Offensive Security
a32e028b88
DB: 2019-08-13
...
17 changes to exploits/shellcodes
VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
Linux - Use-After-Free Reads in show_numa_stats()
WebKit - UXSS via XSLT and Nested Document Replacements
Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Formula Injection
osTicket 1.12 - Persistent Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection
Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
2019-08-13 05:02:31 +00:00
Offensive Security
fe9103a0fb
DB: 2019-08-07
...
2 changes to exploits/shellcodes
Tor Browser < 0.3.2.10 - Use After Free (PoC)
2019-08-07 05:02:36 +00:00
Offensive Security
6f49190671
DB: 2019-07-27
...
19 changes to exploits/shellcodes
pdfresurrect 0.15 - Buffer Overflow
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (1)
Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
VMware Workstation/Player < 12.5.5 - Local Privilege Escalation
S-nail < 14.8.16 - Local Privilege Escalation
Deepin Linux 15 - 'lastore-daemon' Local Privilege Escalation
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2)
ASAN/SUID - Local Privilege Escalation
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation
Ovidentia 8.4.3 - SQL Injection
Moodle Filepicker 3.5.2 - Server Side Request Forgery
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
2019-07-27 05:02:19 +00:00
Offensive Security
a8a07cdedf
DB: 2019-07-23
...
4 changes to exploits/shellcodes
BACnet Stack 0.8.6 - Denial of Service
Docker - Container Escape
Comtrend-AR-5310 - Restricted Shell Escape
Axway SecureTransport 5 - Unauthenticated XML Injection
2019-07-23 05:02:15 +00:00
Offensive Security
3ef90f18d0
DB: 2019-06-21
...
6 changes to exploits/shellcodes
Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
Tuneclone 2.20 - Local SEH Buffer Overflow
Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)
Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)
WebERP 4.15 - SQL injection
BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection
2019-06-21 05:01:58 +00:00
Offensive Security
8cbfa5df7f
DB: 2019-06-18
...
13 changes to exploits/shellcodes
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)
AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector
Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
2019-06-18 05:01:54 +00:00
Offensive Security
f3c28b3d62
DB: 2019-05-01
...
23 changes to exploits/shellcodes
SpotAuditor 3.6.7 - Denial of Service (PoC)
SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC)
SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification
IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)
DeviceViewer 3.12.0.1 - 'user' SEH Overflow
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow
Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit)
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)
Pimcore < 5.71 - Unserialize RCE (Metasploit)
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
HumHub 1.3.12 - Cross-Site Scripting
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
Domoticz 4.10577 - Unauthenticated Remote Command Execution
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
Hyvikk Fleet Manager - Shell Upload
Agent Tesla Botnet - Information Disclosure
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
2019-05-01 05:02:01 +00:00
Offensive Security
be3b22b6f7
DB: 2019-04-27
...
4 changes to exploits/shellcodes
NSauditor 3.1.2.0 - 'Community' Denial of Service (PoC)
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)
systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting
2019-04-27 05:02:04 +00:00
Offensive Security
eed95d3393
DB: 2019-04-24
...
4 changes to exploits/shellcodes
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit
Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition
Linux - 'page->_refcount' Overflow via FUSE
Ross Video DashBoard 8.5.1 - Insecure Permissions
2019-04-24 05:02:04 +00:00
Offensive Security
e4e3f1c741
DB: 2019-03-29
...
