bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1184 commits 1 branch 0 tags 351 MiB
Commit graph

54 commits

Author SHA1 Message Date
Offensive Security
c7c1c7d92e DB: 2017-02-23 
13 new exploits

EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)
EasyCom For PHP 4.0.0 - Denial of Service
Google Chrome - 'layout' Out-of-Bounds Read

Shutter 0.93.1 - Code Execution

DiskSavvy Enterprise - GET Buffer Overflow (Metasploit)
Disk Savvy Enterprise - GET Buffer Overflow (Metasploit)

Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH)
Joomla! Component ContentMap 1.3.8 - 'contentid' Parameter SQL Injection
Joomla! Component VehicleManager 3.9 - SQL Injection
Joomla! Component RealEstateManager 3.9 - SQL Injection
Joomla! Component BookLibrary 3.6.1 - SQL Injection
Joomla! Component MediaLibrary Basic 3.5 - SQL Injection
Lock Photos Album&Videos Safe 4.3 - Directory Traversal
ProjectSend r754 - Insecure Direct Object Reference
Teradici Management Console 2.2.0 - Privilege Escalation
 2017-02-23 05:01:18 +00:00
Offensive Security
4195f70ade DB: 2017-02-21 
6 new exploits

EFS Easy Chat Server - Authentication Request Buffer Overflow (SEH)
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (SEH)

EFS Easy Chat Server - Cross-Site Request Forgery (Change Admin Password)
EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password)

EFS Easy Chat Server - Authentication Request Buffer Overflow (Perl)
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (Perl)

yaws 1.89 - Directory Traversal
Yaws 1.89 - Directory Traversal

Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)

Jogjacamp JProfile Gold - (id_news) SQL Injection
Jogjacamp JProfile Gold - 'id_news' Parameter SQL Injection

RSS News AutoPilot Script 1.0.1 / 3.0.3 - Cross-Site Request Forgery
Joomla! Component MaQma Helpdesk 4.2.7 - 'id' Parameter SQL Injection
Joomla! Component PayPal IPN for DOCman 3.1 - 'id' Parameter SQL Injection
Album Lock 4.0 iOS - Directory Traversal
Tenda N3 Wireless N150 Home Router - Authentication Bypass
 2017-02-21 05:01:20 +00:00
Offensive Security
b080c70f8b DB: 2016-12-14 
7 new exploits

Microsoft Internet Explorer 9 IEFRAME - CSelection­Interact­Button­Behavior::_Update­Button­Location Use-After-Free (MS13-047)

Xitami Web Server 5.0a0 - Denial of Service
OpenSSL 1.1.0a/1.1.0b - Denial of Service
Serva 3.0.0 HTTP Server - Denial of Service
iOS 10.1.x - Certificate File Memory Corruption

OpenBSD 4.0 - (vga) Privilege Escalation
OpenBSD 4.0 - 'vga' Privilege Escalation

10-Strike Network File Search Pro 2.3 - SEH Local Buffer Overflow

MyBloggie 2.1.4 - (trackback.php) Multiple SQL Injections
MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injections

AShop Deluxe 4.x - (catalogue.php cat) SQL Injection
AShop Deluxe 4.x - 'catalogue.php' SQL Injection

HIOX Banner Rotator 1.3 - (hm) Remote File Inclusion
HIOX Banner Rotator 1.3 - 'hm' Parameter Remote File Inclusion

CAT2 - (spaw_root) Local File Inclusion
CAT2 - 'spaw_root' Parameter Local File Inclusion

MyBloggie 2.1.3 - search.php SQL Injection
MyBloggie 2.1.2/2.1.3 - upload.php Multiple Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - delcomment.php Multiple Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - deluser.php 'id' Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - addcat.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - edituser.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - adduser.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - editcat.php errormsg Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - add.php trackback_url Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - delcat.php cat_id Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - del.php post_id Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'upload.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'delcomment.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'deluser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'addcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'adduser.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'editcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'trackback_url' Parameter Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'delcat.php' Cross-Site Scripting
MyBloggie 2.1.2/2.1.3 - 'del.php' Cross-Site Scripting

