exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	427165968d	DB: 2017-09-05 9 new exploits IBM Notes 8.5.x/9.0.x - Denial of Service (2) Lotus Notes Diagnostic Tool 8.5/9.0 - Privilege Escalation RubyGems < 2.6.13 - Arbitrary File Overwrite Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' Parameter SQL Injection Joomla! Component CheckList 1.1.0 - SQL Injection Wireless Repeater BE126 - Remote Code Execution CodeMeter 6.50 - Cross-Site Scripting Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery	2017-09-05 05:01:31 +00:00
g0tmi1k	8f3c450a42	Merge pull request #99 from g0tmi1k/searchsploit Tweak update system for git & brew	2017-09-04 18:34:21 +01:00
g0tmi1k	2644d23e07	Tweak update system for git & brew	2017-09-04 18:33:19 +01:00
Offensive Security	572d7c5002	DB: 2017-09-04 2 new exploits IBM Notes 8.5.x/9.0.x - Denial of Service FineCMS 1.0 - Multiple Vulnerabilities	2017-09-04 05:01:22 +00:00
Offensive Security	a160bc0c68	DB: 2017-09-02 2 new exploits Mozilla Firefox 3.6.3 - Fork Bomb Denial of Service Mozilla Firefox 3.6.3 - Fork Bomb (Denial of Service) OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass Git <= 2.7.5 - Command Injection (Metasploit) Git < 2.7.5 - Command Injection (Metasploit) Joomla! 1.0.7 / Mambo 4.5.3 - (feed) Full Path Disclosure / Denial of Service Joomla! 1.0.7 / Mambo 4.5.3 - 'feed' Full Path Disclosure / Denial of Service Joomla! 1.0.9 - (Weblinks) Blind SQL Injection Joomla! 1.0.9 - 'Weblinks' Blind SQL Injection Joomla! 1.5.x - (Token) Remote Admin Change Password Joomla! 1.5.x - 'Token' Remote Admin Change Password Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion Joomla! Component & Plugin 'JE Tooltip' 1.0 - Local File Inclusion Joomla! 'com_djClassifieds' 0.9.1 - Arbitrary File Upload Joomla! Component 'com_djClassifieds' 0.9.1 - Arbitrary File Upload Joomla! 1.6.0-Alpha2 - Cross-Site Scripting Joomla! 1.6.0 Alpha2 - Cross-Site Scripting Joomla! - Spam Mail Relay Joomla! 1.5.22 / 1.6.0 - 'com_mailto' Spam Mail Relay Joomla Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection Joomla! Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection Joomla Component Huge-IT Video Gallery 1.0.9 - SQL Injection Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection	2017-09-02 05:01:21 +00:00
Offensive Security	f94c5966a1	DB: 2017-09-01 5 new exploits Git <= 2.7.5 - Command Injection (Metasploit) Linux/x86 - Fork Bomb Shellcode (9 bytes) Joomla Component Huge-IT Video Gallery 1.0.9 - SQL Injection Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection	2017-09-01 05:01:24 +00:00
Offensive Security	6b9cb90c81	DB: 2017-08-31 4 new exploits Joomla! Component Quiz Deluxe 3.7.4 - SQL Injection Joomla! Component Joomanager 2.0.0 - Arbitrary File Download iBall Baton 150M Wireless Router - Authentication Bypass Invoice Manager 3.1 - Cross-Site Request Forgery (Add Admin)	2017-08-31 05:01:22 +00:00
Offensive Security	13819fd065	DB: 2017-08-30 10 new exploits ProFTPd 1.2.0 (rc2) - memory leakage example Exploit ProFTPd 1.2.0pre10 - Remote Denial of Service ProFTPd 1.2.0 rc2 - Memory Leakage Exploit ProFTPd 1.2.0 pre10 - Remote Denial of Service ProFTPd 1.3.0a - (mod_ctrls support) Local Buffer Overflow (PoC) ProFTPd 1.3.0a - 'mod_ctrls support' Local Buffer Overflow (PoC) ProFTPd mod_sftp - Integer Overflow Denial of Service (PoC) ProFTPd - 'mod_sftp' Integer Overflow Denial of Service (PoC) ProFTPd 1.2 - SIZE Remote Denial of Service ProFTPd 1.2 - 'SIZE' Remote Denial of Service ProFTPd 1.2.x - STAT Command Denial of Service ProFTPd 1.2.x - 'STAT' Denial of Service ProFTPd - (ftpdctl) Local pr_ctrls_connect ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Exploit ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (1) ProFTPd 1.3.0/1.3.0a - (mod_ctrls support) Local Buffer Overflow (2) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (1) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (2) ProFTPd 1.3.0/1.3.0a - (mod_ctrls) Local Overflow (exec-shield) ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' Local Overflow (exec-shield) ProFTPd 1.3.0 - mod_ctrls Local Stack Overflow (OpenSUSE) ProFTPd 1.3.0 (OpenSUSE) - 'mod_ctrls' Local Stack Overflow Easy Vedio to PSP Converter 1.6.20 - Buffer Overflow (SEH) ProFTPd 1.2.9RC1 - 'mod_sql' SQL Injection ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection ProFTPd 1.3.0 - (sreplace) Remote Stack Overflow (Metasploit) ProFTPd 1.3.0 - 'sreplace' Remote Stack Overflow (Metasploit) ProFTPd 1.x (module mod_tls) - Remote Buffer Overflow ProFTPd 1.x - 'mod_tls module' Remote Buffer Overflow ProFTPd 1.3.2rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow (Metasploit) ProFTPd 1.2 < 1.3.0 (Linux) - sreplace Buffer Overflow (Metasploit) ProFTPd 1.3.2 rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow (Metasploit) ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Buffer Overflow (Metasploit) ProFTPd 1.3.2rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow (Metasploit) ProFTPd 1.3.2 rc3 < 1.3.3b (FreeBSD) - Telnet IAC Buffer Overflow (Metasploit) FreeBSD ftpd and ProFTPd on FreeBSD - Remote Command Execution ftpd / ProFTPd (FreeBSD) - Remote Command Execution ProFTPd 1.2 pre6 - snprintf Exploit ProFTPd 1.2 pre6 - 'snprintf' Remote Root Exploit D-Link DIR-645 / DIR-815 - diagnostic.php Command Execution (Metasploit) D-Link DIR-645 / DIR-815 - 'diagnostic.php' Command Execution (Metasploit) D-Link DIR615h - OS Command Injection (Metasploit) D-Link DIR-615H - OS Command Injection (Metasploit) ProFTPd 1.3.5 - (mod_copy) Remote Command Execution ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution ProFTPd 1.3.5 - 'Mod_Copy' Command Execution (Metasploit) ProFTPd 1.3.5 - 'mod_copy' Command Execution (Metasploit) QNAP Transcode Server - Command Execution (Metasploit) D-Link DIR-600 / DIR-300 (rev B) - Multiple Vulnerabilities D-Link DIR-600 / DIR-300 (Rev B) - Multiple Vulnerabilities D-Link DIR-615 rev H - Multiple Vulnerabilities D-Link DIR-615 Rev H - Multiple Vulnerabilities D-Link DIR-615 Hardware rev D3 / DIR-300 Hardware rev A - Multiple Vulnerabilities D-Link DIR-615 Rev D3 / DIR-300 Rev A - Multiple Vulnerabilities D-Link DIR-615 Hardware vE4 Firmware 5.10 - Cross-Site Request Forgery D-Link DIR-615 vE4 Firmware 5.10 - Cross-Site Request Forgery D-Link DIR-600L Hardware Version AX Firmware 1.00 - Cross-Site Request Forgery D-Link DIR-600L AX 1.00 - Cross-Site Request Forgery NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access) D-Link DIR-600 - Authentication Bypass Car or Cab Booking Script - Authentication Bypass PHP Appointment Booking Script - Authentication Bypass User Login and Management - Multiple Vulnerabilities PHP Video Battle Script 1.0 - SQL Injection Brickcom IP Camera - Credentials Disclosure	2017-08-30 05:01:38 +00:00
g0tmi1k	e3a111f58c	Merge pull request #98 from g0tmi1k/searchsploit Fix #97 & More Display Output	2017-08-29 11:52:07 +01:00
g0tmi1k	b543db6a5b	Add path information in output (Copying & updating)	2017-08-29 11:44:36 +01:00
g0tmi1k	0417b1f9e8	Fix #97 - JSON Formatting Issue	2017-08-29 11:41:33 +01:00
Offensive Security	711d6a6a43	DB: 2017-08-29 21 new exploits Easy DVD Creator 2.5.11 - Buffer Overflow (SEH) Easy WMV/ASF/ASX to DVD Burner 2.3.11 - Buffer Overflow (SEH) Easy RM RMVB to DVD Burner 1.8.11 - Buffer Overflow (SEH) Dup Scout Enterprise 9.9.14 - Buffer Overflow (SEH) Disk Savvy Enterprise 9.9.14 - Buffer Overflow (SEH) Sync Breeze Enterprise 9.9.16 - Buffer Overflow (SEH) Disk Pulse Enterprise 9.9.16 - Buffer Overflow (SEH) Joomla! Component MasterForms 1.0.3 - SQL Injection Joomla! Component Photo Contest 1.0.2 - SQL Injection Wireless Repeater BE126 - Local File Inclusion Joomla! Component OSDownloads 1.7.4 - SQL Injection AutoCar 1.1 - 'category' Parameter SQL Injection Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection Matrimonial Script 2.7 - Authentication Bypass Smart Chat 1.0.0 - SQL Injection FTP Made Easy PRO 1.2 - SQL Injection WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download Easy Web Search 4.0 - SQL Injection PHP Search Engine 1.0 - SQL Injection Flash Poker 2.0 - 'game' Parameter SQL Injection Login-Reg Members Management PHP 1.0 - Arbitrary File Upload Schools Alert Management Script - Authentication Bypass	2017-08-29 05:01:21 +00:00
