bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2287 commits 1 branch 0 tags 258 MiB
Commit graph

145 commits

Author SHA1 Message Date
Offensive Security
91f4f8025d DB: 2021-01-13 
4 changes to exploits/shellcodes

Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)
Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
SmartAgent 3.1.0 - Privilege Escalation

Linux/x86 - bind shell on port 13377 Shellcode (65 bytes)
 2021-01-13 05:01:55 +00:00
Offensive Security
cb83a6e2dd DB: 2020-12-19 
17 changes to exploits/shellcodes

docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)
FRITZ!Box 7.20 - DNS Rebinding Protection Bypass
SyncBreeze 10.0.28 - 'login' Denial of Service (Poc)
Xeroneit Library Management System 3.1 - _Add Book Category _ Stored XSS
Point of Sale System 1.0 - Authentication Bypass
Alumni Management System 1.0 - Unrestricted File Upload To RCE
Alumni Management System 1.0 - _Course Form_ Stored XSS
Alumni Management System 1.0 - 'id' SQL Injection
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)
Smart Hospital 3.1 - _Add Patient_ Stored XSS

Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)

Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)
 2020-12-19 05:01:57 +00:00
Offensive Security
720fabd066 DB: 2020-07-28 
114 changes to exploits/shellcodes

Notepad++ < 7.7 (x64)  - Denial of Service

winrar 5.80 64bit - Denial of Service
WinRAR 5.80 (x64) - Denial of Service

Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter 'target_offset' Out-of-Bounds Privilege Escalation

TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change

Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Windows 7 SP1 (x86) - GDI Palette Objects Local Privilege Escalation (MS17-017)

Microsoft Word 2007 (x86) - Information Disclosure

IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation

ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation

Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution
Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution

Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation

R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)

MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation
MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation

Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)

Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation

Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation

R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)

Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation

Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation

Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)

Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path

DEWESoft X3 SP1 (64-bit) - Remote Command Execution
DEWESoft X3 SP1 (x64) - Remote Command Execution

CompleteFTP Professional 12.1.3 - Remote Code Execution

TeamCity Agent XML-RPC 10.0 - Remote Code Execution

eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution

FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)

Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)

Linux/x86 - Kill All Processes Shellcode (14 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
 2020-07-28 05:01:59 +00:00
Offensive Security
e46d9f65ff DB: 2020-07-27 
32 changes to exploits/shellcodes

Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH)
Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)
DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter)
Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter)
Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH)
Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)
docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)
GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)
ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution
UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin)
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)
Bludit 3.9.2 - Directory Traversal
LibreHealth 2.0.0 - Authenticated Remote Code Execution
Online Course Registration 1.0 - Unauthenticated Remote Code Execution
elaniin CMS - Authentication Bypass
Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated)
PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting
Bio Star 2.8.2 - Local File Inclusion
Webtareas 2.1p - Arbitrary File Upload (Authenticated)
F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)
Socket.io-file 2.0.31 - Arbitrary File Upload
pfSense 2.4.4-p3 - Cross-Site Request Forgery
Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting
Rails 5.0.1 - Remote Code Execution

Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes)
Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)
Windows/x86 - Download using mshta.exe Shellcode (100 bytes)
 2020-07-27 05:02:04 +00:00
Offensive Security
1979df6cb3 DB: 2020-06-19 
51 changes to exploits/shellcodes

Tor Browser < 0.3.2.10 - Use After Free (PoC)
Notepad++ < 7.7 (x64)  - Denial of Service
SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
InputMapper 1.6.10 - Denial of Service

SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)

XnConvert 1.82 - Denial of Service (PoC)

SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC)

SpotDialup 1.6.7 - 'Key' Denial of Service (PoC)

Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)

FreeBSD 12.0 - 'fd' Local Privilege Escalation
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH)

DeviceViewer 3.12.0.1 - Arbitrary Password Change

Winrar 5.80 - XML External Entity Injection

Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution

Siemens TIA Portal - Remote Command Execution

Android 7 < 9 - Remote Code Execution
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)
CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit)

MyBB < 1.8.21 - Remote Code Execution

Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation

Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)

Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery

Publisure Hybrid - Multiple Vulnerabilities

NetGain EM Plus 10.1.68 - Remote Command Execution

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection

WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion

DotNetNuke 9.3.2 - Cross-Site Scripting

VehicleWorkshop 1.0 - 'bookingid' SQL Injection
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload

WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion

WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting

WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
Joomla! 3.9.0 < 3.9.7 - CSV Injection
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
Wing FTP Server - Authenticated CSRF (Delete Admin)

WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification

UADMIN Botnet 1.0 - 'link' SQL Injection

Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload

Wordpress Plugin PicUploader 1.0 - Remote File Upload

PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution

WordPress Plugin Helpful 2.4.11 - SQL Injection

Prestashop 1.7.6.4 - Cross-Site Request Forgery

WordPress Plugin Simple File List 5.4 - Remote Code Execution

Library CMS Powerful Book Management System 2.2.0 - Session Fixation

Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection

Beauty Parlour Management System 1.0 - Authentication Bypass

Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)

Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes)

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
 2020-06-19 05:02:01 +00:00
Offensive Security
bb9f12afc7 DB: 2020-06-16 
3 changes to exploits/shellcodes

SOS JobScheduler 1.13.3 - Stored Password Decryption

Linux/ARM - execve /bin/dash Shellcode (32 bytes)
Linux/ARM - Bind (0.0.0.0:1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (100 bytes)
 2020-06-16 05:01:56 +00:00
Offensive Security
ccea007282 DB: 2020-05-01 
81 changes to exploits/shellcodes

WordPress 2.9 - Denial of Service
WordPress Core 2.9 - Denial of Service

Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)

IBM AIX 4.3.1 - 'adb' Denial of Service

Jzip -  Buffer Overflow (PoC) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
WordPress 4.0 - Denial of Service
WordPress < 4.0.1 - Denial of Service
WordPress Core 4.0 - Denial of Service
WordPress Core < 4.0.1 - Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

PHPFreeChat 1.7 - Denial of Service

XenForo 2 - CSS Loader Denial of Service

MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)

Windows PowerShell - Unsanitized Filename Command Execution
Microsoft Windows PowerShell - Unsanitized Filename Command Execution

QEMU - Denial of Service

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

FTP Navigator 8.03 -  'Custom Command' Denial of Service (SEH)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

FTPGetter Professional 5.97.0.223 -  Denial of Service (PoC)
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)

Tautulli 2.1.9 - Denial of Service (Metasploit)

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Cisco IP Phone 11.7 - Denial of service (PoC)

PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions  Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass

IBM AIX 4.3.1 - 'adb' Denial of Service

Systrace 1.x (Linux Kernel  x64) - Aware Local Privilege Escalation
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation

Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation

Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Pronestor Health Monitoring < 8.1.11.0  - Privilege Escalation
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation

Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

Linux Kernel 4.8.0-34 < 4.8.0-45  (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation

Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows NTFS - Privileged File Access Enumeration
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
Microsoft Windows NTFS - Privileged File Access Enumeration
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

_GCafé 3.0  - 'gbClienService' Unquoted Service Path
_GCafé 3.0 - 'gbClienService' Unquoted Service Path

Wondershare Application Framework Service - _WsAppService_  Unquote Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)

Bash 5.0 Patch 11 -  SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit

Windows - Shell COM Server Registrar Local Privilege Escalation
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation

Windows Kernel  - Information Disclosure
Microsoft Windows Kernel - Information Disclosure
NVIDIA Update Service Daemon 1.0.21  - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service  1.0.64.7  - 'Andrea ST Filters Service ' Unquoted Service Path
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path

Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)

WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)

Windows PowerShell ISE - Remote Code Execution
Microsoft Windows PowerShell ISE - Remote Code Execution

QEMU - Denial of Service

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

WordPress 1.2 - HTTP Splitting
WordPress Core 1.2 - HTTP Splitting

WordPress 1.5.1.1 - SQL Injection
WordPress Core 1.5.1.1 - SQL Injection

WordPress 1.5.1.1 - 'add new admin' SQL Injection
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection

WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress 1.5.1.3 - Remote Code Execution
WordPress 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress Core 1.5.1.3 - Remote Code Execution
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)

WordPress 2.0.5 - Trackback UTF-7 SQL Injection
WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection

WordPress 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection

WordPress 2.1.2 - 'xmlrpc' SQL Injection
WordPress Core 2.1.2 - 'xmlrpc' SQL Injection

WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing

WordPress 2.2 - 'xmlrpc.php' SQL Injection
WordPress Core 2.2 - 'xmlrpc.php' SQL Injection

WordPress 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload

WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities

WordPress 2.3.1 - Charset SQL Injection
WordPress Core 2.3.1 - Charset SQL Injection

Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection
Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection

WordPress 2.6.1 - SQL Column Truncation
WordPress Core 2.6.1 - SQL Column Truncation

WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)

WordPress 2.8.1 - 'url' Cross-Site Scripting
WordPress Core 2.8.1 - 'url' Cross-Site Scripting

WordPress 2.8.3 - Remote Admin Reset Password
WordPress Core 2.8.3 - Remote Admin Reset Password
WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

WordPress 2.9 - Failure to Restrict URL Access
WordPress Core 2.9 - Failure to Restrict URL Access

Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion

Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection

Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting

Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion

WordPress 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection

WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)

WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)

WordPress 3.1.3 - SQL Injection
WordPress Core 3.1.3 - SQL Injection

WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities

WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting

WordPress 1.5 - 'post.php' Cross-Site Scripting
WordPress Core 1.5 - 'post.php' Cross-Site Scripting

WordPress 2.0 - Comment Post HTML Injection
WordPress Core 2.0 - Comment Post HTML Injection

WordPress 2.0.5 - 'functions.php' Remote File Inclusion
WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion

WordPress 1.x/2.0.x - 'template.php' HTML Injection
WordPress Core 1.x/2.0.x - 'template.php' HTML Injection

WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress 2.1.1 - 'post.php' Cross-Site Scripting
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting
WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress 2.1.1 - Arbitrary Command Execution
WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress Core 2.1.1 - Arbitrary Command Execution
WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution

WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting

WordPress 2.2 - 'Request_URI' Cross-Site Scripting
WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting

WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting

WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting

WordPress 2.3.1 - Unauthorized Post Access
WordPress Core 2.3.1 - Unauthorized Post Access

WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting

WordPress 2.3.3 - 'cat' Directory Traversal
WordPress Core 2.3.3 - 'cat' Directory Traversal

WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 4.2 - Persistent Cross-Site Scripting
WordPress Core 4.2 - Persistent Cross-Site Scripting

WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities

WordPress 3.4.2 - Cross-Site Request Forgery
WordPress Core 3.4.2 - Cross-Site Request Forgery

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery

WordPress 4.5.3 - Directory Traversal / Denial of Service
WordPress Core 4.5.3 - Directory Traversal / Denial of Service

PHPFreeChat 1.7 - Denial of Service
WordPress 4.7.0/4.7.1 - Content Injection (Python)
WordPress 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)

WordPress < 4.7.1 - Username Enumeration
WordPress Core < 4.7.1 - Username Enumeration

WordPress Multiple Plugins - Arbitrary File Upload
Multiple  WordPress Plugins - Arbitrary File Upload

Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download

Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal

Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection

Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
WordPress 4.6 - Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
WordPress Core 4.6 - Remote Code Execution
WordPress Core < 4.7.4 - Unauthorized Password Reset

XenForo 2 - CSS Loader Denial of Service

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion

Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)

Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)

MikroTik 6.41.4 - FTP daemon Denial of Service PoC

Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting

Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla! Component Ek Rishta 2.10 - SQL Injection

Raisecom  XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection

Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection

Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection

Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting

WordPress CherryFramework Themes 3.1.4 - Backup File Download
WordPress Theme CherryFramework 3.1.4 - Backup File Download

WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting

Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing

Jenkins 2.150.2 -  Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Simple Online Hotel Reservation System  - SQL Injection
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

phpBB 3.2.3  - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution

60CycleCMS  - 'news.php' SQL Injection
60CycleCMS - 'news.php' SQL Injection

Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC

WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting

Centreon 19.04  - Remote Code Execution
Centreon 19.04 - Remote Code Execution

WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery

Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection

WordPress 5.2.3 - Cross-Site Host Modification
WordPress Core 5.2.3 - Cross-Site Host Modification

Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution

WordPress Arforms 3.7.1 - Directory Traversal
WordPress Plugin Arforms 3.7.1 - Directory Traversal
WordPress Plugin  FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin  Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin  Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0  - Remote Code Execution
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution

