bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1879 commits 1 branch 0 tags 264 MiB
Commit graph

431 commits

Author SHA1 Message Date
Offensive Security
978c16266a DB: 2019-07-13 
9 changes to exploits/shellcodes

Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData

SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow
Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation

Xymon 4.3.25 - useradm Command Execution (Metasploit)
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
Sahi Pro 8.0.0 - Remote Command Execution
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution

Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)
 2019-07-13 05:02:17 +00:00
Offensive Security
549d18247c DB: 2019-07-12 
2 changes to exploits/shellcodes

SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow

Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting
 2019-07-12 05:02:17 +00:00
Offensive Security
c4e67ef73c DB: 2019-07-11 
20 changes to exploits/shellcodes

Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes
Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes
Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar
Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Unbounded iFD
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator
Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index
Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table
Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays
Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Empty ROS Strings
 2019-07-11 05:02:13 +00:00
Offensive Security
894b9e59aa DB: 2019-07-10 
3 changes to exploits/shellcodes

Firefox 67.0.4 - Denial of Service

Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)

Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)

WordPress Plugin Like Button 1.6.0 - Authentication Bypass
 2019-07-10 05:02:07 +00:00
Offensive Security
09258ea750 DB: 2019-07-09 
2 changes to exploits/shellcodes

Karenderia Multiple Restaurant System 5.3 - SQL Injection

WordPress Plugin Like Button 1.6.0 - Authentication Bypass
 2019-07-09 05:02:18 +00:00
Offensive Security
70a1295bcf DB: 2019-07-06 
2 changes to exploits/shellcodes

Microsoft Exchange 2003 - base64-MIME Remote Code Execution

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion
WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)

Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
 2019-07-06 05:01:54 +00:00
Offensive Security
1a13989f12 DB: 2019-07-04 
5 changes to exploits/shellcodes

Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)

Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)

AZADMIN CMS 1.0 - SQL Injection
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection

Symantec DLP 15.5 MP1 - Cross-Site Scripting

Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-04 05:01:54 +00:00
Offensive Security
808010b53f DB: 2019-07-03 
2 changes to exploits/shellcodes

Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit)

Linux Mint 18.3-19.1 - 'yelp' Command Injection
Linux Mint 18.3-19.1 - 'yelp' Command Injection (Metasploit)

Centreon 19.04  - Remote Code Execution

Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-03 05:01:50 +00:00
Offensive Security
4afcc04eda DB: 2019-07-02 
24 changes to exploits/shellcodes

Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-02 05:01:50 +00:00
Offensive Security
70484f5916 DB: 2019-06-29 
3 changes to exploits/shellcodes

LibreNMS 1.46 - 'addhost' Remote Code Execution

Windows/x86 - Start iexplore.exe Shellcode (191 Bytes)
Linux/x86 - chmod + execute + hide output via /usr/bin/wget Shellcode (129 bytes)
 2019-06-29 05:01:51 +00:00
Offensive Security
ee2531c421 DB: 2019-06-27 
2 changes to exploits/shellcodes

Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion

Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
 2019-06-27 05:01:52 +00:00
Offensive Security
a90736625a DB: 2019-06-26 
7 changes to exploits/shellcodes

SuperDoctor5 - 'NRPE' Remote Code Execution
SAPIDO RB-1732 - Remote Command Execution
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
AZADMIN CMS 1.0 - SQL Injection
BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
 2019-06-26 05:01:53 +00:00
Offensive Security
97334ae3af DB: 2019-06-25 
9 changes to exploits/shellcodes

GSearch 1.0.1.0 - Denial of Service (PoC)
Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation
dotProject 2.1.9 - SQL Injection
SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting
SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting
SeedDMS versions < 5.1.11 - Remote Command Execution
GrandNode 4.40 - Path Traversal / Arbitrary File Download

Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
 2019-06-25 05:01:51 +00:00
Offensive Security
0e66e648a7 DB: 2019-06-22 
1 changes to exploits/shellcodes

EA Origin < 10.5.38 - Remote Code Execution
 2019-06-22 05:01:55 +00:00
Offensive Security
3ef90f18d0 DB: 2019-06-21 
6 changes to exploits/shellcodes

Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
Tuneclone 2.20 - Local SEH Buffer Overflow
Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)

Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)
WebERP 4.15 - SQL injection
BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection
 2019-06-21 05:01:58 +00:00
Offensive Security
7e48b809b3 DB: 2019-06-20 
3 changes to exploits/shellcodes

BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution
BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution
 2019-06-20 05:01:55 +00:00
Offensive Security
745971e212 DB: 2019-06-19 
5 changes to exploits/shellcodes

