Offensive Security
538da000af
DB: 2017-10-24
...
10 new exploits
FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service
FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service
NetBSD FTPd / Tnftpd - Remote Stack Overflow (PoC)
NetBSD - 'FTPd / Tnftpd' Remote Stack Overflow (PoC)
FreeBSD 6/8 - ata device Local Denial of Service
FreeBSD 6/8 - ata Device Local Denial of Service
FreeBSD 7.2 - pecoff executable Local Denial of Service
FreeBSD 7.2 - 'pecoff' Local Denial of Service
FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service
FreeBSD / OpenBSD - 'ftpd' Null Pointer Dereference Denial of Service
FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off-By-One (PoC)
FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)
FreeBSD Kernel - 'mountnfs()' Exploit
FreeBSD - 'mountnfs()' Exploit
FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition
FreeBSD 8.1/7.3 - 'vm.pmap' Local Race Condition
Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service
BSD/Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service
FreeBSD 3.0/3.1/3.2 vfs_cache - Denial of Service
FreeBSD 3.0/3.1/3.2 - 'vfs_cache' Denial of Service
FreeBSD Kernel - SCTP Remote NULL Ptr Dereference Denial of Service
FreeBSD - SCTP Remote NULL Ptr Dereference Denial of Service
OpenBSD 3.3/3.4 sysctl - Local Denial of Service
OpenBSD 3.3/3.4 - 'sysctl' Local Denial of Service
FreeBSD 9.1 ftpd - Remote Denial of Service
FreeBSD 9.1 - 'ftpd' Remote Denial of Service
FreeBSD 6.0/6.1 Ftrucante - Local Denial of Service
FreeBSD 6.0/6.1 - Ftrucante Local Denial of Service
NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow
NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow
Multiple BSD Distributions - 'strfmon()' Integer Overflow
BSD (Multiple Distributions) - 'strfmon()' Integer Overflow
Multiple BSD Distributions - 'gdtoa/misc.c' Memory Corruption
BSD (Multiple Distributions) - 'gdtoa/misc.c' Memory Corruption
Multiple BSD Distributions - 'printf(3)' Memory Corruption
BSD (Multiple Distributions) - 'printf(3)' Memory Corruption
FreeBSD Kernel - Multiple Vulnerabilities
FreeBSD - Multiple Vulnerabilities
FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow
FreeBSD 10.2 (x64) - 'amd64_set_ldt' Heap Overflow
ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service
FreeBSD 3.5.1/4.2 - ports package xklock Privilege Escalation
FreeBSD 3.5.1/4.2 - Ports Package elvrec Privilege Escalation
FreeBSD 3.5.1/4.2 - Ports Package 'xklock' Privilege Escalation
FreeBSD 3.5.1/4.2 - Ports Package 'elvrec' Privilege Escalation
OpenBSD ftp - Exploit
OpenBSD - 'ftp' Exploit
FreeBSD /usr/bin/top - Format String
FreeBSD - '/usr/bin/top' Format String
FreeBSD 4.x / < 5.4 - master.passwd Disclosure
FreeBSD 4.x / < 5.4 - 'master.passwd' Disclosure
FreeBSD mcweject 0.9 (eject) - Buffer Overflow Privilege Escalation
FreeBSD mcweject 0.9 'Eject' - Buffer Overflow Privilege Escalation
Oracle 10g - CTX_DOC.MARKUP SQL Injection
Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection
FreeBSD 6x/7 protosw Kernel - Privilege Escalation
FreeBSD 6x/7 - 'protosw' Privilege Escalation
FreeBSD 7.0-RELEASE Telnet Daemon - Privilege Escalation
FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation
FreeBSD 7.0/7.1 - 'ktimer' Kernel Privilege Escalation
FreeBSD 7.0/7.1 - 'ktimer' Privilege Escalation
FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation
FreeBSD 7.0/7.1 - 'vfs.usermount' Privilege Escalation
Multiple BSD Distributions - 'setusercontext()' Vulnerabilities
BSD (Multiple Distributions) - 'setusercontext()' Vulnerabilities
FreeBSD Kernel - 'nfs_mount()' Exploit
FreeBSD - 'nfs_mount()' Exploit
FreeBSD 5.4-RELEASE ftpd 6.00LS - sendfile kernel mem-leak Exploit
FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak Exploit
Sun Solaris 7.0 sdtcm_convert - Exploit
Sun Solaris 7.0 - 'sdtcm_convert' Exploit
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (3)
BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - rlogin Exploit
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (1)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (2)
BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (3)
BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit
NetBSD 1.3.2 / SGI IRIX 6.5.1 at(1) - Exploit
NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Exploit
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (1)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (2)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1)
Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (1)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (2)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (1)
BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2)
BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon
BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit
FreeBSD 3.3 gdc - Buffer Overflow
FreeBSD 3.3 gdc - Symlink Exploit
FreeBSD 3.3 - Seyon setgid dialer
FreeBSD 3.3 xmindpath - Buffer Overflow
FreeBSD 3.3 angband - Buffer Overflow
FreeBSD 3.3 - 'gdc' Buffer Overflow
FreeBSD 3.3 - 'gdc' Symlink Exploit
FreeBSD 3.3 - Seyon setgid Dialer
FreeBSD 3.3 - 'xmindpath' Buffer Overflow
FreeBSD 3.3 - 'angband' Buffer Overflow
FreeBSD 3.0/3.1/3.2/3.3/3.4 Asmon/Ascpu - Exploit
FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Exploit
BSD mailx 8.1.1-10 - Buffer Overflow (1)
BSD mailx 8.1.1-10 - Buffer Overflow (2)
BSD 'mailx' 8.1.1-10 - Buffer Overflow (1)
BSD 'mailx' 8.1.1-10 - Buffer Overflow (2)
OpenBSD 2.x - fstat Format String
OpenBSD 2.x - 'fstat' Format String
BSD lpr 0.54 -4 - Arbitrary Command Execution
BSD 'lpr' 0.54 -4 - Arbitrary Command Execution
FreeBSD 3.5/4.x /usr/bin/top - Format String
FreeBSD 3.5/4.x - '/usr/bin/top' Format String
Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure
Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure
BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)
BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)
BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)
BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)
BSD Kernel - SHMAT System Call Privilege Escalation
BSD - SHMAT System Call Privilege Escalation
Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation
Linux Kernel < 3.8.x - open-time Capability 'file_ns_capable()' Privilege Escalation
FreeBSD 9.0 < 9.1 mmap/ptrace - Privilege Escalation
FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Privilege Escalation
NetBSD mail.local(8) - Privilege Escalation (Metasploit)
NetBSD - 'mail.local(8)' Privilege Escalation (Metasploit)
OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing
OpenBSD 3.9/4.0 - 'ld.so' Local Environment Variable Clearing
FreeBSD 7.1 libc - Berkley DB Interface Uninitialized Memory Local Information Disclosure
FreeBSD 7.1 - libc Berkley DB Interface Uninitialized Memory Local Information Disclosure
Apple Mac OSX 10.10 - DYLD_PRINT_TO_FILE Privilege Escalation
Apple Mac OSX 10.10 - 'DYLD_PRINT_TO_FILE' Privilege Escalation
Apple Mac OSX 10.10.5 - XNU Privilege Escalation
Apple Mac OSX 10.10.5 - 'XNU' Privilege Escalation
Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation
Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation
Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit)
Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation (Metasploit)
NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006)
NetBSD - 'mail.local(8)' Privilege Escalation
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege Escalation
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Privilege Escalation
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Privilege Escalation
Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation
BSD TelnetD - Remote Command Execution (1)
BSD - 'TelnetD' Remote Command Execution (1)
ftpd / ProFTPd (FreeBSD) - Remote Command Execution
FreeBSD - 'ftpd / ProFTPd' Remote Command Execution
FreeBSD Telnet Service - Encryption Key ID Buffer Overflow (Metasploit)
FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit)
BSD 4.2 fingerd - Buffer Overflow
BSD 4.2 - 'fingerd' Buffer Overflow
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (1)
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (2)
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (1)
BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (2)
BSD TelnetD - Remote Command Execution (2)
BSD - 'TelnetD' Remote Command Execution (2)
FreeBSD 3.x/4.x - ipfw Filtering Evasion
FreeBSD 3.x/4.x - 'ipfw' Filtering Evasion
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow
FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Buffer Overflow
FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Vulnerabilities
Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - TelnetD Buffer Overflow
Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Buffer Overflow
NetBSD 1.x TalkD - User Validation
NetBSD 1.x - 'TalkD' User Validation
tnftp - clientside BSD Exploit
tnftp (FreeBSD 8/9/10) - 'tnftp' Client Eide Exploit
Ayukov NFTP FTP Client < 2.0 - Buffer Overflow
Unitrends UEB 9 - http api/storage Remote Root (Metasploit)
Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)
Polycom - Command Shell Authorization Bypass (Metasploit)
Joomla! Component Photo Blog alpha 3 - alpha 3a SQL Injection
Joomla! Component Photo Blog alpha 3 < alpha 3a - SQL Injection
cPanel 10.9 - dosetmytheme 'theme' Cross-Site Scripting
cPanel 10.9 - 'dosetmytheme?theme' Cross-Site Scripting
Korean GHBoard - Component/upload.jsp Unspecified Arbitrary File Upload
Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload
TP-Link TL-MR3220 - Cross-Site Scripting
Logitech Media Server - Cross-Site Scripting
CometChat < 6.2.0 BETA 1 - Local File Inclusion
Kaltura < 13.1.0 - Remote Code Execution
2017-10-24 05:02:00 +00:00
Offensive Security
7de3f31675
DB: 2017-10-21
...
9 new exploits
Too many to list!
2017-10-21 05:01:31 +00:00
Offensive Security
5d67bcf186
DB: 2017-10-19
...
5 new exploits
Too many to list!
2017-10-19 05:01:29 +00:00
Offensive Security
519f2f59ba
DB: 2017-10-18
...
19 new exploits
Mozilla (Firefox 1.0.7) (Mozilla 1.7.12) - Denial of Service
Mozilla Firefox 1.0.7 (Mozilla 1.7.12) - Denial of Service
Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution
Microsoft Excel - OLE Arbitrary Code Execution
Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass
Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns
Microsoft Edge Chakra - Accesses to Uninitialized Pointers in 'StackScriptFunction::BoxState::Box'
Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags
Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure
Linux Kernel - 'AF_PACKET' Use-After-Free
shadowsocks-libev 3.1.0 - Command Execution
Shadowsocks - Log File Command Execution
ModSecurity - POST Parameters Security Bypass
ModSecurity - 'POST' Security Bypass
Apple iOS 10.2 (14C92) - Remote Code Execution
Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)
Windows x64 - API Hooking Shellcode (117 bytes)
ALiCE-CMS 0.1 - (CONFIG[local_root]) Remote File Inclusion
ALiCE-CMS 0.1 - 'CONFIG[local_root]' Remote File Inclusion
PHPRecipeBook 2.35 - (g_rb_basedir) Remote File Inclusion
PHPRecipeBook 2.35 - 'g_rb_basedir' Remote File Inclusion
Brim 1.2.1 - (renderer) Multiple Remote File Inclusion
Brim 1.2.1 - 'renderer' Multiple Remote File Inclusion
GNUBoard 4.33.02 - 'tp.php' PATH_INFO SQL Injection
GNUBoard 4.33.02 - 'tp.php PATH_INFO' SQL Injection
3CX Phone System 15.5.3554.1 - Directory Traversal
OpenText Documentum Content Server - Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
OpenText Documentum Content Server - dmr_content Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
2017-10-18 05:01:30 +00:00
Offensive Security
461226bd00
DB: 2017-10-17
...
3 new exploits
Microsoft Office - HtmlDlgHelper Class Memory Corruption (MS10-071)
Microsoft Office - 'HtmlDlgHelper' Class Memory Corruption (MS10-071)
Xcode OpenBase 9.1.5 (OSX) - (Root File Create) Privilege Escalation
Xcode OpenBase 9.1.5 (OSX) - Privilege Escalation (Root File Create)
Linux modutils 2.3.9 - modprobe Arbitrary Command Execution
Linux modutils 2.3.9 - 'modprobe' Arbitrary Command Execution
Jan Hubicka Koules 1.4 - Svgalib Buffer Overflow
Jan Hubicka Koules 1.4 - 'Svgalib' Buffer Overflow
Internet Security Systems 3.6 - ZWDeleteFile Function Arbitrary File Deletion
Internet Security Systems 3.6 - 'ZWDeleteFile()' Arbitrary File Deletion
Muhammad A. Muquit wwwcount 2.3 - Count.cgi Buffer Overflow
Muhammad A. Muquit wwwcount 2.3 - 'Count.cgi' Buffer Overflow
Asterisk 'asterisk-addons' 1.2.7/1.4.3 CDR_ADDON_MYSQL Module - SQL Injection
Asterisk 'asterisk-addons' 1.2.7/1.4.3 - CDR_ADDON_MYSQL Module SQL Injection
Comdev One Admin 4.1 - Adminfoot.php Remote Code Execution
Simplog 0.9.3.1 - comments.php SQL Injection
Comdev One Admin 4.1 - 'Adminfoot.php' Remote Code Execution
Simplog 0.9.3.1 - 'comments.php' SQL Injection
Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal
AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery
Webmin 1.850 - Multiple Vulnerabilities
2017-10-17 05:01:30 +00:00
Offensive Security
3cfdd1cc27
DB: 2017-10-12
...
