Offensive Security
a9e80c57e9
DB: 2016-07-18
...
164 new exploits
Snitz Forums 3.3.03 - Remote Command Execution Exploit
CdRecord <= 2.0 - Mandrake Local Root Exploit
Snitz Forums 3.3.03 - Remote Command Execution Exploit
CdRecord <= 2.0 - Mandrake Local Root Exploit
Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
Mandrake Linux 8.2 - /usr/mail Local Exploit
Microsoft Windows Media Services - (nsiislog.dll) Remote Exploit
Microsoft Windows - (RPC DCOM) Remote Exploit (48 Targets)
Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit
Microsoft Windows - (RPC2) Universal Exploit & DoS (RPC3) (MS03-039)
Eudora 6.0.3 Attachment Spoofing Exploit (windows)
Redhat 6.2 /sbin/restore - Exploit
Oracle (oidldapd connect) Local Command Line Overflow Exploit
Redhat 6.2 /sbin/restore - Exploit
Oracle (oidldapd connect) Local Command Line Overflow Exploit
CVS - Remote Entry Line Root Heap Overflow Exploit
UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit
CVS - Remote Entry Line Root Heap Overflow Exploit
UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit
Microsoft Outlook Express Window Opener
Microsoft Outlook Express Javascript Execution
Microsoft Outlook Express Window Opener
Microsoft Outlook Express Javascript Execution
Ping of Death Remote Denial of Service Exploit
Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Internet Explorer Overly Trusted Location Cache Exploit
Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Internet Explorer Overly Trusted Location Cache Exploit
Apache HTTPd - Arbitrary Long HTTP Headers DoS (C)
Microsoft Internet Explorer Remote Null Pointer Crash (mshtml.dll)
CVSTrac Remote Arbitrary Code Execution Exploit
LibPNG <= 1.2.5 - png_jmpbuf() Local Buffer Overflow Exploit
IPD (Integrity Protection Driver) Local Exploit
Bird Chat 1.61 - Denial of Service
D-Link DCS-900 Camera Remote IP Address Changer Exploit
GD Graphics Library Heap Overflow Proof of Concept Exploit
vBulletin LAST.php SQL Injection
miniBB - Input Validation Hole ('user')
phpBB highlight Arbitrary File Upload (Santy.A)
Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)
PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion
ZeroBoard Worm Source Code
Invision Power Board <= 1.3.1 - Login.php SQL Injection
Veritas Backup Exec Remote File Access Exploit (windows)
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow
Microsoft Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047)
PHP-Nuke <= 7.8 - Search Module Remote SQL Injection Exploit
SGI IRIX <= 6.5.28 - (runpriv) Design Error
Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit
Microsoft Internet Explorer 7 Popup Address Bar Spoofing Weakness
Microsoft Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit
Invision Community Blog Mod 1.2.4 - SQL Injection
Microsoft Windows - (MessageBox) Memory Corruption Local Denial of Service
Twilight Webserver 1.3.3.0 (GET) Remote Denial of Service Exploit
PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit
Microsoft Internet Explorer - Recordset Double Free Memory Exploit (MS07-009)
phpGalleryScript 1.0 - (init.gallery.php include_class) RFI
Md-Pro <= 1.0.8x (Topics topicid) Remote SQL Injection
DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service PoC
Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BoF Exploit
Woltlab Burning Board Addon JGS-Treffen SQL Injection
pSys 0.7.0.a (shownews) Remote SQL Injection
JAMM CMS (id) Remote Blind SQL Injection Exploit
Clever Copy 3.0 (results.php) Remote SQL Injection Exploit
GLLCTS2 (listing.php sort) Remote Blind SQL Injection Exploit
PHPMyCart (shop.php cat) Remote SQL Injection
Cartweaver 3 (prodId) Remote Blind SQL Injection Exploit
Oxygen 2.0 (repquote) Remote SQL Injection
MyMarket 1.72 - BlindSQL Injection Exploit
easyTrade 2.x - (detail.php id) Remote SQL Injection
CaupoShop Classic 1.3 - (saArticle[ID]) Remote SQL Injection
AcmlmBoard 1.A2 (pow) Remote SQL Injection
Catviz 0.4.0 beta1 - Multiple Remote SQL Injection Vulnerabilities
DZCP (deV!L_z Clanportal) <= 1.4.9.6 - Blind SQL Injection Exploit
Webspell 4 (Auth Bypass) SQL Injection
Microsoft Internet Explorer 7 - Memory Corruption PoC (MS09-002)
kloxo 5.75 - Multiple Vulnerabilities
Microsoft Office Web Components (Spreadsheet) ActiveX BoF PoC
PulseAudio setuid - Local Privilege Escalation Exploit
PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
PulseAudio setuid - Local Privilege Escalation Exploit
PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X)
mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X)
eWebeditor Directory Traversal
eWebeditor ASP Version - Multiple Vulnerabilities
Radasm .rap file Local Buffer Overflow
Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) (38 bytes)
Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) shellcode (38 bytes)
Joomla Component com_event - SQL Injection
Aix - execve /bin/sh (88 bytes)
BSD - Passive Connection Shellcode
bsd/PPC - execve /bin/sh (128 bytes)
bsd/x86 - setuid/execve shellcode (30 bytes)
bsd/x86 - setuid/portbind shellcode (94 bytes)
bsd/x86 - execve /bin/sh multiplatform (27 bytes)
bsd/x86 - execve /bin/sh setuid (0) (29 bytes)
bsd/x86 - portbind port 31337 (83 bytes)
bsd/x86 - portbind port random (143 bytes)
bsd/x86 - break chroot (45 bytes)
bsd/x86 - execve /bin/sh Crypt /bin/sh (49 bytes)
bsd/x86 - execve /bin/sh ENCRYPT* (57 bytes)
bsd/x86 - connect (93 bytes)
bsd/x86 - cat /etc/master.passwd | mail [email] (92 bytes)
bsd/x86 - reverse portbind (129 bytes)
bsdi/x86 - execve /bin/sh (45 bytes)
bsdi/x86 - execve /bin/sh (46 bytes)
AIX - execve /bin/sh shellcode (88 bytes)
BSD - Passive Connection Shellcode (124 bytes)
BSD/PPC - execve /bin/sh shellcode (128 bytes)
BSD/x86 - setuid(0) then execve /bin/sh shellcode (30 bytes)
BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes)
BSD/x86 - execve /bin/sh multiplatform shellcode (27 bytes)
BSD/x86 - execve /bin/sh setuid (0) shellcode (29 bytes)
BSD/x86 - portbind port 31337 shellcode (83 bytes)
BSD/x86 - portbind port random shellcode (143 bytes)
BSD/x86 - break chroot shellcode (45 bytes)
BSD/x86 - execve /bin/sh Crypt /bin/sh shellcode (49 bytes)
BSD/x86 - execve /bin/sh ENCRYPT* shellcode (57 bytes)
BSD/x86 - connect torootteam.host.sk:2222 shellcode (93 bytes)
BSD/x86 - cat /etc/master.passwd | mail [email] shellcode (92 bytes)
BSD/x86 - reverse 6969 portbind shellcode (129 bytes)
BSDi/x86 - execve /bin/sh shellcode (45 bytes)
BSDi/x86 - execve /bin/sh shellcode (46 bytes)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (1)
bsdi/x86 - execve /bin/sh toupper evasion (97 bytes)
FreeBSD i386/AMD64 - Execve /bin/sh (Anti-Debugging)
freebsd/x86 - setreuid_ execve(pfctl -d) (56 bytes)
freebsd/x86 - connect back.send.exit /etc/passwd (112 bytes)
freebsd/x86 - kill all processes (12 bytes)
freebsd/x86 - rev connect_ recv_ jmp_ return results (90 bytes)
freebsd/x86 - /bin/cat /etc/master.passwd (NULL free) (65 bytes)
freebsd/x86 - reverse portbind /bin/sh (89 bytes)
freebsd/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)
freebsd/x86 - encrypted shellcode /bin/sh (48 bytes)
freebsd/x86 - portbind 4883 with auth shellcode
freebsd/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)
freebsd/x86 - execve /bin/sh (23 bytes)
freebsd/x86 - execve /bin/sh (2) (23 bytes)
freebsd/x86 - execve /bin/sh (37 bytes)
freebsd/x86 - kldload /tmp/o.o (74 bytes)
freebsd/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes)
freebsd/x86 - execve /tmp/sh (34 bytes)
freebsd/x86 - connect (102 bytes)
freebsd/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)
freebsd/x86-64 - execve /bin/sh shellcode (34 bytes)
Linux/x86 - execve shellcode generator null byte free
Linux/x86 - generate portbind payload
Windows XP SP1 - portbind payload (Generator)
/bin/sh Polymorphic shellcode with printable ASCII characters
Linux/x86 - shellcode null free (Generator)
Alphanumeric Shellcode Encoder/Decoder
HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)
Multi-Format Shellcode Encoding Tool - Beta 2.0 (Win32) (Generator)
iOS Version-independent shellcode
Cisco IOS - Connectback Shellcode
Cisco IOS - Bind Shellcode 1.0 (116 bytes)
Cisco IOS - Tiny Shellcode
Cisco IOS - Shellcode And Exploitation Techniques (BlackHat)
HPUX - execve /bin/sh (58 bytes)
Linux/amd64 - flush iptables rules shellcode (84 bytes)
Linux/amd64 - connect-back semi-stealth shellcode (88+ bytes)
Linux/MIPS (Linksys WRT54G/GL) - port bind shellcode (276 bytes)
BSDi/x86 - execve /bin/sh toupper evasion shellcode (97 bytes)
FreeBSD i386 & AMD64 - Execve /bin/sh shellcode (Anti-Debugging) (140 bytes)
FreeBSD/x86 - setreuid_ execve(pfctl -d) shellcode (56 bytes)
FreeBSD/x86 - connect back.send.exit /etc/passwd shellcode (112 bytes)
FreeBSD/x86 - kill all processes shellcode (12 bytes)
FreeBSD/x86 - rev connect_ recv_ jmp_ return results shellcode (90 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes)
FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh shellcode (89 bytes)