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
Sahi pro 7.x/8.x - Directory Traversal
Sahi pro 8.x - SQL Injection
Sahi pro 8.x - Cross-Site Scripting

Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)
 2019-06-19 05:01:55 +00:00
Offensive Security
8cbfa5df7f DB: 2019-06-18 
13 changes to exploits/shellcodes

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
 2019-06-18 05:01:54 +00:00
Offensive Security
5e935da854 DB: 2019-06-15 
3 changes to exploits/shellcodes

CentOS 7.6 - 'ptrace_scope' Privilege Escalation
Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow
 2019-06-15 05:01:55 +00:00
Offensive Security
98346529ea DB: 2019-06-14 
2 changes to exploits/shellcodes

Pronestor Health Monitoring < 8.1.11.0  - Privilege Escalation

Sitecore 8.x - Deserialization Remote Code Execution
 2019-06-14 05:01:54 +00:00
Offensive Security
698fffff86 DB: 2019-06-13 
1 changes to exploits/shellcodes

FusionPBX 4.4.3 - Remote Command Execution
 2019-06-13 05:01:52 +00:00
Offensive Security
29aeb0c030 DB: 2019-06-12 
5 changes to exploits/shellcodes

ProShow 9.0.3797 - Local Privilege Escalation

Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)
WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
phpMyAdmin 4.8 - Cross-Site Request Forgery
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
 2019-06-12 05:01:53 +00:00
Offensive Security
51bf94ed48 DB: 2019-06-11 
5 changes to exploits/shellcodes

Ubuntu 18.04 - 'lxd' Privilege Escalation

UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting

Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)
 2019-06-11 05:01:53 +00:00
Offensive Security
85fbab2de4 DB: 2019-06-08 
5 changes to exploits/shellcodes

Nvidia GeForce Experience Web Helper - Command Injection
Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)

Exim 4.87 < 4.91 - (Local / Remote) Command Execution

Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
 2019-06-08 05:01:56 +00:00
Offensive Security
35d500a3cb DB: 2019-06-07 
1 changes to exploits/shellcodes

Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion
 2019-06-07 05:01:54 +00:00
Offensive Security
e76aee5eaf DB: 2019-06-06 
4 changes to exploits/shellcodes

Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
LibreNMS - addhost Command Injection (Metasploit)

Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
 2019-06-06 05:01:56 +00:00
Offensive Security
76be51b7d6 DB: 2019-06-05 
8 changes to exploits/shellcodes

DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)
NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
IceWarp 10.4.4 - Local File Inclusion
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting
 2019-06-05 05:01:56 +00:00
Offensive Security
43e70e67d0 DB: 2019-06-04 
3 changes to exploits/shellcodes

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
WordPress Plugin Form Maker 1.13.3 - SQL Injection
 2019-06-04 05:01:58 +00:00
Offensive Security
8ec0538116 DB: 2019-06-01 
1 changes to exploits/shellcodes

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service
 2019-06-01 05:01:53 +00:00
Offensive Security
e2f931b3b9 DB: 2019-05-31 
1 changes to exploits/shellcodes

Microsoft Windows 8.1/ Server 2012 - 'Win32k.sys' Local Privilege Escalation (MS14-058)
 2019-05-31 05:01:56 +00:00
Offensive Security
0a2b5fd16f DB: 2019-05-30 
7 changes to exploits/shellcodes

Free SMTP Server 2.5 - Denial of Service (PoC)
Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)

Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)

pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
 2019-05-30 05:01:56 +00:00
Offensive Security
1a6935f64a DB: 2019-05-29 
3 changes to exploits/shellcodes

Microsoft Windows - 'Win32k' Local Privilege Escalation

EquityPandit 1.0 - Password Disclosure

Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass

Phraseanet < 4.0.7 - Cross-Site Scripting
 2019-05-29 05:01:59 +00:00
Offensive Security
18a676ca3b DB: 2019-05-28 
3 changes to exploits/shellcodes

Pidgin 2.13.0 - Denial of Service (PoC)

Typora 0.9.9.24.6 - Directory Traversal

Deltek Maconomy 2.2.5 - Local File Inclusion
 2019-05-28 05:01:55 +00:00
Offensive Security
0d68572071 DB: 2019-05-27 2019-05-27 05:01:57 +00:00
Offensive Security
76aff025ee DB: 2019-05-25 
9 changes to exploits/shellcodes

Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)
Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)
Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)
Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)

Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC
 2019-05-25 05:01:58 +00:00
Offensive Security
970f7b1104 DB: 2019-05-24 
18 changes to exploits/shellcodes

macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
NetAware 1.20 - 'Add Block' Denial of Service (PoC)
NetAware 1.20 - 'Share Name' Denial of Service (PoC)
Terminal Services Manager 3.2.1 - Denial of Service
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free
Microsoft Windows 10 (17763.379) - Install DLL
Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation
Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)
Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation
Microsoft Internet Explorer 11 - Sandbox Escape
Microsoft Windows - 'Win32k' Local Privilege Escalation

