72a9c8b9 DB: 2017-02-18 
4 new exploits

Netgear WGR614v9 Wireless Router - GET Request Denial of Service
Netgear WGR614v9 Wireless Router - Denial of Service

ZABBIX 1.1.2 - Multiple Unspecified Remote Code Execution Vulnerabilities
Zabbix 1.1.2 - Multiple Unspecified Remote Code Execution Vulnerabilities

ZABBIX 1.1x/1.4.x - File Checksum Request Denial of Service
Zabbix 1.1x/1.4.x - File Checksum Request Denial of Service

ZABBIX 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation
Zabbix 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation

Windows x86 - Protect Process Shellcode (229 bytes)

Qwerty CMS - 'id' SQL Injection
Qwerty CMS - 'id' Parameter SQL Injection

Golabi CMS - Remote File Inclusion
Golabi CMS 1.0 - Remote File Inclusion
blogman 0.45 - Multiple Vulnerabilities
EZ-Blog 1b - Delete All Posts / SQL Injection
Blogman 0.45 - Multiple Vulnerabilities
EZ-Blog beta1 - Delete All Posts / SQL Injection

Access2asp - imageLibrary - (ASP) Arbitrary File Upload
Access2asp - imageLibrary - Arbitrary File Upload

Joomla! Component com_digistore - 'pid' Blind SQL Injection
Joomla! Component com_digistore - 'pid' Parameter Blind SQL Injection

EZ-Blog Beta2 - (category) SQL Injection
EZ-Blog Beta2 - 'category' Parameter SQL Injection
Joomla! Component Team Display 1.2.1 - 'filter_category' Parameter SQL Injection
Joomla! Component Groovy Gallery 1.0.0 - SQL Injection
Joomla! Component WMT Content Timeline 1.0 - 'id' Parameter SQL Injection
 2017-02-18 05:01:17 +00:00
Offensive Security
2f2ccec5c2 DB: 2017-02-17 
8 new exploits

Linux - Dual/Multi mode Bind Shell Shellcode (156 bytes)

Joomla! Component 'com_spidercalendar' - SQL Injection
Joomla! Component Spider Calendar - SQL Injection

Joomla! Component 'com_spidercatalog' - 'Product_ID' Parameter SQL Injection
Joomla! Component Spider Catalog 1.1 - 'Product_ID' Parameter SQL Injection

Joomla! Component 'com_spidercalendar' - 'date' Parameter Blind SQL Injection
Joomla! Component Spider Calendar - 'date' Parameter Blind SQL Injection

Joomla! Component 'com_spidercalendar' 3.2.6 - SQL Injection
Joomla! Component Spider Calendar 3.2.6 - SQL Injection

Joomla! Component 'com_spidercontacts' 1.3.6 - 'contacts_id' Parameter SQL Injection
Joomla! Component Spider Contacts 1.3.6 - 'contacts_id' Parameter SQL Injection

Joomla! Component 'com_spiderfaq' - SQL Injection
Joomla! Component Spider FAQ - SQL Injection
Joomla! Component Spider Calendar Lite 3.2.16 - SQL Injection
Joomla! Component Spider Catalog Lite 1.8.10 - SQL Injection
Joomla! Component Spider Facebook 1.6.1 - SQL Injection
Joomla! Component Spider FAQ Lite 1.3.1 - SQL Injection
WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting
dotCMS 3.6.1 - Blind Boolean SQL Injection
Joomla! Component JEmbedAll 1.4 - SQL Injection
 2017-02-17 05:01:19 +00:00
Offensive Security
d9f5d919c6 DB: 2017-02-16 
10 new exploits

Microsoft Windows gdi32.dll - EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure
NVIDIA Driver 375.70 - DxgkDdiEscape 0x100008b Out-of-Bounds Read/Write
NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission
GOM Player 2.3.10.5266 - '.fpx' Denial of Service
Cisco ASA - WebVPN CIFS Handling Buffer Overflow

