bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1642 commits 1 branch 0 tags 270 MiB
Commit graph

218 commits

Author SHA1 Message Date
Offensive Security
a0f0afa2de DB: 2018-09-01 
5 changes to exploits/shellcodes

Acunetix WVS Reporter 10.0 - Denial of Service (PoC)
Argus Surveillance DVR 4.0.0.0 - Privilege Escalation
Network Manager VPNC - Username Privilege Escalation (Metasploit)
Vox TG790 ADSL Router - Cross-Site Scripting
DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)
 2018-09-01 05:01:55 +00:00
Offensive Security
011bb3564a DB: 2018-08-31 
8 changes to exploits/shellcodes

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC)
Nord VPN 6.14.31 - Denial of Service (PoC)
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
DLink DIR-601 - Credential Disclosure
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting

Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
 2018-08-31 05:01:57 +00:00
Offensive Security
444206a6be DB: 2018-08-30 
21 changes to exploits/shellcodes

NASA openVSP 3.16.1 - Denial of Service (PoC)
Immunity Debugger 1.85 - Denial of Service (PoC)
ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)
Fathom 2.4 - Denial Of Service (PoC)
Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)
Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)
HD Tune Pro 5.70 - Denial of Service (PoC)
Drive Power Manager 1.10 - Denial Of Service (PoC)
Easy PhotoResQ 1.0 - Denial Of Service (PoC)
Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC)
SIPP 3.3 - Stack-Based Buffer Overflow
R 3.4.4 - Buffer Overflow (SEH)

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure
phpMyAdmin 4.7.x - Cross-Site Request Forgery
Episerver 7 patch 4 - XML External Entity Injection
Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes)
Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode
Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes)
Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)
 2018-08-30 05:01:54 +00:00
Offensive Security
ef80d21646 DB: 2018-08-29 
5 changes to exploits/shellcodes

Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service (PoC)
Instagram App 41.1788.50991.0 - Denial of Service (PoC)
Microsoft Windows - JScript RegExp.lastIndex Use-After-Free
UltraISO 9.7.1.3519 - Buffer Overflow (SEH)
Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation

WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection
WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection
 2018-08-29 05:01:57 +00:00
Offensive Security
18e2848633 DB: 2018-08-28 
25 changes to exploits/shellcodes

Firefox 55.0.3 - Denial of Service (PoC)
Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)
Libpango 1.40.8 - Denial of Service (PoC)
Adobe Flash - AVC Processing Out-of-Bounds Read

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
CuteFTP 5.0 - Buffer Overflow
Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

OpenSSH 7.7 - Username Enumeration
OpenSSH 2.3 < 7.7 - Username Enumeration
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (2)
Node.JS - 'node-serialize' Remote Code Execution
Electron WebPreferences - Remote Code Execution
HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

Auditor Website 2.0.1 - Cross-Site Scripting
Basic B2B Script 2.0.0 - Cross-Site Scripting
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting

Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
LiteCart 2.1.2 - Arbitrary File Upload
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
Responsive FileManager < 9.13.4 - Directory Traversal
WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection
 2018-08-28 05:01:59 +00:00
Offensive Security
aaa959b29c DB: 2018-08-27 
2 changes to exploits/shellcodes

Apache James 2.2 - SMTP Denial of Service
Apache James Server 2.2 - SMTP Denial of Service

SSH2 3.0 - Restricted Shell Escaping Command Execution
SSH2 3.0 - Restricted Shell Escape (Command Execution)
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
 2018-08-27 05:01:54 +00:00
Offensive Security
ec10fd3afb DB: 2018-08-26 
2 changes to exploits/shellcodes

UltimatePOS 2.5 - Remote Code Execution
ManageEngine ADManager Plus 6.5.7 - HTML Injection
 2018-08-26 05:01:56 +00:00
Offensive Security
1ebf504a96 DB: 2018-08-25 
2 changes to exploits/shellcodes

SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
 2018-08-25 05:01:56 +00:00
Offensive Security
4d43b968d8 DB: 2018-08-24 
7 changes to exploits/shellcodes