Joomla 3.9.13 - 'Host' Header Injection
Joomla! 3.9.13 - 'Host' Header Injection

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

NopCommerce 4.2.0 -  Privilege Escalation
NopCommerce 4.2.0 - Privilege Escalation

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Online Book Store 1.0 -  'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal ( Metasploit )
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal (Metasploit)

Tautulli 2.1.9 - Denial of Service ( Metasploit )
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass

LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash  LMS 3.1.2 - Reflective Cross-Site Scripting

WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)

Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting

Cacti 1.2.8 - Authenticated  Remote Code Execution
Cacti 1.2.8 - Authenticated Remote Code Execution

Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)

Wordpress Plugin Search Meter 2.13.2 - CSV injection
WordPress Plugin Search Meter 2.13.2 - CSV injection

Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection

Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion

Oracle WebLogic Server 12.2.1.4.0  -  Remote Code Execution
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution

Cisco IP Phone 11.7 - Denial of service (PoC)

Linux/ARM -  Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)

Linux/x86 - Rabbit Encoder Shellcode  (200 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
 2020-05-01 05:02:03 +00:00
Offensive Security
7b87f30fbc DB: 2020-04-25 
5 changes to exploits/shellcodes

Popcorn Time 6.2 - 'Update service' Unquoted Service Path
EspoCRM 5.8.5 - Privilege Escalation
Edimax EW-7438RPn 1.13 - Remote Code Execution
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
 2020-04-25 05:01:51 +00:00
Offensive Security
1c5c38825d DB: 2020-04-22 
10 changes to exploits/shellcodes

Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation

WordPress 2.0.2 - 'cache' Remote Shell Injection
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption
WordPress Core 2.0.2 - 'cache' Remote Shell Injection
CSZ CMS 1.2.7 - Persistent Cross-Site Scripting
PMB 5.6 - 'logid' SQL Injection
CSZ CMS 1.2.7 - 'title' HTML Injection
IQrouter 3.3.1 Firmware - Remote Code Execution
NSClient++ 0.5.2.35 - Authenticated Remote Code Execution
jizhi CMS 1.6.7 - Arbitrary File Download
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)

Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
 2020-04-22 05:01:47 +00:00
Offensive Security
606ad946d3 DB: 2020-03-26 
7 changes to exploits/shellcodes

AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path
10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path
10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)

Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting
Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
Joomla! Component GMapFP 3.30 - Arbitrary File Upload
LeptonCMS 4.5.0 - Persistent Cross-Site Scripting

Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
 2020-03-26 05:01:48 +00:00
Offensive Security
b84d953124 DB: 2020-03-24 
10 changes to exploits/shellcodes

ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)

CyberArk PSMP 10.9.1 - Policy Restriction Bypass

PHPMailer < 5.2.18 - Remote Code Execution (Bash)
FIBARO System Home Center 5.021 - Remote File Include
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection

Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
 2020-03-24 05:01:50 +00:00
Offensive Security
85cdf30cea DB: 2020-03-19 
7 changes to exploits/shellcodes

NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path
Microsoft VSCode Python Extension - Code Execution
VMWare Fusion - Local Privilege Escalation

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

Netlink GPON Router 1.0.11 - Remote Code Execution

Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
 2020-03-19 05:01:49 +00:00
Offensive Security
cf92ea269e DB: 2020-02-25 
22 changes to exploits/shellcodes

Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)
Go SSH servers 0.0.2 - Denial of Service (PoC)
Android Binder - Use-After-Free (Metasploit)
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)

Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
Real Web Pentesting Tutorial Step by Step - [Persian]
AMSS++ v 4.31 - 'id' SQL Injection
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
AMSS++ 4.7 - Backdoor Admin Account
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
ATutor 2.2.4 - 'id' SQL Injection
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
eLection 2.0 - 'id' SQL Injection
DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 - File Upload Restrictions Bypass
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
Cacti 1.2.8 - Remote Code Execution

Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
 2020-02-25 05:01:52 +00:00
Offensive Security
8cbf7883c1 DB: 2020-02-11 
11 changes to exploits/shellcodes

Dota 2 7.23f - Denial of Service (PoC)
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
Ricoh Driver - Privilege Escalation (Metasploit)
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting

Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
 2020-02-11 05:02:02 +00:00
Offensive Security
9f56865d3d DB: 2020-01-31 
3 changes to exploits/shellcodes

OpenSMTPD 6.6.2 - Remote Code Execution

rConfig 3.9.3 - Authenticated Remote Code Execution

Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
 2020-01-31 05:02:01 +00:00
Offensive Security
82e6691834 DB: 2020-01-23 
4 changes to exploits/shellcodes

KeePass 2.44 - Denial of Service (PoC)

Citrix XenMobile Server 10.8 - XML External Entity Injection

Windows/7 - Screen Lock Shellcode (9 bytes)
 2020-01-23 05:02:01 +00:00
Offensive Security
c7085a57b4 DB: 2020-01-09 
9 changes to exploits/shellcodes

Cisco DCNM JBoss 10.4 - Credential Leakage
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
ASTPP VoIP 4.0.1 - Remote Code Execution
JetBrains TeamCity 2018.2.4 - Remote Code Execution
Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting
Online Book Store 1.0 - Unauthenticated Remote Code Execution
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape
Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)

Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
 2020-01-09 05:02:04 +00:00
Offensive Security
95c6eeab79 DB: 2020-01-07 
33 changes to exploits/shellcodes

NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
SpotIE 2.9.5 - 'Key' Denial of Service (PoC)
Dnss Domain Name Search Software - 'Key' Denial of Service (PoC)
BlueAuditor 1.7.2.0 - 'Name' Denial of Service (PoC)
ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service (PoC)
NetShareWatcher 1.5.8.0 - 'Key' Denial of Service (PoC)
Dnss Domain Name Search Software - 'Name' Denial of Service (PoC)
TextCrawler Pro3.1.1 - Denial of Service (PoC)
RemShutdown 2.9.0.0 - 'Key' Denial of Service (PoC)
Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service (PoC)
RemShutdown 2.9.0.0 - 'Name' Denial of Service (PoC)
NBMonitor 1.6.6.0 - 'Key' Denial of Service (PoC)
Office Product Key Finder 1.5.4 - Denial of Service (PoC)
SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service (PoC)
SpotMSN 2.4.6 - 'Name' Denial of Service (PoC)
SpotIM 2.2 - 'Name' Denial Of Service
FTPGetter Professional 5.97.0.223 -  Denial of Service (PoC)
Duplicate Cleaner Pro 4 - Denial of Service (PoC)
Microsoft Outlook VCF cards - Denial of Service (PoC)
Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path
Windows - Shell COM Server Registrar Local Privilege Escalation
Dairy Farm Shop Management System 1.0 - 'username' SQL Injection
Complaint Management System 4.0 - 'cid' SQL injection
IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting
Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)
Hostel Management System 2.0 - 'id' SQL Injection
elaniin CMS 1.0 - Authentication Bypass
Small CRM 2.0 - Authentication Bypass
Voyager 1.3.0 - Directory Traversal
Codoforum 4.8.3 - Persistent Cross-Site Scripting
Django < 3.0 < 2.2 < 1.11 - Account Hijack

Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
 2020-01-07 05:02:07 +00:00
Offensive Security
b92604bb93 DB: 2019-12-18 
7 changes to exploits/shellcodes

D-Link DIR-615 Wireless Router  -  Persistent Cross-Site Scripting
Roxy Fileman 1.4.5 - Directory Traversal
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting
Netgear R6400 - Remote Code Execution
NopCommerce 4.2.0 -  Privilege Escalation

Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)
 2019-12-18 05:02:05 +00:00
Offensive Security
caad53ed8d DB: 2019-10-31 
6 changes to exploits/shellcodes

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
Ajenti 2.1.31 - Remote Code Exection (Metasploit)
Citrix StoreFront Server 7.15 - XML External Entity Injection
iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure

Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
 2019-10-31 05:01:41 +00:00
Offensive Security
a464ad083a DB: 2019-10-23 
5 changes to exploits/shellcodes

winrar 5.80 - XML External Entity Injection
Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)
Moxa EDR-810 - Command Injection / Information Disclosure

Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
 2019-10-23 05:01:41 +00:00
Offensive Security
588067072a DB: 2019-10-17 
15 changes to exploits/shellcodes

sudo 1.8.28 - Security Bypass
sudo 1.2.27 - Security Bypass
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path
X.Org X Server 1.20.4 - Local Stack Overflow
LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
Solaris xscreensaver 11.4 - Privilege Escalation
Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path