Offensive Security	72d44bf877	DB: 2017-08-28	2017-08-28 05:01:24 +00:00
Offensive Security	3d9901b4c9	DB: 2017-08-27 1 new exploits HP-UX 11i - (swpackage) Stack Overflow Privilege Escalation HP-UX 11i - 'swpackage' Stack Overflow Privilege Escalation Apple iOS <= 10.3.1 - Kernel Exploit	2017-08-27 05:01:24 +00:00
Offensive Security	c388cc7a95	DB: 2017-08-26 7 new exploits MP3 WAV to CD Burner 1.4.24 - Buffer Overflow (SEH) My Video Converter 1.5.24 - Buffer Overflow (SEH) Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Buffer Overflow (SEH) Easy AVI DivX Converter 1.2.24 - Buffer Overflow (SEH) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1) Joomla! Component Bargain Product VM3 1.0 - 'product_id' Parameter SQL Injection Joomla! Component Price Alert 3.0.2 - 'product_id' Parameter SQL Injection Joomla! Component MasterForms 1.0.3 - SQL Injection	2017-08-26 05:01:24 +00:00
Offensive Security	d4775ec75b	DB: 2017-08-25	2017-08-25 05:01:28 +00:00
Offensive Security	dd6e8a4e4c	DB: 2017-08-24 13 new exploits libgig 4.0.0 - LinuxSampler Multiple Vulnerabilities Microsoft Internet Explorer - wshom.ocx (Run) ActiveX Remote Code Execution (Add Admin) Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin) Automated Logic WebCTRL 6.5 - Local Privilege Escalation Microsoft Internet Explorer - (createTextRang) Download Shellcode Exploit (1) Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (1) Microsoft Internet Explorer - wshom.ocx ActiveX Control Remote Code Execution Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Execution Easy File Management Web Server 5.3 - UserID Remote Buffer Overflow (ROP) Easy File Management Web Server 5.3 - 'UserID' Remote Buffer Overflow (ROP) Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow Easy File Management Web Server 5.6 - 'USERID' Remote Buffer Overflow BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes) BSD/x86 - Bind TCP Shell (Random TCP Port) Shellcode (143 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes) Linux/x86 - Bind TCP Shellcode (Generator) Linux/x86 - Bind TCP Shell Shellcode (Generator) Linux/x86 - Command Null-Free Shellcode (Generator) Linux/x86 - Command Generator Null-Free Shellcode (Generator) Cisco IOS/PowerPC - Bind Password (1rmp455) Shellcode (116 bytes) Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve Shellcode (60 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]); Shellcode (60 bytes) Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes) Linux/x86 - Forks a HTTP Server on 8800/TCP Shellcode (166 bytes) Linux/x86 - Listens on 5555/TCP + Jumps to it Shellcode (83 bytes) Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes) Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - File Reader Shellcode (65+ bytes) Linux/x86 - Read /etc/passwd Shellcode (65+ bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access Shellcode (86 bytes) Linux/x86 - Ho' Detector - Promiscuous mode detector Shellcode (56 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes) Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes) Linux/x86 - system-beep Shellcode (45 bytes) Linux/x86 - System Beep Shellcode (45 bytes) Linux/x86 - rm -rf / Attempts To Block The Process From Being Stopped Shellcode (132 bytes) Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes) Linux/x86 - raw-socket ICMP/checksum shell Shellcode (235 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - kill all processes Shellcode (11 bytes) Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - Kill All Processes Shellcode (11 bytes) Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - re-use of /bin/sh string in .rodata Shellcode (16 bytes) Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - execve(/bin/sh) + .ZIP Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + .RTF Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + .RIFF Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + .BMP Bitmap Header Shellcode (27 bytes) Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes) Linux/x86 - SWAP store from /tmp/sws Shellcode (99 bytes) Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes) Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes) Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes) Linux/x86 - HTTP/1.x GET_ Downloads + JMP Shellcode (68+ bytes) Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280) All Connect() Null-Free Shellcode (236 bytes) Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() Shellcode (40 bytes) Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) Shellcode (45 bytes) Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes) Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes) Linux/x86 - normal exit with random (so to speak) return value Shellcode (5 bytes) Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes) Linux/x86 - Socket-proxy Shellcode (372 bytes) Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes) Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (.s) (187+ bytes) Linux/x86 - examples of long-term payloads hide-wait-change Shellcode (187+ bytes) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) Linux/x86 - Radically Self-Modifying Shellcode (70 bytes) Linux/x86 - Magic Byte Self-Modifying Shellcode (76 bytes) Linux/x86 - Self-Modifying Radical Shellcode (70 bytes) Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes) Linux/x86 - execve /bin/sh IA32 0xff-less Shellcode (45 bytes) Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes) Linux/x86 - kill snort Shellcode (151 bytes) Linux/x86 - Kill Snort Shellcode (151 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - eject /dev/cdrom Shellcode (64 bytes) Linux/x86 - xterm -ut -display [IP]:0 Shellcode (132 bytes) Linux/x86 - ipchains -F Shellcode (49 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes) Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes) Linux/x86 - execve /bin/sh (tolower() Evasion) Shellcode (41 bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh (toupper() Evasion) Shellcode (55 bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes) NetBSD/x86 - kill all processes Shellcode (23 bytes) NetBSD/x86 - Callback 6666/TCP Shellcode (83 bytes) NetBSD/x86 - Kill All Processes Shellcode (23 bytes) NetBSD/x86 - Reverse TCP Shell (6666/TCP) Shellcode (83 bytes) OSX/PPC - Add inetd backdoor Shellcode (222 bytes) OSX/PPC - reboot Shellcode (28 bytes) OSX/PPC - Add inetd (/etc/inetd.conf) Backdoor (Bind 6969/TCP Shell) Shellcode (222 bytes) OSX/PPC - Reboot Shellcode (28 bytes) OSX/PPC - create /tmp/suid Shellcode (122 bytes) OSX/PPC - simple write() Shellcode (75 bytes) OSX/PPC - Create /tmp/suid Shellcode (122 bytes) OSX/PPC - Simple write() Shellcode (75 bytes) Solaris/SPARC - Download File + Execute Shellcode (278 bytes) Solaris/SPARC - Download File (http://evil-dl/) + Execute (/tmp/ff) Shellcode (278 bytes) Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Bind TCP /bin/sh Shell (6789/TCP) Shellcode (228 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/x86 - Bind TCP Shell Shellcode (Generator) Solaris/x86 - execve /bin/sh toupper evasion Shellcode (84 bytes) Solaris/x86 - Add services and execve inetd Shellcode (201 bytes) Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes) Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - kill all processes Shellcode (9 bytes) Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Linux/x86 - Kill All Processes Shellcode (9 bytes) Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Linux/x86 - eject /dev/cdrom Shellcode (42 