5 new exploits
MultiTheftAuto 0.5 patch 1 - Server Crash and MOTD Deletion Exploit
MultiTheftAuto 0.5 patch 1 - Server Crash / MOTD Deletion Exploit
Amaya Web Editor 11.0 - XML and HTML parser Vulnerabilities
Amaya Web Editor 11.0 - XML / HTML Parser Vulnerabilities
Apple Safari & QuickTime - Denial of Service
Apple Safari / QuickTime - Denial of Service
Real Helix DNA - RTSP and SETUP Request Handler Vulnerabilities
Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities
Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities
Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities
Novell Netware - CIFS And AFP Remote Memory Consumption Denial of Service
Novell Netware - CIFS and AFP Remote Memory Consumption Denial of Service
Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities
Multiple Adobe Products - XML External Entity / XML Injection Vulnerabilities
Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow
Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow
Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption
Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption
Mozilla Firefox - Interleaving document.write and appendChild Denial of Service
Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Denial of Service
Avirt Mail 4.0/4.2 - 'Mail From:' and 'Rcpt to:' Denial of Service
Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service
BRS Webweaver 1.0 4 - POST and HEAD Denial of Service
BRS Webweaver 1.0 4 - POST / HEAD Denial of Service
Microsoft IIS 5.0 - WebDAV PROPFIND and SEARCH Method Denial of Service
Microsoft IIS 5.0 - WebDAV PROPFIND / SEARCH Method Denial of Service
Microsoft Internet Explorer 5.0.1 - Malformed IMG and XML Parsing Denial of Service
Microsoft Internet Explorer 5.0.1 - Malformed .IMG / .XML Parsing Denial of Service
Extended Module Player (xmp) 2.5.1 - 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
Extended Module Player (xmp) 2.5.1 - 'oxm.c' / 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption (PoC) (MS14-035)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035)
Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow
Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow
Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption
Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption
Nitro Pro 10.5.7.32 & Nitro Reader 5.5.3.1 - Heap Memory Corruption
Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption
Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption
Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages (MS17-017)
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc / nt!ExpFindAndRemoveTagBigPages (MS17-017)
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys and tcpip.sys
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys
binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow
BSD & Linux umount - Privilege Escalation
BSD / Linux - 'umount' Privilege Escalation
BSD & Linux lpr - Privilege Escalation
BSD / Linux - 'lpr' Privilege Escalation
DelphiTurk CodeBank 3.1 - Local 'Username' and Password Disclosure
DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure
SystemTap 1.0/1.1 - '__get_argv()' and '__get_compat_argv()' Local Memory Corruption
SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption
Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass / Privilege Escalation
Filemaker Pro 13.03 / Advanced 12.04 - Login Bypass / Privilege Escalation
ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass)
ASX to MP3 converter < 3.1.3.7 - '.asx' Stack Overflow (DEP Bypass)
ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow
Microsoft Windows - WINS Vulnerability and OS/SP Scanner
Microsoft Windows - WINS Vulnerability + OS/SP Scanner
Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving document.write and appendChild Exploit (From the Wild)
Mozilla Firefox 3.6.8 < 3.6.11 - Interleaving 'document.write' / 'appendChild' Exploit
Mozilla Firefox - Interleaving document.write and appendChild Exploit (Metasploit)
Mozilla Firefox - Interleaving 'document.write' / 'appendChild' Exploit (Metasploit)
Quest InTrust 10.4.x - ReportTree and SimpleTree Classes
Quest InTrust 10.4.x - ReportTree / SimpleTree Classes
SunOS 4.1.3 - LD_LIBRARY_PATH and LD_OPTIONS
SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit
RedHat Linux 5.1 & Caldera OpenLinux Standard 1.2 - Mountd
RedHat Linux 5.1 / Caldera OpenLinux Standard 1.2 - Mountd
Microsoft IIS 3.0/4.0 - Using ASP And FSO To Read Server Files
Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files
tcpdump 3.4 - Protocol Four and Zero Header Length
tcpdump 3.4 - Protocol Four / Zero Header Length
Symantec pcAnywhere 12.5.0 - Login and Password Field Buffer Overflow
Symantec pcAnywhere 12.5.0 - 'Login' / 'Password' Buffer Overflow
Microsoft Internet Explorer 5.0/4.0.1 - IFRAME Exploit
Microsoft Internet Explorer 5.0/4.0.1 - iFrame Exploit
Internet Security Systems ICECap Manager 2.0.23 - Default 'Username' and Password
Internet Security Systems ICECap Manager 2.0.23 - Default Username and Password
Technote 2000/2001 - 'Filename' Parameter Command Execution And File Disclosure
Technote 2000/2001 - 'Filename' Parameter Command Execution and File Disclosure
WFTPD 3.0 - 'RETR' and 'CWD' Buffer Overflow
WFTPD 3.0 - 'RETR' / 'CWD' Buffer Overflow
EFTP Server 2.0.7.337 - Directory and File Existence
EFTP Server 2.0.7.337 - Directory Existence / File Existence
Bajie HTTP Server 0.95 - Example Scripts And Servlets Cross-Site Scripting
Bajie HTTP Server 0.95 - Example Scripts and Servlets Cross-Site Scripting
InternetNow ProxyNow 2.6/2.75 - Multiple Stack and Heap Overflow Vulnerabilities
InternetNow ProxyNow 2.6/2.75 - Multiple Stack / Heap Overflow Vulnerabilities
Microsoft Windows XP - Help And Support Center Interface Spoofing
Microsoft Windows XP - Help and Support Center Interface Spoofing
BigAnt Server 2.97 - SCH And DUPF Buffer Overflow (Metasploit)
BigAnt Server 2.97 - SCH / DUPF Buffer Overflow (Metasploit)
Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence and Disclosure
Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence / File Disclosure
Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting
Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting
3D-FTP 8.01 - 'LIST' and 'MLSD' Directory Traversal
3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal
Apache Tomcat 7.0.4 - 'sort' and 'orderBy' Parameters Cross-Site Scripting
Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting
Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read
Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution / Arbitrary File Read
Github Enterprise - Default Session Secret And Deserialization (Metasploit)
Github Enterprise - Default Session Secret and Deserialization (Metasploit)
VX Search Enterprise 10.1.12 - Buffer Overflow
QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities
Quote&Ordering System 1.0 - 'ordernum' Multiple Vulnerabilities
Joomla! Component Flash uploader 2.5.1 - Remote File Inclusion
Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion
FlexPHPNews 0.0.6 & PRO - Authentication Bypass
FlexPHPNews 0.0.6 / PRO - Authentication Bypass
click&rank - SQL Injection / Cross-Site Scripting
Click&Rank - SQL Injection / Cross-Site Scripting
WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures
WordPress Core / MU / Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures
PRE HOTELS&RESORTS MANAGEMENT SYSTEM - Authentication Bypass
Pre Hotels&Resorts Management System - Authentication Bypass
PHP-Nuke CMS - (Survey and Poll) SQL Injection
PHP-Nuke CMS (Survey and Poll) - SQL Injection
60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)
60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password)
XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup
XT-Commerce 1.0 Beta 1 - Pass / Create and Download Backup
Allomani Songs & Clips Script 2.7.0 - Cross-Site Request Forgery (Add Admin)
Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin)
Sun i-Runbook 2.5.2 - Directory And File Content Disclosure
Sun i-Runbook 2.5.2 - Directory and File Content Disclosure
DUclassmate 1.x - account.asp MM-recordId Parameter Arbitrary Password Modification
DUclassmate 1.x - 'account.asp MM-recordId' Arbitrary Password Modification
DUforum 3.x - messages.asp FOR_ID Parameter SQL Injection
DUforum 3.x - messageDetail.asp MSG_ID Parameter SQL Injection
DUforum 3.x - 'messages.asp FOR_ID' SQL Injection
DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection
SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation And Input Validation
SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation
JAF CMS 4.0.0 RC2 - 'website' and 'main_dir' Parameters Multiple Remote File Inclusion
JAF CMS 4.0.0 RC2 - 'website' / 'main_dir' Multiple Remote File Inclusion
WordPress Plugin WP BackupPlus - Database And Files Backup Download
WordPress Plugin WP BackupPlus - Database and Files Backup Download
WebsiteKit Gbplus - Name and Body Fields HTML Injection Vulnerabilities
WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection
Gogs - (users and repos q pararm) SQL Injection
Gogs - users and repos q SQL Injection
WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection
WebFileExplorer 3.6 - 'user' / 'pass' SQL Injection
Joomla! Component 'com_tree' - 'key' Parameter SQL Injection
Joomla! Component com_tree - 'key' Parameter SQL Injection
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
WeBid - Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities
WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities
Squiz CMS - Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities
Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities
TOTOLINK Routers - Backdoor and Remote Code Execution (PoC)
TOTOLINK Routers - Backdoor / Remote Code Execution (PoC)
up.time 7.5.0 - Arbitrary File Disclose And Delete Exploit
up.time 7.5.0 - Upload And Execute File Exploit
up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit
up.time 7.5.0 - Upload and Execute Exploit
Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass
WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting
WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting
WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting
WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting
Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
2017-10-12 05:01:34 +00:00
Offensive Security
bfb5d80e10
DB: 2017-10-07
...
4 new exploits
Konqueror 3.5.9 - (font color) Remote Crash
Konqueror 3.5.9 - 'font color' Remote Crash
Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow
hammer software metagauge 1.0.0.17 - Directory Traversal
Hammer Software MetaGauge 1.0.0.17 - Directory Traversal
Billion Router 7700NR4 - Remote Command Execution
Billion 7700NR4 Router - Remote Command Execution
Unitrends UEB 9.1 - 'Unitrends bpserverd' Remote Command Execution
Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution
else if CMS 0.6 - Multiple Vulnerabilities
Else If CMS 0.6 - Multiple Vulnerabilities
Picturesolution 2.1 - 'config.php path' Remote File Inclusion
Picturesolution 2.1 - 'config.php' 'path' Remote File Inclusion
tsmim Lessons Library - 'show.php' SQL Injection
Tsmim Lessons Library - 'show.php' SQL Injection
Simple Machines Forum (SMF) 1.1.6 - POST Filter Security Bypass
Simple Machines Forum (SMF) 1.1.6 - 'POST' Filter Security Bypass
PHP-Fusion v7.02.07 - Blind SQL Injection
PHP-Fusion 7.02.07 - Blind SQL Injection
ZTE ZXHN H108N - Unauthenticated Config Download
ZTE ZXHN H108N Router - Unauthenticated Config Download
Unitrends UEB 9.1 - Privilege Escalation
2017-10-07 05:01:30 +00:00
Offensive Security
4df0e06052
DB: 2017-10-04
...
22 new exploits
All browsers - Crash
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed _glyf_ Table (win32k!fsc_CalcGrayRow)
Microsoft Windows Kernel - win32k.sys .TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)
NoMachine 5.3.9 - Privilege Escalation
Microsoft Word 2007 (x86) - Information Disclosure
Apple Mac OS X + Safari - Local Javascript Quarantine Bypass
Australian Education App - Remote Code Execution
CenturyLink ZyXEL PK5001Z Router - Root Remote Code Execution
Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution
UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Unauthenticated Root Remote Code Execution
Web interface for DNSmasq / Mikrotik - SQL Injection
Web Interface for DNSmasq / Mikrotik - SQL Injection
Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion
Uniview NVR - Password Disclosure
Nuevomailer < 6.0 - SQL Injection
IBM Informix Dynamic Server - Code Injection / Remote Code Execution
WordPress Plugin Sabai Discuss - Cross-Site Scripting
Tilde CMS 1.01 - Multiple Vulnerabilities
VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass
JoySale 2.2.1 - Arbitrary File Upload
AirMaster 3000M - Multiple Vulnerabilities
RPi Cam Control < 6.3.14 - Remote Command Execution
iTech Movie Script 7.51 - SQL Injection
CMS Web-Gooroo < 1.141 - Multiple Vulnerabilities
PHP-SecureArea < 2.7 - Multiple Vulnerabilities
Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass
Fiberhome AN5506-04-F - Command Injection
2017-10-04 05:01:32 +00:00
Offensive Security
ecfeb57577
DB: 2017-10-03
...
15 new exploits
Linux Kernel < 4.14.rc3 - Local Denial of Service
Dnsmasq < 2.78 - 2-byte Heap-Based Overflow
Dnsmasq < 2.78 - Heap-Based Overflow
Dnsmasq < 2.78 - Stack-Based Overflow
Dnsmasq < 2.78 - Information Leak
Dnsmasq < 2.78 - Lack of free() Denial of Service
Dnsmasq < 2.78 - Integer Underflow
UCOPIA Wireless Appliance < 5.1.8 - Privilege Escalation
UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape
Qmail SMTP - Bash Environment Variable Injection (Metasploit)
NPM-V (Network Power Manager) 2.4.1 - Password Reset
phpCollab 2.5.1 - Arbitrary File Upload
phpCollab 2.5.1 - SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection
2017-10-03 05:01:26 +00:00
Offensive Security
a92226f6ac
DB: 2017-09-29
...
14 new exploits
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow (PoC)
Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass
DiskBoss Enterprise 8.4.16 - 'Import Command' Buffer Overflow
LAquis SCADA 4.1.0.2385 - Directory Traversal (Metasploit)
Oracle WebLogic Server 10.3.6.0 - Java Deserialization
Cisco Prime Collaboration Provisioning < 12.1 - Authentication Bypass / Remote Code Execution
Wordpress Plugin Ads Pro <= 3.4 - Cross-Site Scripting / SQL Injection
Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure
Trend Micro OfficeScan 11.0/XG (12.0) - Code Execution / Memory Corruption
Trend Micro OfficeScan 11.0/XG (12.0) - Information Disclosure
Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery
Trend Micro OfficeScan 11.0/XG (12.0) - 'Host' Header Injection
Roteador Wireless Intelbras WRN150 - Autentication Bypass
Easy Blog PHP Script 1.3a - 'id' Parameter SQL Injection
2017-09-29 05:01:35 +00:00
Offensive Security
ec599357c0
DB: 2017-09-28
...
21 new exploits
Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing
Adobe Flash - Out-of-Bounds Write in MP4 Edge Processing
Adobe Flash - Out-of-Bounds Read in applyToRange
CyberArk Viewfinity 5.5.10.95 - Privilege Escalation
PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution
Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response
Tiny HTTPd 0.1.0 - Directory Traversal
Free PHP photo Gallery script - Remote File Inclusion
Free PHP Photo Gallery Script - Remote File Inclusion
WordPress Plugin School Management System - SQL Injection
iTech Dating Script 3.40 - SQL Injection
iTech Job Script 9.27 - SQL Injection
WordPress Plugin Content Timeline - SQL Injection
Job Links - Arbitrary File Upload
TicketPlus - Arbitrary File Upload
Photo Fusion - Arbitrary File Upload
SMSmaster - SQL Injection
AMC Master - Arbitrary File Upload
WordPress Plugin WPCHURCH - SQL Injection
WordPress Plugin WPGYM - SQL Injection
WordPress Plugin Hospital Management System - SQL Injection
Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation
WordPress Plugin WPAMS - SQL Injection
2017-09-28 05:01:27 +00:00
Offensive Security
f27338c1f7
DB: 2017-09-26
...