Whatsapp 2.19.216 - Remote Code Execution
Accounts Accounting 7.02 - Persistent Cross-Site Scripting
CyberArk Password Vault 10.6 - Authentication Bypass

Linux/x86 -  Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
 2019-10-17 05:01:44 +00:00
Offensive Security
c4b3e48aea DB: 2019-10-11 
10 changes to exploits/shellcodes

Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit_ DEP Bypass)

freeFTP 1.0.8 - Remote Buffer Overflow
freeFTP 1.0.8 - 'PASS' Remote Buffer Overflow
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
TP-Link TL-WR1043ND 2 - Authentication Bypass

Linux/x86 -  Add User to /etc/passwd Shellcode (59 bytes)
 2019-10-11 05:01:46 +00:00
Offensive Security
54bc76dcfd DB: 2019-10-09 
3 changes to exploits/shellcodes

vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution
vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution
Zabbix 4.4 - Authentication Bypass
vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution

Linux/ARM - Fork Bomb Shellcode (20 bytes)
 2019-10-09 05:01:45 +00:00
Offensive Security
0486c1c8ad DB: 2019-10-05 
4 changes to exploits/shellcodes

Android - Binder Driver Use-After-Free

PHP 7.1 < 7.3 - disable_functions Bypass
PHP 7.1 < 7.3 - 'json serializer' Disable Functions Bypass
LabCollector 5.423 - SQL Injection
PHP 7.0 < 7.3 (Unix) - 'gc' Disable Functions Bypass

Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)
 2019-10-05 05:01:46 +00:00
Offensive Security
432e1efb44 DB: 2019-09-18 
1 changes to exploits/shellcodes

Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes)
 2019-09-18 05:02:14 +00:00
Offensive Security
ad97ff4198 DB: 2019-09-07 
3 changes to exploits/shellcodes

SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation

Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation

Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2)

Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3)

SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
FusionPBX 4.4.8 - Remote Code Execution

Inventory Webapp - 'itemquery' SQL injection

Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)
 2019-09-07 05:02:21 +00:00
Offensive Security
835218237b DB: 2019-09-06 
2 changes to exploits/shellcodes

AwindInc SNMP Service - Command Injection (Metasploit)

Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
 2019-09-06 05:02:26 +00:00
Offensive Security
0a59eb70a8 DB: 2019-08-21 
3 changes to exploits/shellcodes

SilverSHielD 6.x - Local Privilege Escalation

WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery

Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes)
Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (129 bytes)
Linux/x86_64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (120 bytes)

Linux/MIPS64 - Reverse (localhost:4444/TCP) Shell Shellcode (157 bytes)
 2019-08-21 05:02:32 +00:00
Offensive Security
c0ff0bbedd DB: 2019-08-20 
10 changes to exploits/shellcodes

RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service
Kimai 2 - Persistent Cross-Site Scripting
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
Neo Billing 3.5 - Persistent Cross-Site Scripting
Webmin 1.920 - Remote Code Execution
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection

Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes)
Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)
Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)
 2019-08-20 05:02:44 +00:00
Offensive Security
998fb1eeec DB: 2019-08-14 
6 changes to exploits/shellcodes

Steam Windows Client - Local Privilege Escalation
Agent Tesla Botnet - Arbitrary Code Execution
AZORult Botnet - SQL Injection

Linux/Tru64 alpha - execve(/bin/sh) Shellcode (108 bytes)
Linux/x86 - execve(_/bin/sh_) + tolower() Shellcode
Linux/x86 - Multiple In-Memory Modules (Prompt + Privilege Restore + Break­ Chroot Jail + Backdoor) + Signature Evasion Shellcode
 2019-08-14 05:02:24 +00:00
Offensive Security
a32e028b88 DB: 2019-08-13 
17 changes to exploits/shellcodes

VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
Linux - Use-After-Free Reads in show_numa_stats()
WebKit - UXSS via XSLT and Nested Document Replacements

Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Formula Injection
osTicket 1.12 - Persistent Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection

Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)

Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)

Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
 2019-08-13 05:02:31 +00:00
Offensive Security
2b7a0122f2 DB: 2019-08-02 
6 changes to exploits/shellcodes

