exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	519f2f59ba	DB: 2017-10-18 19 new exploits Mozilla (Firefox 1.0.7) (Mozilla 1.7.12) - Denial of Service Mozilla Firefox 1.0.7 (Mozilla 1.7.12) - Denial of Service Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution Microsoft Excel - OLE Arbitrary Code Execution Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns Microsoft Edge Chakra - Accesses to Uninitialized Pointers in 'StackScriptFunction::BoxState::Box' Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure Linux Kernel - 'AF_PACKET' Use-After-Free shadowsocks-libev 3.1.0 - Command Execution Shadowsocks - Log File Command Execution ModSecurity - POST Parameters Security Bypass ModSecurity - 'POST' Security Bypass Apple iOS 10.2 (14C92) - Remote Code Execution Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit) Windows x64 - API Hooking Shellcode (117 bytes) ALiCE-CMS 0.1 - (CONFIG[local_root]) Remote File Inclusion ALiCE-CMS 0.1 - 'CONFIG[local_root]' Remote File Inclusion PHPRecipeBook 2.35 - (g_rb_basedir) Remote File Inclusion PHPRecipeBook 2.35 - 'g_rb_basedir' Remote File Inclusion Brim 1.2.1 - (renderer) Multiple Remote File Inclusion Brim 1.2.1 - 'renderer' Multiple Remote File Inclusion GNUBoard 4.33.02 - 'tp.php' PATH_INFO SQL Injection GNUBoard 4.33.02 - 'tp.php PATH_INFO' SQL Injection 3CX Phone System 15.5.3554.1 - Directory Traversal OpenText Documentum Content Server - Privilege Escalation OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation OpenText Documentum Content Server - dmr_content Privilege Escalation OpenText Documentum Content Server - Arbitrary File Download Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution	2017-10-18 05:01:30 +00:00
Offensive Security	ef4c288da7	DB: 2017-09-19 16 new exploits Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (1) Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (1) Cam2pc 4.6.2 - BMP Image Processing Integer Overflow Cam2pc 4.6.2 - '.BMP' Image Processing Integer Overflow Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering Unspecified Buffer Overflow Microsoft Internet Explorer 5.0.1 - JPEG Image Rendering CMP Fencepost Denial of Service Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Unspecified Buffer Overflow Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering CMP Fencepost Denial of Service Apple QuickTime 6.4/6.5/7.0.x - PictureViewer JPEG/PICT File Buffer Overflow Apple QuickTime 6.4/6.5/7.0.x - PictureViewer '.JPEG'/.PICT' File Buffer Overflow Tony Cook Imager 0.4x - JPEG and TGA Images Denial of Service Tony Cook Imager 0.4x - '.JPEG' / '.TGA' Images Denial of Service Microsoft Windows Kernel - 'win32k!NtQueryCompositionSurfaceBinding' Stack Memory Disclosure Microsoft Windows Kernel - 'win32k!NtGdiGetFontResourceInfoInternalW' Stack Memory Disclosure Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure Microsoft Windows Kernel - 'nt!NtSetIoCompletion / nt!NtRemoveIoCompletion' Pool Memory Disclosure Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath) Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed _glyf_ Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure Adobe Reader X 10.1.4.38 - BMP/RLE Heap Corruption Adobe Reader X 10.1.4.38 - '.BMP'/'.RLE' Heap Corruption XV 3.x - BMP Parsing Local Buffer Overflow XV 3.x - '.BMP' Parsing Local Buffer Overflow Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow (PoC) (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - '.BMP' Heap Overflow (PoC) (MS06-005) (2) GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized JPEG Image Access GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized '.JPEG' Image Access Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload (Metasploit) Kaseya Virtual System Administrator (VSA) - 'uploader.aspx' Arbitrary File Upload (Metasploit) XOOPS 2.3.2 - (mydirname) Remote PHP Code Execution XOOPS 2.3.2 - 'mydirname' Remote PHP Code Execution Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection Digirez 3.4 - Cross-Site Request Forgery (Update Admin) Digileave 1.2 - Cross-Site Request Forgery (Update Admin) DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin) UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass iBall ADSL2+ Home Router - Authentication Bypass Apache - HTTP OPTIONS Memory Leak	2017-09-19 05:01:33 +00:00
Offensive Security	c7b4bfd8e6	DB: 2017-08-23 23 new exploits Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit) IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit) BSD - Passive Connection Shellcode (124 bytes) BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes) BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes) BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes) BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Random Port Shellcode (143 bytes) BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh Shellcode (27 bytes) BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes) BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes) BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes) BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes) BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes) BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes) BSD/x86 - execve /bin/cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes) FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes) BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes) FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - kill all processes Shellcode (12 bytes) FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes) FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes) FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes) FreeBSD/x86 - Kill All Processes Shellcode (12 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes) FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes) FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes) FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes) Linux/x86 - Bind Shellcode (Generator) Windows XP SP1 - Bind Shellcode (Generator) (Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode Linux/x86 - cmd Null-Free Shellcode (Generator) (Generator) - Alphanumeric Shellcode (Encoder/Decoder) Linux/x86 - Bind TCP Shellcode (Generator) Windows XP SP1 - Bind TCP Shell Shellcode (Generator) Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator) Linux/x86 - Command Null-Free Shellcode (Generator) Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator) Win32 - Multi-Format Encoding Tool Shellcode (Generator) iOS - Version-independent Shellcode Cisco IOS - Connectback 21/TCP Shellcode Windows x86 - Multi-Format Encoding Tool Shellcode (Generator) iOS Version-independent - Null-Free Shellcode Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes) Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes) Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes) Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes) Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes) Linux/x86 - killall5 polymorphic Shellcode (61 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes) Linux/x86 - reboot() polymorphic Shellcode (57 bytes) Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator (Generator) Linux/x86 - Shellcode Obfuscator Null-Free (Generator) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - /sbin/iptables -F Shellcode (40 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes) Linux/x86 - executes command after setreuid Shellcode (49+ bytes) Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + executes command (49+ bytes) Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes) Linux/x86 - Bind 2707/TCP Shellcode (84 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes) Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes) Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes) Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind 64713/TCP Shellcode (86 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - TCP Proxy Shellcode (236 bytes) Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes) Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes) Linux/x86 - snoop /dev/dsp Shellcode (172 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes) Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - chroot + standart Shellcode (66 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - setreuid/execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Shellcode (64 bytes) Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes) Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - iptables -F Shellcode (45 bytes) Linux/x86 - iptables -F Shellcode (58 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - connect Shellcode (120 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind 5074/TCP Shellcode (92 bytes) Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes) Linux/x86 - Add User (t00r) Shellcode (82 bytes) Linux/x86 - Add User Shellcode (104 bytes) Linux/x86 - break chroot Shellcode (34 bytes) Linux/x86 - break chroot Shellcode (46 bytes) Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - chroot()/execve() code Shellcode (80 bytes) Linux/x86 - Add User (z) Shellcode (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes) Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes) BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes) OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes) OSX/PPC - sync()_ reboot() Shellcode (32 bytes) OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes) OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes) OSX/PPC - sync() + reboot() Shellcode (32 bytes) OSX/PPC - Add user _r00t_ Shellcode (219 bytes) OSX/PPC - Add Root User (r00t) Shellcode (219 bytes) Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid/execve Shellcode (56 bytes) Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes) Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid + execve Shellcode (56 bytes) Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes) Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes) Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes) Win32 - SEH Omelet Shellcode Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes) Win32 - PEB!NtGlobalFlags Shellcode (14 bytes) Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes) Win32/XP SP2 - cmd.exe Shellcode (57 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Win32 - ConnectBack + Download A File + Save + Execute Shellcode Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes) Win32 - Download File + Execute Shellcode (192 bytes) Win32 - Download File + Execute Shellcode (124 bytes) Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box Shellcode (110 bytes) Win32 - WinExec() Command Parameter Shellcode (104+ bytes) Win32 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - SEH Omelet Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes) Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes) Windows x86 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP - Download File + Execute Shellcode Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes) Windows XP - Download File + Execute Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Win32 XP SP3 - ShellExecuteA Shellcode Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes) Win32/XP SP2 - calc.exe Shellcode (45 bytes) Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes) Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - break chroot Shellcode (79 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Win32 XP SP2 (FR) - calc Shellcode (19 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes) Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes) Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - disabled modsecurity Shellcode (64 bytes) Win32 - JITed Stage-0 Shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Linux/x86 - Disabled modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes) Win32 - MessageBox Shellcode (Metasploit) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Genearator With Customizable Text) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Generator) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes) Windows XP SP2 (FR) - Download File + Execute Shellcode Windows XP SP2 (French) - Download File + Execute Shellcode Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes) Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes) Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes) Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes) Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes) Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes) Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes) Linux/x86 - Bind Shell 64533 Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes) Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Win32 - Write-to-file Shellcode (278 bytes) Windows x86 - Write-to-file Null-Free