CuteFTP 8.3.1 - Denial of Service (PoC)
Epiphany Web Browser 3.28.1 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

CMS ISWEB 3.5.3 - Directory Traversal
Twitter-Clone 1 - 'code' SQL Injection
PCViewer vt1000 - Directory Traversal
 2018-08-24 05:01:53 +00:00
Offensive Security
b81a1d9d72 DB: 2018-08-23 
12 changes to exploits/shellcodes

Textpad 7.6.4 - Denial Of Service (PoC)
UltraISO 9.7.1.3519 - Denial Of Service (PoC)
Easyboot 6.6.0 - Denial Of Service (PoC)
Softdisk 3.0.3 - Denial Of Service (PoC)

Soroush IM Desktop App 0.17.0 - Authentication Bypass
Project64 2.3.2 - Buffer Overflow (SEH)
Ghostscript - Multiple Vulnerabilities
Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation

OpenSSH 2.3 < 7.4 - Username Enumeration (PoC)
OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)

Geutebrueck re_porter 7.8.974.20 - Credential Disclosure
ZyXEL VMG3312-B10B - Cross-Site Scripting
KingMedia 4.1 - Remote Code Execution
Geutebrueck re_porter 16 - Cross-Site Scripting
 2018-08-23 05:01:49 +00:00
Offensive Security
8750f2fdd7 DB: 2018-08-22 
6 changes to exploits/shellcodes

Project64 2.3.2 - Denial Of Service (PoC)

Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution
Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code Execution
OpenSSH 7.7 - Username Enumeration

WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
Twitter-Clone 1 - 'userid' SQL Injection
Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)
Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
 2018-08-22 05:01:45 +00:00
Offensive Security
948806b29c DB: 2018-08-21 
11 changes to exploits/shellcodes

SEIG Modbus 3.4 - Denial of Service (PoC)
Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)
Restorator 1793 - Denial of Service (PoC)
Prime95 29.4b7 - Denial Of Service (PoC)
SEIG SCADA System 9 - Remote Code Execution
SEIG Modbus 3.4 - Remote Code Execution
Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution
WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
Countly - Persistent Cross-Site Scripting
 2018-08-21 05:01:46 +00:00
Offensive Security
f4745b8f85 DB: 2018-08-20 2018-08-20 05:01:41 +00:00
Offensive Security
16744756bc DB: 2018-08-18 
10 changes to exploits/shellcodes

TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
CEWE Photoshow 6.3.4 - Denial of Service (PoC)
Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl
Microsoft Edge Chakra JIT - Scope Parsing Type Confusion
Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion
Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion
Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion

OpenSSH 2.3 < 7.4 - Username Enumeration (PoC)

Mikrotik WinBox 6.42 - Credential Disclosure (golang)

Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)

Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection

ADM 3.1.2RHG1 - Remote Code Execution
 2018-08-18 05:01:47 +00:00
Offensive Security
0424dfc05b DB: 2018-08-17 
8 changes to exploits/shellcodes

TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC)
Central Management Software 1.4.13 - Denial of Service (PoC)

WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)

OpenEMR 5.0.1.3 - Arbitrary File Actions
Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection
Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
 2018-08-17 05:02:00 +00:00
Offensive Security
2e282df4a8 DB: 2018-08-16 
3 changes to exploits/shellcodes

JioFi 4G M2S 1.0.2 - Denial of Service (PoC)
ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection
ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass
 2018-08-16 05:02:01 +00:00
Offensive Security
e0f6cc4569 DB: 2018-08-15 
4 changes to exploits/shellcodes

Wansview 1.0.2 - Denial of Service (PoC)

Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)
cgit 1.2.1 - Directory Traversal (Metasploit)
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)
 2018-08-15 05:01:45 +00:00
Offensive Security
1e34c2b6a5 DB: 2018-08-14 
11 changes to exploits/shellcodes

IP Finder 1.5 - Denial of Service (PoC)
Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)
PLC Wireless Router GPN2.4P21-C-CN - Denial of Service
Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow
PostgreSQL 9.4-0.5.3 - Privilege Escalation
Android - Directory Traversal over USB via Injection in blkid Output

Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution

Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)

Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking)
Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)

IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting

Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)
 2018-08-14 05:01:45 +00:00
Offensive Security
e5c23cdd53 DB: 2018-08-13 
4 changes to exploits/shellcodes

LG NAS 3718.510.a0 - Remote Command Execution
Monstra 3.0.4 - Cross-Site Scripting
Wavemaker Studio 6.6 - Server-Side Request Forgery
Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking)
 2018-08-13 05:01:45 +00:00
Offensive Security
9773c89242 DB: 2018-08-11 
5 changes to exploits/shellcodes

Awk to Perl 1.007-5 - Buffer Overflow (PoC)

iSmartViewPro 1.5 - 'Password' Buffer Overflow

MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting
Zimbra 8.6.0_GA_1153 - Cross-Site Scripting
MyBB Like Plugin 3.0.0 - Cross-Site Scripting
 2018-08-11 05:01:45 +00:00
Offensive Security
1d21694058 DB: 2018-08-10 
13 changes to exploits/shellcodes

reSIProcate 1.10.2 - Heap Overflow

CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)

AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)

Linux Kernel  4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)

Responsive Filemanager 9.13.1 - Server-Side Request Forgery

Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection

Sitecore.Net 8.1 - Directory Traversal

Monstra 3.0.4 - Cross-Site Scripting
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
 2018-08-10 05:01:46 +00:00
Offensive Security
9d8170fd85 DB: 2018-08-09 
9 changes to exploits/shellcodes

TP-Link Wireless N Router WR840N - Denial of Service (PoC)

Splinterware System Scheduler Pro 5.12 - Privilege Escalation
iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow
iSmartViewPro 1.5 - 'Account' Buffer Overflow

OpenEMR < 5.0.1 - Remote Code Execution

Kirby CMS 2.5.12 - Cross-Site Scripting
osTicket 1.10.1 - Arbitrary File Upload
LG-Ericsson iPECS NMS 30M - Directory Traversal
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
Monstra 3.0.4 - Cross-Site Scripting
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
Monstra 3.0.4 - Cross-Site Scripting
 2018-08-09 05:01:53 +00:00
Offensive Security
1d482cff1d DB: 2018-08-08 
4 changes to exploits/shellcodes

QNap QVR Client 5.0.3.23100 - Denial of Service (PoC)

OpenEMR < 5.0.1 - Remote Code Execution

CMS ISWEB 3.5.3 - Directory Traversal
 2018-08-08 05:01:52 +00:00
Offensive Security
addac3a875 DB: 2018-08-07 
9 changes to exploits/shellcodes

mySCADA myPRO 7 - Hard-Coded Credentials

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload

Open-AudIT Community 2.2.6 - Cross-Site Scripting
Subrion CMS 4.2.1 - Cross-Site Scripting
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
CMS ISWEB 3.5.3 - Directory Traversal
Monstra 3.0.4 - Cross-Site Scripting
 2018-08-07 05:01:44 +00:00
Offensive Security
e504ff7334 DB: 2018-08-06 
1 changes to exploits/shellcodes

Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation
 2018-08-06 05:01:45 +00:00
Offensive Security
3aca47020d DB: 2018-08-04 
10 changes to exploits/shellcodes

FTPShell Client 5.24 - Add to Favorites Buffer Overflow
FTPShell Client 5.24 - 'Add to Favorites' Buffer Overflow

FTPShell Client 5.24 - Create NewFolder Local Buffer Overflow
FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow
Wedding Slideshow Studio 1.36 - Buffer Overflow
Linux Kernel - UDP Fragmentation Offset 'UFO' Privilege Escalation (Metasploit)

Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting
Auditor Website 2.0.1 - Cross-Site Scripting
Basic B2B Script 2.0.0 - Cross-Site Scripting
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting
PHP Template Store Script 3.0.6 - Cross-Site Scripting
Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection
cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal

Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)
Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (128 Bytes)
 2018-08-04 05:01:46 +00:00
Offensive Security
9ea5e15796 DB: 2018-08-03 
13 changes to exploits/shellcodes