Axis Network Camera - .srv to parhand RCE (Metasploit)
Axis Network Camera - .srv to parhand Remote Code Execution (Metasploit)

HP Intelligent Management - Java Deserialization RCE (Metasploit)
HP Intelligent Management - Java Deserialization Remote Code Execution (Metasploit)

Erlang - Port Mapper Daemon Cookie RCE (Metasploit)
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)

CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit)
CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit)
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)
Pimcore < 5.71 - Unserialize RCE (Metasploit)
AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit)
Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit)

Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)

Nagios XI 5.6.1 - SQL injection

BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes)
BSD/x86 - setuid(0) + Bind (31337/TCP) Shell (/bin/sh) Shellcode (94 bytes)

Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes)
Linux/x86 - Flush IPTables Rules (execve(/sbin/iptables -F)) Shellcode (70 bytes)

Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables --flush) Shellcode (69 bytes)

Linux/x86 - iptables --flush Shellcode (43 bytes)
Linux/x86 - Flush IPTables Rules (iptables --flush) Shellcode (43 bytes)

Linux/x86 - iptables -F Shellcode (43 bytes)
Linux/x86 - Flush IPTables Rules (iptables -F) Shellcode (43 bytes)

Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)
Linux/x86 - Reverse (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)

Linux/x86 - Reverse TCP (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes)
Linux/x86 - Reverse (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes)

Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes)

Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes)
macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)
macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)
macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)
Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)
Apple macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)
Apple macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)

Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (63 bytes)

Linux/x86 - Add User (sshd/root) to Passwd File Shellcode (149 bytes)
Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes)
Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)
Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes)
Linux/x86 - Rabbit Shellcode Crypter (200 bytes)
Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper
Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes)
Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes)
Linux/ARM - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (S59!) + Null-Free Shellcode (100 bytes)
Linux/x86 - Rabbit Encoder Shellcode  (200 bytes)
Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes)
Linux/x86 - OpenSSL Encrypt (aes256cbc) Files (test.txt) Shellcode (185 bytes)
Linux/x86 - shred file Shellcode (72 bytes)
Linux/x86 - execve /bin/sh Shellcode (20 bytes)
Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
Linux x86_64 - Delete File Shellcode (28 bytes)
Linux/x86 - Shred file (test.txt) Shellcode (72 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (20 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (43 bytes)
Linux/x86_64 - Delete File (test.txt) Shellcode (28 bytes)
Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)
 2019-05-24 05:02:03 +00:00
Offensive Security
edfd130ad1 DB: 2019-05-23 
11 changes to exploits/shellcodes

BlueStacks 4.80.0.1060 - Denial of Service (PoC)
RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)
RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)
TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)
TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC)
Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting
Carel pCOWeb < B1.2.1 - Cross-Site Scripting
Carel pCOWeb < B1.2.1 - Credentials Disclosure
Horde Webmail 5.2.22 - Multiple Vulnerabilities
 2019-05-23 05:02:06 +00:00
Offensive Security
6d57564d7c DB: 2019-05-22 
12 changes to exploits/shellcodes

Deluge 1.3.15 - 'URL' Denial of Service (PoC)
Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)
macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
 2019-05-22 05:01:55 +00:00
Offensive Security
44198f828c DB: 2019-05-21 
16 changes to exploits/shellcodes

Huawei eSpace Meeting 1.1.11.103 - 'cenwpoll.dll' SEH Buffer Overflow (Unicode)
Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow
Huawei eSpace 1.1.11.103 - 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow
Encrypt PDF 2.3 - Denial of Service (PoC)
PCL Converter 2.7 - Denial of Service (PoC)
docPrint Pro 8.0 - Denial of Service (PoC)
AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC)
BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service (PoC)
BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service (PoC)

xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)
xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation
Huawei eSpace 1.1.11.103 - DLL Hijacking
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)

eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution

Linux x86_64 - Delete File Shellcode (28 bytes)
 2019-05-21 05:02:05 +00:00
Offensive Security
a91c0acafc DB: 2019-05-18 
14 changes to exploits/shellcodes