OpenText Documentum D2 - Remote Code Execution
Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 - Multiple Vulnerabilities
Joomla! Component JoomBlog 1.3.1 - SQL Injection
Joomla! Component JSP Store Locator 2.2 - 'id' Parameter SQL Injection
 2017-02-16 05:01:17 +00:00
Offensive Security
2f4b2745b1 DB: 2017-02-15 
11 new exploits

Linux Kernel 3.10.0 (CentOS7) - Denial of Service
LG G4 - lgdrmserver Binder Service Multiple Race Conditions
LG G4 - lghashstorageserver Directory Traversal
LG G4 - Touchscreen Driver write_log Kernel Read/Write
Google Android - Inter-process munmap in android.util.MemoryIntArray
Google Android - android.util.MemoryIntArray Ashmem Race Conditions
Microsoft Edge - TypedArray.sort Use-After-Free (MS16-145)
ShadeYouVPN Client 2.0.1.11 - Privilege Escalation
ntfs-3g - Unsanitized modprobe Environment Privilege Escalation

MLdonkey 2.9.7 - HTTP DOUBLE SLASH Arbitrary File Disclosure
MLdonkey 2.9.7 - Arbitrary File Disclosure

Mldonkey 2.5 -4 - Web Interface Error Message Cross-Site Scripting
MLdonkey 2.5-4 - Cross-Site Scripting

Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit)

Joomla! Component NeoRecruit 1.4 - 'id' SQL Injection
Joomla! Component NeoRecruit 1.4 - 'id' Parameter SQL Injection

taifajobs 1.0 - (jobid) SQL Injection
taifajobs 1.0 - 'jobid' Parameter SQL Injection
Pyrophobia 2.1.3.1 - modules/out.php id Parameter Cross-Site Scripting
Pyrophobia 2.1.3.1 - admin/index.php Multiple Parameter Traversal Arbitrary File Access
Pyrophobia 2.1.3.1 - Cross-Site Scripting
Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access

Itech B2B Script 4.29 - Multiple Vulnerabilities
 2017-02-15 05:01:16 +00:00
Offensive Security
d548da5f4f DB: 2017-02-14 
20 new exploits

Nokia N95-8 - browser (setAttributeNode) Method Crash
Nokia N95-8 browser - 'setAttributeNode' Method Crash

Got All Media 7.0.0.3 - (t00t) Remote Denial of Service
Got All Media 7.0.0.3 - Remote Denial of Service

GeoVision Digital Video Surveillance System - (geohttpserver) DT
GeoVision Digital Video Surveillance System 8.2 - Arbitrary File Disclosure

pHNews alpha 1 - (templates_dir) Remote Code Execution
pHNews alpha 1 - 'templates_dir' Parameter Remote Code Execution
Bloggeruniverse 2.0 Beta - 'editcomments.php id' SQL Injection
Den Dating 9.01 - 'searchmatch.php' SQL Injection
InselPhoto 1.1 - (query) SQL Injection
PHP Krazy Image Host Script 1.01 - 'viewer.php id' SQL Injection
Bloggeruniverse 2.0 Beta - 'id' Parameter SQL Injection
Den Dating 9.01 - 'txtlookgender' Parameter SQL Injection
InselPhoto 1.1 - 'query' Parameter SQL Injection
PHP Krazy Image Host Script 1.01 - 'id' Parameter SQL Injection

Vlinks 1.1.6 - 'id' SQL Injection
Vlinks 1.1.6 - 'id' Parameter SQL Injection
CmsFaethon 2.2.0 - info.php item SQL Command Injection
InselPhoto 1.1 - Persistent Cross-Site Scripting
CmsFaethon 2.2.0 - 'item' Parameter SQL Injection
InselPhoto 1.1 - Cross-Site Scripting
SAS Hotel Management System - 'myhotel_info.asp' SQL Injection
YACS CMS 8.11 - update_trailer.php Remote File Inclusion
SAS Hotel Management System - 'id' Parameter SQL Injection
YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion

pHNews Alpha 1 - 'header.php mod' SQL Injection
pHNews Alpha 1 - 'mod' Parameter SQL Injection