Shellcode (278 bytes) Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 English - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes) Win32 - Checksum Routine Shellcode (18 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes) Windows x86 - Checksum Routine Shellcode (18 bytes) Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes) Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes) Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader Port 0x1337 Shellcode ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader (0x1337/TCP) Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes) Win32 - Speaking 'You got pwned!' Shellcode FreeBSD/x86 - connect back Shellcode (81 bytes) BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes) Win32 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes) Linux/x86 - ASLR deactivation Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator) BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes) Windows x86 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Linux/x86 - Disable ASLR Security Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes) Linux/x86 - Egghunter Shellcode (29 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes) Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator) Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes) Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes) Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes) Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes) Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes) Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes) Windows x64 - Bind TCP Shell Shellcode (508 bytes) Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes) Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes) Windows RT ARM - Bind Shell 4444/TCP Shellcode Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode Windows - Messagebox Shellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes) Windows - Add Administrator 'BroK3n' Shellcode (194 bytes) Windows - Messagebox Null-FreeShellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes) Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes) Linux/x86 - Disable ASLR Shellcode (84 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes) Win32/XP SP3 - Restart computer Shellcode (57 bytes) Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes) Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes) Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes) Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes) Linux/x86 - exec('/bin/dash') Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes) Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes) Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes) OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes) Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator) Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator) OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes) Linux/x86-64 - /bin/sh Shellcode (34 bytes) Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes) OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes) Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python) Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes) Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes) Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Win32 .Net Framework - Execute Native x86 Shellcode Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator) Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes) Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes) Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shellcode (64 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes) Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes) Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes) Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes) Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x64 - WinExec() Shellcode (93 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes) Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes) Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Windows x86 - Executable Directory Search Shellcode (130 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Linux/x86 - Bind Shell Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes) Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Disable ASLR Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux x86 - /bin/sh Shellcode (24 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86_64 - kill All Processes Shellcode (19 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Php Cloud mining Script - Authentication Bypass (Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass	2017-08-23 05:01:29 +00:00
Offensive Security	ab70fd48b8	DB: 2017-08-19 27 new exploits Microsoft Edge Chakra - Uninitialized Arguments Microsoft Edge Chakra - Uninitialized Arguments (1) MyDoomScanner 1.00 - Local Buffer Overflow (PoC) DSScan 1.0 - Local Buffer Overflow (PoC) MessengerScan 1.05 - Local Buffer Overflow (PoC) NoviFlow NoviWare <= NW400.2.6 - Multiple Vulnerabilities Dive Assistant Template Builder 8.0 - XML External Entity Injection Kolibri WebServer 2.0 - Buffer Overflow with EMET 5.0 and EMET 4.1 Partial Bypass Kolibri WebServer 2.0 - Buffer Overflow (EMET 5.0 / EMET 4.1 Partial Bypass) SpyCamLizard 1.230 - Buffer Overflow Mozilla Firefox < 45.0 - 'nsHtml5TreeBuilder' Use-After-Free (EMET 5.52 Bypass) BSD/x86 - setuid/portbind 31337/TCP Shellcode (94 bytes) BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes) BSD/x86 - Bind 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes) BSD/x86 - break chroot Shellcode (45 bytes) BSD/x86 - Break chroot Shellcode (45 bytes) BSD/x86 - connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - Reverse Portbind 6969/TCP Shellcode (129 bytes) BSD/x86 - Reverse Shell 6969/TCP Shellcode (129 bytes) FreeBSD/x86 - Reverse Portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - Reverse Shell 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) (Generator) - HTTP/1.x Requests Shellcode (18+ bytes / 26+ bytes) (Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes) Cisco IOS - Connectback Port 21 Shellcode Cisco IOS - Connectback 21/TCP Shellcode Linux/x86 - Reverse Telnet Shellcode (134 bytes) Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader Shellcode (249 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes) ARM - Bind Shell Port 0x1337 Shellcode ARM - Bind