15 changes to exploits/shellcodes
Microsoft Visio 2016 16.0.4738.1000 - 'Log in accounts' Denial of Service
gnutls 3.6.6 - 'verify_crt()' Use-After-Free
Microsoft Windows Task Scheduler (Windows XP/2000) - '.job' (MS04-022)
Microsoft Windows Task Scheduler (XP/2000) - '.job' (MS04-022)
Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (1)
Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (2)
Multiple Vendor BIOS - Keyboard Buffer Password Persistence (1)
Multiple Vendor BIOS - Keyboard Buffer Password Persistence (2)
NXP Semiconductors MIFARE Classic Smartcard - Multiple Security Weaknesses
NXP Semiconductors MIFARE Classic Smartcard - Multiple Vulnerabilities
Accellion Secure File Transfer Appliance - Multiple Command Restriction Weakness Privilege Escalations
Accellion Secure File Transfer Appliance - Multiple Command Restriction / Privilege Escalations
EncFS 1.6.0 - Flawed CBC/CFB Cryptography Implementation Weaknesses
EncFS 1.6.0 - Flawed CBC/CFB Cryptography Implementation
PonyOS 3.0 - VFS Permissions
PonyOS 3.0 - ELF Loader Privilege Escalation
PonyOS 3.0 - TTY 'ioctl()' Kernel Local Privilege Escalation
Linux Kernel (PonyOS 3.0) - VFS Permissions Local Privilege Escalation
Linux Kernel (PonyOS 3.0) - ELF Loader Local Privilege Escalation
Linux Kernel (PonyOS 3.0) - TTY 'ioctl()' Local Privilege Escalation
PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Kernel Privilege Escalation
Linux Kernel (PonyOS 4.0) - 'fluttershy' LD_LIBRARY_PATH Local Privilege Escalation
Microsoft Windows Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation
Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017)
Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039)
Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation
Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS17-017)
Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS16-039)
Microsoft Windows MSHTML Engine - _Edit_ Remote Code Execution
Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter)
Linux Kernel 2.2 - TCP/IP Weakness Spoof IP
Linux Kernel 2.2 - TCP/IP Spoof IP
Microsoft Windows Media Encoder (Windows XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053)
Microsoft Windows Media Encoder (XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053)
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass Weakness (1)
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass Weakness (2)
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (1)
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (2)
Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation Weakness (1)
Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation Weakness (2)
Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation (1)
Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation (2)
PHP 5.2.6 - 'create_function()' Code Injection Weakness (2)
PHP 5.2.6 - 'create_function()' Code Injection Weakness (1)
PHP 5.2.6 - 'create_function()' Code Injection (2)
PHP 5.2.6 - 'create_function()' Code Injection (1)
GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness (1)
GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness (2)
GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy (1)
GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy (2)
WebKit - Insufficient Entropy Random Number Generator Weakness (1)
WebKit - Insufficient Entropy Random Number Generator Weakness (2)
WebKit - Insufficient Entropy Random Number Generator (1)
WebKit - Insufficient Entropy Random Number Generator (2)
SonicWALL - SessId Cookie Brute Force Weakness Admin Session Hijacking
SonicWALL - 'SessId' Cookie Brute Force / Admin Session Hijacking
Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit)
elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit)
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit)
CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit)
Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure Weakness (1)
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure Weakness (2)
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (1)
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (2)
LemonLDAP:NG 0.9.3.1 - User Enumeration Weakness / Cross-Site Scripting
LemonLDAP:NG 0.9.3.1 - User Enumeration / Cross-Site Scripting
Novell Teaming 1.0 - User Enumeration Weakness / Multiple Cross-Site Scripting Vulnerabilities
Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities
MotoCMS - admin/data/users.xml Access Restriction Weakness Information Disclosure
MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure
Coppermine Gallery < 1.5.44 - Directory Traversal Weaknesses
Coppermine Gallery < 1.5.44 - Directory Traversal
Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change
Tenda W308R v2 Wireless Router 5.07.48 - (Cookie Session) Remote DNS Change
Cobub Razor 0.8.0 - Physical path Leakage
Cobub Razor 0.8.0 - Physical Path Leakage
Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion
Airbnb Clone Script - Multiple SQL Injection
Fat Free CRM 0.19.0 - HTML Injection
WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion
WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion
i-doit 1.12 - 'qr.php' Cross-Site Scripting
Job Portal 3.1 - 'job_submit' SQL Injection
BigTree 4.3.4 CMS - Multiple SQL Injection
Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection
2019-03-29 05:01:59 +00:00
Offensive Security
70225061cc
DB: 2019-03-23
...