MyBloggie 2.1.x - Multiple Remote File Inclusion

MyBloggie 2.1.x - MyBloggie_Root_Path Parameter Multiple Remote File Inclusion
MyBloggie 2.1.x - 'MyBloggie_Root_Path' Parameter Remote File Inclusion
AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter Cross-Site Scripting
AShop Deluxe 4.5 - ashop/basket.php cat Parameter Cross-Site Scripting
AShop Deluxe 4.5 - ashop/search.php SearchString Parameter Cross-Site Scripting
AShop Deluxe 4.5 - shipping.php Multiple Parameter Cross-Site Scripting
AShop Deluxe 4.5 - admin/editcatalogue.php cat Parameter Cross-Site Scripting
AShop Deluxe 4.5 - admin/salesadmin.php resultpage Parameter Cross-Site Scripting
AShop Deluxe 4.5 - 'catalogue.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'basket.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'search.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'shipping.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'editcatalogue.php' Cross-Site Scripting
AShop Deluxe 4.5 - 'salesadmin.php' Cross-Site Scripting

MyBloggie 2.1.5 - 'index.php' PATH_INFO Parameter Cross-Site Scripting
MyBloggie 2.1.5 - 'index.php' Cross-Site Scripting

MyBloggie 2.1.5 - 'login.php' PATH_INFO Parameter Cross-Site Scripting
MyBloggie 2.1.5 - 'login.php' Cross-Site Scripting
Smart Guard Network Manager 6.3.2 - SQL Injection
WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery
 2016-12-14 05:01:23 +00:00
Offensive Security
c76e893f94 DB: 2016-11-02 
12 new exploits

KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC)
KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (PoC)

KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow
KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow

Apple iOS 4.0.3 - DPAP Server Denial of Service

KarjaSoft Sami FTP Server 2.02 - USER Overflow (Metasploit)
KarjaSoft Sami FTP Server 2.0.2 - USER Remote Buffer Overflow (Metasploit)

Freefloat FTP Server - (LIST command) Buffer Overflow
Freefloat FTP Server - 'LIST' Command Buffer Overflow
Freefloat FTP Server 1.00 - MKD Buffer Overflow
Freefloat FTP Server - MKD Buffer Overflow (Metasploit)
Freefloat FTP Server 1.0 - 'MKD' Buffer Overflow
Freefloat FTP Server - 'MKD' Buffer Overflow (Metasploit)

Freefloat FTP Server 1.0 - REST & PASV Buffer Overflow
Freefloat FTP Server 1.0 - 'REST' / 'PASV' Buffer Overflow

Freefloat FTP Server - REST Buffer Overflow (Metasploit)
Freefloat FTP Server - 'REST' Buffer Overflow (Metasploit)

Freefloat FTP Server 1.0 - ACCL Buffer Overflow
Freefloat FTP Server 1.0 - 'ACCL' Buffer Overflow

Nagios Plugin check_ups - Local Buffer Overflow (PoC)
Nagios Plugins check_ups - Local Buffer Overflow (PoC)

Joomla! Component KISS Advertiser - Remote File / Bypass Upload
Joomla! Component 'com_ksadvertiser' - Remote File / Bypass Upload

Joomla! Component OS Property 2.0.2 - Unrestricted Arbitrary File Upload
Joomla! Component 'com_osproperty' 2.0.2 - Unrestricted Arbitrary File Upload

Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection
Joomla! Component 'com_niceajaxpoll' 1.3.0 - SQL Injection

Joomla! Extension Movm Extension (com_movm) - SQL Injection
Joomla! Component 'com_movm' - SQL Injection

Joomla! Component joomgalaxy 1.2.0.4 - Multiple Vulnerabilities
Joomla! Component 'com_joomgalaxy' 1.2.0.4 - Multiple Vulnerabilities