12 new exploits
Apache 2.0.52 - GET Request Denial of Service
Apache 2.0.52 - GET Denial of Service
CUPS Server 1.1 - GET Request Denial of Service
CUPS Server 1.1 - GET Denial of Service
BlueCoat WinProxy 6.0 R1c - GET Request Denial of Service
BlueCoat WinProxy 6.0 R1c - GET Denial of Service
TFTPD32 2.81 - GET Request Format String Denial of Service (PoC)
TFTPD32 2.81 - GET Format String Denial of Service (PoC)
ImgSvr 0.6.5 - (long http post) Denial of Service
ImgSvr 0.6.5 - POST Denial of Service
Multi-Threaded TFTP 1.1 - Long GET Request Denial of Service
Multi-Threaded TFTP 1.1 - GET Denial of Service
Essentia Web Server 2.15 - GET Request Remote Denial of Service
Essentia Web Server 2.15 - GET Remote Denial of Service
Sami HTTP Server 2.0.1 - POST Request Denial of Service
Sami HTTP Server 2.0.1 - POST Denial of Service
Xserver 0.1 Alpha - Post Request Remote Buffer Overflow
Xserver 0.1 Alpha - POST Remote Buffer Overflow
XBMC 8.10 - GET Requests Multiple Remote Buffer Overflow (PoC)
XBMC 8.10 - GET Multiple Remote Buffer Overflow (PoC)
Zervit Web Server 0.04 - GET Request Remote Buffer Overflow (PoC)
Mereo 1.8.0 - GET Request Remote Denial of Service
Zervit Web Server 0.04 - GET Remote Buffer Overflow (PoC)
Mereo 1.8.0 - GET Remote Denial of Service
ARD-9808 DVR Card Security Camera - GET Request Remote Denial of Service
ARD-9808 DVR Card Security Camera - GET Remote Denial of Service
Kolibri+ Web Server 2 - GET Request Denial of Service
Kolibri+ Web Server 2 - GET Denial of Service
Adobe InDesign CS3 - '.INDD' File Handling Buffer Overflow
Adobe InDesign CS3 - '.INDD' Handling Buffer Overflow
Sami HTTP Server 2.0.1 - GET Request Denial of Service
Sami HTTP Server 2.0.1 - GET Denial of Service
Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Request
Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Exploit
(Linux Kernel) ReiserFS 3.5.28 - Potential Code Execution / Denial of Service
(Linux Kernel) ReiserFS 3.5.28 - Code Execution / Denial of Service
WebTrends Reporting Center for Windows 4.0 d - GET Request Buffer Overflow
WebTrends Reporting Center for Windows 4.0 d - GET Buffer Overflow
Working Resources BadBlue 1.7.3 - GET Request Denial of Service
Working Resources BadBlue 1.7.3 - GET Denial of Service
PlanetWeb 1.14 - Long GET Request Buffer Overflow
PlanetWeb 1.14 - GET Buffer Overflow
My Web Server 1.0.1/1.0.2 - Long GET Request Denial of Service
My Web Server 1.0.1/1.0.2 - GET Denial of Service
Monkey HTTP Server 0.4/0.5 - Invalid POST Request Denial of Service
Monkey HTTP Server 0.4/0.5 - Invalid POST Denial of Service
Linksys Devices 1.42/1.43 - GET Request Buffer Overflow
Linksys Devices 1.42/1.43 - GET Buffer Overflow
Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service
NETGEAR ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service
VisNetic ActiveDefense 1.3.1 - Multiple GET Request Denial of Service
VisNetic ActiveDefense 1.3.1 - GET Multiple Denial of Service
Pi3Web 2.0.1 - GET Request Denial of Service
Pi3Web 2.0.1 - GET Denial of Service
Snowblind Web Server 1.0/1.1 - GET Request Buffer Overflow
Snowblind Web Server 1.0/1.1 - GET Buffer Overflow
ArGoSoft Mail Server 1.8.3.5 - Multiple GET Requests Denial of Service
WebBBS Pro 1.18 - GET Request Denial of Service
ArGoSoft Mail Server 1.8.3.5 - GET Multiple Denial of Service
WebBBS Pro 1.18 - GET Denial of Service
Proxomitron Proxy Server - Long GET Request Remote Denial of Service
Proxomitron Proxy Server - GET Remote Denial of Service
Armida Databased Web Server 1.0 - Remote GET Request Denial of Service
Armida Databased Web Server 1.0 - GET Remote Denial of Service
Twilight WebServer 1.3.3.0 - 'GET' Request Buffer Overflow
Twilight WebServer 1.3.3.0 - GET Buffer Overflow
Sami FTP Server 1.1.3 - Library Crafted GET Request Remote Denial of Service
Sami FTP Server 1.1.3 - Library Crafted GET Remote Denial of Service
Loom Software SurfNow 1.x/2.x - Remote GET Request Denial of Service
Loom Software SurfNow 1.x/2.x - GET Remote Denial of Service
Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow
Sambar Server 6.0 - 'results.stm' POST Buffer Overflow
Linksys PSUS4 PrintServer - POST Request Denial of Service
Linksys PSUS4 PrintServer - POST Denial of Service
Thomson TCW690 Cable Modem ST42.03.0a - Long GET Request Denial of Service
Thomson TCW690 Cable Modem ST42.03.0a - GET Denial of Service
Netgear ProSafe - Denial of Service
NETGEAR ProSafe - Denial of Service
Multiple IEA Software Products - POST Request Denial of Service
Multiple IEA Software Products - POST Denial of Service
Netgear WGR614 - Administration Interface Remote Denial of Service
NETGEAR WGR614 - Administration Interface Remote Denial of Service
Remote Help HTTP 0.0.7 - GET Request Format String Denial of Service
Remote Help HTTP 0.0.7 - GET Format String Denial of Service
Geo++ GNCASTER 1.4.0.7 - GET Request Denial of Service
Geo++ GNCASTER 1.4.0.7 - GET Denial of Service
D-Link WBR-2310 1.0.4 - GET Request Remote Buffer Overflow
D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow
Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial of Service
Polipo 1.0.4.1 - POST/PUT HTTP Header Processing Denial of Service
CoDeSys 3.4 - HTTP POST Request Null Pointer Content-Length Parsing Remote Denial of Service
CoDeSys 3.4 - HTTP POST Null Pointer Content-Length Parsing Remote Denial of Service
Zoom Player - '.avi' File Divide-by-Zero Denial of Service
Zoom Player - '.avi' Divide-by-Zero Denial of Service
Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.SWF' File (1)
Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.SWF' File (2)
Adobe Flash - '.SWF' Out-of-Bounds Memory Read (1)
Adobe Flash - '.SWF' Out-of-Bounds Memory Read (2)
Microsoft Windows - Cursor Object Potential Memory Leak (MS15-115)
Microsoft Windows - Cursor Object Memory Leak (MS15-115)
Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (1)
Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (2)
Adobe Photoshop CC & Bridge CC - '.iff' File Parsing Memory Corruption
Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (1)
Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (2)
Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption
Adobe Flash - '.MP4' File Stack Corruption
Adobe Flash - '.MP4' Stack Corruption
Adobe Photoshop CS2 / CS3 - Unspecified '.bmp' File Buffer Overflow
Adobe Photoshop CS2 / CS3 - '.bmp' Buffer Overflow
Zoom Player Pro 3.30 - '.m3u' File Buffer Overflow (SEH)
Zoom Player Pro 3.30 - '.m3u' Buffer Overflow (SEH)
Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Potential Information Disclosure
Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Information Disclosure
Adrenalin Player 2.2.5.3 - '.m3u' File Buffer Overflow (SEH) (ASLR + DEP Bypass)
Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) (ASLR + DEP Bypass)
Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation
NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation
CyberLink LabelPrint < 2.5 - Buffer Overflow (SEH Unicode)
LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Request Remote Exploit
LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Remote Exploit
PMSoftware Simple Web Server - GET Request Remote Buffer Overflow
PMSoftware Simple Web Server - GET Remote Buffer Overflow
Fenice Oms 1.10 - Long GET Request Remote Buffer Overflow
Fenice Oms 1.10 - GET Remote Buffer Overflow
webdesproxy 0.0.1 - GET Request Remote Buffer Overflow
webdesproxy 0.0.1 - GET Remote Buffer Overflow
webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution
webdesproxy 0.0.1 - (exec-shield) GET Remote Code Execution
Savant Web Server 3.1 - GET Request Remote Overflow (Universal)
Savant Web Server 3.1 - GET Remote Overflow (Universal)
Belkin Wireless G Plus MIMO Router F5D9230-4 - Authentication Bypass
Belkin F5D9230-4 Wireless G Plus MIMO Router - Authentication Bypass
Netgear WG102 - Leaks SNMP Write Password With Read Access
NETGEAR WG102 - Leaks SNMP Write Password With Read Access
XBMC 8.10 (Windows) - GET Request Remote Buffer Overflow
XBMC 8.10 (Windows) - GET Remote Buffer Overflow
XBMC 8.10 - GET Request Remote Buffer Overflow (SEH) (Universal)
XBMC 8.10 - GET Remote Buffer Overflow (SEH) (Universal)
Netgear WNR2000 FW 1.2.0.8 - Information Disclosure
NETGEAR WNR2000 FW 1.2.0.8 - Information Disclosure
Kolibri+ Web Server 2 - GET Request Remote Overwrite (SEH)
Kolibri+ Web Server 2 - GET Remote Overwrite (SEH)
BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH)
BigAnt Server 2.50 - GET Remote Buffer Overflow (SEH)
BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH)
BigAnt Server 2.50 - GET Universal Remote Buffer Overflow (SEH)
httpdx 1.4 - GET Request Buffer Overflow
httpdx 1.4 - GET Buffer Overflow
Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)
NETGEAR WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)
Proxy-Pro Professional GateKeeper 4.7 - GET Request Overflow (Metasploit)
Proxy-Pro Professional GateKeeper 4.7 - GET Overflow (Metasploit)
Linksys WRT54 (Access Point) - apply.cgi Buffer Overflow (Metasploit)
Linksys WRT54 Access Point - apply.cgi Buffer Overflow (Metasploit)
Oracle Weblogic Apache Connector - POST Request Buffer Overflow (Metasploit)
Oracle Weblogic Apache Connector - POST Buffer Overflow (Metasploit)
Berkeley Sendmail 5.58 - Debug exploit
Berkeley Sendmail 5.58 - Debug Exploit
A-V Tronics InetServ 3.0 - WebMail Long GET Request
A-V Tronics InetServ 3.0 - WebMail GET Exploit
Light HTTPD 0.1 - GET Request Buffer Overflow (1)
Light HTTPD 0.1 - GET Request Buffer Overflow (2)
Light HTTPD 0.1 - GET Buffer Overflow (1)
Light HTTPD 0.1 - GET Buffer Overflow (2)
Netgear FM114P Wireless Firewall - File Disclosure
NETGEAR FM114P Wireless Firewall - File Disclosure
Athttpd 0.4b - Remote GET Request Buffer Overrun
Athttpd 0.4b - GET Remote Buffer Overrun
IA WebMail Server 3.0/3.1 - Long GET Request Buffer Overrun
IA WebMail Server 3.0/3.1 - GET Buffer Overrun
Monit 1.4/2.x/3/4 - Overly Long HTTP Request Buffer Overrun
Monit 1.4/2.x/3/4 - Long HTTP Request Buffer Overrun
KarjaSoft Sami HTTP Server 1.0.4 - GET Request Buffer Overflow
KarjaSoft Sami HTTP Server 1.0.4 - GET Buffer Overflow
MyWeb HTTP Server 3.3 - GET Request Buffer Overflow
MyWeb HTTP Server 3.3 - GET Buffer Overflow
Omnicron OmniHTTPd 2.x/3.0 - GET Request Buffer Overflow
Omnicron OmniHTTPd 2.x/3.0 - GET Buffer Overflow
Netgear RP114 3.26 - Content Filter Bypass
NETGEAR RP114 3.26 - Content Filter Bypass
Netgear DGN1000B - setup.cgi Remote Command Execution (Metasploit)
NETGEAR DGN1000B - setup.cgi Remote Command Execution (Metasploit)
Netgear DGN2200B - pppoe.cgi Remote Command Execution (Metasploit)
NETGEAR DGN2200B - pppoe.cgi Remote Command Execution (Metasploit)
Netgear MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow
NETGEAR MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow
Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow
NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow
Netgear ReadyNAS - Perl Code Evaluation (Metasploit)
NETGEAR ReadyNAS - Perl Code Evaluation (Metasploit)
Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting
NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting
Zoom Player 3.30/5/6 - Crafted '.ZPL' File Error Message Arbitrary Code Execution
Zoom Player 3.30/5/6 - '.ZPL' Error Message Arbitrary Code Execution
Ultra Mini HTTPD 1.21 - POST Request Stack Buffer Overflow
Ultra Mini HTTPD 1.21 - POST Stack Buffer Overflow
Kolibri Web Server 2.0 - GET Request Stack Buffer Overflow
Kolibri Web Server 2.0 - GET Stack Buffer Overflow
NetGear WNR2000 - Multiple Information Disclosure Vulnerabilities
NETGEAR WNR2000 - Multiple Information Disclosure Vulnerabilities
HTTP 1.1 - GET Request Directory Traversal
HTTP 1.1 - GET Directory Traversal
Kolibri Web Server 2.0 - GET Request (SEH)
D-Link Devices - 'info.cgi' POST Request Buffer Overflow (Metasploit)
Kolibri Web Server 2.0 - GET Exploit (SEH)
D-Link Devices - 'info.cgi' POST Buffer Overflow (Metasploit)
Belkin n750 - jump login Parameter Buffer Overflow
Belkin N750 - jump login Parameter Buffer Overflow
Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities
NETGEAR WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities
Belkin Wireless Router Default - WPS PIN Security
Belkin Wireless Router - Default WPS PIN Security
Easy File Sharing Web Server 7.2 - GET Request Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET Buffer Overflow (SEH)
Netgear D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution
NETGEAR D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution
Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit)
NETGEAR NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit)
NUUO NVRmini2 / NVRsolo / Crystal Devices / Netgear ReadyNAS Surveillance Application - Multiple Vulnerabilities
NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
NETGEAR ADSL Router JNR1010 - Authenticated Remote File Disclosure
NETGEAR ADSL Router WNR500/WNR612v3/JNR1010/JNR2010 - Authenticated Remote File Disclosure
NETGEAR JNR1010 ADSL Router - Authenticated Remote File Disclosure
NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - Authenticated Remote File Disclosure
Netgear R7000 and R6400 - 'cgi-bin' Command Injection (Metasploit)
NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)
Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (SEH)
Supervisor 3.0a1 - 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit)
Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit)
NETGEAR DGN2200 - dnslookup.cgi Command Injection (Metasploit)
Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (DEP Bypass)
Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (DEP Bypass)
Belkin NetCam F7D7601 - Multiple Vulnerabilities
Belkin F7D7601 NetCam - Multiple Vulnerabilities
Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit)
Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit)
Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH)
Oracle 9i XDB 9.2.0.1 - HTTP PASS Buffer Overflow
Quezza BB 1.0 - (quezza_root_path) File Inclusion
Quezza BB 1.0 - 'quezza_root_path' File Inclusion
The Bible Portal Project 2.12 - (destination) File Inclusion
The Bible Portal Project 2.12 - 'destination' File Inclusion
Vivvo Article Manager 3.2 - (classified_path) File Inclusion
Vivvo Article Manager 3.2 - 'classified_path' File Inclusion
Forum82 < 2.5.2b - (repertorylevel) Multiple File Inclusion
Forum82 < 2.5.2b - 'repertorylevel' Multiple File Inclusion
OpenDock Easy Doc 1.4 - (doc_directory) File Inclusion
OpenDock Easy Blog 1.4 - (doc_directory) File Inclusion
WebYep 1.1.9 - (webyep_sIncludePath) File Inclusion
OpenDock Easy Gallery 1.4 - (doc_directory) File Inclusion
OpenDock Easy Doc 1.4 - 'doc_directory' File Inclusion
OpenDock Easy Blog 1.4 - 'doc_directory' File Inclusion
WebYep 1.1.9 - 'webyep_sIncludePath' File Inclusion
OpenDock Easy Gallery 1.4 - 'doc_directory' File Inclusion
Open Conference Systems 1.1.4 - (fullpath) File Inclusion
Open Conference Systems 1.1.4 - 'fullpath' File Inclusion
SpeedBerg 1.2beta1 - (SPEEDBERG_PATH) File Inclusion
SpeedBerg 1.2beta1 - 'SPEEDBERG_PATH' File Inclusion
PhpShop Core 0.9.0 RC1 - (PS_BASE) File Inclusion
PhpShop Core 0.9.0 RC1 - 'PS_BASE' File Inclusion
Phpjobscheduler 3.0 - (installed_config_file) File Inclusion
Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion
Magic Photo Storage Website - _config[site_path] File Inclusion
Magic Photo Storage Website - '_config[site_path]' File Inclusion
Linksys Cisco WAG120N - Cross-Site Request Forgery
Cisco Linksys WAG120N - Cross-Site Request Forgery
Belkin G Wireless Router F5D7234-4 v5 - Exploit
Belkin F5D7234-4 v5 G Wireless Router - Exploit
Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery
NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery
PHP-Nuke 6.x/7.x - Modpath Parameter Potential File Inclusion
PHP-Nuke 6.x/7.x - 'Modpath' Parameter File Inclusion
Netgear SPH200D - Multiple Vulnerabilities
NETGEAR SPH200D - Multiple Vulnerabilities
Netgear DGN1000B - Multiple Vulnerabilities
NETGEAR DGN1000B - Multiple Vulnerabilities
Netgear DGN2200B - Multiple Vulnerabilities
NETGEAR DGN2200B - Multiple Vulnerabilities
Netgear WNR1000 - Authentication Bypass
NETGEAR WNR1000 - Authentication Bypass
PHPMyVisites 1.3 - Set_Lang File Inclusion
PHPMyVisites 1.3 - 'Set_Lang' File Inclusion
PPA 0.5.6 - ppa_root_path File Inclusion
PPA 0.5.6 - 'ppa_root_path' File Inclusion
Netgear WPN824v3 - Unauthorized Config Download
NETGEAR WPN824v3 - Unauthorized Config Download
Netgear DGN1000 / DGN2200 - Multiple Vulnerabilities
NETGEAR DGN1000 / DGN2200 - Multiple Vulnerabilities
Netgear ProSafe - Information Disclosure
NETGEAR ProSafe - Information Disclosure
Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)
NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)
Simple Machines Forum (SMF) 1.1.6 - POST Request Filter Security Bypass
Simple Machines Forum (SMF) 1.1.6 - POST Filter Security Bypass
Netgear N600 Wireless Dual Band WNDR3400 - Multiple Vulnerabilities
NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities
Belkin Router AC1200 Firmware 1.00.27 - Authentication Bypass
Belkin AC1200 Router Firmware 1.00.27 - Authentication Bypass
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting
NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure
NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure
ManageEngine ADSelfService Plus 4.4 - POST Request Manipulation Security Question
ManageEngine ADSelfService Plus 4.4 - POST Manipulation Security Question
Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure
NETGEAR ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure
Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
Belkin Router N150 1.00.08/1.00.09 - Directory Traversal
Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal
eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Potential Code Execution / Denial of Service)
eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution / Denial of Service)
Belkin N150 Wireless Home Router F9K1009 v1 - Multiple Vulnerabilities
Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities
Netgear WNR1000v4 - Authentication Bypass
NETGEAR WNR1000v4 - Authentication Bypass
Netgear ProSafe Network Management System NMS300 - Multiple Vulnerabilities
NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities
Netgear R7000 - Command Injection
Netgear R7000 - Cross-Site Scripting
NETGEAR R7000 - Command Injection
NETGEAR R7000 - Cross-Site Scripting
Tenda N3 Wireless N150 Home Router - Authentication Bypass
Tenda N3 Wireless N150 Router - Authentication Bypass
DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)
Lending And Borrowing - 'pid' Parameter SQL Injection
Multi Level Marketing - SQL Injection
Cash Back Comparison Script 1.0 - SQL Injection
Claydip Airbnb Clone 1.0 - Arbitrary File Upload
Secure E-commerce Script 1.02 - 'sid' Parameter SQL Injection
PHP Auction Ecommerce Script 1.6 - SQL Injection
JitBit HelpDesk < 9.0.2 - Authentication Bypass
2017-09-26 05:01:29 +00:00
Offensive Security
92bfb7616d
DB: 2017-09-22
...