4 changes to exploits/shellcodes
snap - seccomp BBlacklist for TIOCSTI can be Circumvented
Matri4Web Matrimony Website Script - Multiple SQL Injection
Meeplace Business Review Script - 'id' SQL Injection
Inout Article Base CMS - SQL Injection
2019-03-23 05:02:03 +00:00
Offensive Security
2afed97ceb
DB: 2019-03-20
...
16 changes to exploits/shellcodes
libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons
Google Chrome < M73 - Double-Destruction Race in StoragePartitionService
Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
Microsoft VBScript - VbsErase Memory Corruption
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject
Google Chrome < M73 - MidiManagerWin Use-After-Free
Google Chrome < M73 - FileSystemOperationRunner Use-After-Free
Advanced Host Monitor 11.92 beta - Local Buffer Overflow
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit)
TheCarProject v2 - Multiple SQL Injection
TheCarProject 2 - Multiple SQL Injection
Gila CMS 1.9.1 - Cross-Site Scripting
MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting
eNdonesia Portal 8.7 - Multiple Vulnerabilities
Netartmedia Event Portal 2.0 - 'Email' SQL Injection
Netartmedia PHP Mall 4.1 - SQL Injection
Netartmedia Real Estate Portal 5.0 - SQL Injection
2019-03-20 05:01:53 +00:00
Offensive Security
ce1901fc4f
DB: 2019-03-12
...
10 changes to exploits/shellcodes
Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak
Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)
NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode)
Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)
OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)
PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution
Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution
Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)
Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)
2019-03-12 05:01:58 +00:00
Offensive Security
880bbe402e
DB: 2019-03-08
...
14991 changes to exploits/shellcodes
HTC Touch - vCard over IP Denial of Service
TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities
PeerBlock 1.1 - Blue Screen of Death
WS10 Data Server - SCADA Overflow (PoC)
Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
man-db 2.4.1 - 'open_cat_stream()' Local uid=man
CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation
CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
CCProxy 6.2 - 'ping' Remote Buffer Overflow
Savant Web Server 3.1 - Remote Buffer Overflow (2)
Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution
Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
2019-03-08 05:01:50 +00:00
Offensive Security
d5509de389
DB: 2019-03-07
...
6 changes to exploits/shellcodes
Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
Android - binder Use-After-Free via racy Initialization of ->allow_user_free
Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass
Java Debug Wire Protocol (JDWP) - Remote Code Execution
Linux/x86 - XOR Encoder / Decoder execve() /bin/sh Shellcode (45 bytes)
Linux/x86 - XOR Encoder / Decoder execve(/bin/sh) Shellcode (45 bytes)
2019-03-07 05:01:53 +00:00
Offensive Security
a37e3008e5
DB: 2019-03-05
...
20 changes to exploits/shellcodes
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
FileZilla 3.40.0 - 'Local search' / 'Local site' Denial of Service (PoC)
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1)
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)
symphony CMS 2.3 - Multiple Vulnerabilities
Symphony CMS 2.3 - Multiple Vulnerabilities
Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload)
Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)
OOP CMS BLOG 1.0 - Multiple SQL Injection
OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery
CMSsite 1.0 - Multiple Cross-Site Request Forgery
elFinder 2.1.47 - Command Injection vulnerability in the PHP connector
MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal
Bolt CMS 3.6.4 - Cross-Site Scripting
Craft CMS 3.1.12 Pro - Cross-Site Scripting
WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities
Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting
Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes)
Linux/x64 - Kill All Processes Shellcode (11 bytes)
Linux/x86 - iptables -F Shellcode (43 bytes)
2019-03-05 05:01:50 +00:00
Offensive Security
55fab34db7
DB: 2019-03-02
...