Sandboxie 5.30 - 'Programs Alerts' Denial of Service (PoC)
CEWE Photoshow 6.4.3 - 'Password' Denial of Service (PoC)
CEWE Photo Importer 6.4.3 - '.jpg' Denial of Service (PoC)
WeChat for Android 7.0.4 - 'vcodec2_hls_filter' Denial of Service
ZOC Terminal 7.23.4 - 'Script' Denial of Service (PoC)
ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC)
ZOC Terminal v7.23.4 - 'Shell' Denial of Service (PoC)
Axessh 4.2 - 'Log file name' Denial of Service (PoC)
SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service
Iperius Backup 6.1.0 - Privilege Escalation
VMware Workstation 15.1.0 - DLL Hijacking
JetAudio jetCast Server 2.0 - 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow
DeepSound 1.0.4 - SQL Injection
Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution
 2019-05-18 05:02:00 +00:00
Offensive Security
e8b59f945c DB: 2019-05-16 
4 changes to exploits/shellcodes

Tomabo MP4 Converter 3.25.22 - Denial of Service (PoC)
CommSy 8.6.5 - SQL injection
Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting
 2019-05-16 05:01:58 +00:00
Offensive Security
b04843e5cb DB: 2019-05-15 
9 changes to exploits/shellcodes

Selfie Studio 2.17 - 'Resize Image' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service (PoC)

PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)
Sales ERP 8.1 - Multiple SQL Injection
D-Link DWL-2600AP - Multiple OS Command Injection
Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection
PasteShr 1.6 - Multiple SQL Injection
 2019-05-15 05:01:56 +00:00
Offensive Security
945107caf5 DB: 2019-05-14 
10 changes to exploits/shellcodes

SpotMSN 2.4.6 - Denial of Service (PoC)
DNSS 2.1.8 - Denial of Service (PoC)
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write

TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
SOCA Access Control System 180612 - Information Disclosure
SOCA Access Control System 180612 - SQL Injection
SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)
XOOPS 2.5.9 - SQL Injection
OpenProject 5.0.0 - 8.3.1 - SQL Injection

Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
 2019-05-14 05:01:58 +00:00
Offensive Security
5a28a97130 DB: 2019-05-11 
12 changes to exploits/shellcodes

jetCast Server 2.0 - Denial of Service (PoC)
SpotIM 2.2 - Denial of Service (PoC)
SpotPaltalk 1.1.5 - Denial of Service (PoC)
ASPRunner.NET 10.1 - Denial of Service (PoC)
PHPRunner 10.1 - Denial of Service (PoC)
TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery
dotCMS 5.1.1 - HTML Injection
RICOH SP 4510DN Printer - HTML Injection
RICOH SP 4520DN Printer - HTML Injection
CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection
 2019-05-11 05:02:00 +00:00
Offensive Security
61e7eefac4 DB: 2019-05-10 
4 changes to exploits/shellcodes

Lyric Video Creator 2.1 - '.mp3' Denial of Service (PoC)
Lyric Maker 2.0.1.0 - Denial of Service (PoC)
Convert Video jetAudio 8.1.7 - Denial of Service (PoC)

Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
 2019-05-10 05:02:01 +00:00
Offensive Security
5a4d21a1cf DB: 2019-05-09 
9 changes to exploits/shellcodes

jetAudio 8.1.7.20702 Basic - 'Enter URL' Denial of Service (PoC)

MiniFtp - 'parseconf_load_setting' Buffer Overflow
Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)
Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)
PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)
Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)

NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass

Linux/x86 - execve /bin/sh Shellcode (20 bytes)
 2019-05-09 05:02:02 +00:00
Offensive Security
6822a23f82 DB: 2019-05-08 
3 changes to exploits/shellcodes

Easy Chat Server 3.1 - 'message' Denial of Service (PoC)

Admin Express 1.2.5.485 - 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow

Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting
 2019-05-08 05:02:04 +00:00
Offensive Security
79a9df09f0 DB: 2019-05-07 
13 changes to exploits/shellcodes

iOS 12.1.3 - 'cfprefsd' Memory Corruption

Windows PowerShell ISE - Remote Code Execution
NSClient++ 0.5.2.35 - Privilege Escalation

Windows PowerShell ISE - Remote Code Execution
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
PHPads 2.0 - 'click.php3?bannerID' SQL Injection
microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)
Linux/x86 - shred file Shellcode (72 bytes)
 2019-05-07 05:01:58 +00:00
Offensive Security
2ae6cf2b7f DB: 2019-05-04 
9 changes to exploits/shellcodes

SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service

Windows PowerShell ISE - Remote Code Execution

Blue Angel Software Suite - Command Execution
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
Instagram Auto Follow - Authentication Bypass
Zotonic < 0.47.0 mod_admin - Cross-Site Scripting
Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper
Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes)
 2019-05-04 05:02:03 +00:00
Offensive Security
43c06dc5d4 DB: 2019-05-03 
2 changes to exploits/shellcodes

Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)
 2019-05-03 05:02:04 +00:00