Connect 68/UDP Shellcode ARM - Bind Shell 0x1337/TCP Shellcode ARM - Bind Connect 68/UDP (Reverse Shell 192.168.0.1:67/UDP) Shellcode OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes) OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - DNS Reverse Download and Exec Shellcode (Metasploit) Windows - Reverse Download and Execute via DNS (IPv6) Shellcode (Metasploit) Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337) Shellcode (92 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes) Windows x86 - Reverse Persistent TCP Shellcode (494 Bytes) Windows x86 - Reverse TCP Persistent Shell (192.168.232.129:4444/TCP) Shellcode (494 Bytes) Linux/x86-64 - Reverse TCP Password Prompt Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password Prompt Shell (127.0.0.1:4444) Shellcode (151 bytes) Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes) Linux x86/x86-64 - Reverse TCP Shell (192.168.1.29:4444/TCP) Shellcode (195 bytes) Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (1) (122 bytes) Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (2) (135 bytes) Linux/x86-64 - Reverse TCP Password Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (1) (122 bytes) Linux/x86-64 - Reverse TCP Password Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (2) (135 bytes) Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes) Linux/x86 - Reverse TCP (IPv6) Shellcode (159 bytes) Linux/x86-64 - Bind 1472/TCP Shellcode (IPv6) (199 bytes) Linux/x86-64 - Reverse TCP Shellcode (IPv6) (203 bytes) Linux/x86-64 - Bind 1472/TCP (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86 - Bind Shell Configurable Port Shellcode (87 bytes) Linux/x86-64 - Reverse TCP Shell Null-Free Shellcode (134 bytes) Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes) Linux/x86 - Reverse TCP Shellcode (75 bytes) Linux/x86 - Reverse TCP Shell Shellcode (75 bytes) Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83_ 148_ 177 bytes) Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83/148/177 bytes) Linux/x86-64 - Subtle Probing Reverse Shell / Timer_ Burst / Password / Multi-Terminal Shellcode (84_ 122_ 172 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357) / Subtle Probing / Timer / Burst / Password / Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86 - Bind Netcat with Port Shellcode (44/52 bytes) Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes) Linux/x86 - Reverse ZSH 127.255.255.254:9090/TCP Shellcode (80 bytes) Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x86 - Reverse UDP Keylogger Shellcode (493 bytes) Windows x64 - Reverse Shell TCP Shellcode (694 bytes) Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) Shellcode (694 bytes) Linux/x86-64 - Reverse TCP Shellcode (65 bytes) Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse Shell Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes) Linux/x86-64 - Reverse TCP Shell Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes) Linux/x86-64 - Reverse Netcat Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86 - Reverse TCP Shellcode (67 bytes) Linux/x86 - Reverse TCP Shell Shellcode (67 bytes) Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) Shellcode (IPv6) (113 bytes) Linux/x86_64 - execve(_/bin/sh_) Shellcode (24 bytes) Linux/x86 - Reverse UDP Shellcode (668 bytes) Linux/x86 - Bind Shell Shellcode (75 bytes) Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes) Linux/x86-64 - execve(_/bin/sh_) Shellcode (24 bytes) Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) SOA School Management - SQL Injection SOA School Management - 'view' Parameter SQL Injection Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection Food Ordering Script 1.0 - SQL Injection LiveCRM 1.0 - SQL Injection LiveSupport 1.0 - SQL Injection LiveInvoices 1.0 - SQL Injection LiveSales 1.0 - SQL Injection LiveProjects 1.0 - SQL Injection Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution Joomla! Component Appointment 1.1 - SQL Injection Joomla! Component Twitch Tv 1.1 - SQL Injection Joomla! Component KissGallery 1.0.0 - SQL Injection Matrimony Script 2.7 - SQL Injection eCardMAX 10.5 - SQL Injection SOA School Management 3.0 - SQL Injection Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection Joomla! Component Calendar Planner 1.0.1 - SQL Injection Joomla! Component SP Movie Database 1.3 - SQL Injection DeWorkshop 1.0 - Arbitrary File Upload QuantaStor Software Defined Storage < 4.3.1 - Multiple Vulnerabilities	2017-08-19 05:01:24 +00:00
Offensive Security	42e94b4366	DB: 2017-06-05 26 new exploits Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine Microsoft MsMpEng - Multiple Crashes While Scanning Malformed Files Microsoft MsMpEng - Use-After-Free via Saved Callers WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope WebKit - 'Element::setAttributeNodeNS' Use-After-Free reiserfstune 3.6.25 - Local Buffer Overflow TiEmu 2.08 - Local Buffer Overflow Octopus Deploy - Authenticated Code Execution (Metasploit) Samba - 'is_known_pipename()' Arbitrary Module Load (Metasploit) CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes) Linux/x86 - execve(_/bin/sh_) Shellcode (21 bytes) uc-http Daemon - Local File Inclusion / Directory Traversal Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root Piwigo Plugin Facetag 0.0.3 - SQL Injection OV3 Online Administration 3.0 - Directory Traversal OV3 Online Administration 3.0 - Remote Code Execution OV3 Online Administration 3.0 - SQL Injection Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting WebKit - 'Document::prepareForDestruction' and 'CachedFrame' Universal Cross-Site Scripting	2017-06-05 05:01:15 +00:00
Offensive Security	3f846368c1	DB: 2017-05-20 9 new exploits Microsoft Windows - Unauthenticated SMB Remote Code Execution (MS17-010) (Metasploit) Microsoft Windows - Unauthenticated SMB Remote Code Execution Scanner (MS17-010) (Metasploit) Linux chfn (SuSE 9.3 / 10) - Privilege Escalation Linux chfn (SuSE 9.3/10) - Privilege Escalation Microsoft Windows XP SP3 x86 / 2003 SP2 (x86) - 'NDProxy' Privilege Escalation (MS14-002) Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Privilege Escalation (MS14-002) Microsoft Windows Server 2008 R2 SP1 (x64) (Standard) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 8/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Joomla 3.7.0 - 'com_fields' SQL Injection Oracle PeopleSoft - Server-Side Request Forgery Belden Garrettcom 6K/10K Switches - Authentication Bypass / Memory Corruption SAP Business One for Android 1.2.3 - XML External Entity Injection ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass PlaySMS 1.4 - Remote Code Execution D-Link DIR-600M Wireless N 150 - Authentication Bypass	2017-05-20 05:01:16 +00:00