10 changes to exploits/shellcodes
Linux Kernel 3.10.0 (CentOS7) - Denial of Service
Linux Kernel 3.10.0 (CentOS 7) - Denial of Service
Google Chrome < M72 - PaymentRequest Service Use-After-Free
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost
Google Chrome < M72 - FileWriterImpl Use-After-Free
tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads
Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image
Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation
2019-03-02 05:01:54 +00:00
Offensive Security
31edb35a91
DB: 2019-03-01
...
9 changes to exploits/shellcodes
FTP Server 1.32 - Denial of Service
WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
TransMac 12.3 - Denial of Service (PoC)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
Joomla! Component J2Store < 3.3.7 - SQL Injection
Usermin 1.750 - Remote Command Execution (Metasploit)
Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)
2019-03-01 05:01:57 +00:00
Offensive Security
f7381cfe15
DB: 2019-02-22
...
9 changes to exploits/shellcodes
Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)
Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)
ScreenStream 3.0.15 - Denial of Service
AirDrop 2.0 - Denial of Service (DoS)
RealTerm Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow (SEH)
Memu Play 6.0.7 - Privilege Escalation
MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass
C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection
EI-Tube 3 - SQL Injection
2019-02-22 05:01:55 +00:00
Offensive Security
26efc559c7
DB: 2019-02-21
...
8 changes to exploits/shellcodes
FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)
WinRAR 5.61 - '.lng' Denial of Service
FaceTime - Texture Processing Memory Corruption
Android Kernel < 4.8 - ptrace seccomp Filter Bypass
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - File Permissions SYSTEM Privilege Escalation
MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation
Apple macOS 10.13.5 - Local Privilege Escalation
mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers
mIRC < 7.55 - 'Custom URI Protocol Handlers' Remote Command Execution
Belkin Wemo UPnP - Remote Code Execution (Metasploit)
HotelDruid 2.3 - Cross-Site Scripting
2019-02-21 05:01:57 +00:00
Offensive Security
f3f1427938
DB: 2019-02-16
...
9 changes to exploits/shellcodes
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS)
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC)
AirMore 1.6.1 - Denial of Service (PoC)
Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC)
Navicat for Oracle 12.1.15 - _Password_ Denial of Service (PoC)
VSCO 1.1.1.0 - Denial of Service (PoC)
Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference
Webiness Inventory 2.3 - SQL Injection
Webiness Inventory 2.3 - 'order' SQL Injection
MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery
Jinja2 2.10 - 'from_string' Server Side Template Injection
qdPM 9.1 - 'search_by_extrafields[]' SQL Injection
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload
2019-02-16 05:01:55 +00:00
Offensive Security
ed58accc5a
DB: 2019-01-30
...
5 changes to exploits/shellcodes
MiniUPnPd 2.1 - Out-of-Bounds Read
MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation
MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation
HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)
PDF Signer 3.0 - SSTI to RCE via CSRF Cookie
Linux/x86 - execve() - Terminal Calculator (bc) Shellcode (53 bytes)
Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes)
Linux/ARM - Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/x86 - execve(/bin/sh) + RShift-1 Encoded Shellcode (29 bytes)
2019-01-30 05:01:46 +00:00
Offensive Security
2ad3a5e94e
DB: 2019-01-22
...
11 changes to exploits/shellcodes
Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer
Echo Mirage 3.1 - Buffer Overflow (PoC)
GattLib 0.2 - Stack Buffer Overflow
Kepler Wallpaper Script 1.1 - SQL Injection
Coman 1.0 - 'id' SQL Injection
Reservic 1.0 - 'id' SQL Injection
MoneyFlux 1.0 - 'id' SQL Injection
PHP Dashboards NEW 5.8 - 'dashID' SQL Injection
PHP Dashboards NEW 5.8 - Local File Inclusion
PHP Uber-style GeoTracking 1.1 - SQL Injection
Adianti Framework 5.5.0 - SQL Injection
2019-01-22 05:01:54 +00:00
Offensive Security
fa261f0558
DB: 2019-01-17
...