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Linux/x86 - Disabled modsecurity Shellcode (64 bytes) Linux/x86 - Disable modsecurity Shellcode (64 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Solaris/x86 - Download File Shellcode (79 bytes) Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes) Solaris/x86 - Download File (http://shell-storm.org/exemple-solaris) Shellcode (79 bytes) Linux/x86 - Disable ASLR Security Shellcode (106 bytes) Linux/x86 - kill all running process Shellcode (11 bytes) Linux/x86 - Kill All Running Process Shellcode (11 bytes) Solaris/x86 - SystemV killall command Shellcode (39 bytes) Solaris/x86 - SystemV killall Command Shellcode (39 bytes) Windows x86 - Checksum Routine Shellcode (18 bytes) Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes) ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader (0x1337/TCP) Shellcode ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/UDP) Shellcode ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes) OSX/Intel x86-64 - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) OSX - Universal ROP Shellcode Linux/MIPS - execve Shellcode (52 bytes) OSX - Universal ROP + Reverse TCP Shell Shellcode Linux/MIPS - execve /bin/sh Shellcode (52 bytes) Windows x86 - Bind TCP Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows x86 - Bind TCP Password (damn_it!$$##@;#) Shell Shellcode (637 bytes) Windows - URLDownloadToFile + WinExec + ExitProcess Shellcode Windows - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Linux/x86 - Socket Re-use Shellcode (50 bytes) Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes) Linux/x86-64 - Position independent + execve(_/bin/sh\0__NULL_NULL); Alphanumeric Shellcode (87 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes) Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile Shellcode (118 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86 - execve _/bin/sh_ Shellcode (35 bytes) Linux/x86 - execve /bin/sh Shellcode (35 bytes) Linux/x86 - Execve /bin/sh Via Push Shellcode (21 bytes) Linux/x86-64 - Execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86 - execve /bin/sh Via Push Shellcode (21 bytes) Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86 - execve _/bin/sh_ Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (26 bytes) Linux/x86 - /etc/passwd Reader Shellcode (58 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 bytes) Linux/x86 - execve _/bin/sh_ Shellcode (24 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes) Linux x86/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (251 bytes) Linux/x86-64 - Execve-Stack Polymorphic Shellcode (47 bytes) Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes) Linux/x86-64 - Bind Shell Shellcode (Generator) Windows - Primitive Keylogger to File Null-Free Shellcode (431 (0x01AF) bytes) Linux/x86-64 - Bind TCP Shell Shellcode (Generator) Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes) Windows - Functional Keylogger to File Null-Free Shellcode (601 (0x0259) bytes) Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes) Linux/x86-64 - Information Stealer Shellcode (399 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444) Shellcode (75 bytes) Windows x64 - Download File + Execute Shellcode (358 bytes) Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:\Users\Public\p.exe) Shellcode (358 bytes) Linux/x86-64 - Random Listener Shellcode (54 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes) Linux/x86-64 - Setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes) Linux/x86 - File Reader Shellcode (54 Bytes) Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 Bytes) Matrimonial Script - SQL Injection Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write iTech B2B Script 4.42 - SQL Injection iTech Business Networking Script 8.26 - SQL Injection iTech Caregiver Script 2.71 - SQL Injection iTech Classifieds Script 7.41 - SQL Injection iTech Image Sharing Script 4.13 - SQL Injection iTech Freelancer Script 5.27 - SQL Injection iTech Travel Script 9.49 - SQL Injection iTech Multi Vendor Script 6.63 - SQL Injection	2017-08-24 05:01:22 +00:00
Offensive Security	c7b4bfd8e6	DB: 2017-08-23 23 new exploits Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit) IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit) BSD - Passive Connection Shellcode (124 bytes) BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes) BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes) BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes) BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Random Port Shellcode (143 bytes) BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh Shellcode (27 bytes) BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes) BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes) BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes) BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes) BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes) BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes) BSD/x86 - execve /bin/cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes) FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes) BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes) FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - kill all processes Shellcode (12 bytes) FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes) FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes) FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes) FreeBSD/x86 - Kill All Processes Shellcode (12 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes) FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes) FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes) FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes) Linux/x86 - Bind Shellcode (Generator) Windows XP SP1 - Bind Shellcode (Generator) (Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode Linux/x86 - cmd Null-Free Shellcode (Generator) (Generator) - Alphanumeric Shellcode (Encoder/Decoder) Linux/x86 - Bind TCP Shellcode (Generator) Windows XP SP1 - Bind TCP Shell Shellcode (Generator) Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator) Linux/x86 - Command Null-Free Shellcode (Generator) Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator) Win32 - Multi-Format Encoding Tool Shellcode (Generator) iOS - Version-independent Shellcode Cisco IOS - Connectback 21/TCP Shellcode Windows x86 - Multi-Format Encoding Tool Shellcode (Generator) iOS Version-independent - Null-Free Shellcode Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes) Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes) Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes) Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes) Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes) Linux/x86 - killall5 polymorphic Shellcode (61 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes) Linux/x86 - reboot() polymorphic Shellcode (57 bytes) Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator (Generator) Linux/x86 - Shellcode Obfuscator Null-Free (Generator) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - /sbin/iptables -F Shellcode (40 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes) Linux/x86 - executes command after setreuid Shellcode (49+ bytes) Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + executes command (49+ bytes) Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes) Linux/x86 - Bind 2707/TCP Shellcode (84 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes) Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes) Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes) Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind 64713/TCP Shellcode (86 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - TCP Proxy Shellcode (236 bytes) Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes) Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes) Linux/x86 - snoop /dev/dsp Shellcode (172 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes) Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - chroot + standart Shellcode (66 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - setreuid/execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Shellcode (64 bytes) Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes) Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - iptables -F Shellcode (45 bytes) Linux/x86 - iptables -F Shellcode (58 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - connect Shellcode (120 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind 5074/TCP Shellcode (92 bytes) Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes) Linux/x86 - Add User (t00r) Shellcode (82 bytes) Linux/x86 - Add User Shellcode (104 bytes) Linux/x86 - break chroot Shellcode (34 bytes) Linux/x86 - break chroot Shellcode (46 bytes) Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - chroot()/execve() code Shellcode (80 bytes) Linux/x86 - Add User (z) Shellcode (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes) Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes) BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes) OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes) OSX/PPC - sync()_ reboot() Shellcode (32 bytes) OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes) OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes) OSX/PPC - sync() + reboot() Shellcode (32 bytes) OSX/PPC - Add user _r00t_ Shellcode (219 bytes) OSX/PPC - Add Root User (r00t) Shellcode (219 bytes) Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid/execve Shellcode (56 bytes) Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes) Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid + execve Shellcode (56 bytes) Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes) Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes) Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes) Win32 - SEH Omelet Shellcode Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes) Win32 - PEB!NtGlobalFlags Shellcode (14 bytes) Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes) Win32/XP SP2 - cmd.exe Shellcode (57 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Win32 - ConnectBack + Download A File + Save + Execute Shellcode Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes) Win32 - Download File + Execute Shellcode (192 bytes) Win32 - Download File + Execute Shellcode (124 bytes) Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box Shellcode (110 bytes) Win32 - WinExec() Command Parameter Shellcode (104+ bytes) Win32 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - SEH Omelet Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes) Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes) Windows x86 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP - Download File + Execute Shellcode Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes) Windows XP - Download File + Execute Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Win32 XP SP3 - ShellExecuteA Shellcode Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes) Win32/XP SP2 - calc.exe Shellcode (45 bytes) Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes) Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - break chroot Shellcode (79 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Win32 XP SP2 (FR) - calc Shellcode (19 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes) Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes) Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - disabled modsecurity Shellcode (64 bytes) Win32 - JITed Stage-0 Shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Linux/x86 - Disabled modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes) Win32 - MessageBox Shellcode (Metasploit) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Genearator With Customizable Text) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Generator) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes) Windows XP SP2 (FR) - Download File + Execute Shellcode Windows XP SP2 (French) - Download File + Execute Shellcode Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes) Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes) Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes) Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes) Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes) Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes) Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes) Linux/x86 - Bind Shell 64533 Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes) Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Win32 - Write-to-file Shellcode (278 bytes) Windows x86 - Write-to-file Null-Free Shellcode (278 bytes) Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 English - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes) Win32 - Checksum Routine Shellcode (18 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes) Windows x86 - Checksum Routine Shellcode (18 bytes) Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes) Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes) Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader Port 0x1337 Shellcode ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader (0x1337/TCP) Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes) Win32 - Speaking 'You got pwned!' Shellcode FreeBSD/x86 - connect back Shellcode (81 bytes) BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes) Win32 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes) Linux/x86 - ASLR deactivation Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator) BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes) Windows x86 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Linux/x86 - Disable ASLR Security Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes) Linux/x86 - Egghunter Shellcode (29 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes) Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator) Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes) Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes) Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes) Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes) Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes) Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes) Windows x64 - Bind TCP Shell Shellcode (508 bytes) Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes) Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes) Windows RT ARM - Bind Shell 4444/TCP Shellcode Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode Windows - Messagebox Shellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes) Windows - Add Administrator 'BroK3n' Shellcode (194 bytes) Windows - Messagebox Null-FreeShellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes) Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes) Linux/x86 - Disable ASLR Shellcode (84 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes) Win32/XP SP3 - Restart computer Shellcode (57 bytes) Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes) Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes) Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes) Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes) Linux/x86 - exec('/bin/dash') Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes) Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes) Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes) OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes) Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator) Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator) OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes) Linux/x86-64 - /bin/sh Shellcode (34 