Offensive Security	94f7a8c8f5	DB: 2017-05-18 15 new exploits Apple iOS < 10.3.2 - Notifications API Denial of Service Adobe Flash - AVC Deblocking Out-of-Bounds Read Adobe Flash - Margin Handling Heap Corruption Adobe Flash - Out-of-Bounds Read in Getting TextField Width Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation Mozilla Firefox 50 - 55 - Stack Overflow Denial of Service Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit) Serviio Media Server - checkStreamUrl Command Execution (Metasploit) WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit) Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes) INFOR EAM 11.0 Build 201410 - 'filtervalue' SQL Injection INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields	2017-05-18 05:01:18 +00:00
Offensive Security	9e9bf495c2	DB: 2017-04-26 26 new exploits PHP 5.4.0RC6 (x64t) - Denial of Service PHP 5.4.0RC6 (x64) - Denial of Service Evostream Media Server 1.7.1 (x64) - Denial of Service PrivateTunnel Client 2.8 - Local Buffer Overflow (SEH) VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write Dmitry 1.3a - Local Buffer Overflow Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation Oracle VM VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write Apple Safari - Array concat Memory Corruption Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free VirtualBox - Cooperating VMs can Escape from Shared Folder PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Privilege Escalation VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy Oracle VM VirtualBox 5.1.14 r112924 - Unprivileged Host User to Host Kernel Privilege Escalation via ALSA config Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation Dell Customer Connect 1.3.28.0 - Privilege Escalation LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation Nginx 1.4.0 (x64) (Generic Linux) - Remote Exploit Nginx 1.4.0 (Generic Linux x64) - Remote Exploit Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution Microsoft Office Word - Malicious Hta Execution (Metasploit) WePresent WiPG-1000 - Command Injection (Metasploit) OSX/Intel - setuid shell x86_64 Shellcode (51 bytes) OSX/Intel (x86-64) - setuid shell Shellcode (51 bytes) OSX/Intel (x86_64) - reverse_tcp shell Shellcode (131 bytes) OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes) Linux x86 / x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes) Linux x86 / x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes) Linux x86 / x86_64 - Read /etc/passwd Shellcode (156 bytes) Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes) Linux x86/x86-64 - tcp_bind (Port 4444) Shellcode (251 bytes) Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes) Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Linux/x86-64 - Reverse Shell Shellcode (84 bytes) FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery WordPress Plugin KittyCatfish 2.2 - SQL Injection WordPress Plugin Car Rental System 2.5 - SQL Injection WordPress Plugin Wow Viral Signups 2.1 - SQL Injection WordPress Plugin Wow Forms 2.1 - SQL Injection Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection October CMS 1.0.412 - Multiple Vulnerabilities	2017-04-26 05:01:18 +00:00
Offensive Security	814ba132f8	DB: 2017-04-12 18 new exploits Apple WebKit - 'JSC::B3::Procedure::resetReachability' Use-After-Free Apple WebKit - 'Document::adoptNode' Use-After-Free Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow Proxifier for Mac 2.18 - Multiple Vulnerabilities Proxifier for Mac 2.17 / 2.18 - Privesc Escalation Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout Quest Privilege Manager 6.0.0 - Arbitrary File Write Adobe Multiple Products - XML Injection File Content Disclosure MyClassifiedScript 5.1 - SQL Injection Social Directory Script 2.0 - SQL Injection FAQ Script 3.1.3 - 'category_id' Parameter SQL Injection WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal Brother MFC-J6520DW - Authentication Bypass / Password Change Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element	2017-04-12 05:01:16 +00:00
Offensive Security	f2327bc214	DB: 2017-03-11 5 new exploits Price Comparison Script 2017.1.8 - SQL Injection Clickbank Affiliate Marketplace Script 2017 - SQL Injection Kinsey Infor/Lawson / ESBUS - SQL Injection WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery dnaLIMS DNA Sequencing - Directory Traversal / Session Hijacking / Cross-Site Scripting	2017-03-11 05:01:19 +00:00
Offensive Security	6e7ec5be32	DB: 2017-03-10 20 new exploits Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service Apache Struts2 - Skill Name Remote Code Execution Apache Struts 2 - Skill Name Remote Code Execution Linux - Reverse Shell Shellcode (65 bytes) Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) Linux - TCP Reverse Shell Shellcode (65 bytes) Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) Windows x86 - Executable Directory Search Shellcode (130 bytes) Apache Struts2 < 2.3.1 - Multiple Vulnerabilities Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities Country on Sale Script - SQL Injection Media Search Engine Script - 'search' Parameter SQL Injection Soundify 1.1 - 'tid' Parameter SQL Injection BistroStays 3.0 - 'guests' Parameter SQL Injection Nlance 2.2 - SQL Injection Busewe 1.2 - SQL Injection Fashmark 1.2 - 'category' Parameter SQL Injection TradeMart 1.1 - SQL Injection Drupal 7.x Module Services - Remote Code Execution WordPress Plugin Mac Photo Gallery 3.0 - Arbitrary File Download WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download WordPress Plugin PICA Photo Gallery 1.0 - SQL Injection Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery	2017-03-10 05:01:18 +00:00
Offensive Security	846ce42eca	DB: 2017-03-02 14 new exploits SysGauge 1.5.18 - Buffer Overflow WePresent WiPG-1500 - Backdoor Account Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes) DLink DSL-2730U Wireless N 150 - Cross-Site Request Forgery Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery SchoolDir - SQL Injection Rage Faces Script 1.3 - SQL Injection Meme Maker Script 2.1 - 'user' Parameter SQL Injection	2017-03-02 05:01:19 +00:00