18 changes to exploits/shellcodes
Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
Roxy Fileman 1.4.5 - Arbitrary File Download
doorGets CMS 7.0 - Arbitrary File Download
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
2019-01-17 05:01:45 +00:00
Offensive Security
c2a1585898
DB: 2019-01-10
...
10 changes to exploits/shellcodes
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
MDwiki < 0.6.2 - Cross-Site Scripting
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
BlogEngine 3.3 - XML External Entity Injection
Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
2019-01-10 05:01:43 +00:00
Offensive Security
1b31850a46
DB: 2018-12-25
...
15 changes to exploits/shellcodes
Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)
Google Chrome 70 - SQLite Magellan Crash (PoC)
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
Keybase keybase-redirector - '$PATH' Local Privilege Escalation
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
Netatalk - Bypass Authentication
Kubernetes - (Unauthenticated) Arbitrary Requests
Kubernetes - (Authenticated) Arbitrary Requests
WSTMart 2.0.8 - Cross-Site Scripting
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)
Linux/x86 - Kill All Processes Shellcode (14 bytes)
2018-12-25 05:01:44 +00:00
Offensive Security
a9bfc525dd
DB: 2018-12-18
...
1 changes to exploits/shellcodes
GNU inetutils < 1.9.4 - 'telnet.c' Multiple Overflows (PoC)
2018-12-18 05:01:47 +00:00
Offensive Security
04a490a7c2
DB: 2018-12-14
...
3 changes to exploits/shellcodes
Linux - 'userfaultfd' Bypasses tmpfs File Permissions
WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains
CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
2018-12-14 05:01:46 +00:00
Offensive Security
0a4925cc93
DB: 2018-12-04
...
10 changes to exploits/shellcodes
Mozilla Firefox 63.0.1 - Denial of Service (PoC)
Budabot 4.0 - Denial of Service (PoC)
CyberArk 9.7 - Memory Disclosure
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
Apache Superset 0.23 - Remote Code Execution
Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
2018-12-04 05:01:48 +00:00
Offensive Security
7cc86c322f
DB: 2018-12-01
...
8 changes to exploits/shellcodes
Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
VBScript - 'rtFilter' Out-of-Bounds Read
HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation
Apache Spark - Unauthenticated Command Execution (Metasploit)
Schneider Electric PLC - Session Calculation Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
2018-12-01 05:01:40 +00:00
Offensive Security
dfd1e454e1
DB: 2018-11-28
...
10 changes to exploits/shellcodes
MariaDB Client 10.1.26 - Denial of Service (PoC)
Arm Whois 3.11 - Buffer Overflow (ASLR)
Xorg X11 Server - SUID privilege escalation (Metasploit)
ELBA5 5.8.0 - Remote Code Execution
Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
Ticketly 1.0 - 'kind_id' SQL Injection
No-Cms 1.0 - 'order_by' SQL Injection
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
2018-11-28 11:08:29 +00:00
Offensive Security
9496a4320a
DB: 2018-11-18
...
4 changes to exploits/shellcodes
systemd - reexec State Injection
systemd - chown_one() can Dereference Symlinks
systemd - 'reexec' State Injection
Centos 7.1 / Fedora 22 - abrt Privilege Escalation
abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation
Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download
Google Chrome (Fedora 25 / Ubuntu 16.04) - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download
glibc - 'getcwd()' Local Privilege Escalation
glibc < 2.26 - 'getcwd()' Local Privilege Escalation
Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation
Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation
systemd - 'chown_one()' Dereference Symlinks
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - (Multiple Vulnerabilities) Cross-Site Scripting / Cross-Site Request Forgery
EditMe CMS - Cross-Site Request Forgery (Add New Admin)
EditMe CMS - Cross-Site Request Forgery (Add Admin)
Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure
WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User)
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)
Drupal < 7.58 - 'drupalgeddon3' (Authenticated) Remote Code Execution (PoC)
Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)
IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)
KingMedia 4.1 - Remote Code Execution
KingMedia 4.1 - File Upload
CMS Made Simple 2.2.7 - Remote Code Execution
CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution
LibreHealth 2.0.0 - Arbitrary File Actions
LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
2018-11-18 05:01:40 +00:00
Offensive Security
3a7153b2ac
DB: 2018-11-14
...