Ultimate Loan Manager 2.0 - Cross-Site Scripting
WebIncorp ERP - SQL injection
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery

Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes)
Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)
Linux/x86 - Force Reboot Shellcode (51 bytes)
 2019-08-02 05:02:24 +00:00
Offensive Security
852694f982 DB: 2019-07-30 
6 changes to exploits/shellcodes

Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)
WP Database Backup < 5.2 - Remote Code Execution (Metasploit)
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting
GigToDo 1.3 - Cross-Site Scripting

Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode
 2019-07-30 05:02:12 +00:00
Offensive Security
5c06a41d94 DB: 2019-07-24 
1 changes to exploits/shellcodes

Linux/x86_64 - Wget Linux Enumeration Script Shellcode (155 Bytes)
 2019-07-24 05:02:23 +00:00
Offensive Security
978c16266a DB: 2019-07-13 
9 changes to exploits/shellcodes

Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData

SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow
Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation

Xymon 4.3.25 - useradm Command Execution (Metasploit)
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
Sahi Pro 8.0.0 - Remote Command Execution
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution

Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)
 2019-07-13 05:02:17 +00:00
Offensive Security
1a13989f12 DB: 2019-07-04 
5 changes to exploits/shellcodes

Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)

Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)

AZADMIN CMS 1.0 - SQL Injection
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection

Symantec DLP 15.5 MP1 - Cross-Site Scripting

Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-04 05:01:54 +00:00
Offensive Security
808010b53f DB: 2019-07-03 
2 changes to exploits/shellcodes

Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit)

Linux Mint 18.3-19.1 - 'yelp' Command Injection
Linux Mint 18.3-19.1 - 'yelp' Command Injection (Metasploit)

Centreon 19.04  - Remote Code Execution

Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-03 05:01:50 +00:00
Offensive Security
4afcc04eda DB: 2019-07-02 
24 changes to exploits/shellcodes

Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-02 05:01:50 +00:00
Offensive Security
9606e3cf85 DB: 2019-06-30 2019-06-30 05:01:52 +00:00
Offensive Security
70484f5916 DB: 2019-06-29 
3 changes to exploits/shellcodes

LibreNMS 1.46 - 'addhost' Remote Code Execution

Windows/x86 - Start iexplore.exe Shellcode (191 Bytes)
Linux/x86 - chmod + execute + hide output via /usr/bin/wget Shellcode (129 bytes)
 2019-06-29 05:01:51 +00:00
Offensive Security
5632d13fea DB: 2019-06-28 
2 changes to exploits/shellcodes

Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
Linux/x86_64 - Reverse (0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
Linux/x86 - ASCII AND_ SUB_ PUSH_ POPAD Encoder Shellcode
Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe _c:\evil.exe_) Shellcode (210 Bytes)
 2019-06-28 05:01:52 +00:00
Offensive Security
97334ae3af DB: 2019-06-25 
9 changes to exploits/shellcodes

GSearch 1.0.1.0 - Denial of Service (PoC)
Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation
dotProject 2.1.9 - SQL Injection
SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting
SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting
SeedDMS versions < 5.1.11 - Remote Command Execution
GrandNode 4.40 - Path Traversal / Arbitrary File Download

Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
 2019-06-25 05:01:51 +00:00
Offensive Security
745971e212 DB: 2019-06-19 
5 changes to exploits/shellcodes

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
Sahi pro 7.x/8.x - Directory Traversal
Sahi pro 8.x - SQL Injection
Sahi pro 8.x - Cross-Site Scripting

Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)
 2019-06-19 05:01:55 +00:00
Offensive Security
8cbfa5df7f DB: 2019-06-18 
13 changes to exploits/shellcodes

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
 2019-06-18 05:01:54 +00:00
Offensive Security
51bf94ed48 DB: 2019-06-11 
5 changes to exploits/shellcodes

Ubuntu 18.04 - 'lxd' Privilege Escalation

UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting

Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)
 2019-06-11 05:01:53 +00:00
Offensive Security
85fbab2de4 DB: 2019-06-08 
5 changes to exploits/shellcodes

Nvidia GeForce Experience Web Helper - Command Injection
Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)