Offensive Security	32fc589910	DB: 2016-11-23 8 new exploits xine-lib 1.1.12 - NSF demuxer Stack Overflow (PoC) Xine-Lib 1.1.12 - NSF demuxer Stack Overflow (PoC) 3Com OfficeConnect Routers - Denial of Service (Content-Type) 3Com OfficeConnect Routers - (Content-Type) Denial of Service xine-lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow World Of Warcraft 3.3.5a (macros-cache.txt) - Stack Overflow World Of Warcraft 3.3.5a - 'macros-cache.txt' Stack Overflow Divx Player - Denial of Service Divx Player 6.8.2 - Denial of Service Microsoft Word (Win/Mac) - Crash (PoC) Microsoft Word (Windows/OSX) - Crash (PoC) TP-LINK TDDP - Multiple Vulnerabilities Microsoft Internet Explorer 8 MSHTML - 'Ptls5::LsFindSpanVisualBoundaries' Memory Corruption Office 2008 sp0 - RTF pFragments MAC Exploit Microsoft Office 2008 SP0 (Mac) - RTF pFragments Exploit Huawei UTPS - Unquoted Service Path Privilege Escalation xine-lib 1.1 - (media player library) Remote Format String Xine-Lib 1.1 - (media player library) Remote Format String Office Viewer ActiveX Control 3.0.1 - (Save) Remote File Overwrite Office Viewer ActiveX Control 3.0.1 - 'Save' Remote File Overwrite 3Com OfficeConnect Secure Router 1.04-168 - Tk Parameter Cross-Site Scripting 3Com OfficeConnect Secure Router 1.04-168 - 'Tk' Parameter Cross-Site Scripting xine-lib - Multiple Heap Based Remote Buffer Overflow Vulnerabilities Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities Crestron AM-100 - Multiple Vulnerabilities Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes) Simple Machines Forum 1.0.4 - (modify) SQL Injection Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection PHP-Fusion 6.00.109 - (msg_send) SQL Injection PHP-Fusion 6.00.109 - 'msg_send' Parameter SQL Injection PHP-Fusion 6.00.3 - (rating) Parameter SQL Injection PHP-Fusion 6.00.3 - 'rating' Parameter SQL Injection PHP-Fusion 6.00.306 - (srch_where) SQL Injection PHP-Fusion 6.00.306 - 'srch_where' Parameter SQL Injection Simple Machines Forum 1.1 rc2 (Windows) - (lngfile) Remote Exploit Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Remote Exploit Simple Machines Forum 1.1 rc2 - Lock Topics Remote Exploit Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics Remote Exploit AllMyGuests 0.4.1 - (cfg_serverpath) Remote File Inclusion AllMyGuests 0.4.1 - 'cfg_serverpath' Parameter Remote File Inclusion Virtual Law Office - (phpc_root_path) Remote File Inclusion Virtual Law Office - 'phpc_root_path' Remote File Inclusion AllMyGuests 0.3.0 - (AMG_serverpath) Remote File Inclusion AllMyGuests 0.3.0 - 'AMG_serverpath' Parameter Remote File Inclusion Simple Machines Forum 1.1.3 - Blind SQL Injection Simple Machines Forum (SMF) 1.1.3 - Blind SQL Injection BosClassifieds 3.0 - (index.php cat) SQL Injection BosNews 4.0 - (article) SQL Injection BosClassifieds 3.0 - 'index.php' SQL Injection BosNews 4.0 - 'article' Parameter SQL Injection Classifieds Caffe - 'index.php cat_id' SQL Injection Classifieds Caffe - 'cat_id' Parameter SQL Injection carbon communities 2.4 - Multiple Vulnerabilities XplodPHP AutoTutorials 2.1 - 'id' SQL Injection Carbon Communities 2.4 - Multiple Vulnerabilities XplodPHP AutoTutorials 2.1 - 'id' Parameter SQL Injection Grape Statistics 0.2a - (location) Remote File Inclusion 5th Avenue Shopping Cart - 'category_id' SQL Injection Grape Statistics 0.2a - 'location' Parameter Remote File Inclusion 5th Avenue Shopping Cart - 'category_id' Parameter SQL Injection PhShoutBox 1.5 - (final) Insecure Cookie Handling Simple Customer 1.2 - (contact.php id) SQL Injection AllMyGuests 0.4.1 - (AMG_id) SQL Injection PhShoutBox 1.5 - Insecure Cookie Handling Simple Customer 1.2 - 'contact.php' SQL Injection AllMyGuests 0.4.1 - 'AMG_id' Parameter SQL Injection Simple Machines Forum 1.1.4 - SQL Injection Simple Machines Forum (SMF) 1.1.4 - SQL Injection virtual support office-xp 3.0.29 - Multiple Vulnerabilities Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities PHP-Fusion Mod Classifieds - (lid) SQL Injection PHP-Fusion Mod Classifieds - 'lid' Parameter SQL Injection Simple Machines Forum 1.1.5 (Windows x86) - Admin Reset Password Exploit Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password Exploit PHP-Fusion Mod freshlinks - (linkid) SQL Injection PHP-Fusion Mod freshlinks - 'linkid' Parameter SQL Injection PHP-Fusion Mod manuals - (manual) SQL Injection PHP-Fusion Mod manuals - 'manual' Parameter SQL Injection PHP-Fusion Mod triscoop_race_system - (raceid) SQL Injection PHP-Fusion Mod triscoop_race_system - 'raceid' Parameter SQL Injection BosDev BosClassifieds - 'cat_id' SQL Injection BosClassifieds - 'cat_id' SQL Injection Simple Machines Forum 1.1.6 - (Local File Inclusion) Code Execution Simple Machines Forum (SMF) 1.1.6 - (Local File Inclusion) Code Execution PHP-Fusion 7.00.1 - (messages.php) SQL Injection PHP-Fusion 7.00.1 - 'messages.php' SQL Injection Check New 4.52 - (findoffice.php search) SQL Injection Check New 4.52 - 'findoffice.php search' SQL Injection PHP-Fusion Mod E-Cart 1.3 - (items.php CA) SQL Injection PHP-Fusion Mod E-Cart 1.3 - 'items.php' SQL Injection PHP-Fusion Mod the_kroax (comment_id) - SQL Injection PHP-Fusion Mod the_kroax - 'comment_id' Parameter SQL Injection Simple Machines Forum 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package Upload Simple Machines Forum (SMF) 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package Upload Simple Machines Forums - (BBCode) Cookie Stealing Simple Machines Forum (SMF) - 'BBCode' Cookie Stealing PHP-Fusion Mod Book Panel - (bookid) SQL Injection PHP-Fusion Mod Book Panel - 'bookid' Parameter SQL Injection PHP-Fusion Mod Book Panel - (course_id) SQL Injection PHP-Fusion Mod Book Panel - 'course_id' Parameter SQL Injection Opencart 1.1.8 - (route) Local File Inclusion Opencart 1.1.8 - 'route' Local File Inclusion exjune officer message system 1 - Multiple Vulnerabilities Exjune Officer Message System 1 - Multiple Vulnerabilities Simple Machines Forum - Multiple Security Vulnerabilities Simple Machines Forum (SMF) - Multiple Security Vulnerabilities PHP-Fusion 6.01.15.4 - (downloads.php) SQL Injection PHP-Fusion 6.01.15.4 - 'downloads.php' SQL Injection Simple Machines Forum (SMF) 1.1.8 - (avatar) Remote PHP File Execute (PoC) Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute (PoC) PHP-fusion dsmsf - (module downloads) SQL Injection PHP-fusion dsmsf Mod Downloads - SQL Injection Group Office - (comment_id) SQL Injection Group Office - 'comment_id' SQL Injection