Joomla! Component En Masse 1.2.0.4 - SQL Injection
Joomla! Component 'com_enmasse' 1.2.0.4 - SQL Injection

Joomla! Component FireBoard (com_fireboard) - SQL Injection
Joomla! Component 'com_fireboard' - SQL Injection

Joomla! Component Spider Calendar Lite (com_spidercalendar) - SQL Injection
Joomla! Component 'com_spidercalendar' - SQL Injection

Joomla! Component RokModule - 'index.php module Parameter' Blind SQL Injection
Joomla! Component 'com_rokmodule' - 'module' Parameter Blind SQL Injection

Joomla! Component iCagenda - (id Parameter) Multiple Vulnerabilities
Joomla! Component 'com_icagenda' - 'id' Parameter Multiple Vulnerabilities
Joomla! Component FreeStyle Support com_fss 1.9.1.1447 - SQL Injection
Joomla! Component Tags - 'index.php tag Parameter' SQL Injection
Joomla! Component 'com_fss' 1.9.1.1447 - SQL Injection
Joomla! Component 'com_tag' - 'tag' Parameter SQL Injection
Joomla! Plugin Commedia - 'index.php task Parameter' SQL Injection
Joomla! Component Kunena - 'index.php search Parameter' SQL Injection
Joomla! Component 'com_commedia' - 'task' Parameter SQL Injection
Joomla! Component 'com_kunena' - 'search' Parameter SQL Injection

Freefloat FTP Server - PUT Command Buffer Overflow
Freefloat FTP Server - 'PUT' Command Buffer Overflow

Joomla! Component Spider Catalog - 'index.php Product_ID Parameter' SQL Injection
Joomla! Component 'com_spidercatalog' - 'Product_ID' Parameter SQL Injection

Free Float FTP Server - USER Command Buffer Overflow
Freefloat FTP Server - 'USER' Command Buffer Overflow

Joomla! Component JooProperty 1.13.0 - Multiple Vulnerabilities
Joomla! Component 'com_jooproperty' 1.13.0 - Multiple Vulnerabilities

Joomla! Component Spider Calendar - 'index.php date Parameter' Blind SQL Injection
Joomla! Component 'com_spidercalendar' - 'date' Parameter Blind SQL Injection

Joomla! Component com_collector - Arbitrary File Upload
Joomla! Component 'com_collector' - Arbitrary File Upload

Freefloat FTP 1.0 - Raw Commands Buffer Overflow
Freefloat FTP Server 1.0 - 'Raw' Commands Buffer Overflow

Joomla! 3.0.2 - (highlight.php) PHP Object Injection
Joomla! 3.0.2 - 'highlight.php' PHP Object Injection

Joomla! Component RSfiles - (cid parameter) SQL Injection
Joomla! Component 'com_rsfiles' - 'cid' Parameter SQL Injection

Joomla! Component CiviCRM 4.2.2 - Remote Code Injection
Joomla! Component 'com_civicrm' 4.2.2 - Remote Code Injection

Freefloat FTP 1.0 - DEP Bypass with ROP
Freefloat FTP Server 1.0 - DEP Bypass with ROP

Joomla! 3.0.3 - (remember.php) PHP Object Injection
Joomla! 3.0.3 - 'remember.php' PHP Object Injection

Joomla! Extension DJ Classifieds 2.0 - Blind SQL Injection
Joomla! Component 'dj-classifieds' 2.0 - Blind SQL Injection

Joomla! Component S5 Clan Roster com_s5clanroster - 'index.php id Parameter' SQL Injection
Joomla! Component 'com_s5clanroster' - 'id' Parameter SQL Injection

Joomla! Component Sectionex 2.5.96 - SQL Injection
Joomla! Component 'com_sectionex' 2.5.96 - SQL Injection

Joomla! Component redSHOP 1.2 - SQL Injection
Joomla! Component 'com_redshop' 1.2 - SQL Injection