24 changes to exploits/shellcodes
CuteFTP Mac 3.1 - Denial of Service (PoC)
Evince 3.24.0 - Command Injection
Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service
XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
xorg-x11-server < 1.20.1 - Local Privilege Escalation
Data Center Audit 2.6.2 - 'username' SQL Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection
Nominas 0.27 - 'username' SQL Injection
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
Surreal ToDo 0.6.1.2 - SQL Injection
Surreal ToDo 0.6.1.2 - Local File Inclusion
Alienor Web Libre 2.0 - SQL Injection
Musicco 2.0.0 - Arbitrary Directory Download
Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin)
Tina4 Stack 1.0.3 - SQL Injection / Database File Download
Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)
Easyndexer 1.0 - Arbitrary File Download
ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)
Gumbo CMS 0.99 - SQL Injection
Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload
Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download
Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
Webiness Inventory 2.3 - SQL Injection
SIPve 0.0.2-R19 - SQL Injection
Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)
2018-11-14 05:01:43 +00:00
Offensive Security
ef70ec156b
DB: 2018-10-31
...
22 changes to exploits/shellcodes
ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
SIPp 3.3.990 - Local Buffer Overflow (PoC)
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
xorg-x11-server 1.20.3 - Privilege Escalation
Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)
Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
Electricks eCommerce 1.0 - 'prodid' SQL Injection
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
Webiness Inventory 2.9 - Arbitrary File Upload
NETGEAR WiFi Router R6120 - Credential Disclosure
MyBB Downloads 2.0.3 - SQL Injection
Expense Management 1.0 - Arbitrary File Upload
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
Notes Manager 1.0 - Arbitrary File Upload
Instagram Clone 1.0 - Arbitrary File Upload
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
CI User Login and Management 1.0 - Arbitrary File Upload
Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)
2018-10-31 05:01:53 +00:00
Offensive Security
15b77b5965
DB: 2018-10-30
...
33 changes to exploits/shellcodes
Navicat 12.0.29 - 'SSH' Denial of Service (PoC)
AlienIP 2.41 - Denial of Service (PoC)
Local Server 1.0.9 - Denial of Service (PoC)
systemd - reexec State Injection
systemd - chown_one() can Dereference Symlinks
ASRock Drivers - Privilege Escalation
Modbus Slave 7.0.0 - Denial of Service (PoC)
School Equipment Monitoring System 1.0 - 'login' SQL Injection
Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)
Paramiko 2.4.1 - Authentication Bypass
Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection
Grapixel New Media 2 - 'pageref' SQL Injection
Library Management System 1.0 - 'frmListBooks' SQL Injection
Open Faculty Evaluation System 7 - 'batch_name' SQL Injection
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
MTGAS MOGG Web Simulator Script - SQL Injection
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
Curriculum Evaluation System 1.0 - SQL Injection
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection
School Event Management System 1.0 - SQL Injection
School Event Management System 1.0 - Arbitrary File Upload
School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Arbitrary File Upload
School Attendance Monitoring System 1.0 - SQL Injection
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
RhinOS CMS 3.x - Arbitrary File Download
E-Negosyo System 1.0 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)
SaltOS Erp Crm 3.1 r8126 - Database File Download
K-iwi Framework 1775 - SQL Injection
2018-10-30 05:01:46 +00:00
Offensive Security
832a222df4
DB: 2018-10-26
...