PHP-Fusion MG - User-Fotoalbum SQL Injection PHP-Fusion Mod Mg User Fotoalbum 1.0.1 - SQL Injection Simple Machines forum (SMF) 2.0 - session Hijacking Simple Machines Forum (SMF) 2.0 - Session Hijacking AllMyGuests 0.x - info.inc.php Arbitrary Code Execution AllMyGuests 0.x - 'info.inc.php' Arbitrary Code Execution Simple Machines Forum 1.0 - Size Tag HTML Injection Simple Machines Forum (SMF) 1.0 - Size Tag HTML Injection OpenCart 1.5.5.1 - (FileManager.php) Directory Traversal Arbitrary File Access OpenCart 1.5.5.1 - 'FileManager.php' Directory Traversal Arbitrary File Access PHP-Fusion 4.0 - Viewthread.php Information Disclosure PHP-Fusion 4.0 - 'Viewthread.php' Information Disclosure PHP-Fusion 4/5 - Setuser.php HTML Injection PHP-Fusion 4/5 - 'Setuser.php' HTML Injection PHP-Fusion 4.0/5.0/6.0 - messages.php SQL Injection PHP-Fusion 4.0/5.0/6.0 - 'messages.php' SQL Injection PHP-Fusion 6.0.109 - messages.php SQL Injection PHP-Fusion 6.0.109 - 'messages.php' SQL Injection PHP-Fusion 6.0 - members.php Cross-Site Scripting PHP-Fusion 6.0 - 'members.php' Cross-Site Scripting PHP-Fusion 6.0.x - news.php SQL Injection PHP-Fusion 6.0.x - 'news.php' SQL Injection Simple Machines Forum 1.0/1.1 - 'index.php' Cross-Site Scripting Simple Machines Forum (SMF) 1.0/1.1 - 'index.php' Cross-Site Scripting PHP-Fusion 6.1.5 - Calendar_Panel Module Show_Event.php SQL Injection PHP-Fusion 6.1.5 Mod Calendar_Panel - 'Show_Event.php' SQL Injection Simple Machines Forum 1.1.4 - Multiple Remote File Inclusion Simple Machines Forum (SMF) 1.1.4 - Multiple Remote File Inclusion Simple Machines Forum 1.1.6 - HTTP POST Request Filter Security Bypass Simple Machines Forum (SMF) 1.1.6 - HTTP POST Request Filter Security Bypass OpenCart 1.5.6.1 - (openbay) Multiple SQL Injection OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injection Simple Machines Forum 1.1.7 - '[url]' Tag HTML Injection Simple Machines Forum (SMF) 1.1.7 - '[url]' Tag HTML Injection PHP-Fusion - 'articles.php' Cross-Site Scripting AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting Simple Machines Forum 1.1.14/2.0 - '[img]' BBCode Tag Cross-Site Request Forgery Simple Machines Forum (SMF) 1.1.14/2.0 - '[img]' BBCode Tag Cross-Site Request Forgery Simple Machines Forum 1.1.15 - 'fckeditor' Arbitrary File Upload Simple Machines Forum (SMF) 1.1.15 - 'fckeditor' Arbitrary File Upload WordPress Plugin Dharma booking 2.38.3 - File Inclusion WordPress Plugin Dharma Booking 2.38.3 - File Inclusion EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection	2016-11-23 05:01:19 +00:00
Offensive Security	07fdc778ee	DB: 2016-10-21 24 new exploits NetAuctionHelp 4.1 - search.asp SQL Injection Apple Mac OSX 10.4.11 2007-008 - i386_set_ldt System Call Local Arbitrary Code Execution Microsoft Edge - Array.map Heap Overflow (MS16-119) Microsoft Jet Database Engine - '.MDB' File Parsing Remote Buffer Overflow Microsoft Edge - Array.join Info Leak (MS16-119) Windows DeviceApi CMApi PiCMOpenDeviceKey - Arbitrary Registry Key Write Privilege Escalation (MS16-124) Windows DeviceApi CMApi - PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124) HikVision Security Systems - Activex Buffer Overflow Oracle Netbeans IDE 8.1 - Directory Traversal MiCasa VeraLite - Remote Code Execution Oracle BI Publisher 11.1.1.6.0 / 11.1.1.7.0 / 11.1.1.9.0 / 12.2.1.0.0 - XML External Entity Injection Classifieds Rental Script - SQL Injection SAP NetWeaver KERNEL 7.0 < 7.5 - Denial of Service SAP Adaptive Server Enterprise 16 - Denial of Service Event Calendar PHP 1.5 - SQL Injection SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution SPIP 3.1.1 / 3.1.2 - File Enumeration / Path Traversal SPIP 3.1.2 - Cross-Site Request Forgery Windows win32k.sys - TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds Read (MS16-120) Windows win32k.sys - TTF Processing win32k!sbit_Embolden / win32k!ttfdCloseFontContext Use-After-Free (MS16-120) Windows Kernel - Registry Hive Loading Negative RtlMoveMemory Size in nt!CmpCheckValueList (MS16-124) Windows Kernel - Registry Hive Loading Relative Arbitrary Read in nt!RtlValidRelativeSecurityDescriptor (MS16-123) Microsoft Edge - Function.apply Info Leak (MS16-119) Microsoft Edge - Spread Operator Stack Overflow (MS16-119) Windows Edge/IE - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118) Windows Edge/IE - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118) Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124) Hak5 WiFi Pineapple - Preconfiguration Command Injection (Metasploit) OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)	2016-10-21 05:01:17 +00:00
Offensive Security	f8b17d14a1	DB: 2016-10-12 12 new exploits Linux Kernel 4.6.2 (Ubuntu 16.04.1) - IP6T_SO_SET_REPLACE Privilege Escalation Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Privilege Escalation Spacemarc News - Cross-Site Request Forgery (Add New Post) Minecraft Launcher - Insecure File Permissions Privilege Escalation BirdBlog 1.4.0 - (Add New Post) Cross-Site Request Forgery phpEnter 4.2.7 - (Add New Post) Cross-Site Request Forgery sheed AntiVirus - Unquoted Service Path Privilege Escalation AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection Android - 'gpsOneXtra' Data Files Denial of Service Linux Kernel 3.13.1 - Recvmmsg Privilege Escalation (Metasploit) Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit) ApPHP MicroBlog 1.0.2 - Stored Cross Site Scripting ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)	2016-10-12 05:01:17 +00:00
Offensive Security	5e2fc10125	DB: 2016-09-03	2016-09-03 13:13:25 +00:00
Offensive Security	31a21bb68d	DB: 2016-09-03 14 new exploits Too many to list!	2016-09-03 05:08:42 +00:00
Offensive Security	13e9ec719b	DB: 2016-07-14 17 new exploits Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (2) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (3) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (4) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (5) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (6) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (7) Adobe Flash Player 22.0.0.192 - DefineBitsJPEG2 Memory Corruption Adobe Flash Player 22.0.0.192 - DefineSprite Memory Corruption Adobe Flash Player 22.0.0.192 - TAG Memory Corruption Adobe Flash Player 22.0.0.192 - SceneAndFrameData Memory Corruption Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode GSX Analyzer 10.12 and 11 - Main.swf Hardcoded Superadmin Credentials MS16-032 Secondary Logon Handle Privilege Escalation Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution Apache Archiva 1.3.9 - Multiple CSRF Vulnerabilities Linux x86 Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10	2016-07-14 05:05:01 +00:00