Joomla! Component Media Manager - Arbitrary File Upload (Metasploit)
Joomla! Component 'com_media' - Arbitrary File Upload (Metasploit)

Apple iOS Mobile Safari - Memory Exhaustion Remote Denial of Service

check_dhcp - Nagios Plugins 2.0.1 - Arbitrary Option File Read
Nagios Plugins check_dhcp 2.0.1 - Arbitrary Option File Read

check_dhcp 2.0.2 (Nagios Plugins) - Arbitrary Option File Read Race Condition
Nagios Plugins check_dhcp 2.0.2 - Arbitrary Option File Read Race Condition

Apple iOS 4.0.2 - Networking Packet Filter Rules Privilege Escalation
Joomla! Component IDoEditor - 'image.php' Arbitrary File Upload
Joomla! Component jFancy - 'script.php' Arbitrary File Upload
Joomla! Component 'IDoEditor' - 'image.php' Arbitrary File Upload
Joomla! Component 'mod_jfancy' - 'script.php' Arbitrary File Upload

Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload
Joomla! Component 'com_hwdvideoshare' - 'flash_upload.php' Arbitrary File Upload
Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component JCal Pro Calendar - SQL Injection
Joomla! Component 'com_maianmedia' - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component 'com_jcalpro' - SQL Injection

Joomla! Component com_szallasok - 'id' Parameter SQL Injection
Joomla! Component 'com_szallasok' - 'id' Parameter SQL Injection

Joomla! Module Language Switcher 2.5.x - Multiple Cross-Site Scripting Vulnerabilities
My Little Forum 2.3.7 - Multiple Vulnerabilities

Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_hello' - 'Controller' Parameter Local File Inclusion

Joomla! Component Odudeprofile - 'profession' Parameter SQL Injection
Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection

Joomla! Component com_photo - Multiple SQL Injections
Joomla! Component 'com_photo' - Multiple SQL Injections

Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities
Joomla! Component 'com_civicrm' - Multiple Arbitrary File Upload Vulnerabilities

Joomla! Component Komento - 'cid' Parameter SQL Injection
Joomla! Component 'Komento' - 'cid' Parameter SQL Injection

Joomla! Component com_quiz - SQL Injection
Joomla! Component 'com_quiz' - SQL Injection

Joomla! Component com_parcoauto - 'idVeicolo' Parameter SQL Injection
Joomla! Component 'com_parcoauto' - 'idVeicolo' Parameter SQL Injection
Joomla! Component ZT Autolinks - 'Controller' Parameter Local File Inclusion
Joomla! Component Bit - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_ztautolink' - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_bit' - 'Controller' Parameter Local File Inclusion

Joomla! Component Incapsula - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component 'com_incapsula' - Multiple Cross-Site Scripting Vulnerabilities

Apple Mac OSX 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation
Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation

Apple Mac OSX 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit)
Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit)

Joomla! Component RokDownloads - Arbitrary File Upload
Joomla! Component 'com_rokdownloads' - Arbitrary File Upload

Apple Intel HD 3000 Graphics driver 10.0.0 - Privilege Escalation
Apple Intel HD 3000 Graphics Driver 10.0.0 - Privilege Escalation

MyLittleForum 2.3.5 - PHP Command Injection
My Little Forum 2.3.5 - PHP Command Injection
Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free
OS X/iOS Kernel - IOSurface Use-After-Free
OS X/iOS - mach_ports_register Multiple Memory Safety Issues
Apple OS X - Kernel IOBluetoothFamily.kext Use-After-Free
Apple OS X/iOS - Kernel IOSurface Use-After-Free
Apple OS X/iOS - mach_ports_register Multiple Memory Safety Issues