21 changes to exploits/shellcodes
ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)
BORGChat 1.0.0 build 438 - Denial of Service (PoC)
libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
Adult Filter 1.0 - Buffer Overflow (SEH)
WebEx - Local Service Permissions Exploit (Metasploit)
exim 4.90 - Remote Code Execution
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
exim 4.90 - Remote Code Execution
WebExec - Authenticated User Code Execution (Metasploit)
ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
phptpoint Pharmacy Management System 1.0 - 'username' SQL injection
phptpoint Hospital Management System 1.0 - 'user' SQL injection
Simple Chat System 1.0 - 'id' SQL Injection
Delta Sql 1.8.2 - Arbitrary File Upload
User Management 1.1 - Cross-Site Scripting
ClipBucket 2.8 - 'id' SQL Injection
Simple POS and Inventory 1.0 - 'cat' SQL Injection
AiOPMSD Final 1.0.0 - 'q' SQL Injection
AjentiCP 1.2.23.13 - Cross-Site Scripting
MPS Box 0.1.8.0 - 'uuid' SQL Injection
Open STA Manager 2.3 - Arbitrary File Download
2018-10-26 05:01:46 +00:00
Offensive Security
038ac7b860
DB: 2018-10-11
...
4 changes to exploits/shellcodes
FileZilla 3.33 - Buffer Overflow (PoC)
WhatsApp - RTP Processing Heap Corruption
MicroTik RouterOS < 6.43rc3 - Remote Root
Ektron CMS 9.20 SP2 - Improper Access Restrictions
2018-10-11 05:01:43 +00:00
Offensive Security
b311000a22
DB: 2018-10-09
...
16 changes to exploits/shellcodes
net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)
net-snmp 5.7.3 - Authenticated Denial of Service (PoC)
Linux - Kernel Pointer Leak via BPF
Android - sdcardfs Changes current->fs Without Proper Locking
360 3.5.0.1033 - Sandbox Escape
Git Submodule - Arbitrary Code Execution
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)
Cisco Prime Infrastructure - Unauthenticated Remote Code Execution
Unitrends UEB - HTTP API Remote Code Execution (Metasploit)
Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
Imperva SecureSphere 13 - Remote Command Execution
Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
2018-10-09 05:01:44 +00:00
Offensive Security
ed0e1e4d44
DB: 2018-09-25
...
1979 changes to exploits/shellcodes
Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)
Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection
Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities
Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass
Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection
Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload
Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection
Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure
Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)
Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting
Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
2018-09-25 05:01:51 +00:00
Offensive Security
2785d40187
DB: 2018-09-14
...
12 changes to exploits/shellcodes
Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)
MediaTek Wirless Utility rt2870 - Denial of Service (PoC)
TeamViewer App 13.0.100.0 - Denial of Service (PoC)
Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler
InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH)
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation
Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH)
Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH)
Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow
Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket
MyBB 1.8.17 - Cross-Site Scripting
Apache Portals Pluto 3.0.0 - Remote Code Execution
Apache Syncope 2.0.7 - Remote Code Execution
2018-09-14 05:01:54 +00:00
Offensive Security
18e2848633
DB: 2018-08-28
...
25 changes to exploits/shellcodes
Firefox 55.0.3 - Denial of Service (PoC)
Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)
Libpango 1.40.8 - Denial of Service (PoC)
Adobe Flash - AVC Processing Out-of-Bounds Read
Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
CuteFTP 5.0 - Buffer Overflow
Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)
OpenSSH 7.7 - Username Enumeration
OpenSSH 2.3 < 7.7 - Username Enumeration
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)
Node.JS - 'node-serialize' Remote Code Execution
Electron WebPreferences - Remote Code Execution
HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)
Auditor Website 2.0.1 - Cross-Site Scripting
Basic B2B Script 2.0.0 - Cross-Site Scripting
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting
Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
LiteCart 2.1.2 - Arbitrary File Upload
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
Responsive FileManager < 9.13.4 - Directory Traversal
WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection
2018-08-28 05:01:59 +00:00
Offensive Security
4d43b968d8
DB: 2018-08-24
...