7 new exploits
Linux Kernel <= 4.13.1 - BlueTooth Buffer Overflow (PoC)
Microsoft Edge - Chakra Incorrectly Parses Object Patterns
Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes
Microsoft Edge Chakra - 'Parser::ParseCatch' does not Handle 'eval'
Microsoft Edge Chakra - 'JavascriptFunction::ReparseAsmJsModule' Incorrectly Re-parses
Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit)
PHPMyFAQ 2.9.8 - Cross-Site Scripting
2017-09-22 05:01:23 +00:00
Offensive Security
ef4c288da7
DB: 2017-09-19
...
16 new exploits
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1)
Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (1)
Cam2pc 4.6.2 - BMP Image Processing Integer Overflow
Cam2pc 4.6.2 - '.BMP' Image Processing Integer Overflow
Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering Unspecified Buffer Overflow
Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering CMP Fencepost Denial of Service
Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Unspecified Buffer Overflow
Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering CMP Fencepost Denial of Service
Apple QuickTime 6.4/6.5/7.0.x - PictureViewer JPEG/PICT File Buffer Overflow
Apple QuickTime 6.4/6.5/7.0.x - PictureViewer '.JPEG'/.PICT' File Buffer Overflow
Tony Cook Imager 0.4x - JPEG and TGA Images Denial of Service
Tony Cook Imager 0.4x - '.JPEG' / '.TGA' Images Denial of Service
Microsoft Windows Kernel - 'win32k!NtQueryCompositionSurfaceBinding' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetFontResourceInfoInternalW' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure
Microsoft Windows Kernel - 'nt!NtSetIoCompletion / nt!NtRemoveIoCompletion' Pool Memory Disclosure
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)
Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed _glyf_ Table (win32k!fsc_CalcGrayRow)
Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure
Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure
Adobe Reader X 10.1.4.38 - BMP/RLE Heap Corruption
Adobe Reader X 10.1.4.38 - '.BMP'/'.RLE' Heap Corruption
XV 3.x - BMP Parsing Local Buffer Overflow
XV 3.x - '.BMP' Parsing Local Buffer Overflow
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2)
Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2)
GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized JPEG Image Access
GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized '.JPEG' Image Access
Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload (Metasploit)
Kaseya Virtual System Administrator (VSA) - 'uploader.aspx' Arbitrary File Upload (Metasploit)
XOOPS 2.3.2 - (mydirname) Remote PHP Code Execution
XOOPS 2.3.2 - 'mydirname' Remote PHP Code Execution
Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
Digileave 1.2 - Cross-Site Request Forgery (Update Admin)
DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)
UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass
iBall ADSL2+ Home Router - Authentication Bypass
Apache - HTTP OPTIONS Memory Leak
2017-09-19 05:01:33 +00:00
Offensive Security
183eb53e48
DB: 2017-09-14
...
44 new exploits
Mako Web Server 2.5 - Multiple Vulnerabilities
ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit)
Trend Micro Control Manager - ImportFile Directory Traversal RCE (Metasploit)
Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)
Sielco Sistemi Winlog 2.07.16 - Buffer Overflow (Metasploit)
Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit)
Motorola Netopia Netoctopus SDCS - Stack Buffer Overflow (Metasploit)
Alienvault Open Source SIEM (OSSIM) < 4.7.0 - 'get_license' Remote Command Execution (Metasploit)
Infinite Automation Mango Automation - Command Injection (Metasploit)
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit)
EMC CMCNE Inmservlets.war FileUploadController 11.2.1 - Remote Code Execution (Metasploit)
EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit)
Dameware Mini Remote Control 4.0 - Username Stack Buffer Overflow (Metasploit)
Cloudview NMS < 2.00b - Arbitrary File Upload (Metasploit)
Alienvault OSSIM av-centerd Util.pm sync_rserver - Command Execution (Metasploit)
Alienvault OSSIM av-centerd 4.7.0 - 'get_log_line' Command Injection (Metasploit)
Microsoft Windows .NET Framework - Remote Code Execution
ICLowBidAuction 3.3 - SQL Injection
ICMLM 2.1 - 'key' Parameter SQL Injection
ICHotelReservation 3.3 - 'key' Parameter SQL Injection
ICAuction 2.2 - 'id' Parameter SQL Injection
ICDoctor Appointment 1.3 - 'key' Parameter SQL Injection
ICRestaurant software 1.4 - 'key' Parameter SQL Injection
ICDutchAuction 1.2 - SQL Injection
ICAutosales 2.2 - SQL Injection
ICTraveling 2.2 - Authentication Bypass
ICStudents 1.2 - 'key' Parameter SQL Injection
ICClassifieds 1.1 - SQL Injection
ICSurvey 1.1 - SQL Injection
ICJewelry 1.1 - 'key' Parameter SQL Injection
IC-T-Shirt 1.2 - 'key' Parameter SQL Injection
ICProductConfigurator 1.1 - 'key' Parameter SQL Injection
ICGrocery 1.1 - 'key' Parameter SQL Injection
ICCallLimousine 1.1 - 'key' Parameter SQL Injection
ICProjectBidding 1.1 - SQL Injection
ICDental Clinic 1.2 - 'key' Parameter SQL Injection
ICEstate 1.1 - 'id' Parameter SQL Injection
ICHelpDesk 1.1 - 'pk' Parameter SQL Injection
ICSiteBuilder 1.1 - SQL Injection
ICAffiliateTracking 1.1 - Authentication Bypass
Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit)
Carlo Gavazzi Powersoft 2.1.1.1 - Directory Traversal File Disclosure (Metasploit)
Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)
Carel PlantVisor 2.4.4 - Directory Traversal
2017-09-14 05:01:22 +00:00
Offensive Security
590c03106b
DB: 2017-09-13
...
15 new exploits
tcprewrite - Heap-Based Buffer Overflow
WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization
Docker Daemon - Unprotected TCP Socket
Jungo DriverWizard WinDriver <= 12.4.0 - Kernel Pool Overflow
Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
osTicket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
PHP Dashboards NEW 4.4 - Arbitrary File Read
PHP Dashboards NEW 4.4 - SQL Injection
JobStar Monster Clone Script 1.0 - SQL Injection
iTech Book Store Script 2.02 - SQL Injection
iTech StockPhoto Script 2.02 - SQL Injection
EduStar Udemy Clone Script 1.0 - SQL Injection
AirStar Airbnb Clone Script 1.0 - SQL Injection
osTicket 1.10 - SQL Injection
FoodStar 1.0 - SQL Injection
Gr8 Multiple Search Engine Script 1.0 - SQL Injection
inClick Cloud Server 5.0 - SQL Injection
2017-09-13 05:01:22 +00:00
Offensive Security
8ab6c39fe1
DB: 2017-09-09
...
4 new exploits
Hexamail Server 3.0.0.001 - (pop3) Unauthenticated Remote Overflow (PoC)
Hexamail Server 3.0.0.001 - 'pop3' Unauthenticated Remote Overflow (PoC)
Noticeware E-mail Server 5.1.2.2 - (POP3) Unauthenticated Denial of Service
Noticeware E-mail Server 5.1.2.2 - 'POP3' Unauthenticated Denial of Service
BIND 8.2.2-P5 - Denial of Service
ISC BIND 8.2.2-P5 - Denial of Service
opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)
Photoshop CC2014 and Bridge CC 2014 - '.gif' Parsing Memory Corruption
Photoshop CC2014 and Bridge CC 2014 - '.png' Parsing Memory Corruption
Photoshop CC2014 / Bridge CC 2014 - '.gif' Parsing Memory Corruption
Photoshop CC2014 / Bridge CC 2014 - '.png' Parsing Memory Corruption
/usr/bin/trn - Local Exploit (not suid)
/usr/bin/trn (Not SUID) - Local Exploit
Oracle 10g - SYS.LT.COMPRESSWORKSPACETREE SQL Injection (1)
Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (1)
Oracle 10g - SYS.LT.COMPRESSWORKSPACETREE SQL Injection (2)
Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (2)
opera Web browser 7.54 java implementation - Multiple Vulnerabilities (4)
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (4)
Jungo DriverWizard WinDriver - Kernel Pool Overflow
Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation
Jungo DriverWizard WinDriver < v12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (1)
ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (1)
BIND 8.2.x - 'TSIG' Stack Overflow (1)
BIND 8.2.x - 'TSIG' Stack Overflow (2)
BIND 8.2.x - 'TSIG' Stack Overflow (3)
BIND 8.2.x - 'TSIG' Stack Overflow (4)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (1)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (2)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (3)
ISC BIND 8.2.x - 'TSIG' Stack Overflow (4)
Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (1)
Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (2)
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (1)
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (2)
Mercur MailServer 5.0 SP3 - (IMAP) Remote Buffer Overflow (1)
Mercur MailServer 5.0 SP3 - 'IMAP' Remote Buffer Overflow (1)
Mercur MailServer 5.0 SP3 - (IMAP) Remote Buffer Overflow (2)
Mercur MailServer 5.0 SP3 - 'IMAP' Remote Buffer Overflow (2)
QK SMTP 3.01 - (RCPT TO) Remote Buffer Overflow (1)
QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (1)
ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (2)
ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (2)
QK SMTP 3.01 - (RCPT TO) Remote Buffer Overflow (2)
QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2)
ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)
ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)
BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (Metasploit)
BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit (Python)
BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning Exploit (Metasploit)
BIND 9.x - Remote DNS Cache Poisoning Exploit (Python)
BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit
BIND 9.x - Remote DNS Cache Poisoning Exploit
BIND 9.5.0-P2 - (randomized ports) Remote DNS Cache Poisoning Exploit
BIND 9.5.0-P2 - 'Randomized Ports' Remote DNS Cache Poisoning Exploit
Belkin Wireless G router + ADSL2 modem - Authentication Bypass
Belkin Wireless G Router / ADSL2 Modem - Authentication Bypass
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (1)
Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (1)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (2)
Mozilla Firefox 3.5 - 'Font tags' Remote Heap Spray (2)
Solaris in.TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)
Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)
Solaris in.TelnetD - TTYPROMPT Buffer Overflow (Metasploit)
Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit)
Multiple OSes - BIND Buffer Overflow (1)
Multiple OSes - BIND Buffer Overflow (2)
ISC BIND (Linux/BSD) - Buffer Overflow (1)
ISC BIND (Multiple OSes) - Buffer Overflow (2)
Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (1)
Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (2)
Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (1)
Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (2)
Shuttle Tech ADSL Modem-Router 915 WM - Unauthenticated Remote DNS Change
Shuttle Tech ADSL Modem/Router 915 WM - Unauthenticated Remote DNS Change
Poison Ivy 2.1.x - C2 Buffer Overflow (Metasploit)
Poison Ivy 2.1.x (C2 Server) - Buffer Overflow (Metasploit)
Gh0st Client - Buffer Overflow (Metasploit)
Gh0st Client (C2 Server) - Buffer Overflow (Metasploit)
zFeeder 1.6 - 'admin.php' Unauthenticated
zFeeder 1.6 - 'admin.php' Unauthenticated Admin Bypass
CompactCMS 1.4.0 - (tiny_mce) Arbitrary File Upload
CompactCMS 1.4.0 - 'tiny_mce' Arbitrary File Upload
Achievo 1.4.3 - Multiple Authorisation Flaws
Achievo 1.4.3 - Multiple Authorisation Vulnerabilities
CompactCMS 1.4.1 - Multiple Vulnerabilities
phpDenora 1.4.6 - Multiple SQL Injections
Joomla! Component 'com_niceajaxpoll' 1.3.0 - SQL Injection
Psunami Bulletin Board 0.x - Psunami.cgi Remote Command Execution (1)
Psunami Bulletin Board 0.x - Psunami.cgi Remote Command Execution (2)
Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (1)
Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (2)
CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (2)
PlaySms 1.4 - Remote Code Execution
PlaySMS 1.4 - 'sendfromfile.php' Remote Code Execution / Unrestricted File Upload
Ultimate HR System <= 1.2 - Directory Traversal / Cross-Site Scripting
Ultimate HR System < 1.2 - Directory Traversal / Cross-Site Scripting
EzBan 5.3 - 'id' Parameter SQL Injection
EzInvoice 6.02 - SQL Injection
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting
Huawei HG255s - Directory Traversal
2017-09-09 05:01:22 +00:00
Offensive Security
67b3da92e4
DB: 2017-09-08
...
4 new exploits
Tor - Linux Sandbox Breakout via X11
Tor (Linux) - X11 Linux Sandbox Breakout
Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution
Gh0st Client - Buffer Overflow (Metasploit)
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Root Remote Code Execution
Ultimate HR System <= 1.2 - Directory Traversal / Cross-Site Scripting
Online Invoice System 3.0 - SQL Injection
2017-09-08 05:01:20 +00:00
Offensive Security
a1eeba1263
DB: 2017-09-07
...