MacOS 10.12 - 'task_t' Privilege Escalation
Apple MacOS 10.12 - 'task_t' Privilege Escalation
Freefloat FTP Server 1.0 - 'ABOR' Command Buffer Overflow
School Registration and Fee System - Authentication Bypass
Freefloat FTP Server 1.0 - 'RMD' Command Buffer Overflow
Freefloat FTP Server 1.0 - 'HOST' Command Buffer Overflow
KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH)
Freefloat FTP Server 1.0 - 'RENAME' Command Buffer Overflow
MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race Condition
MySQL / MariaDB / PerconaDB - 'root' Privilege Escalation
 2016-11-02 05:01:19 +00:00
Offensive Security
5e2fc10125 DB: 2016-09-03 2016-09-03 13:13:25 +00:00
Offensive Security
31a21bb68d DB: 2016-09-03 
14 new exploits

Too many to list!
 2016-09-03 05:08:42 +00:00
Offensive Security
2a57bee5c6 DB: 2016-07-25 
12 new exploits

Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Exploit
Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation Exploit

Linux Kernel < 2.6.31-rc4 - nfs4_proc_lock() Denial of Service

FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null Free Shellcode (65 bytes)

Linux/x86 - execve shellcode null byte free (Generator)
Linux/x86 - execve Null Free shellcode (Generator)

Linux/x86 - cmd shellcode null free (Generator)
Linux/x86 - cmd Null Free shellcode (Generator)

iOS - Version-independent shellcode

Linux/x86-64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86-64 - bindshell port 4444 shellcode (132 bytes)

Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null Free shellcode (39 bytes)

Windows 5.0 < 7.0 x86 - null-free bindshell shellcode
Windows 5.0 < 7.0 x86 - Null Free bindshell port 28876 shellcode

Win32 - telnetbind by Winexec shellcode (111 bytes)
Win32 - telnetbind by Winexec 23 port shellcode (111 bytes)

Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes)
Windows NT/2000/XP (Russian) - Add User _slim_ Shellcode (318 bytes)
Windows XP Pro SP2 English - _Message-Box_ Shellcode Null-Free (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Shellcode Null Free (12 bytes)
Windows XP Pro SP2 English - _Message-Box_ Null Free Shellcode (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Null Free Shellcode (12 bytes)

Linux/x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes)
Linux/x86 - /bin/sh Polymorphic Null Free Shellcode (46 bytes)

Win32 - Add new local administrator shellcode _secuid0_ (326 bytes)
Win32 - Add New Local Administrator _secuid0_ Shellcode (326 bytes)

ARM - Bindshell port 0x1337shellcode
ARM - Bindshell port 0x1337 shellcode

Linux Kernel <= 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite

Linux Kernel <= 2.4.0 - Stack Infoleaks

bsd/x86 - connect back Shellcode (81 bytes)
FreeBSD/x86 - connect back Shellcode (81 bytes)

Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.10/11.04) - Privilege Boundary Crossing Local Root Exploit
Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Privilege Boundary Crossing Local Root Exploit

Linux Kernel 2.0 / 2.1 - SIGIO
Linux Kernel 2.0 / 2.1 - Send a SIGIO Signal To Any Process

Linux Kernel 2.2 - 'ldd core' Force Reboot

Debian 2.1_ Linux Kernel 2.0.x_ RedHat 5.2 - Packet Length with Options
Linux Kernel 2.0.x (Debian 2.1 / RedHat 5.2) - Packet Length with Options

Linux Kernel 2.2.x - Non-Readable File Ptrace
Linux Kernel 2.2.x - Non-Readable File Ptrace Local Information Leak

OS X 10.x_ FreeBSD 4.x_OpenBSD 2.x_Solaris 2.5/2.6/7.0/8 exec C Library Standard I/O File Descriptor Closure
OS X 10.x_ FreeBSD 4.x_ OpenBSD 2.x_ Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure

Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (1)
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking (2)
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (1)
Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Local Root Exploit (2)

Linux Kernel 2.4 - suid execve() System Call Race Condition PoC
Linux Kernel 2.4 - suid execve() System Call Race Condition Executable File Read Proof of Concept

Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling
Linux Kernel 2.5.x / 2.6.x - CPUFreq Proc Handler Integer Handling Memory Read