Sun Solaris 11.3 AVS - Local Kernel root Exploit

Allok Fast AVI MPEG Splitter 1.2 - Buffer Overflow (PoC)
AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)
Imperva SecureSphere 11.5 / 12.0 / 13.0 - Privilege Escalation
SecureSphere 12.0.0.50 - SealMode Shell Escape (Metasploit)

wityCMS 0.6.1 - Cross-Site Scripting

Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting
WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)
TI Online Examination System v2 - Arbitrary File Download
PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQL Injection
CoSoSys Endpoint Protector 4.5.0.1 - Authenticated Remote Root Command Injection
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection
ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution
Seq 4.2.476 - Authentication Bypass
 2018-08-03 05:01:46 +00:00
Offensive Security
903bf974eb DB: 2018-08-02 
10 changes to exploits/shellcodes

ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)
Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)
WebRTC - VP8 Block Decoding Use-After-Free
WebRTC - FEC Processing Overflow
WebRTC - H264 NAL Packet Processing Type Confusion

Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH)
Axis Network Camera - .srv to parhand RCE (Metasploit)
SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit)

Synology DiskStation Manager 4.1 - Directory Traversal

Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)
 2018-08-02 05:02:43 +00:00
Offensive Security
b02440845e DB: 2018-07-31 
5 changes to exploits/shellcodes

fusermount - user_allow_other Restriction Bypass and SELinux Label Control
ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)
Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)

Charles Proxy 4.2 - Local Privilege Escalation

H2 Database 1.4.197 - Information Disclosure
 2018-07-31 05:01:47 +00:00
Offensive Security
582d8f748e DB: 2018-07-28 
6 changes to exploits/shellcodes

QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)
NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC)
Skia - Heap Overflow in SkScan::FillPath due to Precision Error

WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)

Wordpress Background Takeover < 4.1.4 - Directory Traversal
WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal

Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion
WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion
WordPress Form Maker Plugin 1.12.24 - SQL Injection
WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection
WordPress Plugin Form Maker 1.12.24 - SQL Injection
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
Online Trade 1 - Information Disclosure
SoftNAS Cloud < 4.0.3 - OS Command Injection
 2018-07-28 05:01:47 +00:00
Offensive Security
cfbfaba0a7 DB: 2018-07-27 
3 changes to exploits/shellcodes

Core FTP 2.0 - 'XRMD' Denial of Service (PoC)

Inteno’s IOPSYS - (Authenticated) Local Privilege Escalation

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
 2018-07-27 05:01:45 +00:00
Offensive Security
ed985d30e0 DB: 2018-07-26 
3 changes to exploits/shellcodes

PoDoFo 0.9.5 - Buffer Overflow
PoDoFo 0.9.5 - Buffer Overflow (PoC)

Windows Speech Recognition - Buffer Overflow
Windows Speech Recognition - Buffer Overflow (PoC)
GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC)
10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)
10-Strike LANState 8.8 - Local Buffer Overflow (SEH)

D-link DAP-1360 - Path Traversal / Cross-Site Scripting
 2018-07-26 05:01:45 +00:00
Offensive Security
1d504e24f2 DB: 2018-07-25 
3 changes to exploits/shellcodes

Nagios Core 4.4.1 - Denial of Service

Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)

D-link DAP-1360 - Path Traversal / Cross-Site Scripting

Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (100 bytes)
 2018-07-25 05:01:46 +00:00
Offensive Security
300aada6a5 DB: 2018-07-24 
7 changes to exploits/shellcodes

Windows Speech Recognition - Buffer Overflow

Knox Software Arkeia 4.0 - Backup Local Overflow
Knox Arkeia 4.0 Backup - Local Overflow

Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)

Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit)
Knox Arkeia Backup Client 5.3.3 Type 77 (OSX) - Overflow (Metasploit)

Microsoft Windows - 'dnslint.exe' Drive-By Download
NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution
Davolink DVW 3200 Router - Password Disclosure
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)

Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)
 2018-07-24 05:01:45 +00:00
Offensive Security
939bd7d9cd DB: 2018-07-23 
1 changes to exploits/shellcodes