Exim 4.87 < 4.91 - (Local / Remote) Command Execution

Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
 2019-06-08 05:01:56 +00:00
Offensive Security
970f7b1104 DB: 2019-05-24 
18 changes to exploits/shellcodes

macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
NetAware 1.20 - 'Add Block' Denial of Service (PoC)
NetAware 1.20 - 'Share Name' Denial of Service (PoC)
Terminal Services Manager 3.2.1 - Denial of Service
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free
Microsoft Windows 10 (17763.379) - Install DLL
Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation
Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)
Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation
Microsoft Internet Explorer 11 - Sandbox Escape
Microsoft Windows - 'Win32k' Local Privilege Escalation

Axis Network Camera - .srv to parhand RCE (Metasploit)
Axis Network Camera - .srv to parhand Remote Code Execution (Metasploit)

HP Intelligent Management - Java Deserialization RCE (Metasploit)
HP Intelligent Management - Java Deserialization Remote Code Execution (Metasploit)

Erlang - Port Mapper Daemon Cookie RCE (Metasploit)
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)

CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit)
CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit)
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)
Pimcore < 5.71 - Unserialize RCE (Metasploit)
AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit)
Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit)

Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)

Nagios XI 5.6.1 - SQL injection

BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes)
BSD/x86 - setuid(0) + Bind (31337/TCP) Shell (/bin/sh) Shellcode (94 bytes)

Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes)
Linux/x86 - Flush IPTables Rules (execve(/sbin/iptables -F)) Shellcode (70 bytes)

Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables --flush) Shellcode (69 bytes)

Linux/x86 - iptables --flush Shellcode (43 bytes)
Linux/x86 - Flush IPTables Rules (iptables --flush) Shellcode (43 bytes)

Linux/x86 - iptables -F Shellcode (43 bytes)
Linux/x86 - Flush IPTables Rules (iptables -F) Shellcode (43 bytes)

Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)
Linux/x86 - Reverse (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)

Linux/x86 - Reverse TCP (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes)
Linux/x86 - Reverse (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes)

Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes)

Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes)
macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)
macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)
macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)
Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)
Apple macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)
Apple macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)

Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (63 bytes)

Linux/x86 - Add User (sshd/root) to Passwd File Shellcode (149 bytes)
Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes)
Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)
Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes)
Linux/x86 - Rabbit Shellcode Crypter (200 bytes)
Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper
Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes)
Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes)
Linux/ARM - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (S59!) + Null-Free Shellcode (100 bytes)
Linux/x86 - Rabbit Encoder Shellcode  (200 bytes)
Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes)
Linux/x86 - OpenSSL Encrypt (aes256cbc) Files (test.txt) Shellcode (185 bytes)
Linux/x86 - shred file Shellcode (72 bytes)
Linux/x86 - execve /bin/sh Shellcode (20 bytes)
Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
Linux x86_64 - Delete File Shellcode (28 bytes)
Linux/x86 - Shred file (test.txt) Shellcode (72 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (20 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (43 bytes)
Linux/x86_64 - Delete File (test.txt) Shellcode (28 bytes)
Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)
 2019-05-24 05:02:03 +00:00
Offensive Security
44198f828c DB: 2019-05-21 
16 changes to exploits/shellcodes

Huawei eSpace Meeting 1.1.11.103 - 'cenwpoll.dll' SEH Buffer Overflow (Unicode)
Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow
Huawei eSpace 1.1.11.103 - 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow
Encrypt PDF 2.3 - Denial of Service (PoC)
PCL Converter 2.7 - Denial of Service (PoC)
docPrint Pro 8.0 - Denial of Service (PoC)
AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC)
BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service (PoC)
BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service (PoC)

xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)
xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation
Huawei eSpace 1.1.11.103 - DLL Hijacking
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)

eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution

Linux x86_64 - Delete File Shellcode (28 bytes)
 2019-05-21 05:02:05 +00:00
Offensive Security
945107caf5 DB: 2019-05-14 
10 changes to exploits/shellcodes

SpotMSN 2.4.6 - Denial of Service (PoC)
DNSS 2.1.8 - Denial of Service (PoC)
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write

TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
SOCA Access Control System 180612 - Information Disclosure
SOCA Access Control System 180612 - SQL Injection
SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)
XOOPS 2.5.9 - SQL Injection
OpenProject 5.0.0 - 8.3.1 - SQL Injection

Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
 2019-05-14 05:01:58 +00:00