bytes) Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes) OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes) Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python) Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes) Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes) Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Win32 .Net Framework - Execute Native x86 Shellcode Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator) Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes) Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes) Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shellcode (64 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes) Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes) Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes) Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes) Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x64 - WinExec() Shellcode (93 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes) Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes) Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Windows x86 - Executable Directory Search Shellcode (130 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Linux/x86 - Bind Shell Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes) Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Disable ASLR Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux x86 - /bin/sh Shellcode (24 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86_64 - kill All Processes Shellcode (19 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Php Cloud mining Script - Authentication Bypass (Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass	2017-08-23 05:01:29 +00:00
Offensive Security	e4f4ca48ad	DB: 2017-08-22 16 new exploits Easy DVD Creater 2.5.11 - Buffer Overflow (SEH) FreeBSD/x86 - Bind 4883/TCP with Auth Shellcode (222 bytes) FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes) Cisco IOS - Bind Password Shellcode (116 bytes) Cisco IOS - New TTY_ Privilege level to 15_ No password Shellcode Cisco IOS/PowerPC - Bind Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode Linux/x86-64 - Connect Back Semi-Stealth Shellcode (88+ bytes) Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator) Linux/SPARC - connect back (192.168.100.1:2313) Shellcode (216 bytes) Linux/SPARC - Reverse TCP Shell (192.168.100.1:2313/TCP) Shellcode (216 bytes) Linux/x86 - Connectback 54321/UDP Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes) Linux/x86 - Connect back (140.115.53.35:9999) + Download a file (cb) + Execute Shellcode (149 bytes) Linux/x86 - ConnectBack (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Connectback Port 8192.send.exit /etc/shadow Shellcode (155 bytes) Linux/x86 - Writes A PHP connectback shell (/var/www/cb.php) To The Filesystem Shellcode (508 bytes) Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - SET_IP() Connectback (192.168.13.22:31337) Shellcode (82 bytes) Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Connectback (127.0.0.1:80) (XOR Encoded) Shellcode (371 bytes) Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes) Linux/x86 - Bind Password 64713/TCP Shellcode (166 bytes) Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Connectback 127.0.0.1:31337/TCP Shellcode (74 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes) Linux/x86 - Connectback Shellcode (90 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Solaris/SPARC - connect-back (with XNOR encoded session) Shellcode (600 bytes) Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator) Solaris/SPARC - connect-back Shellcode (204 bytes) Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Win32 - Connectback + receive + save + execute Shellcode Win32 - ConnectBack + Download A File + Save + Execute Shellcode Windows XP/2000/2003 - Overflow Connect Back Shellcode (275 bytes) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Linux/x86 - Netcat Connectback 8080/TCP Shellcode (76 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/ARM - Add root user 'shell-storm' with password 'toor' Shellcode (151 bytes) Linux/ARM - Add Root User (shell-storm/toor) Shellcode (151 bytes) Linux/x86 - ConnectBack with SSL connection Shellcode (422 bytes) Linux/SuperH (sh4) - Add root user 'shell-storm' with password 'toor' Shellcode (143 bytes) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes) Linux/MIPS - Add user(UID 0) 'rOOt' with password 'pwn3d' Shellcode (164 bytes) Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes) Linux/x86-64 - Connect Back Shellcode (139 bytes) Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Bind TCP Password Shell (4444/TCP) Shellcode (81/96 bytes with password) Linux/x86-64 - Reverse TCP Connect Shellcode (77-85/90-98 bytes with Password) Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes) Linux/x86-64 - Bind 31173/TCP Password Shellcode (92 bytes) Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind 4444/TCP Password Shellcode (162 bytes) Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (1) (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes) Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes) Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes) Linux/x86-64 - Bind Shell / Syscall Persistent / Multi-terminal / Password / Daemon Shellcode (83/148/177 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Windows x64 - Bind Password (h271508F) 2493/TCP Shellcode (825 bytes) Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes) Linux/x86_64 - kill All Processes Shellcode (19 bytes) Linux/x86_64 - Fork Bomb Shellcode (11 bytes) Apache2Triad 1.5.4 - Multiple Vulnerabilities Joomla! Component Flip Wall 8.0 - 'wallid' Parameter SQL Injection Joomla! Component Sponsor Wall 8.0 - SQL Injection PHP Classifieds Script 5.6.2 - SQL Injection Affiliate Niche Script 3.4.0 - SQL Injection PHP Coupon Script 6.0 - 'cid' Parameter SQL Injection iTech Social Networking Script 3.08 - SQL Injection Joomla! Component FocalPoint 1.2.3 - SQL Injection Php Cloud mining Script - Authentication Bypass Joomla! Component Ajax Quiz 1.8 - SQL Injection PHP-Lance 1.52 - 'subcat' Parameter SQL Injection PHP Jokesite 2.0 - 'joke_id' Parameter SQL Injection PHPMyWind 5.3 - Cross-Site Scripting	2017-08-22 05:01:20 +00:00
Offensive Security	ce5d8c0fdd	DB: 2017-08-21	2017-08-21 05:01:20 +00:00
Offensive Security	dff4158a48	DB: 2017-08-20	2017-08-20 05:01:22 +00:00
Offensive Security	ab70fd48b8	DB: 2017-08-19 27 new exploits Microsoft Edge Chakra - Uninitialized Arguments Microsoft Edge Chakra - Uninitialized Arguments (1) MyDoomScanner 1.00 - Local Buffer Overflow (PoC) DSScan 1.0 - Local Buffer Overflow (PoC) MessengerScan 1.05 - Local Buffer Overflow (PoC) NoviFlow NoviWare <= NW400.2.6 - Multiple Vulnerabilities Dive Assistant Template Builder 8.0 - XML External Entity Injection Kolibri WebServer 2.0 - Buffer Overflow with EMET 5.0 and EMET 4.1 Partial Bypass Kolibri WebServer 2.0 - Buffer Overflow (EMET 5.0 / EMET 4.1 Partial Bypass) SpyCamLizard 1.230 - Buffer Overflow Mozilla Firefox < 45.0 - 'nsHtml5TreeBuilder' Use-After-Free (EMET 5.52 Bypass) BSD/x86 - setuid/portbind 31337/TCP Shellcode (94 bytes) BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes) BSD/x86 - Bind 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes) BSD/x86 - break chroot Shellcode (45 bytes) BSD/x86 - Break chroot Shellcode (45 bytes) BSD/x86 - connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - Reverse Portbind 6969/TCP Shellcode (129 bytes) BSD/x86 - Reverse Shell 6969/TCP Shellcode (129 bytes) FreeBSD/x86 - Reverse Portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - Reverse Shell 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) (Generator) - HTTP/1.x Requests Shellcode (18+ bytes / 26+ bytes) (Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes) Cisco IOS - Connectback Port 21 Shellcode Cisco IOS - Connectback 21/TCP Shellcode Linux/x86 - Reverse Telnet Shellcode (134 bytes) Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader Shellcode (249 