Offensive Security	29f0764fac	DB: 2016-07-09 9 new exploits Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit Joomla <= 1.0.9 - (Weblinks) Remote Blind SQL Injection Exploit Microsoft Excel Malformed FEATHEADER Record Exploit (MS09-067) Microsoft Excel - Malformed FEATHEADER Record Exploit (MS09-067) Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability Seo Panel 2.2.0 - Cookie-Rendered Persistent XSS Vulnerability VLC AMV Dangling Pointer Vulnerability VLC - AMV Dangling Pointer Vulnerability Movable Type 4.2x_ 4.3x Web Upgrade Remote Code Execution Movable Type 4.2x_ 4.3x - Web Upgrade Remote Code Execution Roxio CinePlayer 3.2 SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability Roxio CinePlayer 3.2 - SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability HP Client Automation Command Injection HP Client - Automation Command Injection Persistent Systems Client Automation Command Injection RCE Persistent Systems Client Automation - Command Injection RCE ElasticSearch Unauthenticated Remote Code Execution ElasticSearch - Unauthenticated Remote Code Execution ElasticSearch Search Groovy Sandbox Bypass ElasticSearch - Search Groovy Sandbox Bypass Fedora abrt Race Condition Exploit Fedora - abrt Race Condition Exploit ProFTPD 1.3.5 Mod_Copy Command Execution ProFTPD 1.3.5 - Mod_Copy Command Execution Windows ClientCopyImage Win32k Exploit Microsoft Windows - ClientCopyImage Win32k Exploit Wolf CMS Arbitrary File Upload To Command Execution Wolf CMS - Arbitrary File Upload To Command Execution Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Kaseya VSA uploader.aspx Arbitrary File Upload Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload Samsung Galaxy S6 - Samsung Gallery Bitmap Decoding Crash Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux 2 (MS16-008) Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008) Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008) Microsoft Windows 7 SP1 x86 - WebDAV Privilege Escalation (MS16-016) Microsoft Windows 7 SP1 x86 - WebDAV Privilege Escalation (MS16-016) (1) NETGEAR ProSafe Network Management System 300 Arbitrary File Upload NETGEAR ProSafe Network Management System 300 - Arbitrary File Upload Windows - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032) Microsoft Windows 8.1/10 - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032) OS X / iOS Suid Binary Logic Error Kernel Code Execution OS X / iOS - Suid Binary Logic Error Kernel Code Execution Novell ServiceDesk Authenticated File Upload Novell ServiceDesk - Authenticated File Upload Mach Race OS X Local Privilege Escalation Exploit Mach Race OS X - Local Privilege Escalation Exploit Oracle ATS Arbitrary File Upload Oracle Application Testing Suite (ATS) - Arbitrary File Upload Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit) HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit) WordPress Lazy Content Slider Plugin 3.4 - (Add Catetory) CSRF Hide.Me VPN Client 1.2.4 - Privilege Escalation InstantHMI 6.1 - Privilege Escalation Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash PoC Microsoft WinDbg logviewer.exe - Crash PoC Linux x86 TCP Reverse Shellcode - 75 bytes php Real Estate Script 3 - Arbitrary File Disclosure CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval Streamo Online Radio And TV Streaming CMS - SQL Injection	2016-07-09 05:06:22 +00:00
Offensive Security	076ef173f9	DB: 2016-06-11 23 new exploits Poison Ivy 2.1.x C2 Buffer Overflow (msf) Matrix42 Remote Control Host 3.20.0031 - Unquoted Path Privilege Escalation Dell OpenManage Server Administrator 8.3 - XML External Entity Exploit Mobiketa 1.0 - CSRF Add Admin Exploit miniMySQLAdmin 1.1.3 - CSRF Execute SQL Query phpMyFAQ 2.9.0 - Stored XSS Windows x86 system(_systeminfo_) Shellcode Armadito Antimalware - Backdoor/Bypass Riot Games League of Legends - Insecure File Permissions Privilege Escalation IPFire proxy.cgi RCE IPFire Bash Environment Variable Injection (Shellshock) Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution OS X Kernel - Exploitable NULL Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Android - /system/bin/sdcard Stack Buffer Overflow OS X Kernel - Exploitable NULL Pointer Dereference in AppleMuxControl.kext OS X Kernel - Exploitable NULL Pointer Dereference in AppleGraphicsDeviceControl OS X Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource OS X Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value OS X Kernel - Exploitable NULL Pointer Dereference in IOAudioEngine OS X Kernel - OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type OS X Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2 OS X/iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient OS X Kernel - Stack Buffer Overflow in GeForce GPU Driver	2016-06-11 05:06:22 +00:00
Offensive Security	a447a01cb8	DB: 2016-05-20	2016-05-20 06:50:49 +00:00
Offensive Security	cf1ca0a5f7	DB: 2016-01-06 11 new exploits	2016-01-06 05:03:27 +00:00
Offensive Security	fa0d0d2907	DB: 2015-12-09 17 new exploits	2015-12-09 05:02:11 +00:00
Offensive Security	1d1147296b	DB: 2015-09-23 35 new exploits	2015-09-23 05:02:17 +00:00
Offensive Security	229204741f	DB: 2015-09-10 15 new exploits	2015-09-10 05:04:12 +00:00
Offensive Security	d7e6c62801	DB: 2015-08-27 10 new exploits	2015-08-27 05:01:55 +00:00
Offensive Security	6dccd55e18	DB: 2015-08-21 6 new exploits	2015-08-21 05:02:09 +00:00
Offensive Security	a732415255	DB: 2015-08-13 1 new exploits	2015-08-13 05:06:40 +00:00
Offensive Security	c22dc8c9d4	DB: 2015-07-25 16 new exploits	2015-07-25 05:02:16 +00:00
Offensive Security	111bcdca4a	DB: 2015-07-15 11 new exploits	2015-07-15 05:01:36 +00:00
Offensive Security	5aabf25b26	DB: 2015-06-11 16 new exploits	2015-06-11 05:02:28 +00:00
Offensive Security	01ba689949	DB: 2015-05-08 19 new exploits	2015-05-08 05:02:43 +00:00
Offensive Security	cc553d1147	DB: 2015-04-20 11 new exploits	2015-04-20 12:44:13 +00:00
Offensive Security	9a428f40c9	DB: 2015-03-20 19 new exploits	2015-03-20 08:36:08 +00:00
Offensive Security	51e5e42e74	Update: 2015-03-17 49 new exploits	2015-03-17 08:36:10 +00:00
Offensive Security	a28bed7356	Updated 11_19_2014	2014-11-19 04:49:39 +00:00

36 commits