Linux Kernel <= 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure

Microsoft Internet Explorer 6.0_ Firefox 0.x_Netscape 7.x - IMG Tag Multiple Vulnerabilities
Microsoft Internet Explorer 6.0 / Firefox 0.x / Netscape 7.x - IMG Tag Multiple Vulnerabilities

Linux Kernel 2.4.x / 2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities

Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1)

Linux/x86 - Reverse TCP Bind Shellcode (92 bytes)
Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes)

Linux Kernel 2.2.x / 2.3.x / 2.4.x / 2.5.x / 2.6.x - ELF Core Dump Local Buffer Overflow

Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password)

Linux/x86 - TCP Bind Shel shellcode l (96 bytes)
Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes)

Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation
Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Privilege Escalation

Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)

OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes)
OS-X/x86-64 - /bin/sh Null Free Shellcode (34 bytes)

Mainframe/System Z - Bind Shell shellcode (2488 bytes)
Mainframe/System Z - Bind Shell Port 12345 Shellcode (2488 bytes)

OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes)
OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes)

Ubuntu Apport - Local Privilege Escalation
Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation

Linux/x86-64 - Bindshell with Password shellcode (92 bytes)
Linux/x86-64 - Bindshell 31173 port with Password shellcode (92 bytes)

Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator)
Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)
Linux/x86-64 - bind TCP port shellcode (103 bytes)
Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes)
Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes)
Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes)

Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)

Linux Kernel 3.10_ 3.18 + 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption
Linux Kernel 3.10 / 3.18 / 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption

Windows - Null-Free Shellcode Primitive Keylogger to File (431 (0x01AF) bytes)
Windows - Primitive Keylogger to File Null Free Shellcode (431 (0x01AF) bytes)

Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)
Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow)

Windows - Null-Free Shellcode Functional Keylogger to File (601 (0x0259) bytes)
Windows - Functional Keylogger to File Null Free Shellcode  (601 (0x0259) bytes)

Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes)
Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)

Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes)

Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes)
Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal Shellcode (84_ 122_ 172 bytes)
 2016-07-25 05:06:19 +00:00
Offensive Security
76bc268c80 DB: 2016-07-11 2016-07-11 05:06:57 +00:00
Offensive Security
39fe341c5b DB: 2016-04-26 
9 new exploits