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes) ARM - Bind Shell Port 0x1337 Shellcode ARM - Bind Connect 68/UDP Shellcode ARM - Bind Shell 0x1337/TCP Shellcode ARM - Bind Connect 68/UDP (Reverse Shell 192.168.0.1:67/UDP) Shellcode OSX/Intel (x86-64) - reverse_tcp shell Shellcode (131 bytes) OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - DNS Reverse Download and Exec Shellcode (Metasploit) Windows - Reverse Download and Execute via DNS (IPv6) Shellcode (Metasploit) Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337) Shellcode (92 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes) Windows x86 - Reverse Persistent TCP Shellcode (494 Bytes) Windows x86 - Reverse TCP Persistent Shell (192.168.232.129:4444/TCP) Shellcode (494 Bytes) Linux/x86-64 - Reverse TCP Password Prompt Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password Prompt Shell (127.0.0.1:4444) Shellcode (151 bytes) Linux x86/x86-64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes) Linux x86/x86-64 - Reverse TCP Shell (192.168.1.29:4444/TCP) Shellcode (195 bytes) Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (1) (122 bytes) Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (2) (135 bytes) Linux/x86-64 - Reverse TCP Password Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (1) (122 bytes) Linux/x86-64 - Reverse TCP Password Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (2) (135 bytes) Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes) Linux/x86 - Reverse TCP (IPv6) Shellcode (159 bytes) Linux/x86-64 - Bind 1472/TCP Shellcode (IPv6) (199 bytes) Linux/x86-64 - Reverse TCP Shellcode (IPv6) (203 bytes) Linux/x86-64 - Bind 1472/TCP (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86 - Bind Shell Configurable Port Shellcode (87 bytes) Linux/x86-64 - Reverse TCP Shell Null-Free Shellcode (134 bytes) Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes) Linux/x86 - Reverse TCP Shellcode (75 bytes) Linux/x86 - Reverse TCP Shell Shellcode (75 bytes) Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83_ 148_ 177 bytes) Linux/x86-64 - Syscall Persistent Bind Shell / Multi-terminal / Password / Daemon Shellcode (83/148/177 bytes) Linux/x86-64 - Subtle Probing Reverse Shell / Timer_ Burst / Password / Multi-Terminal Shellcode (84_ 122_ 172 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357) / Subtle Probing / Timer / Burst / Password / Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86 - Bind Netcat with Port Shellcode (44/52 bytes) Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes) Linux/x86 - Reverse ZSH 127.255.255.254:9090/TCP Shellcode (80 bytes) Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x86 - Reverse UDP Keylogger Shellcode (493 bytes) Windows x64 - Reverse Shell TCP Shellcode (694 bytes) Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) Shellcode (694 bytes) Linux/x86-64 - Reverse TCP Shellcode (65 bytes) Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse Shell Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes) Linux/x86-64 - Reverse TCP Shell Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes) Linux/x86-64 - Reverse Netcat Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86 - Reverse TCP Shellcode (67 bytes) Linux/x86 - Reverse TCP Shell Shellcode (67 bytes) Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) Shellcode (IPv6) (113 bytes) Linux/x86_64 - execve(_/bin/sh_) Shellcode (24 bytes) Linux/x86 - Reverse UDP Shellcode (668 bytes) Linux/x86 - Bind Shell Shellcode (75 bytes) Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes) Linux/x86-64 - execve(_/bin/sh_) Shellcode (24 bytes) Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) SOA School Management - SQL Injection SOA School Management - 'view' Parameter SQL Injection Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection Food Ordering Script 1.0 - SQL Injection LiveCRM 1.0 - SQL Injection LiveSupport 1.0 - SQL Injection LiveInvoices 1.0 - SQL Injection LiveSales 1.0 - SQL Injection LiveProjects 1.0 - SQL Injection Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution Joomla! Component Appointment 1.1 - SQL Injection Joomla! Component Twitch Tv 1.1 - SQL Injection Joomla! Component KissGallery 1.0.0 - SQL Injection Matrimony Script 2.7 - SQL Injection eCardMAX 10.5 - SQL Injection SOA School Management 3.0 - SQL Injection Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection Joomla! Component Calendar Planner 1.0.1 - SQL Injection Joomla! Component SP Movie Database 1.3 - SQL Injection DeWorkshop 1.0 - Arbitrary File Upload QuantaStor Software Defined Storage < 4.3.1 - Multiple Vulnerabilities	2017-08-19 05:01:24 +00:00
Offensive Security	1a85ec2c87	DB: 2017-08-18 21 new exploits Microsoft Office Products - Array Index Bounds Error (Unpatched) (PoC) Microsoft Office Products - Array Index Bounds Error (PoC) JAD java Decompiler 1.5.8g - (argument) Local Crash JAD java Decompiler 1.5.8g - 'argument' Local Crash Microsoft Edge Chakra - 'PreVisitCatch' Missing Call Microsoft Edge Chakra - 'chakra!Js::GlobalObject' Integer overflow Microsoft Edge Chakra - Buffer Overflow Microsoft Edge Chakra - NULL Pointer Dereference Microsoft Edge Chakra - Heap Buffer Overflow Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrectly Re-parses Microsoft Edge Chakra - Incorrect Usage of 'PushPopFrameHelper' in 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Microsoft Edge Chakra - Incorrect Usage of 'TryUndeleteProperty' Microsoft Edge Chakra - 'EmitAssignment' uses the 'this' Register Without Initializing Microsoft Edge Chakra - Incorrect JIT Optimization with TypedArray Setter #2 Microsoft Edge Chakra - 'JavascriptArray::ConcatArgs' Type Confusion Microsoft Edge Chakra - 'JavascriptFunction::EntryCall' Fails to Handle 'CallInfo' Properly Microsoft Edge Chakra - Uninitialized Arguments Microsoft Edge Chakra - Uninitialized Arguments (2) Microsoft Edge Chakra - 'EmitNew' Integer Overflow Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter #3 Adobe Flash - Invoke Accesses Trait Out-of-Bounds Microsoft Edge - Out-of-Bounds Access when Fetching Source Audiotran 1.4.1 - Direct RET Buffer Overflow Audiotran 1.4.1 - Buffer Overflow (Direct RET) GSM SIM Utility 5.15 - Local Exploit Direct Ret ver GSM SIM Utility 5.15 - Local Exploit (Direct RET) DVD X Player 5.5.0 Pro / Standard - Universal Exploit (ASLR + DEP Bypass) DVD X Player 5.5.0 Professional / Standard - '.plf' File Universal Exploit (ASLR + DEP Bypass) CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution CVS Kit CVS Server 1.10.8 - 'Checkin.prog' Binary Execution BlazeVideo HDTV Player 6.6 Professional - Direct Retn Exploit Aviosoft Digital TV Player Professional 1.x - Direct Retn Exploit BlazeVideo HDTV Player 6.6 Professional - Exploit (Direct Retn) Aviosoft Digital TV Player Professional 1.x - '.PLF' Exploit (Direct Retn) BlazeDVD 6.1 - PLF Exploit (DEP + ASLR Bypass) (Metasploit) BlazeDVD 6.1 - '.PLF' File Exploit (DEP + ASLR Bypass) (Metasploit) AudioCoder 0.8.22 - '.m3u' Direct Retn Buffer Overflow AudioCoder 0.8.22 - '.m3u' Buffer Overflow (Direct Retn) AudioCoder 0.8.22 - '.lst' Direct Retn Buffer Overflow AudioCoder 0.8.22 - '.lst' Buffer Overflow (Direct Retn) BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct Ret) BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct RET) BlazeDVD Pro 7.0 - '.plf' Buffer Overflow (SEH) BlazeDVD Pro Player 7.0 - '.plf' Buffer Overflow (SEH) BlazeDVD Pro 7.0 - '.plf' Stack Based Buffer Overflow (Direct RET) BlazeDVD Pro Player 7.0 - '.plf' Stack Based Buffer Overflow (Direct RET) Apple Mac OSX Install.Framework - SUID root Runner Binary Privilege Escalation Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation Xamarin Studio for Mac 6.2.1 (build 3)/6.3 (build 863) - Privilege Escalation Xamarin Studio for Mac 6.2.1 (build 3) / 6.3 (build 863) - Privilege Escalation RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass (Patched EXE) RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass Symphony 1.7.01 - (non-patched) Remote Code Execution Symphony 1.7.01 (non-patched) - Remote Code Execution Binary Board System 0.2.5 - reply.pl Multiple Parameter Cross-Site Scripting Binary Board System 0.2.5 - stats.pl Multiple Parameter Cross-Site Scripting Binary Board System 0.2.5 - toc.pl board Parameter Cross-Site Scripting Binary Board System 0.2.5 - 'reply.pl' Multiple Parameter Cross-Site Scripting Binary Board System 0.2.5 - 'stats.pl' Multiple Parameter Cross-Site Scripting Binary Board System 0.2.5 - 'toc.pl' 'board' Parameter Cross-Site Scripting Orchard 1.3.9 - 'ReturnUrl' Parameter URI redirection Orchard 1.3.9 - 'ReturnUrl' Parameter URI Redirection WebsitePanel - 'ReturnUrl' Parameter URI redirection WebsitePanel - 'ReturnUrl' Parameter URI Redirection Online Quiz Project 1.0 - SQL Injection Photogallery Project 1.0 - SQL Injection Doctor Patient Project 1.0 - SQL Injection	2017-08-18 05:01:20 +00:00