GeoVision GV-SNVR0811 - Directory Traversal
 2018-07-23 05:01:45 +00:00
Offensive Security
350bb348ff DB: 2018-07-21 
3 changes to exploits/shellcodes

TP-Link TL-WR840N - Denial of Service

WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting
WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting
MSVOD 10 - 'cid' SQL Injection
Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass
 2018-07-21 05:01:50 +00:00
Offensive Security
bf0a56a02f DB: 2018-07-20 
6 changes to exploits/shellcodes

Google Chrome - Swiftshader Texture Allocation Integer Overflow
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors
Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak

Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)

WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting

MyBB New Threads Plugin 1.1 - Cross-Site Scripting
 2018-07-20 05:01:44 +00:00
Offensive Security
a2ac269de5 DB: 2018-07-19 
8 changes to exploits/shellcodes

JavaScript Core - Arbitrary Code Execution
QNAP Q'Center - change_passwd Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs RCE (Metasploit)
QNAP Q'Center - 'change_passwd' Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit)
HomeMatic Zentrale CCU2 - Remote Code Execution

MailGust 1.9 - Board Takeover SQL Injection
MailGust 1.9 - Board Takeover (SQL Injection)

Cyphor 0.19 - Board Takeover SQL Injection
Cyphor 0.19 - Board Takeover (SQL Injection)

versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection
versatileBulletinBoard 1.00 RC2 - Board Takeover (SQL Injection)

WordPress 2.6.1 - SQL Column Truncation Admin Takeover
WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)

Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover
Invision Power Board 1.x?/2.x/3.x - Admin Takeover

Joomla! < 3.6.4 - Admin TakeOver
Joomla! < 3.6.4 - Admin Takeover
PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation
PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation
Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection
Open-AudIT Community 2.1.1 - Cross-Site Scripting
FTP2FTP 1.0 - Arbitrary File Download
Modx Revolution < 2.6.4 - Remote Code Execution
 2018-07-19 05:01:43 +00:00
Offensive Security
1f88d0a67a DB: 2018-07-18 
10 changes to exploits/shellcodes

Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass
Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials
QNAP Q'Center - change_passwd Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs RCE (Metasploit)
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root

Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)
 2018-07-18 05:01:47 +00:00
Offensive Security
a657b64301 DB: 2018-07-17 
7 changes to exploits/shellcodes

macOS/iOS - JavaScript Injection Bug in OfficeImporter
Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)
Hadoop YARN ResourceManager - Command Execution (Metasploit)

VelotiSmart WiFi B-380 Camera - Directory Traversal
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting

Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)
 2018-07-17 05:01:49 +00:00
Offensive Security
b374aca9a3 DB: 2018-07-14 
10 changes to exploits/shellcodes

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow

Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)

HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit)
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)

IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)
IBM QRadar SIEM - Remote Code Execution (Metasploit)
Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)
Apache CouchDB - Arbitrary Command Execution (Metasploit)
phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)
Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)

Dolibarr 3.2.0 < Alpha - File Inclusion
Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion

Dolibarr ERP/CRM - OS Command Injection
Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection

Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection
Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection

Dolibarr CMS 3.5.3 - Multiple Vulnerabilities
Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities

Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr ERP/CRM 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr ERP/CRM - '/user/index.php' Multiple SQL Injections
Dolibarr ERP/CRM - '/user/info.php?id' SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php?rowid' SQL Injection
Dolibarr ERP/CRM 3.1.0 - '/user/index.php' Multiple SQL Injections
Dolibarr ERP/CRM 3.1.0 - '/user/info.php?id' SQL Injection
Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection

Dolibarr CMS 3.x - '/adherents/fiche.php' SQL Injection
Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection

Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities

Dolibarr 7.0.0 - SQL Injection
Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection

Dolibarr ERP CRM  < 7.0.3 - PHP Code Injection
Dolibarr ERP/CRM  < 7.0.3 - PHP Code Injection

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution

WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure
Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery
 2018-07-14 05:01:50 +00:00
Offensive Security
e76244b41a DB: 2018-07-13 
8 changes to exploits/shellcodes