Novaboard 1.0.1 - (message) Persistent Cross-Site Scripting
Novaboard 1.0.1 - Cross-Site Scripting

Joomla! Component JE Quiz - Blind SQL Injection
Joomla! Component JE Quiz - 'eid' Parameter Blind SQL Injection

SAS Hotel Management System - user_login.asp SQL Injection
SAS Hotel Management System - 'notfound' Parameter SQL Injection

JE Messenger 1.0 - Arbitrary File Upload
Joomla! Component JE Messenger 1.0 - Arbitrary File Upload

Joomla! Component 'com_jeauto' - Local File Inclusion
Joomla! Component JE Auto - Local File Inclusion

vlinks 2.0.3 - 'site.php id Parameter' SQL Injection
Vlinks 2.0.3 - 'id' Parameter SQL Injection

Yacs CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion
YACS CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion

Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection
PHP Marketplace Script - SQL Injection
Joomla! Component JE Classify Ads 1.2 - 'pro_id' Parameter SQL Injection
Joomla! Component JE Gallery 1.3 - 'photo_id' Parameter SQL Injection
Joomla! Component JE Directory 1.7 - 'ditemid' Parameter SQL Injection
Joomla! Component JE QuoteForm - 'Itemid' Parameter SQL Injection
Joomla! Component JE Property Finder 1.6.3 - SQL Injection
Joomla! Component JE Tour 2.0 - SQL Injection
Joomla! Component JE Video Rate 1.0 - SQL Injection
Joomla! Component JE auction 1.6 - 'eid' Parameter SQL Injection
Joomla! Component JE Auto 1.5 - 'd_itemid' Parameter SQL Injection
Joomla! Component JE Awd Song 1.8 - SQL Injection
Joomla! Component Hbooking 1.9.9 - 'h_id' Parameter SQL Injection
Joomla! Component JE Quiz 2.3 - SQL Injection
Joomla! Component JE Grid Folio - 'id' Parameter SQL Injection
Joomla! Component JE K2 Multiple Form Story 1.3 - 'Itemid' Parameter SQL Injection
Joomla! Component JE Form Creator 1.8 - 'Itemid' Parameter SQL Injection
Joomla! Component JE Portfolio Creator 1.2 - 'd_itemid' Parameter SQL Injection
Joomla! Component JE Ticket System 1.2 - SQL Injection
Joomla! Component JE Messanger - SQL Injection
 2017-02-14 05:01:17 +00:00
Offensive Security
8b6bfd7f93 DB: 2017-02-13 
19 new exploits

Cimetrics BACstac 6.2f - Privilege Escalation
Cimetrics BACnet Explorer 4.0 - XML External Entity Injection
SonicDICOM PACS 2.3.2 - Cross-Site Scripting
SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)
SonicDICOM PACS 2.3.2 - Privilege Escalation
Kodi 17.1 - Arbitrary File Disclosure
WhizBiz 1.9 - SQL Injection
TI Online Examination System 2.0 - SQL Injection
Viavi Real Estate - SQL Injection
Viavi Movie Review - 'id' Parameter SQL Injection
Viavi Product Review - 'id' Parameter SQL Injection
Quadz School Management System 3.1 - 'uisd' Parameter SQL Injection
Domains & Hostings Manager PRO 3.0 - 'entries' Parameter SQL Injection
Joomla! Component onisPetitions 2.5 - 'tag' Parameter SQL Injection
Joomla! Component onisQuotes 2.5 - 'tag' Parameter SQL Injection
Joomla! Component onisMusic 2 - 'tag' Parameter SQL Injection
Joomla! Component Sponsor Wall 7.0 - 'wallid' Parameter SQL Injection
Joomla! Component Vik Booking 1.7 - SQL Injection
Joomla! Component Soccer Bet 4.1.5 - 'cat' Parameter SQL Injection
 2017-02-13 05:01:18 +00:00
Offensive Security
187fb60098 DB: 2017-02-12 
1 new exploits

WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection
 2017-02-12 05:01:16 +00:00
Offensive Security
dcc7720ad6 DB: 2017-02-11 
18 new exploits

Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell)
Microsoft Windows 7 < 10 / Server 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell)
HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection (Metasploit)
F5 BIG-IP SSL Virtual Server - Memory Disclosure
CMS Lite 1.3.1 - SQL Injection
Tiger Post 3.0.1 - SQL Injection
Gram Post 1.0 - SQL Injection
Youtube Analytics Multi Channel 3.0 - SQL Injection
Collabo - Arbitrary File Download
Takas Classified 1.1 - SQL Injection
Zigaform - SQL Injection
Multilanguage Estate Agency Pro 1.2 - SQL Injection
QWIKIA 1.1.1 - SQL Injection
Automated Job Portal Script - SQL Injection
CLUB-8 EMS - SQL Injection
Uploadr - SQL Injection
CodePaul ClipMass - SQL Injection
Video Subscription - SQL Injection
D-link DIR-600M - Cross-Site Request Forgery
HotelCMS with Booking Engine - SQL Injection
 2017-02-11 05:01:16 +00:00
Offensive Security
a6133048b5 DB: 2017-02-10 
6 new exploits

Mobiketa 3.5 - SQL Injection
Sendroid 5.2 - SQL Injection
Fome SMS Portal 2.0 - SQL Injection
SOA School Management - SQL Injection
Client Expert 1.0.1 - SQL Injection
EXAMPLO - SQL Injection
 2017-02-10 05:01:16 +00:00
Offensive Security
d1a0e8f9fd DB: 2017-02-09 
3 new exploits

Zookeeper 3.5.2 - Denial of Service

Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode (103 bytes)

YapBB 1.2 - (forumID) Blind SQL Injection
YapBB 1.2 - 'forumID' Parameter Blind SQL Injection

ClearBudget 0.6.1 - (Misspelled htaccess) Insecure DD
ClearBudget 0.6.1 - Insecure Database Download

phpYabs 0.1.2 - (Azione) Remote File Inclusion
phpYabs 0.1.2 - 'Azione' Parameter Remote File Inclusion

IF-CMS 2.0 - 'frame.php id' Blind SQL Injection
IF-CMS 2.0 - 'id' Parameter Blind SQL Injection
BusinessSpace 1.2 - 'id' SQL Injection
A Better Member-Based ASP Photo Gallery - 'entry' SQL Injection
BusinessSpace 1.2 - 'id' Parameter SQL Injection
A Better Member-Based ASP Photo Gallery - 'entry' Parameter SQL Injection

FlexCMS - (catId) SQL Injection
FlexCMS 2.5 - 'catId' Parameter SQL Injection
Thyme 1.3 - (export_to) Local File Inclusion
Papoo CMS 3.x - (pfadhier) Local File Inclusion
q-news 2.0 - Remote Command Execution
Potato News 1.0.0 - (user) Local File Inclusion
Thyme 1.3 - 'export_to' Parameter Local File Inclusion
Papoo CMS 3.x - 'pfadhier' Parameter Local File Inclusion
Q-News 2.0 - Remote Command Execution
Potato News 1.0.0 - Local File Inclusion

Mynews 0_10 - Authentication Bypass
Mynews 0.10 - Authentication Bypass
Muviko Video CMS - SQL Injection
Multi Outlets POS 3.1 - 'id' Parameter SQL Injection
 2017-02-09 05:01:17 +00:00