Offensive Security	d873f7500d	DB: 2017-08-17 1 new exploits Microsoft Edge 38.14393.1066.0 - 'CInputDateTimeScrollerElement::_SelectValueInternal' Out-of-Bounds Read	2017-08-17 05:01:22 +00:00
Offensive Security	c76dbe0def	DB: 2017-08-16 4 new exploits Microsoft Edge and Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion Microsoft Edge / Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion Microsoft Internet Explorer - 'textarea.defaultValue' Memory Disclosure (MS17-006) Microsoft Internet Explorer 11 - 'textarea.defaultValue' Memory Disclosure (MS17-006) ALLPlayer 7.4 - Buffer Overflow (SEH Unicode) Internet Download Manager 6.28 Build 17 - Buffer Overflow (SEH Unicode) Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross Site Scripting Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross-Site Scripting AdvanDate iCupid Dating Software 12.2 - SQL Injection ClipBucket 2.8.3 - Multiple Vulnerabilities	2017-08-16 05:01:20 +00:00
Offensive Security	bc1dac1620	DB: 2017-08-15 3 new exploits GetRight 5.2a - Skin File (.grs) Buffer Overflow GetRight 5.2a - '.grs' Skin File Buffer Overflow Tomabo MP4 Converter 3.19.15 - Denial of Service Xamarin Studio for Mac 6.2.1 (build 3)/6.3 (build 863) - Privilege Escalation Winamp 5.04 - Skin File (.wsz) Remote Code Execution Winamp 5.04 - '.wsz' Skin File Remote Code Execution PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit (Compiled) PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit Concrete5 < 5.4.2.1 - Multiple Vulnerabilities Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities Concrete5 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection Concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting Concrete5 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion Concrete5 CMS 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross Site Scripting Concrete5 8.1.0 - 'Host' Header Injection Concrete5 CMS 8.1.0 - 'Host' Header Injection DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery Red-Gate SQL Monitor < 3.10/4.2 - Authentication Bypass Red-Gate SQL Monitor < 3.10 / 4.2 - Authentication Bypass	2017-08-15 05:01:22 +00:00
Offensive Security	26466c9d62	DB: 2017-08-14 1 new exploits RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password)	2017-08-14 05:01:19 +00:00
Offensive Security	89822ebf5d	DB: 2017-08-12 3 new exploits DeWorkshop 1.0 - SQL Injection De-Journal 1.0 - SQL Injection De-Tutor 1.0 - SQL Injection	2017-08-12 05:01:21 +00:00
Offensive Security	e0d5ee5024	DB: 2017-08-11 11 new exploits Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure WordPress Plugin WatuPRO 5.5.1 - SQL Injection DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery WebFile Explorer 1.0 - Arbitrary File Download ImageBay 1.0 - SQL Injection GIF Collection 2.0 - SQL Injection Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting Red-Gate SQL Monitor < 3.10/4.2 - Authentication Bypass	2017-08-11 05:01:19 +00:00
Offensive Security	3a72c13375	DB: 2017-08-10 1 new exploits Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)	2017-08-10 05:01:21 +00:00
Offensive Security	3f58d5334c	DB: 2017-08-09 4 new exploits WildMIDI 0.4.2 - Multiple Vulnerabilities Comodo Backup 4.4.0.0 - Null Pointer Dereference EOP Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation Microsoft Windows - LNK Shortcut File Code Execution Microsoft Windows - '.LNK' Shortcut File Code Execution Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Oracle E-Business Suite 12.x - Server-Side Request Forgery Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit) Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload Advantech SUSIAccess < 3.0 - Directory Traversal / Information Disclosure (Metasploit) Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload Technicolor TC7337 - SSID Persistent Cross-Site Scripting Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution	2017-08-09 05:01:29 +00:00
Offensive Security	e0bc9883d1	DB: 2017-08-08 1 new exploits WordPress Plugin Easy Modal 2.0.17 - SQL Injection	2017-08-08 05:01:34 +00:00
Offensive Security	2aa9bb9ea2	DB: 2017-08-07 2 new exploits Microsoft Windows - LNK Shortcut File Code Execution Linux x86 - /bin/sh Shellcode (24 bytes)	2017-08-07 05:01:28 +00:00
Offensive Security	79b3065b37	DB: 2017-08-05 2 new exploits Zookeeper 3.5.2 Client - Denial of Service Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection	2017-08-05 05:01:29 +00:00
Offensive Security	16dd4b9d6d	DB: 2017-08-04 7 new exploits DNSTracer 1.8.1 - Buffer Overflow DNSTracer 1.8.1 - Buffer Overflow (PoC) DNSTracer 1.9 - Buffer Overflow VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation Premium Servers List Tracker 1.0 - SQL Injection EDUMOD Pro 1.3 - SQL Injection Muviko 1.0 - 'q' Parameter SQL Injection Technicolor TC7337 - SSID Persistent Cross-Site Scripting	2017-08-04 05:01:28 +00:00
Offensive Security	a600aa05cd	DB: 2017-08-03 9 new exploits Solarwinds Kiwi Syslog 9.6.1.6 - Denial of Service MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit) Entrepreneur B2B Script - 'pid' Parameter SQL Injection Joomla! Component SIMGenealogy 2.1.5 - SQL Injection Joomla! Component PHP-Bridge 1.2.3 - SQL Injection Joomla! Component LMS King Professional 3.2.4.0 - SQL Injection Joomla! Component Event Registration Pro Calendar 4.1.3 - SQL Injection Joomla! Component Ultimate Property Listing 1.0.2 - SQL Injection	2017-08-03 05:01:30 +00:00
Offensive Security	baeaf13b13	DB: 2017-08-02 9 new exploits libmad 0.15.1b - 'mp3' Memory Corruption iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation SKILLS.com.au Industry App - MITM Remote Code Execution Virtual Postage (VPA) - MITM Remote Code Execution Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit) Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload VehicleWorkshop - Authentication Bypass VehicleWorkshop - Arbitrary File Upload SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection	2017-08-02 05:01:31 +00:00
Offensive Security	c116e6f563	DB: 2017-08-01 7 new exploits DivFix++ 0.34 - Denial of Service Vorbis Tools oggenc 1.4.0 - '.wav' Denial of Service Sound eXchange (SoX) 14.4.2 - Multiple Vulnerabilities libvorbis 1.3.5 - Multiple Vulnerabilities libao 1.2.0 - Denial of Service Jenkins < 1.650 - Java Deserialization DiskBoss Enterprise 8.2.14 - Buffer Overflow	2017-08-01 05:01:29 +00:00
Offensive Security	5040eaef41	DB: 2017-07-31 1 new exploits VehicleWorkshop - SQL Injection	2017-07-31 05:01:25 +00:00
Offensive Security	25e79a8750	DB: 2017-07-30 1 new exploits vBulletin 4.2.3 - 'ForumRunner' SQL Injection vBulletin 3.6.0 < 4.2.3 - 'ForumRunner' SQL Injection GitHub Enterprise < 2.8.7 - Remote Code Execution	2017-07-30 05:01:23 +00:00