7 changes to exploits/shellcodes
CuteFTP 8.3.1 - Denial of Service (PoC)
Epiphany Web Browser 3.28.1 - Denial of Service (PoC)
StyleWriter 4 1.0 - Denial of Service (PoC)
CMS ISWEB 3.5.3 - Directory Traversal
Twitter-Clone 1 - 'code' SQL Injection
PCViewer vt1000 - Directory Traversal
2018-08-24 05:01:53 +00:00
Offensive Security
b02440845e
DB: 2018-07-31
...
5 changes to exploits/shellcodes
fusermount - user_allow_other Restriction Bypass and SELinux Label Control
ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)
Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)
Charles Proxy 4.2 - Local Privilege Escalation
H2 Database 1.4.197 - Information Disclosure
2018-07-31 05:01:47 +00:00
Offensive Security
1d504e24f2
DB: 2018-07-25
...
3 changes to exploits/shellcodes
Nagios Core 4.4.1 - Denial of Service
Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)
D-link DAP-1360 - Path Traversal / Cross-Site Scripting
Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (100 bytes)
2018-07-25 05:01:46 +00:00
Offensive Security
a657b64301
DB: 2018-07-17
...
7 changes to exploits/shellcodes
macOS/iOS - JavaScript Injection Bug in OfficeImporter
Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass
Microsoft Enterprise Mode Site List Manager - XML External Entity Injection
Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)
Hadoop YARN ResourceManager - Command Execution (Metasploit)
VelotiSmart WiFi B-380 Camera - Directory Traversal
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting
Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)
2018-07-17 05:01:49 +00:00
Offensive Security
727943f775
DB: 2018-07-10
...
8 changes to exploits/shellcodes
Tor Browser < 0.3.2.10 - Use After Free (PoC)
Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH)
Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow
HP VAN SDN Controller - Root Command Injection (Metasploit)
HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit)
GitList 0.6.0 - Argument Injection (Metasploit)
Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting
Linux/x86 - Kill Process Shellcode (20 bytes)
2018-07-10 05:01:55 +00:00
Offensive Security
6a98e55e9d
DB: 2018-07-04
...
4 changes to exploits/shellcodes
openslp 2.0.0 - Double-Free
Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (Metasploit)
FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)
FTPShell Client 6.70 (Enterprise Edition) - Stack Buffer Overflow (Metasploit)
ModSecurity 3.0.0 - Cross-Site Scripting
ntop-ng < 3.4.180617 - Authentication Bypass
2018-07-04 05:01:48 +00:00
Offensive Security
e8a3702c6c
DB: 2018-07-03
...
11 changes to exploits/shellcodes
Core FTP LE 2.2 - Buffer Overflow (PoC)
SIPp 3.6 - Local Buffer Overflow (PoC)
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)
Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection
FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)
Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
Dolibarr ERP CRM < 7.0.3 - PHP Code Injection
Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)
2018-07-03 05:01:48 +00:00
Offensive Security
2c912f897c
DB: 2018-06-27
...
3 changes to exploits/shellcodes
PoDoFo 0.9.5 - Buffer Overflow
Liferay Portal < 7.0.4 - Server-Side Request Forgery
2018-06-27 05:01:48 +00:00
Offensive Security
d8206fb5eb
DB: 2018-06-26
...
13 changes to exploits/shellcodes
KVM (Nested Virtualization) - L1 Guest Privilege Escalation
DIGISOL DG-BR4000NG - Buffer Overflow (PoC)
Foxit Reader 9.0.1.1049 - Remote Code Execution
WordPress Plugin iThemes Security < 7.0.3 - SQL Injection
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)
phpMyAdmin 4.8.1 - Local File Inclusion
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Intex Router N-150 - Cross-Site Request Forgery (Add Admin)
DIGISOL DG-BR4000NG - Cross-Site Scripting
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)
Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Intex Router N-150 - Arbitrary File Upload
WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
2018-06-26 05:01:46 +00:00