9 new exploits
Sambar FTP Server 6.4 - (SIZE) Remote Denial of Service
Sambar FTP Server 6.4 - 'SIZE' Remote Denial of Service
Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)
Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)
2WIRE DSL Router (xslt) - Denial of Service
2WIRE DSL Router - 'xslt' Denial of Service
ooVoo 1.7.1.35 - (URL Protocol) Remote Unicode Buffer Overflow (PoC)
ooVoo 1.7.1.35 - 'URL Protocol' Remote Unicode Buffer Overflow (PoC)
Optimal Archive 1.38 - '.zip' File (SEH) (PoC)
Optimal Archive 1.38 - '.zip' File Exploit (SEH) (PoC)
Subtitle Translation Wizard 3.0.0 - (SEH) (PoC)
Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC)
Virtual DJ Trial 6.1.2 - Buffer Overflow (SEH) Crash (PoC)
Virtual DJ Trial 6.1.2 - Buffer Overflow Crash (SEH) (PoC)
VideoLAN VLC Media Player 1.1.9 - XSPF Local File Integer Overflow in XSPF Playlist parser
VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow
Winlog Lite SCADA HMI system - (SEH) Overwrite
Winlog Lite SCADA HMI system - Overwrite (SEH)
FL Studio 10 Producer Edition - (SEH) Buffer Overflow (PoC)
FL Studio 10 Producer Edition -Buffer Overflow (SEH) (PoC)
Sony PC Companion 2.1 - (DownloadURLToFile()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Load()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (CheckCompatibility()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - (Admin_RemoveDirectory()) Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow
Sambar Server 6.0 - results.stm Post Request Buffer Overflow
Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow
Samba nttrans Reply - Integer Overflow
Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) Denial of Service
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (SEH) (Denial of Service)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (SEH) (Denial of Service)
i.FTP 2.21 - (SEH) Overflow Crash (PoC)
i.FTP 2.21 - Overflow Crash (SEH) (PoC)
Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC)
Sam Spade 1.14 - Scan From IP Address Field Overflow Crash (SEH) (PoC)
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite (SEH) Buffer Overflow
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH)
Network Scanner 4.0.0.0 - (SEH)Crash (PoC)
Network Scanner 4.0.0.0 - Crash (SEH) (PoC)
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) Denial of Service
Zortam Mp3 Media Studio 20.15 - Overflow (SEH) (Denial of Service)
Symantec AntiVirus - Remote Stack Buffer Overflow in dec2lha Library
Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow
WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales
WebKit JSC - 'Intl.getCanonicalLocales' Heap Buffer Overflow
Firebird 1.0.2 FreeBSD 4.7-RELEASE - Privilege Escalation
Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Privilege Escalation
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (Unicode SEH)
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (SEH Unicode)
Quick Player 1.2 - Unicode Buffer Overflow
DJ Studio Pro 5.1.6.5.2 - (SEH) Exploit
Quick Player 1.2 - Unicode Buffer Overflow (1)
DJ Studio Pro 5.1.6.5.2 - Exploit (SEH)
Quick Player 1.2 - Unicode Buffer Overflow (Bindshell)
Quick Player 1.2 - Unicode Buffer Overflow (2)
Winamp 5.572 - (SEH) Exploit
Winamp 5.572 - Exploit (SEH)
ZipScan 2.2c - (SEH) Exploit
ZipScan 2.2c - Exploit (SEH)
Winamp 5.572 - 'whatsnew.txt' (SEH) (Metasploit)
Winamp 5.572 - 'whatsnew.txt' Exploit (SEH) (Metasploit)
Mediacoder 0.7.3.4672 - (SEH) Exploit
Mediacoder 0.7.3.4672 - Exploit (SEH)
SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow (PoC)
SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow (PoC)
MoreAmp - '.maf' Local Stack Buffer Overflow (SEH) (calc)
BlazeDVD 6.0 - '.plf' File (SEH) Universal Buffer Overflow
MoreAmp - '.maf' Local Stack Buffer Overflow (SEH)
BlazeDVD 6.0 - '.plf' File Universal Buffer Overflow (SEH)
ASX to MP3 Converter 3.1.2.1 - (SEH) Multiple OS ASLR + DEP Bypass (Metasploit)
ASX to MP3 Converter 3.1.2.1 - Multiple OS ASLR + DEP Bypass (SEH) (Metasploit)
MP3 Workstation 9.2.1.1.2 - (SEH) Exploit
MP3 Workstation 9.2.1.1.2 - Exploit (SEH)
DJ Studio Pro 8.1.3.2.1 - (SEH) Exploit
DJ Studio Pro 8.1.3.2.1 - Exploit (SEH)
MP3 Workstation 9.2.1.1.2 - (SEH) (Metasploit)
MP3 Workstation 9.2.1.1.2 - Exploit (SEH) (Metasploit)
iworkstation 9.3.2.1.4 - (SEH) Exploit
iworkstation 9.3.2.1.4 - Exploit (SEH)
Winamp 5.6 - Arbitrary Code Execution in MIDI Parser
Winamp 5.6 - 'MIDI Parser' Arbitrary Code Execution
BS.Player 2.57 - Buffer Overflow (Unicode SEH)
BS.Player 2.57 - Buffer Overflow (SEH Unicode)
Nokia MultiMedia Player 1.0 - (SEH Unicode)
Nokia MultiMedia Player 1.0 - Exploit (SEH Unicode)
POP Peeper 3.7 - (SEH) Exploit
POP Peeper 3.7 - Exploit (SEH)
Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (Unicode SEH)
Download Accelerator Plus (DAP) 9.7 - '.M3U' File Buffer Overflow (SEH Unicode)
BS.Player 2.57 - Buffer Overflow (Unicode SEH) (Metasploit)
BS.Player 2.57 - Buffer Overflow (SEH Unicode) (Metasploit)
DJ Studio Pro 5.1.6.5.2 - (SEH) (Metasploit)
DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) (Metasploit)
Samba 2.0.7 SWAT - Logfile Permissions
Samba 2.0.7 - SWAT Logfile Permissions
Static HTTP Server 1.0 - (SEH) Overflow
Static HTTP Server 1.0 - Overflow (SEH)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (Unicode SEH)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (SEH Unicode)
Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH) 'UNICODE'
Light Alloy 4.7.3 - '.m3u' Buffer Overflow (SEH Unicode)
GOM Player 2.2.53.5169 - Buffer Overflow (SEH) (.reg)
GOM Player 2.2.53.5169 - '.reg' Buffer Overflow (SEH)
Quick Search 1.1.0.189 - 'search textbox Buffer Overflow (Unicode SEH) (Egghunter)
Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)
Total Commander 8.52 - Overwrite (SEH) Buffer Overflow
Total Commander 8.52 - Overwrite Buffer Overflow (SEH)
TECO SG2 LAD Client 3.51 - '.gen' Overwrite (SEH) Buffer Overflow
TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite (SEH) Buffer Overflow
TECO SG2 LAD Client 3.51 - '.gen' Overwrite Buffer Overflow (SEH)
TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite Buffer Overflow (SEH)
Jungo DriverWizard WinDriver - Kernel Pool Overflow
Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation
Tor - Linux Sandbox Breakout via X11
Samba < 2.2.8 (Linux/BSD) - Remote Code Execution
Samba 3.0.4 SWAT - Authorisation Buffer Overflow
Samba 3.0.4 - SWAT Authorisation Buffer Overflow
BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH) Universal
BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH)
Samba 2.2.x - nttrans Overflow (Metasploit)
Samba 2.2.x - 'nttrans' Overflow (Metasploit)
BigAnt Server 2.52 - (SEH) Exploit
BigAnt Server 2.52 - Exploit (SEH)
File Sharing Wizard 1.5.0 - (SEH) Exploit
File Sharing Wizard 1.5.0 - Exploit (SEH)
Samba - 'Username' map script' Command Execution (Metasploit)
Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)
Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)
Samba 2.2.8 (BSD x86) - 'trans2open' Overflow Exploit (Metasploit)
Samba 2.0.7 SWAT - Logging Failure
Samba 2.0.7 - SWAT Logging Failure
Sambar Server 4.4/5.0 - pagecount File Overwrite
Sambar Server 4.4/5.0 - 'pagecount' File Overwrite
Sambar Server 5.x - results.stm Cross-Site Scripting
Sambar Server 5.x - 'results.stm' Cross-Site Scripting
Samba SMB 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow
Samba 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow
BigAnt Server 2.52 SP5 - (SEH) Stack Overflow ROP-Based Exploit (ASLR + DEP Bypass)
BigAnt Server 2.52 SP5 - Stack Overflow ROP-Based Exploit (SEH) (ASLR + DEP Bypass)
Sambar 5.x - Open Proxy / Authentication Bypass
Sambar Server 5.x - Open Proxy / Authentication Bypass
Sambar Server 6.1 Beta 2 - show.asp show Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - showperf.asp title Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - showini.asp Arbitrary File Access
Sambar Server 6.1 Beta 2 - 'show.asp' show Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - 'showperf.asp' title Parameter Cross-Site Scripting
Sambar Server 6.1 Beta 2 - 'showini.asp' Arbitrary File Access
Sambar Server 5.x/6.0/6.1 - results.stm indexname Cross-Site Scripting
Sambar Server 5.x/6.0/6.1 - 'results.stm' indexname Cross-Site Scripting
Ruby 1.9.1 - WEBrick Terminal Escape Sequence in Logs Command Injection
Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection
Varnish 2.0.6 - Terminal Escape Sequence in Logs Command Injection
Varnish 2.0.6 - 'Terminal Escape Sequence in Logs' Command Injection
Yaws 1.55 - Terminal Escape Sequence in Logs Command Injection
Orion Application Server 2.0.7 - Terminal Escape Sequence in Logs Command Injection
Yaws 1.55 - 'Terminal Escape Sequence in Logs' Command Injection
Orion Application Server 2.0.7 - 'Terminal Escape Sequence in Logs' Command Injection
Sysax Multi Server 6.50 - HTTP File Share Overflow (SEH) Remote Code Execution (SEH)
Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution (SEH)
Easy File Sharing Web Server 7.2 - (SEH) Overflow (Egghunter)
Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH)
Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
Samba 3.5.0 < 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures
WordPress Core & MU & Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures
PHP-Nuke 8.0 - Cross-Site Scripting / HTML Code Injection in News Module
PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection
PHP-decoda - Cross-Site Scripting In Video Tag
PHP-decoda - 'Video Tag' Cross-Site Scripting
vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x - Authenticated SQL Injection in breadcrumbs via xmlrpc API
vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting
vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection
Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)
WebKit - Stealing Variables via Page Navigation in 'FrameLoader::clear'
WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation
FineCMS 1.0 - Multiple Vulnerabilities
FineCMS 1.0 - Multiple Vulnerabilities
A2billing 2.x - SQL Injection
Cory Support - 'pr' Parameter SQL Injection
Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection
2017-09-07 05:01:26 +00:00
Offensive Security
427165968d
DB: 2017-09-05
...
9 new exploits
IBM Notes 8.5.x/9.0.x - Denial of Service (2)
Lotus Notes Diagnostic Tool 8.5/9.0 - Privilege Escalation
RubyGems < 2.6.13 - Arbitrary File Overwrite
Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow
Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' Parameter SQL Injection
Joomla! Component CheckList 1.1.0 - SQL Injection
Wireless Repeater BE126 - Remote Code Execution
CodeMeter 6.50 - Cross-Site Scripting
Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery
2017-09-05 05:01:31 +00:00
Offensive Security
a160bc0c68
DB: 2017-09-02
...
2 new exploits
Mozilla Firefox 3.6.3 - Fork Bomb Denial of Service
Mozilla Firefox 3.6.3 - Fork Bomb (Denial of Service)
OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass
Git <= 2.7.5 - Command Injection (Metasploit)
Git < 2.7.5 - Command Injection (Metasploit)
Joomla! 1.0.7 / Mambo 4.5.3 - (feed) Full Path Disclosure / Denial of Service
Joomla! 1.0.7 / Mambo 4.5.3 - 'feed' Full Path Disclosure / Denial of Service
Joomla! 1.0.9 - (Weblinks) Blind SQL Injection
Joomla! 1.0.9 - 'Weblinks' Blind SQL Injection
Joomla! 1.5.x - (Token) Remote Admin Change Password
Joomla! 1.5.x - 'Token' Remote Admin Change Password
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
Joomla! Component & Plugin 'JE Tooltip' 1.0 - Local File Inclusion
Joomla! 'com_djClassifieds' 0.9.1 - Arbitrary File Upload
Joomla! Component 'com_djClassifieds' 0.9.1 - Arbitrary File Upload
Joomla! 1.6.0-Alpha2 - Cross-Site Scripting
Joomla! 1.6.0 Alpha2 - Cross-Site Scripting
Joomla! - Spam Mail Relay
Joomla! 1.5.22 / 1.6.0 - 'com_mailto' Spam Mail Relay
Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection
Joomla! Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection
Joomla Component Huge-IT Video Gallery 1.0.9 - SQL Injection
Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection
Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection
Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection
2017-09-02 05:01:21 +00:00
Offensive Security
13819fd065
DB: 2017-08-30
...
10 new exploits
ProFTPd 1.2.0 (rc2) - memory leakage example Exploit
ProFTPd 1.2.0pre10 - Remote Denial of Service
ProFTPd 1.2.0 rc2 - Memory Leakage Exploit
ProFTPd 1.2.0 pre10 - Remote Denial of Service
ProFTPd 1.3.0a - (mod_ctrls support) Local Buffer Overflow (PoC)
ProFTPd 1.3.0a - 'mod_ctrls support' Local Buffer Overflow (PoC)
ProFTPd mod_sftp - Integer Overflow Denial of Service (PoC)
ProFTPd - 'mod_sftp' Integer Overflow Denial of Service (PoC)
ProFTPd 1.2 - SIZE Remote Denial of Service
ProFTPd 1.2 - 'SIZE' Remote Denial of Service
ProFTPd 1.2.x - STAT Command Denial of Service
ProFTPd 1.2.x - 'STAT' Denial of Service
ProFTPd - (ftpdctl) Local pr_ctrls_connect
ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit
ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (1)
ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (2)
ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (1)
ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (2)
ProFTPd 1.3.0/1.3.0a - (mod_ctrls) Local Overflow (exec-shield)
ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' Local Overflow (exec-shield)
ProFTPd 1.3.0 - mod_ctrls Local Stack Overflow (OpenSUSE)
ProFTPd 1.3.0 (OpenSUSE) - 'mod_ctrls' Local Stack Overflow
Easy Vedio to PSP Converter 1.6.20 - Buffer Overflow (SEH)
ProFTPd 1.2.9RC1 - 'mod_sql' SQL Injection
ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection
ProFTPd 1.3.0 - (sreplace) Remote Stack Overflow (Metasploit)
ProFTPd 1.3.0 - 'sreplace' Remote Stack Overflow (Metasploit)
ProFTPd 1.x (module mod_tls) - Remote Buffer Overflow
ProFTPd 1.x - 'mod_tls module' Remote Buffer Overflow
ProFTPd 1.3.2rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow (Metasploit)
ProFTPd 1.2 < 1.3.0 (Linux) - sreplace Buffer Overflow (Metasploit)
ProFTPd 1.3.2 rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow (Metasploit)
ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Buffer Overflow (Metasploit)
ProFTPd 1.3.2rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow (Metasploit)
ProFTPd 1.3.2 rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow (Metasploit)
FreeBSD ftpd and ProFTPd on FreeBSD - Remote Command Execution
ftpd / ProFTPd (FreeBSD) - Remote Command Execution
ProFTPd 1.2 pre6 - snprintf Exploit
ProFTPd 1.2 pre6 - 'snprintf' Remote Root Exploit
D-Link DIR-645 / DIR-815 - diagnostic.php Command Execution (Metasploit)
D-Link DIR-645 / DIR-815 - 'diagnostic.php' Command Execution (Metasploit)
D-Link DIR615h - OS Command Injection (Metasploit)
D-Link DIR-615H - OS Command Injection (Metasploit)
ProFTPd 1.3.5 - (mod_copy) Remote Command Execution
ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution
ProFTPd 1.3.5 - 'Mod_Copy' Command Execution (Metasploit)
ProFTPd 1.3.5 - 'mod_copy' Command Execution (Metasploit)
QNAP Transcode Server - Command Execution (Metasploit)
D-Link DIR-600 / DIR-300 (rev B) - Multiple Vulnerabilities
D-Link DIR-600 / DIR-300 (Rev B) - Multiple Vulnerabilities
D-Link DIR-615 rev H - Multiple Vulnerabilities
D-Link DIR-615 Rev H - Multiple Vulnerabilities
D-Link DIR-615 Hardware rev D3 / DIR-300 Hardware rev A - Multiple Vulnerabilities
D-Link DIR-615 Rev D3 / DIR-300 Rev A - Multiple Vulnerabilities
D-Link DIR-615 Hardware vE4 Firmware 5.10 - Cross-Site Request Forgery
D-Link DIR-615 vE4 Firmware 5.10 - Cross-Site Request Forgery
D-Link DIR-600L Hardware Version AX Firmware 1.00 - Cross-Site Request Forgery
D-Link DIR-600L AX 1.00 - Cross-Site Request Forgery
NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting
NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access)
D-Link DIR-600 - Authentication Bypass
Car or Cab Booking Script - Authentication Bypass
PHP Appointment Booking Script - Authentication Bypass
User Login and Management - Multiple Vulnerabilities
PHP Video Battle Script 1.0 - SQL Injection
Brickcom IP Camera - Credentials Disclosure
2017-08-30 05:01:38 +00:00
Offensive Security
dd6e8a4e4c
DB: 2017-08-24
...