Offensive Security	fb7bed6364	DB: 2017-07-29 6 new exploits GNU libiberty - Buffer Overflow SoundTouch 1.9.2 - Multiple Vulnerabilities LAME 3.99.5 - Multiple Vulnerabilities libjpeg-turbo 1.5.1 - Denial of Service Joomla! Component com_ccnewsletter - Directory Traversal Joomla! Component CCNewsLetter - Directory Traversal Joomla! Component com_ccnewsletter - Local File Inclusion Joomla! Component CCNewsLetter - Local File Inclusion Joomla! Component CCNewsLetter 2.1.9 - 'sbid' Parameter SQL Injection FortiOS < 5.6.0 - Cross-Site Scripting	2017-07-29 05:01:21 +00:00
Offensive Security	82b7d150c6	DB: 2017-07-28 3 new exploits MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH) AudioCoder 0.8.46 - Local Buffer Overflow (SEH) Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password)	2017-07-28 05:01:21 +00:00
Offensive Security	9d1eca86b2	DB: 2017-07-27 4 new exploits Microsoft Windows - LNK Shortcut File Code Execution (Metasploit) Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007) Friends in War Make or Break 1.7 - Authentication Bypass Friends in War Make or Break 1.7 - SQL Injection	2017-07-27 05:01:22 +00:00
Offensive Security	2351348891	DB: 2017-07-26 6 new exploits WebKit JSC - 'DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry)' Incorrect Scope Register Handling WebKit JSC - 'arrayProtoFuncSplice' Uninitialized Memory Reference WebKit JSC - 'JSArray::appendMemcpy' Uninitialized Memory Copy WebKit JSC - 'ArgumentsEliminationPhase::transform' Incorrect LoadVarargs Handling WebKit JSC - 'ObjectPatternNode::appendEntry' Stack Use-After-Free WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting	2017-07-26 05:01:21 +00:00
Offensive Security	e27b6b8408	DB: 2017-07-25 17 new exploits Linux Kernel 2.6.32-642 /3.16.0-4 - 'inode' Integer Overflow Linux Kernel 2.6.32-642/3.16.0-4 - 'inode' Integer Overflow WebKit - 'WebCore::AccessibilityNodeObject::textUnderElement' Use-After-Free WebKit - 'WebCore::AccessibilityRenderObject::handleAriaExpandedChanged' Use-After-Free WebKit - 'WebCore::Node::nextSibling' Use-After-Free WebKit - 'WebCore::RenderSearchField::addSearchResult' Heap Buffer Overflow WebKit - 'WebCore::InputType::element' Use-After-Free WebKit - 'WebCore::RenderObject' with Accessibility Enabled Use-After-Free WebKit - 'WebCore::Node::getFlag' Use-After-Free WebKit - 'WebCore::getCachedWrapper' Use-After-Free Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - ScsiAccess Privilege Escalation Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - 'ScsiAccess.exe' Privilege Escalation Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access) Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (SUID) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (SUID Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition (PoC) (Write Access) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition (PoC) (Write Access Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition Privilege Escalation (/etc/passwd) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (/etc/passwd) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method) MAWK 1.3.3-17 - Local Buffer Overflow Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit) Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007) IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit) VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit) ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit) PaulShop - SQL Injection / Cross-Site Scripting REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure	2017-07-25 05:01:20 +00:00
Offensive Security	10a46aac45	DB: 2017-07-22 1 new exploits NEC UNIVERGE UM4730 < 11.8 - SQL Injection	2017-07-22 05:01:21 +00:00
Offensive Security	994f3bcd63	DB: 2017-07-21 2 new exploits Eventum - 'hostname' Parameter Remote Code Execution Eventum 2.3.4 - 'hostname' Parameter Remote Code Execution Joomla! Component JoomRecipe 1.0.4 - 'search_author' Parameter SQL Injection WordPress Plugin IBPS Online Exam 1.0 - SQL Injection / Cross-Site Scripting	2017-07-21 05:01:23 +00:00
Offensive Security	9640473c86	DB: 2017-07-20 23 new exploits Linux Kernel 3.0.5 - 'test_root()' Function Local Denial of Service Linux Kernel 3.0.5 - 'test_root()' Local Denial of Service SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit) SquirrelMail - 'chpasswd' Local Privilege Escalation (Brute Force) Kaspersky 17.0.0 - Local CA root Incorrectly Protected Kaspersky 17.0.0 - Local CA Root Incorrectly Protected Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass Castripper 2.50.70 - '.pls' File Stack Buffer Overflow (DEP Bypass) WICD - Local Privilege Esclation Exploit WICD 1.7.1 - Local Privilege Escalation Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions Oracle Solaris 11.1/11.3 (RSH) - Local Privilege Escalation 'Stack Clash' Exploit OpenBSD - 'at' Local Privilege Escalation 'Stack Clash' Exploit Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' Local Privilege Escalation 'Stack Clash' Exploit Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' Local Privilege Escalation 'Stack Clash' Exploit Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' Local Privilege Escalation 'Stack Clash' Exploit Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution Trend Micro Interscan VirusWall localweb - Directory Traversal Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit) XAMPP 1.6.x - 'showcode.php' Local File Inclusion Yealink VoIP Phone SIP-T38G - Local File Inclusion InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit) DreamBox DM800 - 'file' Parameter Local File Disclosure Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting TP-Link TL-WR841N Router - Local File Inclusion Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes) Vivvo Article Manager 3.4 - (root) Local File Inclusion Vivvo Article Manager 3.4 - 'root' Local File Inclusion 60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion 60cycleCMS 2.5.2 - 'DOCUMENT_ROOT' Multiple Local File Inclusion HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution Trend Micro Interscan VirusWall localweb - Directory Traversal Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting Campsite 2.6.1 - 'LocalizerConfig.php' g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - 'LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit) XAMPP 1.6.x - 'showcode.php' Local File Inclusion Yealink VoIP Phone SIP-T38G - Local File Inclusion InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit) DreamBox DM800 - 'file' Parameter Local File Disclosure Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting TP-Link TL-WR841N Router - Local File Inclusion Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit) Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit) Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit) Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit) Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit) Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection	2017-07-20 05:01:21 +00:00
Offensive Security	21f7dd8438	DB: 2017-07-19 11 new exploits Microsoft Internet Explorer 11.0.9600.18617 - 'CMarkup::DestroySplayTree' Memory Corruption Microsoft Internet Explorer 11.1066.14393.0 - VBScript Arithmetic Functions Type Confusion Microsoft Windows Kernel - 'IOCTL 0x120007 (NsiGetParameter)' nsiproxy/netio Pool Memory Disclosure Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation Belkin NetCam F7D7601 - Multiple Vulnerabilities Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit) Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit) Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit) Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit) Sophos Web Appliance 4.3.1.1 - Session Fixation Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit) Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit) PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting	2017-07-19 05:01:23 +00:00
Offensive Security	be3b49b643	DB: 2017-07-17 2 new exploits FTPGetter 5.89.0.85 - Buffer Overflow (SEH) Orangescrum 1.6.1 - Multiple Vulnerabilities	2017-07-17 05:01:20 +00:00

1 2 3 4 5 ...

1434 commits