Totemomail 4.x and 5.x - Persistent XSS
C/C++ Offline Compiler and C For OS - Persistent XSS
Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (MSF)
Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (MSF)
CompuSource Systems - Real Time Home Banking - Local Privilege Escalation
Linux x64 - Bind Shell Shellcode Generator
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (MSF)
NationBuilder Multiple Stored XSS Vulnerabilities
Rough Auditing Tool for Security (RATS) 2.3 - Crash PoC
 2016-04-26 05:03:34 +00:00
Offensive Security
f7b6199767 DB: 2016-02-23 
7 new exploits
 2016-02-23 05:02:07 +00:00
Offensive Security
958f5c3f9d DB: 2016-01-29 
40 new exploits
 2016-01-29 05:03:51 +00:00
Offensive Security
a5b96c2067 DB: 2016-01-28 
11 new exploits
 2016-01-28 05:02:01 +00:00
Offensive Security
73b5663d00 DB: 2015-12-29 
5 new exploits
 2015-12-29 05:02:26 +00:00
Offensive Security
c4e7f4ce3a DB: 2015-11-06 
21 new exploits
 2015-11-06 05:02:38 +00:00
Offensive Security
24fffa54a2 DB: 2015-09-29 
25 new exploits
 2015-09-29 05:03:06 +00:00
Offensive Security
1d1147296b DB: 2015-09-23 
35 new exploits
 2015-09-23 05:02:17 +00:00
Offensive Security
37dce18f7f DB: 2015-09-03 
16 new exploits
 2015-09-03 05:02:25 +00:00
Offensive Security
270dc872cf DB: 2015-09-01 
17 new exploits
 2015-09-01 05:02:37 +00:00
Offensive Security
d891c95c0e DB: 2015-08-29 
11 new exploits
 2015-08-29 05:01:51 +00:00
Offensive Security
cbdd64e888 DB: 2015-08-16 
21 new exploits
 2015-08-16 05:02:57 +00:00
Offensive Security
992137fd37 DB: 2015-07-22 
5 new exploits
 2015-07-22 05:01:58 +00:00
Offensive Security
8ad2e6be05 DB: 2015-07-06 
3 new exploits
 2015-07-06 05:01:55 +00:00
Offensive Security
5cd9f850c3 DB: 2015-06-07 
11 new exploits
 2015-06-07 05:02:18 +00:00
Offensive Security
132b3784f2 DB: 2015-05-26 
11 new exploits
 2015-05-26 05:02:24 +00:00
Offensive Security
6086516a4d DB: 2015-05-19 
19 new exploits
 2015-05-19 05:03:23 +00:00
Offensive Security
b3321b3426 DB: 2015-05-15 
17 new exploits
 2015-05-15 05:02:32 +00:00
Offensive Security
e6dc3c025a DB: 2015-05-09 
28 new exploits
 2015-05-09 05:03:14 +00:00
Offensive Security
01ba689949 DB: 2015-05-08 
19 new exploits
 2015-05-08 05:02:43 +00:00
Offensive Security
b2d25f8fa5 DB: 2015-05-07 
9 new exploits
 2015-05-07 05:03:16 +00:00
Offensive Security
dc83e39d07 DB: 2015-05-06 
3 new exploits
 2015-05-06 05:01:34 +00:00
Offensive Security
0df2ff7351 DB: 2015-05-05 
15 new exploits
 2015-05-05 05:03:01 +00:00
Offensive Security
fffcb94afe DB: 2015-04-22 
30 new exploits
 2015-04-22 05:02:28 +00:00
Offensive Security
cc553d1147 DB: 2015-04-20 
11 new exploits
 2015-04-20 12:44:13 +00:00
Offensive Security
5924dde297 DB: 2015-03-19 
2 new exploits
 2015-03-19 09:39:10 +00:00
Offensive Security
97ea72788a Update: 2015-01-15 
10 new exploits
 2015-01-15 08:37:04 +00:00
Offensive Security
1709d70e04 Updated 10_29_2014 2014-10-29 04:45:11 +00:00
Offensive Security
2d32c6c0f9 Updated 10_27_2014 2014-10-27 04:48:25 +00:00
Offensive Security
b7c11b0dcd Updated 10_24_2014 2014-10-24 04:45:15 +00:00
Offensive Security
63aa7610b4 Updated 10_17_2014 2014-10-17 04:45:02 +00:00
Offensive Security
478ee155fa Updated 10_16_2014 2014-10-16 04:44:33 +00:00
Offensive Security
501c894288 Updated 10_01_2014 2014-10-01 04:44:03 +00:00
Offensive Security
fa2af94205 Updated 09_19_2014 2014-09-19 04:44:37 +00:00
Offensive Security
d2e6d5e899 Updated 09_18_2014 2014-09-18 04:43:58 +00:00
Offensive Security
58cf70abfb Updated 09_13_2014 2014-09-13 04:43:42 +00:00
Offensive Security
b737a287b1 Updated 08_25_2014 2014-08-25 04:41:28 +00:00
Offensive Security
b3b8cbd244 Updated 08_11_2014 2014-08-11 04:39:21 +00:00
Offensive Security
545c6bdf18 Updated 08_06_2014 2014-08-06 04:39:53 +00:00
Offensive Security
9d2bfdf51e Updated 08_04_2014 2014-08-04 04:39:56 +00:00
Offensive Security
3782948984 Updated 07_31_2014 2014-07-31 04:40:32 +00:00
Offensive Security
a4102ef337 Updated 07_09_2014 2014-07-09 04:38:20 +00:00