Adobe Flash Player 10.0.22 and AIR - 'intf_count' Integer Overflow
Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow
Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes
Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read
Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions

VLC media player 2.2.8 - Arbitrary Code Execution (PoC)

Linux Kernel <  4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation

212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities
212Cafe Board 0.08 Beta / 6.30 Beta - Multiple Cross-Site Scripting Vulnerabilities

123 Flash Chat - Multiple Vulnerabilities
123 Flash Chat 7.8 - Multiple Vulnerabilities

Dicoogle PACS 2.5.0 - Directory Traversal
 2018-07-13 05:02:00 +00:00
Offensive Security
52954b4751 DB: 2018-07-12 
5 changes to exploits/shellcodes

Nibbleblog - Arbitrary File Upload (Metasploit)
Nibbleblog 4.0.3 - Arbitrary File Upload (Metasploit)

IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)

Nibbleblog - Multiple SQL Injections
Nibbleblog 3 - Multiple SQL Injections
Instagram-Clone Script 2.0 - Cross-Site Scripting
Dicoogle PACS 2.5.0 - Directory Traversal
 2018-07-12 05:01:59 +00:00
Offensive Security
02fa7c70d3 DB: 2018-07-11 
9 changes to exploits/shellcodes

HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit)
HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit)
OpenSSH < 6.6 SFTP (x64) - Command Execution
OpenSSH < 6.6 SFTP - Command Execution

ModSecurity 3.0.0 - Cross-Site Scripting
Gitea 1.4.0 - Remote Code Execution
WolfSight CMS 3.2 - SQL Injection
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
Elektronischer Leitz-Ordner 10 - SQL Injection
D-Link DIR601 2.02 - Credential Disclosure
 2018-07-11 05:01:52 +00:00
Offensive Security
727943f775 DB: 2018-07-10 
8 changes to exploits/shellcodes

Tor Browser < 0.3.2.10 - Use After Free (PoC)

Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH)
Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow
HP VAN SDN Controller - Root Command Injection (Metasploit)
HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit)
GitList 0.6.0 - Argument Injection (Metasploit)

Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting

Linux/x86 - Kill Process Shellcode (20 bytes)
 2018-07-10 05:01:55 +00:00
Offensive Security
5e6d432161 DB: 2018-07-07 
2 changes to exploits/shellcodes

PolarisOffice 2017 8 - Remote Code Execution

Airties AIR5444TT - Cross-Site Scripting
 2018-07-07 05:01:49 +00:00
Offensive Security
08110782dd DB: 2018-07-06 
4 changes to exploits/shellcodes

ADB Broadband Gateways / Routers - Local Root Jailbreak
ADB Broadband Gateways / Routers - Privilege Escalation

ADB Broadband Gateways / Routers - Authorization Bypass

SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection
 2018-07-06 05:01:46 +00:00
Offensive Security
d659af98fd DB: 2018-07-05 
5 changes to exploits/shellcodes

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution
CMS Made Simple 2.2.5 - Remote Code Execution
Online Trade - Information Disclosure
ShopNx - Arbitrary File Upload
 2018-07-05 05:01:52 +00:00
Offensive Security
6a98e55e9d DB: 2018-07-04 
4 changes to exploits/shellcodes

openslp 2.0.0 - Double-Free

Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (Metasploit)

FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)
FTPShell Client 6.70 (Enterprise Edition) - Stack Buffer Overflow (Metasploit)
ModSecurity 3.0.0 - Cross-Site Scripting
ntop-ng < 3.4.180617 - Authentication Bypass
 2018-07-04 05:01:48 +00:00
Offensive Security
e8a3702c6c DB: 2018-07-03 
11 changes to exploits/shellcodes

Core FTP LE 2.2 - Buffer Overflow (PoC)
SIPp 3.6 - Local Buffer Overflow (PoC)
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)

Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection
FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)
Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
Dolibarr ERP CRM  < 7.0.3 - PHP Code Injection

Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)
 2018-07-03 05:01:48 +00:00