13 new exploits
libgig 4.0.0 - LinuxSampler Multiple Vulnerabilities
Microsoft Internet Explorer - wshom.ocx (Run) ActiveX Remote Code Execution (Add Admin)
Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin)
Automated Logic WebCTRL 6.5 - Local Privilege Escalation
Microsoft Internet Explorer - (createTextRang) Download Shellcode Exploit (1)
Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (1)
Microsoft Internet Explorer - wshom.ocx ActiveX Control Remote Code Execution
Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Execution
Easy File Management Web Server 5.3 - UserID Remote Buffer Overflow (ROP)
Easy File Management Web Server 5.3 - 'UserID' Remote Buffer Overflow (ROP)
Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow
Easy File Management Web Server 5.6 - 'USERID' Remote Buffer Overflow
BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes)
BSD/x86 - Bind TCP Shell (Random TCP Port) Shellcode (143 bytes)
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)
Linux/x86 - Bind TCP Shellcode (Generator)
Linux/x86 - Bind TCP Shell Shellcode (Generator)
Linux/x86 - Command Null-Free Shellcode (Generator)
Linux/x86 - Command Generator Null-Free Shellcode (Generator)
Cisco IOS/PowerPC - Bind Password (1rmp455) Shellcode (116 bytes)
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Linux/MIPS (Linksys WRT54G/GL) - execve Shellcode (60 bytes)
Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]); Shellcode (60 bytes)
Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes)
Linux/x86 - Forks a HTTP Server on 8800/TCP Shellcode (166 bytes)
Linux/x86 - Listens on 5555/TCP + Jumps to it Shellcode (83 bytes)
Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)
Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes)
Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)
Linux/x86 - File Reader Shellcode (65+ bytes)
Linux/x86 - Read /etc/passwd Shellcode (65+ bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access Shellcode (86 bytes)
Linux/x86 - Ho' Detector - Promiscuous mode detector Shellcode (56 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)
Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)
Linux/x86 - system-beep Shellcode (45 bytes)
Linux/x86 - System Beep Shellcode (45 bytes)
Linux/x86 - rm -rf / Attempts To Block The Process From Being Stopped Shellcode (132 bytes)
Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes)
Linux/x86 - raw-socket ICMP/checksum shell Shellcode (235 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - kill all processes Shellcode (11 bytes)
Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - Kill All Processes Shellcode (11 bytes)
Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A ) + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - re-use of /bin/sh string in .rodata Shellcode (16 bytes)
Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - execve(/bin/sh) + .ZIP Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + .RTF Header Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + .RIFF Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + .BMP Bitmap Header Shellcode (27 bytes)
Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes)
Linux/x86 - SWAP store from /tmp/sws Shellcode (99 bytes)
Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes)
Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads + JMP Shellcode (68+ bytes)
Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes)
Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin ) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)
Linux/x86 - TCP Proxy (192.168.1.16:1280) All Connect() Null-Free Shellcode (236 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() Shellcode (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) Shellcode (45 bytes)
Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes)
Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes)
Linux/x86 - normal exit with random (so to speak) return value Shellcode (5 bytes)
Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes)
Linux/x86 - Socket-proxy Shellcode (372 bytes)
Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes)
Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (187+ bytes)
Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes)
Linux/x86 - Radically Self-Modifying Shellcode (70 bytes)
Linux/x86 - Magic Byte Self-Modifying Shellcode (76 bytes)
Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)
Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less Shellcode (45 bytes)
Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)
Linux/x86 - kill snort Shellcode (151 bytes)
Linux/x86 - Kill Snort Shellcode (151 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - eject /dev/cdrom Shellcode (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 Shellcode (132 bytes)
Linux/x86 - ipchains -F Shellcode (49 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes)
Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)
Linux/x86 - execve /bin/sh (tolower() Evasion) Shellcode (41 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh (toupper() Evasion) Shellcode (55 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)
NetBSD/x86 - kill all processes Shellcode (23 bytes)
NetBSD/x86 - Callback 6666/TCP Shellcode (83 bytes)
NetBSD/x86 - Kill All Processes Shellcode (23 bytes)
NetBSD/x86 - Reverse TCP Shell (6666/TCP) Shellcode (83 bytes)
OSX/PPC - Add inetd backdoor Shellcode (222 bytes)
OSX/PPC - reboot Shellcode (28 bytes)
OSX/PPC - Add inetd (/etc/inetd.conf) Backdoor (Bind 6969/TCP Shell) Shellcode (222 bytes)
OSX/PPC - Reboot Shellcode (28 bytes)
OSX/PPC - create /tmp/suid Shellcode (122 bytes)
OSX/PPC - simple write() Shellcode (75 bytes)
OSX/PPC - Create /tmp/suid Shellcode (122 bytes)
OSX/PPC - Simple write() Shellcode (75 bytes)
Solaris/SPARC - Download File + Execute Shellcode (278 bytes)
Solaris/SPARC - Download File (http://evil-dl/ ) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes)
Solaris/SPARC - Bind TCP /bin/sh Shell (6789/TCP) Shellcode (228 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Solaris/x86 - Bind TCP Shell Shellcode (Generator)
Solaris/x86 - execve /bin/sh toupper evasion Shellcode (84 bytes)
Solaris/x86 - Add services and execve inetd Shellcode (201 bytes)
Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes)
Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Linux/x86 - kill all processes Shellcode (9 bytes)
Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe ) + Execute Shellcode (218+ bytes)
Linux/x86 - Kill All Processes Shellcode (9 bytes)
Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Linux/x86 - eject /dev/cdrom Shellcode (42 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Linux/x86 - Disabled modsecurity Shellcode (64 bytes)
Linux/x86 - Disable modsecurity Shellcode (64 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Solaris/x86 - Download File Shellcode (79 bytes)
Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes)
Solaris/x86 - Download File (http://shell-storm.org/exemple-solaris ) Shellcode (79 bytes)
Linux/x86 - Disable ASLR Security Shellcode (106 bytes)
Linux/x86 - kill all running process Shellcode (11 bytes)
Linux/x86 - Kill All Running Process Shellcode (11 bytes)
Solaris/x86 - SystemV killall command Shellcode (39 bytes)
Solaris/x86 - SystemV killall Command Shellcode (39 bytes)
Windows x86 - Checksum Routine Shellcode (18 bytes)
Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes)
ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader (0x1337/TCP) Shellcode
ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/UDP) Shellcode
ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
OSX/Intel x86-64 - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
OSX - Universal ROP Shellcode
Linux/MIPS - execve Shellcode (52 bytes)
OSX - Universal ROP + Reverse TCP Shell Shellcode
Linux/MIPS - execve /bin/sh Shellcode (52 bytes)
Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shellcode (637 bytes)
Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes)
Windows - URLDownloadToFile + WinExec + ExitProcess Shellcode
Windows - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt ) + WinExec + ExitProcess Shellcode
Linux/x86 - Socket Re-use Shellcode (50 bytes)
Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)
Linux/x86-64 - Position independent + execve(_/bin/sh\0__NULL_NULL); Alphanumeric Shellcode (87 bytes)
Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes)
Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile Shellcode (118 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x86 - execve _/bin/sh_ Shellcode (35 bytes)
Linux/x86 - execve /bin/sh Shellcode (35 bytes)
Linux/x86 - Execve /bin/sh Via Push Shellcode (21 bytes)
Linux/x86-64 - Execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - execve /bin/sh Via Push Shellcode (21 bytes)
Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - execve _/bin/sh_ Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (26 bytes)
Linux/x86 - /etc/passwd Reader Shellcode (58 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 bytes)
Linux/x86 - execve _/bin/sh_ Shellcode (24 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes)
Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes)
Linux x86/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (251 bytes)
Linux/x86-64 - Execve-Stack Polymorphic Shellcode (47 bytes)
Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Bind Shell Shellcode (Generator)
Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes)
Linux/x86-64 - Bind TCP Shell Shellcode (Generator)
Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes)
Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes)
Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes)
Linux/x86-64 - Information Stealer Shellcode (399 bytes)
Linux/x86-64 - Download File (http://192.168.30.129/pri.sh ) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444) Shellcode (75 bytes)
Windows x64 - Download File + Execute Shellcode (358 bytes)
Windows x64 - Download File (http://192.168.10.129/pl.exe ) + Execute (C:\Users\Public\p.exe) Shellcode (358 bytes)
Linux/x86-64 - Random Listener Shellcode (54 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes)
Linux/x86-64 - Setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86-64 - setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes)
Linux/x86 - File Reader Shellcode (54 Bytes)
Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 Bytes)
Matrimonial Script - SQL Injection
Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution
Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write
iTech B2B Script 4.42 - SQL Injection
iTech Business Networking Script 8.26 - SQL Injection
iTech Caregiver Script 2.71 - SQL Injection
iTech Classifieds Script 7.41 - SQL Injection
iTech Image Sharing Script 4.13 - SQL Injection
iTech Freelancer Script 5.27 - SQL Injection
iTech Travel Script 9.49 - SQL Injection
iTech Multi Vendor Script 6.63 - SQL Injection
2017-08-24 05:01:22 +00:00
Offensive Security
c7b4bfd8e6
DB: 2017-08-23
...
23 new exploits
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow
Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow
VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow
Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit)
IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit)
BSD - Passive Connection Shellcode (124 bytes)
BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)
BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes)
BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes)
BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes)
BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes)
BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes)
BSD/x86 - Bind Random Port Shellcode (143 bytes)
BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes)
BSD/x86 - execve /bin/sh Shellcode (27 bytes)
BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes)
BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes)
BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes)
BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes)
BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes)
BSD/x86 - cat /etc/master.passwd | mail [email] Shellcode (92 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes)
BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes)
BSD/x86 - execve /bin/cat /etc/master.passwd | mail [email] Shellcode (92 bytes)
BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes)
FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes)
BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes)
FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes)
FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes)
FreeBSD/x86 - kill all processes Shellcode (12 bytes)
FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes)
FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes)
FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes)
FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes)
FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes)
FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes)
FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)
FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes)
Linux/x86 - Bind Shellcode (Generator)
Windows XP SP1 - Bind Shellcode (Generator)
(Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode
Linux/x86 - cmd Null-Free Shellcode (Generator)
(Generator) - Alphanumeric Shellcode (Encoder/Decoder)
Linux/x86 - Bind TCP Shellcode (Generator)
Windows XP SP1 - Bind TCP Shell Shellcode (Generator)
Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator)
Linux/x86 - Command Null-Free Shellcode (Generator)
Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator)
Win32 - Multi-Format Encoding Tool Shellcode (Generator)
iOS - Version-independent Shellcode
Cisco IOS - Connectback 21/TCP Shellcode
Windows x86 - Multi-Format Encoding Tool Shellcode (Generator)
iOS Version-independent - Null-Free Shellcode
Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode
Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes)
Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes)
Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes)
Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes)
Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes)
Linux/x86 - killall5 polymorphic Shellcode (61 bytes)
Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes)
Linux/x86 - reboot() polymorphic Shellcode (57 bytes)
Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes)
Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes)
Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes)
Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes)
Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes)
Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes)
Linux/x86 - Shellcode Obfuscator (Generator)
Linux/x86 - Shellcode Obfuscator Null-Free (Generator)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)
Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes)
Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)
Linux/x86 - /sbin/iptables -F Shellcode (40 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes)
Linux/x86 - executes command after setreuid Shellcode (49+ bytes)
Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid + executes command (49+ bytes)
Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes)
Linux/x86 - Bind 2707/TCP Shellcode (84 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)
Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes)
Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)
Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes)
Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)
Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes)
Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes)
Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind 64713/TCP Shellcode (86 bytes)
Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - TCP Proxy Shellcode (236 bytes)
Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes)
Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)
Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes)
Linux/x86 - snoop /dev/dsp Shellcode (172 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes)
Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - chroot + standart Shellcode (66 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - setreuid/execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Shellcode (64 bytes)
Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes)
Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)
Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)
Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes)
Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - iptables -F Shellcode (45 bytes)
Linux/x86 - iptables -F Shellcode (58 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - connect Shellcode (120 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind 5074/TCP Shellcode (92 bytes)
Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes)
Linux/x86 - Add User (t00r) Shellcode (82 bytes)
Linux/x86 - Add User Shellcode (104 bytes)
Linux/x86 - break chroot Shellcode (34 bytes)
Linux/x86 - break chroot Shellcode (46 bytes)
Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes)
Linux/x86 - Add Root User (t00r) Shellcode (82 bytes)
Linux/x86 - Add Root User Shellcode (104 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)
Linux/x86 - chroot()/execve() code Shellcode (80 bytes)
Linux/x86 - Add User (z) Shellcode (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes)
Linux/x86 - Add Root User (z) Shellcode (70 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)
OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)
Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)
OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)
Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes)
OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes)
OSX/PPC - sync()_ reboot() Shellcode (32 bytes)
OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes)
OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes)
OSX/PPC - sync() + reboot() Shellcode (32 bytes)
OSX/PPC - Add user _r00t_ Shellcode (219 bytes)
OSX/PPC - Add Root User (r00t) Shellcode (219 bytes)
Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes)
Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid/execve Shellcode (56 bytes)
Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes)
Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes)
Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid + execve Shellcode (56 bytes)
Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes)
Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Solaris/SPARC - Bind Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode
Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes)
Win32 - SEH Omelet Shellcode
Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes)
Win32 - PEB!NtGlobalFlags Shellcode (14 bytes)
Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes)
Win32/XP SP2 - cmd.exe Shellcode (57 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Win32 - ConnectBack + Download A File + Save + Execute Shellcode
Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes)
Win32 - Download File + Execute Shellcode (192 bytes)
Win32 - Download File + Execute Shellcode (124 bytes)
Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box Shellcode (110 bytes)
Win32 - WinExec() Command Parameter Shellcode (104+ bytes)
Win32 - Download File + Execute Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes)
Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode
Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)
Windows x86 - SEH Omelet Shellcode
Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes)
Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode
Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)
Windows x86 - Download File + Execute Shellcode (192 bytes)
Windows x86 - Download File + Execute Shellcode (124 bytes)
Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)
Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)
Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes)
Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes)
Windows x86 - Download File + Execute Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator)
Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator)
Windows XP - Download File + Execute Shellcode
Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes)
Windows XP - Download File + Execute Null-Free Shellcode
Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)
Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes)
Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Win32 XP SP3 - ShellExecuteA Shellcode
Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Windows XP SP3 x86 - ShellExecuteA Shellcode
Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode
FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes)
Win32/XP SP2 - calc.exe Shellcode (45 bytes)
Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode
FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes)
Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes)
Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)
Linux/x86 - break chroot Shellcode (79 bytes)
Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes)
Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes)
Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)
Win32 XP SP2 (FR) - calc Shellcode (19 bytes)
Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)
Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes)
Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)
Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - disabled modsecurity Shellcode (64 bytes)
Win32 - JITed Stage-0 Shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Linux/x86 - Disabled modsecurity Shellcode (64 bytes)
Windows x86 - JITed Stage-0 Shellcode
Windows x86 - JITed exec notepad Shellcode
Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)
Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes)
Win32 - MessageBox Shellcode (Metasploit)
Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows x86 - MessageBox Shellcode (Metasploit)
Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode
Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes)
Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode
Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes)
Linux - write() + exit(0) Shellcode (Genearator With Customizable Text)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)
Linux - write() + exit(0) Shellcode (Generator)
Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)
Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes)
Windows XP SP2 (FR) - Download File + Execute Shellcode
Windows XP SP2 (French) - Download File + Execute Shellcode
Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes)
Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes)
Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes)
Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes)
Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes)
Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes)
Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes)
Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)
Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes)
Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind Shell 64533 Shellcode (97 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes)
Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode
Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes)
Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode
Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Win32 - Write-to-file Shellcode (278 bytes)
Windows x86 - Write-to-file Null-Free Shellcode (278 bytes)
Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 English - MessageBoxA Shellcode (87 bytes)
BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes)
Win32 - Checksum Routine Shellcode (18 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes)
Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes)
BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes)
Windows x86 - Checksum Routine Shellcode (18 bytes)
Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes)
Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)
Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes)
Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes)
Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader Port 0x1337 Shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode
ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader (0x1337/TCP) Shellcode
ARM - ifconfig eth0 192.168.0.2 up Shellcode
ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes)
Win32 - Speaking 'You got pwned!' Shellcode
FreeBSD/x86 - connect back Shellcode (81 bytes)
BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes)
Win32 - eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)
Linux/x86 - ASLR deactivation Shellcode (83 bytes)
Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes)
ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)
Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator)
BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes)
Windows x86 - eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)
Linux/x86 - Disable ASLR Security Shellcode (83 bytes)
Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes)
Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)
Linux/x86 - Egghunter Shellcode (29 bytes)
Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)
Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes)
Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator)
Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes)
Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes)
Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)
Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes)
Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes)
Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes)
Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes)
Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes)
Windows x64 - Bind TCP Shell Shellcode (508 bytes)
Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes)
Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)
Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes)
Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes)
Windows RT ARM - Bind Shell 4444/TCP Shellcode
Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode
Windows - Messagebox Shellcode (113 bytes)
Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)
Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes)
Windows - Add Administrator 'BroK3n' Shellcode (194 bytes)
Windows - Messagebox Null-FreeShellcode (113 bytes)
Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)
Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes)
Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)
Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes)
Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)
Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes)
Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes)
Linux/x86 - Disable ASLR Shellcode (84 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes)
Linux/x86 - Disable ASLR Security Shellcode (84 bytes)
Linux/x86 - Typewriter Shellcode (Generator)
Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes)
Linux/x86 - Typewriter Shellcode (Generator)
Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)
Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes)
Win32/XP SP3 - Restart computer Shellcode (57 bytes)
Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator)
Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)
Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes)
Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)
Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes)
Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)
Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)
Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes)
Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes)
Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes)
Linux/x86 - exec('/bin/dash') Shellcode (45 bytes)
Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)
Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)
Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes)
Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode
Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)
Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes)
Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode
Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)
Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes)
Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes)
OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes)
Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes)
Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator)
Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator)
OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes)
Linux/x86-64 - /bin/sh Shellcode (34 bytes)
Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)
OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (34 bytes)
Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes)
Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python)
Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes)
Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes)
Windows XP < 10 - WinExec Null-Free Shellcode (Generator)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)
Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes)
Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes)
Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes)
Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes)
Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes)
Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)
Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes)
Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)
Win32 .Net Framework - Execute Native x86 Shellcode
Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Windows .Net Framework x86 - Execute Native x86 Shellcode
Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator)
Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes)
Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes)
Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)
Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes)
Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shellcode (64 bytes)
Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes)
Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes)
Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)
Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)
Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)
Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes)
Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes)
Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)
Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes)
Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Windows x64 - WinExec() Shellcode (93 bytes)
Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)
Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes)
Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes)
Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes)
Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator)
Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes)
Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Windows x86 - Executable Directory Search Shellcode (130 bytes)
Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)
Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)
Linux/x86 - Bind Shell Shellcode (44 bytes)
Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes)
Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)
Linux/x86 - Disable ASLR Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes)
Linux/x86 - Disable ASLR Security Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)
Linux/x86-64 - /bin/sh Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes)
Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes)
Linux x86 - /bin/sh Shellcode (24 bytes)
Linux x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86_64 - kill All Processes Shellcode (19 bytes)
Linux/x86_64 - Kill All Processes Shellcode (19 bytes)
Php Cloud mining Script - Authentication Bypass
(Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass
2017-08-23 05:01:29 +00:00
Offensive Security
bc1dac1620
DB: 2017-08-15
...
3 new exploits
GetRight 5.2a - Skin File (.grs) Buffer Overflow
GetRight 5.2a - '.grs' Skin File Buffer Overflow
Tomabo MP4 Converter 3.19.15 - Denial of Service
Xamarin Studio for Mac 6.2.1 (build 3)/6.3 (build 863) - Privilege Escalation
Winamp 5.04 - Skin File (.wsz) Remote Code Execution
Winamp 5.04 - '.wsz' Skin File Remote Code Execution
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit (Compiled)
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit
Concrete5 < 5.4.2.1 - Multiple Vulnerabilities
Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities
Concrete5 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection
Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection
Concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting
Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting
Concrete5 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion
Concrete5 CMS 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion
Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross Site Scripting
Concrete5 8.1.0 - 'Host' Header Injection
Concrete5 CMS 8.1.0 - 'Host' Header Injection
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery
Red-Gate SQL Monitor < 3.10/4.2 - Authentication Bypass
Red-Gate SQL Monitor < 3.10 / 4.2 - Authentication Bypass
2017-08-15 05:01:22 +00:00
Offensive Security
3f58d5334c
DB: 2017-08-09
...
4 new exploits
WildMIDI 0.4.2 - Multiple Vulnerabilities
Comodo Backup 4.4.0.0 - Null Pointer Dereference EOP
Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation
Microsoft Windows - LNK Shortcut File Code Execution
Microsoft Windows - '.LNK' Shortcut File Code Execution
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Oracle E-Business Suite 12.x - Server-Side Request Forgery
Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit)
Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload
Advantech SUSIAccess < 3.0 - Directory Traversal / Information Disclosure (Metasploit)
Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload
Technicolor TC7337 - SSID Persistent Cross-Site Scripting
Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting
Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution
2017-08-09 05:01:29 +00:00
Offensive Security
16dd4b9d6d
DB: 2017-08-04
...
7 new exploits
DNSTracer 1.8.1 - Buffer Overflow
DNSTracer 1.8.1 - Buffer Overflow (PoC)
DNSTracer 1.9 - Buffer Overflow
VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation
VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation
Premium Servers List Tracker 1.0 - SQL Injection
EDUMOD Pro 1.3 - SQL Injection
Muviko 1.0 - 'q' Parameter SQL Injection
Technicolor TC7337 - SSID Persistent Cross-Site Scripting
2017-08-04 05:01:28 +00:00
Offensive Security
baeaf13b13
DB: 2017-08-02
...
9 new exploits
libmad 0.15.1b - 'mp3' Memory Corruption
iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation
SKILLS.com.au Industry App - MITM Remote Code Execution
Virtual Postage (VPA) - MITM Remote Code Execution
Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit)
Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload
VehicleWorkshop - Authentication Bypass
VehicleWorkshop - Arbitrary File Upload
SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection
2017-08-02 05:01:31 +00:00
Offensive Security
c116e6f563
DB: 2017-08-01
...
7 new exploits
DivFix++ 0.34 - Denial of Service
Vorbis Tools oggenc 1.4.0 - '.wav' Denial of Service
Sound eXchange (SoX) 14.4.2 - Multiple Vulnerabilities
libvorbis 1.3.5 - Multiple Vulnerabilities
libao 1.2.0 - Denial of Service
Jenkins < 1.650 - Java Deserialization
DiskBoss Enterprise 8.2.14 - Buffer Overflow
2017-08-01 05:01:29 +00:00
Offensive Security
fb7bed6364
DB: 2017-07-29
...
6 new exploits
GNU libiberty - Buffer Overflow
SoundTouch 1.9.2 - Multiple Vulnerabilities
LAME 3.99.5 - Multiple Vulnerabilities
libjpeg-turbo 1.5.1 - Denial of Service
Joomla! Component com_ccnewsletter - Directory Traversal
Joomla! Component CCNewsLetter - Directory Traversal
Joomla! Component com_ccnewsletter - Local File Inclusion
Joomla! Component CCNewsLetter - Local File Inclusion
Joomla! Component CCNewsLetter 2.1.9 - 'sbid' Parameter SQL Injection
FortiOS < 5.6.0 - Cross-Site Scripting
2017-07-29 05:01:21 +00:00
Offensive Security
e27b6b8408
DB: 2017-07-25
...
17 new exploits
Linux Kernel 2.6.32-642 /3.16.0-4 - 'inode' Integer Overflow
Linux Kernel 2.6.32-642/3.16.0-4 - 'inode' Integer Overflow
WebKit - 'WebCore::AccessibilityNodeObject::textUnderElement' Use-After-Free
WebKit - 'WebCore::AccessibilityRenderObject::handleAriaExpandedChanged' Use-After-Free
WebKit - 'WebCore::Node::nextSibling' Use-After-Free
WebKit - 'WebCore::RenderSearchField::addSearchResult' Heap Buffer Overflow
WebKit - 'WebCore::InputType::element' Use-After-Free
WebKit - 'WebCore::RenderObject' with Accessibility Enabled Use-After-Free
WebKit - 'WebCore::Node::getFlag' Use-After-Free
WebKit - 'WebCore::getCachedWrapper' Use-After-Free
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - ScsiAccess Privilege Escalation
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - 'ScsiAccess.exe' Privilege Escalation
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (SUID)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (SUID Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition (PoC) (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition Privilege Escalation (/etc/passwd)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (/etc/passwd)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)
MAWK 1.3.3-17 - Local Buffer Overflow
Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit)
Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)
IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit)
VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit)
ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit)
PaulShop - SQL Injection / Cross-Site Scripting
REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution
REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure
2017-07-25 05:01:20 +00:00
Offensive Security
9640473c86
DB: 2017-07-20
...
23 new exploits
Linux Kernel 3.0.5 - 'test_root()' Function Local Denial of Service
Linux Kernel 3.0.5 - 'test_root()' Local Denial of Service
SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit)
SquirrelMail - 'chpasswd' Local Privilege Escalation (Brute Force)
Kaspersky 17.0.0 - Local CA root Incorrectly Protected
Kaspersky 17.0.0 - Local CA Root Incorrectly Protected
Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass
Castripper 2.50.70 - '.pls' File Stack Buffer Overflow (DEP Bypass)
WICD - Local Privilege Esclation Exploit
WICD 1.7.1 - Local Privilege Escalation
Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions
Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions
Oracle Solaris 11.1/11.3 (RSH) - Local Privilege Escalation 'Stack Clash' Exploit
OpenBSD - 'at' Local Privilege Escalation 'Stack Clash' Exploit
Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation
OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' Local Privilege Escalation 'Stack Clash' Exploit
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation
Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation
Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation
HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution
Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution
Trend Micro Interscan VirusWall localweb - Directory Traversal
Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)
Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting
Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)
XAMPP 1.6.x - 'showcode.php' Local File Inclusion
Yealink VoIP Phone SIP-T38G - Local File Inclusion
InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)
DreamBox DM800 - 'file' Parameter Local File Disclosure
Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting
TP-Link TL-WR841N Router - Local File Inclusion
Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities
Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure
Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes)
Vivvo Article Manager 3.4 - (root) Local File Inclusion
Vivvo Article Manager 3.4 - 'root' Local File Inclusion
60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion
60cycleCMS 2.5.2 - 'DOCUMENT_ROOT' Multiple Local File Inclusion
HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution
Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution
Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution
Trend Micro Interscan VirusWall localweb - Directory Traversal
Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)
Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting
Campsite 2.6.1 - 'LocalizerConfig.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion
Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion
Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)
XAMPP 1.6.x - 'showcode.php' Local File Inclusion
Yealink VoIP Phone SIP-T38G - Local File Inclusion
InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)
DreamBox DM800 - 'file' Parameter Local File Disclosure
Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting
TP-Link TL-WR841N Router - Local File Inclusion
Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities
Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure
Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit)
Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)
Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection
Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)
Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)
Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)
Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection
2017-07-20 05:01:21 +00:00
Offensive Security
21f7dd8438
DB: 2017-07-19
...
11 new exploits
Microsoft Internet Explorer 11.0.9600.18617 - 'CMarkup::DestroySplayTree' Memory Corruption
Microsoft Internet Explorer 11.1066.14393.0 - VBScript Arithmetic Functions Type Confusion
Microsoft Windows Kernel - 'IOCTL 0x120007 (NsiGetParameter)' nsiproxy/netio Pool Memory Disclosure
Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation
Belkin NetCam F7D7601 - Multiple Vulnerabilities
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)
Sophos Web Appliance 4.3.1.1 - Session Fixation
Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit)
Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit)
PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting
2017-07-19 05:01:23 +00:00
Offensive Security
635e0e935f
DB: 2017-07-15
...
4 new exploits
Counter Strike: Condition Zero - '.BSP' Map File Code Execution
Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution
Apache Struts 2.3.x Showcase - Remote Code Execution (PoC)
WDTV Live SMP 2.03.20 - Remote Password Reset
2017-07-15 05:01:21 +00:00
Offensive Security
ed107bc711
DB: 2017-07-12
...
9 new exploits
Apache 2.0.52 - HTTP GET request Denial of Service
Apache 2.0.52 - GET Request Denial of Service
Microsoft IIS - Malformed HTTP Request Denial of Service (1)
Microsoft IIS - Malformed HTTP Request Denial of Service (2)
Microsoft IIS - HTTP Request Denial of Service (1)
Microsoft IIS - HTTP Request Denial of Service (2)
Microsoft IIS - Malformed HTTP Request Denial of Service
Microsoft IIS - HTTP Request Denial of Service
Adobe Acrobat Reader 8.1.2 - Malformed '.PDF' Remote Denial of Service (PoC)
Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC)
Allegro RomPager 2.10 - Malformed URL Request Denial of Service
Allegro RomPager 2.10 - URL Request Denial of Service
AVM KEN! 1.3.10/1.4.30 - Malformed Request Remote Denial of Service
AVM KEN! 1.3.10/1.4.30 - Remote Denial of Service
Netwin SurgeFTP 1.0b - Malformed Request Denial of Service
Netwin SurgeFTP 1.0b - Denial of Service
iCal 3.7 - Malformed HTTP Request Denial of Service
iCal 3.7 - HTTP Request Denial of Service
3ware Disk Managment 1.10 - Malformed HTTP Request Denial of Service
3ware Disk Managment 1.10 - HTTP Request Denial of Service
Pi3Web 2.0.1 - Malformed GET Request Denial of Service
Pi3Web 2.0.1 - GET Request Denial of Service
Loom Software SurfNow 1.x/2.x - Remote HTTP GET Request Denial of Service
Loom Software SurfNow 1.x/2.x - Remote GET Request Denial of Service
Linksys PSUS4 PrintServer - Malformed HTTP POST Request Denial of Service
Linksys PSUS4 PrintServer - POST Request Denial of Service
Multiple IEA Software Products - HTTP POST Request Denial of Service
Multiple IEA Software Products - POST Request Denial of Service
Linksys WRH54G 1.1.3 Wireless-G Router - Malformed HTTP Request Denial of Service
Linksys WRH54G 1.1.3 Wireless-G Router - HTTP Request Denial of Service
Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial of Service
Geo++ GNCASTER 1.4.0.7 - GET Request Denial of Service
D-Link WBR-2310 1.0.4 - HTTP GET Request Remote Buffer Overflow
D-Link WBR-2310 1.0.4 - GET Request Remote Buffer Overflow
Pelco VideoXpert 1.12.105 - Privilege Escalation
Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Malformed Request Information Disclosure
Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Information Disclosure
Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Malformed Request Information Disclosure
Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Information Disclosuree
PlanetDNS PlanetWeb 1.14 - Malformed Request Remote Buffer Overflow
PlanetDNS PlanetWeb 1.14 - Remote Buffer Overflow
AN HTTPD 1.38/1.39/1.40/1.41 - Malformed SOCKS4 Request Buffer Overflow
AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow
Omnicron OmniHTTPd 2.x/3.0 - Get Request Buffer Overflow
Omnicron OmniHTTPd 2.x/3.0 - GET Request Buffer Overflow
JBoss 3.x/4.0.2 - Malformed HTTP Request Remote Information Disclosure
JBoss 3.x/4.0.2 - HTTP Request Remote Information Disclosure
Easy File Sharing Web Server 7.2 - GET HTTP Request Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - HEAD HTTP Request Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET Request Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - HEAD Request Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (SEH)
Microsoft Windows Windows 8/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (DEP Bypass)
NfSen <= 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection
Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (DEP Bypass)
Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
(Generator) - HTTP/1.x requests Shellcode (18+ bytes / 26+ bytes)
(Generator) - HTTP/1.x Requests Shellcode (18+ bytes / 26+ bytes)
Linux/x86-64 - flush iptables rules Shellcode (84 bytes)
Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes)
Linux/x86 - Self-modifying for IDS evasion Shellcode (64 bytes)
Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes)
Linux/x86 - Bind 8000/TCP + Add User with Root Access Shellcode (225+ bytes)
Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes)
Linux/x86 - File unlinker Shellcode (18+ bytes)
Linux/x86 - Perl script execution Shellcode (99+ bytes)
Linux/x86 - file reader Shellcode (65+ bytes)
Linux/x86 - File Unlinker Shellcode (18+ bytes)
Linux/x86 - Perl Script Execution Shellcode (99+ bytes)
Linux/x86 - File Reader Shellcode (65+ bytes)
Linux/x86 - Add Root User 'r00t' Without Password To /etc/passwd Shellcode (69 bytes)
Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes)
Linux/x86 - execve /bin/sh anti-ids Shellcode (40 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)
Linux/x86 - Add User 'xtz' without Password to /etc/passwd Shellcode (59 bytes)
Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) Shellcode (39 bytes)
Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)
Linux/x86 - Radically Self Modifying Code Shellcode (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code Shellcode (76 bytes)
Linux/x86 - Radically Self-Modifying Shellcode (70 bytes)
Linux/x86 - Magic Byte Self-Modifying Shellcode (76 bytes)
Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT Shellcode (75 bytes)
Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)
Linux/x86 - Add User 't00r' Shellcode (82 bytes)
Linux/x86 - Add User (t00r) Shellcode (82 bytes)
Linux/x86 - execve /bin/sh encrypted Shellcode (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted Shellcode (55 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes)
Linux/x86 - Add User 'z' Shellcode (70 bytes)
Linux/x86 - Add User (z) Shellcode (70 bytes)
Linux/x86 - hard / unclean reboot Shellcode (29 bytes)
Linux/x86 - hard / unclean reboot Shellcode (33 bytes)
Linux/x86 - Hard / Unclean Reboot Shellcode (29 bytes)
Linux/x86 - Hard / Unclean Reboot Shellcode (33 bytes)
Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes)
Linux - Drop SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes)
Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes)
Linux - Find all writeable folder in filesystem polymorphic Shellcode (91 bytes)
Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes)
Linux/x86 - setuid(0) + setgid(0) + add user 'iph' Without Password to /etc/passwd Polymorphic Shellcode
Linux/x86 - Search For php/html Writable Files and Add Your Code Shellcode (380+ bytes)
Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - Search For PHP/HTML Writable Files and Add Your Code Shellcode (380+ bytes)
Linux/x86 - Remote Port Forwarding Shellcode (87 bytes)
Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes)
Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes)
Linux/x86 - Reverse TCP (192.168.1.10:31337) Shellcode (92 bytes)
Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) Shellcode (77 bytes)
Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes)
Linux/x86 - Add Map google.com to 127.1.1.1 Obfuscated Shellcode (98 bytes)
Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes)
Linux/x86 - /bin/sh ROT7 Encoded Shellcode
Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode
Linux/x86 - /bin/sh ROL/ROR Encoded Shellcode
Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode
Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes)
Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes)
Linux/x86-64 - Bind NetCat Shellcode (64 bytes)
Linux/x86-64 - Bind Netcat Shellcode (64 bytes)
Linux/x86 - Reverse zsh 9090/TCP Shellcode (80 bytes)
Linux/x86 - Reverse ZSH 127.255.255.254:9090/TCP Shellcode (80 bytes)
Linux - Multi/Dual mode execve(_/bin/sh__ NULL_ 0) Shellcode (37 bytes)
Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes)
Linux - execve(_/bin/sh__ NULL_ 0) Multi/Dual Mode Shellcode (37 bytes)
Linux - Reverse Shell Multi/Dual Mode Shellcode (Genearator) (129 bytes)
Linux - Dual/Multi mode Bind Shell Shellcode (156 bytes)
Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes)
Linux/x86-64 - Reverse NetCat Shellcode (72 bytes)
Linux/x86-64 - Reverse NetCat Polymorphic Shellcode (106 bytes)
Linux/x86-64 - Reverse Netcat Shellcode (72 bytes)
Linux/x86-64 - Reverse Netcat Polymorphic Shellcode (106 bytes)
Simple Machines Forum (SMF) 1.1.6 - HTTP POST Request Filter Security Bypass
Simple Machines Forum (SMF) 1.1.6 - POST Request Filter Security Bypass
NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)
Pelco Sarix/Spectra Cameras - Remote Code Execution
Pelco VideoXpert 1.12.105 - Directory Traversal
Pelco VideoXpert 1.12.105 - Information Disclosure
NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection
2017-07-12 05:01:24 +00:00
Offensive Security
4407c920f7
DB: 2017-07-11
...
2 new exploits
NfSen < 1.3.7 / AlienVault OSSIM < 5.3.6 - Privilege Escalation
Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow
Microsoft Internet Explorer - jscript9 JavaScriptStackWalker Memory Corruption (MS15-056)
Microsoft Internet Explorer 9 - 'jscript9' JavaScriptStackWalker Memory Corruption (MS15-056)
NfSen <= 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection
2017-07-11 05:01:26 +00:00
Offensive Security
d3536f6bef
DB: 2017-07-07
...
3 new exploits
LibTIFF - 'tif_dirwrite.c' Denial of Service
LibTIFF - 'tif_jbig.c' Denial of Service
LibTIFF - '_TIFFVGetField (tiffsplit)' Out-of-Bounds Read
2017-07-07 05:01:20 +00:00
Offensive Security
6a2dd9562e
DB: 2017-07-04
...
6 new exploits
Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl)
Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby)
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - (Predictable PRNG) Brute Force SSH (Perl)
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - (Predictable PRNG) Brute Force SSH (Ruby)
Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python)
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - (Predictable PRNG) Brute Force SSH (Python)
Boa WebServer 0.94.x - Terminal Escape Sequence in Logs Command Injection
Boa Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection
eVestigator Forensic PenTester - MITM Remote Code Execution
BestSafe Browser - MITM Remote Code Execution
Personify360 7.5.2/7.6.1 - Improper Access Restrictions
Personify360 7.5.2/7.6.1 - Improper Database Schema Access Restrictions
Sophos Cyberoam - Cross-site scripting
BOA Web Server 0.94.14rc21 - Arbitrary File Access
2017-07-04 05:01:21 +00:00
Offensive Security
fa3bfa77fc
DB: 2017-06-29
...
14 new exploits
NetBSD - Stack Clash Proof of Concept
FreeBSD - 'FGPU' Stack Clash Proof of Concept
FreeBSD - 'FGPE' Stack Clash Proof of Concept
FreeBSD - 'setrlimit' Stack Clash Proof of Concept
Flat Assembler 1.7.21 - Buffer Overflow
Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)
Oracle Solaris 11.1 / 11.3 RSH - Local Root Stack Clash Exploit
OpenBSD - 'at' Local Root Stack Clash Exploit
Linux - 'offset2lib' Stack Clash Exploit
Linux - 'ldso_hwcap' Local Root Stack Clash Exploit
Linux - 'ldso_hwcap_64' Local Root Stack Clash Exploit
Linux - 'ldso_dynamic' Local Root Stack Clash Exploit
Easy File Sharing Web Server 7.2 - Unrestricted File Upload
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
2017-06-29 05:01:19 +00:00
Offensive Security
6ab9a26ee4
DB: 2017-06-27
...
10 new exploits
PHP Exif Extension - 'exif_read_data()' Function Remote Denial of Service
PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service
PHP phar extension 1.1.1 - Heap Overflow
PHP 'phar' Extension 1.1.1 - Heap Overflow
PHP 5.2.1 GD Extension - '.WBMP' File Integer Overflow Vulnerabilities
PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow Vulnerabilities
PHP 5.3.1 - 'session_save_path()' 'Safe_mode' Restriction-Bypass
PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot
PHP 5.3.2 xmlrpc Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.2 'xmlrpc' Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.x - 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x - 'Zip' Extension 'stream_get_contents()' Function Denial of Service
PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_encrypt Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_decrypt Function Ciphertext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service
unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write
unrar 5.40 - 'VMSF_DELTA' Filter Arbitrary Memory Write
NTFS 3.1 - Master File Table Denial of Service
LAME 3.99.5 - 'II_step_one' Buffer Overflow
LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow
PHP COM extensions - (inconsistent Win32) Safe_mode Bypass Exploit
PHP 'COM' Extensions - (inconsistent Win32) 'safe_mode' Bypass Exploit
PHP 5.2.3 Tidy extension - Local Buffer Overflow
PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow
PHP 5.2.3 - Win32std ext. Safe_mode/disable_functions Protections Bypass
PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass
PHP 5.x - (Win32service) Local Safe Mode Bypass Exploit
PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass Exploit
PHP FFI Extension 5.0.5 - Local Safe_mode Bypass
PHP Perl Extension - Safe_mode BypassExploit
PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass Exploit
PHP 'Perl' Extension - 'Safe_mode' Bypass Exploit
PHP 4.4.7 / 5.2.3 - MySQL/MySQL Injection Safe Mode Bypass
PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit
PHP 5.2.4 ionCube extension - Safe_mode / disable_functions Bypass
PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass
PHP 5.x - COM functions Safe_mode and disable_function Bypass
PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass
PHP 5.2.6 - (error_log) Safe_mode Bypass
PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit
PHP - Safe_mode Bypass via proc_open() and custom Environment
PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment
PHP python extension safe_mode - Bypass Local
PHP 'python' Extension - 'safe_mode' Local Bypass Exploit
PHP 3 < 5 - Ini_Restore() Safe_mode and open_basedir Restriction Bypass
PHP 3 < 5 - Ini_Restore() 'Safe_mode' / 'open_basedir' Restriction Bypass
PHP 5.2 - Session.Save_Path() Safe_mode and open_basedir Restriction Bypass
PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass
PHP 5.2 - FOpen Safe_mode Restriction-Bypass
PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Exploit
PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities
PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities
suPHP 0.7 - 'suPHP_ConfigPath' Safe Mode Restriction-Bypass
suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit
PHP 5.2.9 cURL - 'Safe_mode' and 'open_basedir' Restriction-Bypass
PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit
JAD Java Decompiler 1.5.8e - Buffer Overflow
Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass/RCI Exploit
Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection Exploit
Network Tool 0.2 PHP-Nuke Addon - MetaCharacter Filtering Command Execution
PHP-Nuke Network Tool 0.2 Addon - MetaCharacter Filtering Command Execution
PHP 4.x/5.x - Html_Entity_Decode() Information Disclosure
PHP 4.x/5.x - 'Html_Entity_Decode()' Information Disclosure
PHP 4.x - copy() Function Safe Mode Bypass
PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit
PHP 5.2.5 - cURL 'safe mode' Security Bypass
PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit
PHP 5.x (5.3.x 5.3.2) - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution
Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution
Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)
Crypttech CryptoLog - Remote Code Execution (Metasploit)
Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)
Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit)
Linux/x86 - Bind Shell Shellcode (75 bytes)
JiRos Banner Experience 1.0 - (Create Authentication Bypass) Remote Exploit
JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit
XOOPS myAds Module - (lid) SQL Injection
XOOPS myAds Module - 'lid' SQL Injection
PHP-Update 2.7 - extract() Authentication Bypass / Shell Inject Exploit
PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit
Kolang - proc_open PHP safe mode Bypass 4.3.10 - 5.3.0 Exploit
Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit
SmarterMail 7.x (7.2.3925) - Persistent Cross-Site Scripting
SmarterMail 7.x (7.2.3925) - LDAP Injection
SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting
SmarterMail < 7.2.3925 - LDAP Injection
MaticMarket 2.02 for PHP-Nuke - Local File Inclusion
PHP-Nuke MaticMarket 2.02 - Local File Inclusion
WordPress Plugin BuddyPress plugin 1.5.x < 1.5.5 - SQL Injection
WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection
Search Enhanced Module 1.1/2.0 for PHP-Nuke - HTML Injection
PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection
SonicWALL Gms 7.x - Filter Bypass & Persistent Exploit
SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Exploit
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit
PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock)
PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock)
phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection
pragmaMx 1.12.1 - modules.php URI Cross-Site Scripting
pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting
Glossaire Module for XOOPS - '/modules/glossaire/glossaire-aff.php' SQL Injection
XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection
ATutor LMS - install_modules.php Cross-Site Request Forgery / Remote Code Execution
ATutor LMS - 'install_modules.php' Cross-Site Request Forgery / Remote Code Execution
vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
Eltek SmartPack - Backdoor Account
2017-06-27 05:01:26 +00:00
Offensive Security
b00ce2562c
DB: 2017-06-21
...
2 new exploits
Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service
Sudo - 'get_process_ttyname()' Privilege Escalation
Sudo 1.8.20 - 'get_process_ttyname()' Privilege Escalation
WonderCMS 2.1.0 - Cross-Site Request Forgery
2017-06-21 05:01:28 +00:00
Offensive Security
380d33dd22
DB: 2017-06-20
...
13 new exploits
GNU binutils - 'rx_decode_opcode' Buffer Overflow
GNU binutils - 'disassemble_bytes' Heap Overflow
GNU binutils - 'bfd_get_string' Stack Buffer Overflow
GNU binutils - 'decode_pseudodbg_assert_0' Buffer Overflow
GNU binutils - 'ieee_object_p' Stack Buffer Overflow
GNU binutils - 'print_insn_score16' Buffer Overflow
GNU binutils - 'aarch64_ext_ldst_reglist' Buffer Overflow
iBall Baton iB-WRA150N - Unauthenticated DNS Change
nuevoMailer 6.0 - SQL Injection
UTstarcom WA3002G4 - Unauthenticated DNS Change
D-Link DSL-2640U - Unauthenticated DNS Change
Beetel BCM96338 Router - Unauthenticated DNS Change
D-Link DSL-2640B - Unauthenticated Remote DNS Change
2017-06-20 05:01:28 +00:00
Offensive Security
a090330e55
DB: 2017-06-16
...
6 new exploits
Avast aswSnx.sys Kernel Driver 11.1.2253 - Memory Corruption Privilege Escalation
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without Egg-Hunter) (Metasploit)
Magix Musik Maker 16 - '.mmm' Stack Buffer Overflow (Without EggHunter) (Metasploit)
VX Search Enterprise 9.7.18 - Local Buffer Overflow
Sudo - 'get_process_ttyname()' Privilege Escalation
Win32 - JITed stage-0 Shellcode
Win32 - JITed Stage-0 Shellcode
Windows - JITed egg-hunter stage-0 Shellcode
Windows - JITed Egghunter Stage-0 Shellcode
Windows XP/Vista/7 - JITed egg-hunter stage-0 Shellcode Adjusted Universal
Windows XP/Vista/7 - JITed Egghunter Stage-0 Shellcode Adjusted Universal
Linux/x86 - Egg-hunter Shellcode (31 bytes)
Linux/x86 - Egghunter Shellcode (31 bytes)
Linux/x86 - Egg-hunter Shellcode (20 bytes)
Linux/x86 - Egghunter Shellcode (20 bytes)
Linux/x86 - Egg-hunter Shellcode (13 bytes)
Linux/x86 - Egghunter Shellcode (13 bytes)
Linux/x86 - Egg-hunter Shellcode (18 bytes)
Linux/x86 - Egghunter Shellcode (18 bytes)
Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)
Linux/x86_64 - execve(_/bin/sh_) Shellcode (24 bytes)
AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit)
AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)
Aerohive HiveOS 5.1r5 < 6.1r5 - Remote Code Execution
2017-06-16 05:01:26 +00:00
Offensive Security
117f75fdfc
DB: 2017-06-13
...
5 new exploits
GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference
DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow
Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow
Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution
Easy File Sharing Web Server 7.2 - Authentication Bypass
2017-06-13 05:01:23 +00:00
Offensive Security
dea52f68f5
DB: 2017-06-12
...
8 new exploits
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC)
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
VMware vSphere Data Protection 5.x/6.x - Java Deserialization
EFS Easy Chat Server 3.1 - Buffer Overflow (SEH)
IPFire 2.19 - Remote Code Execution
eCom Cart 1.3 - SQL Injection
EFS Easy Chat Server 3.1 - Password Disclosure
EFS Easy Chat Server 3.1 - Password Reset
PaulShop - SQL Injection
2017-06-12 05:01:24 +00:00
Offensive Security
fbe517f675
DB: 2017-06-10
...
6 new exploits
Mapscrn 2.03 - Local Buffer Overflow
libcroco 0.6.12 - Denial of Service
libquicktime 1.2.4 - Denial of Service
Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition
Apple macOS - Disk Arbitration Daemon Race Condition
Craft CMS 2.6 - Cross-Site Scripting
2017-06-10 05:01:19 +00:00
Offensive Security
bed1811f1d
DB: 2017-06-09
...
4 new exploits
Linux Kernel - 'ping' Local Denial of Service
VMware Workstation 12 Pro - Denial of Service
Net Monitor for Employees Pro < 5.3.4 - Unquoted Service Path Privilege Escalation
Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
2017-06-09 05:01:17 +00:00
Offensive Security
b002e06bf6
DB: 2017-06-08
...
9 new exploits
Linux Kernel - 'ping' Local Denial of Service
Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service
PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption
Artifex MuPDF - Null Pointer Dereference
Artifex MuPDF mujstest 1.10a - Null Pointer Dereference
DC/OS Marathon UI - Docker Exploit (Metasploit)
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting
Xavier 2.4 - SQL Injection
Robert 0.5 - Multiple Vulnerabilities
2017-06-08 05:01:17 +00:00
Offensive Security
cd6e21e600
DB: 2017-06-06
...
11 new exploits
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
DNSTracer 1.8.1 - Buffer Overflow
Parallels Desktop - Virtual Machine Escape
Subsonic 6.1.1 - XML External Entity Injection
BIND 9.10.5 - Unquoted Service Path Privilege Escalation
Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution
Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
Subsonic 6.1.1 - Cross-Site Request Forgery
Subsonic 6.1.1 - Server-Side Request Forgery
Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
2017-06-06 05:01:15 +00:00
Offensive Security
42e94b4366
DB: 2017-06-05
...
26 new exploits
Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine
Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files
Microsoft MsMpEng - Use-After-Free via Saved Callers
WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
WebKit - 'Element::setAttributeNodeNS' Use-After-Free
reiserfstune 3.6.25 - Local Buffer Overflow
TiEmu 2.08 - Local Buffer Overflow
Octopus Deploy - Authenticated Code Execution (Metasploit)
Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities
Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)
Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes)
uc-http Daemon - Local File Inclusion / Directory Traversal
Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
Piwigo Plugin Facetag 0.0.3 - SQL Injection
OV3 Online Administration 3.0 - Directory Traversal
OV3 Online Administration 3.0 - Remote Code Execution
OV3 Online Administration 3.0 - SQL Injection
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting
WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting
WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting
2017-06-05 05:01:15 +00:00
Offensive Security