FreeBSD/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)
FreeBSD/x86 - encrypted shellcode /bin/sh (48 bytes)
FreeBSD/x86 - portbind 4883 with auth shellcode (222 bytes)
FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (23 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (2) (23 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (37 bytes)
FreeBSD/x86 - kldload /tmp/o.o shellcode (74 bytes)
FreeBSD/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh shellcode (44 bytes)
FreeBSD/x86 - execve /tmp/sh shellcode (34 bytes)
FreeBSD/x86 - connect (Port 31337) shellcode (102 bytes)
FreeBSD/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)
FreeBSD/x86-64 - execve /bin/sh shellcode (34 bytes)
Linux/x86 - execve shellcode null byte free (Generator)
Linux/x86 - portbind payload shellcode (Generator)
Windows XP SP1 - portbind payload shellcode (Generator)
(Generator) - /bin/sh Polymorphic shellcode with printable ASCII characters
Linux/x86 - cmd shellcode null free (Generator)
(Generator) - Alphanumeric Shellcode Encoder/Decoder
HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)
Win32 - Multi-Format Shellcode Encoding Tool (Generator)
iOS - Version-independent shellcode
Cisco IOS - Connectback (Port 21) Shellcode
Cisco IOS - Bind Shellcode Password Protected (116 bytes)
Cisco IOS - Tiny Shellcode (New TTY_ Privilege level to 15_ No password)
HPUX - execve /bin/sh shellcode (58 bytes)
Linux/x86-64 - flush iptables rules shellcode (84 bytes)
Linux/x86-64 - connect-back semi-stealth shellcode (88+ bytes)
Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind shellcode (276 bytes)
Linux/MIPS - execve /bin/sh (56 bytes)
Linux/PPC - execve /bin/sh (60 bytes)
Linux/MIPS - execve /bin/sh shellcode (56 bytes)
Linux/PPC - execve /bin/sh shellcode (60 bytes)
Linux/PPC - connect back execve /bin/sh (240 bytes)
Linux/PPC - execve /bin/sh (112 bytes)
Linux/SPARC - connect back (216 bytes)
Linux/SPARC - portbind port 8975 (284 bytes)
Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh shellcode (240 bytes)
Linux/PPC - execve /bin/sh shellcode (112 bytes)
Linux/SPARC - connect back (192.168.100.1:2313) shellcode (216 bytes)
Linux/SPARC - portbind port 8975 shellcode (284 bytes)
Linux/x86 - Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) (34 bytes)
Linux/x86 - bindport 8000 & execve iptables -F (176 bytes)
Linux/x86 - bindport 8000 & add user with root access (225+ bytes)
Linux/x86 - Bind ASM Code Linux (179 bytes)
Linux/x86_64 - setuid(0) + execve(/bin/sh) (49 bytes)
Serial port shell binding & busybox Launching shellcode
Linux/x86 - File unlinker (18+ bytes)
Linux/x86 - Perl script execution (99+ bytes)
Linux/x86 - file reader (65+ bytes)
Linux/x86 - chmod(_/etc/shadow__666) & exit(0) (30 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) shellcode (34 bytes)
Linux/x86 - bindport 8000 & execve iptables -F shellcode (176 bytes)
Linux/x86 - bindport 8000 & add user with root access shellcode (225+ bytes)
Linux/x86 - 8000 Bind Port ASM Code Linux shellcode (179 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) shellcode (49 bytes)
Linux/x86 - Serial port shell binding & busybox Launching shellcode (82 bytes)
Linux/x86 - File unlinker shellcode (18+ bytes)
Linux/x86 - Perl script execution shellcode (99+ bytes)
Linux/x86 - file reader shellcode (65+ bytes)
Linux/x86 - chmod(_/etc/shadow__666) & exit(0) shellcode (30 bytes)
Linux/x86 - PUSH reboot() (30 bytes)
Linux/x86 - PUSH reboot() shellcode (30 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 (295 bytes)
Linux/x86 - edit /etc/sudoers for full access (86 bytes)
Ho' Detector - Promiscuous mode detector shellcode (56 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture shellcode (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 shellcode (295 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access shellcode (86 bytes)
Linux/x86 - Ho' Detector - Promiscuous mode detector shellcode (56 bytes)
Linux/x86 - iopl(3); asm(cli); while(1){} (12 bytes)
Linux/x86 - iopl(3); asm(cli); while(1){} shellcode (12 bytes)
Linux/x86 - connect back_ download a file and execute (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode
Linux/x86 - connect back.send.exit /etc/shadow (155 bytes)
Linux/x86 - writes a php connectback shell to the fs (508 bytes)
Linux/x86 - rm -rf / attempts to block the process from being stopped (132 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off (79 bytes)
Linux/x86 - raw-socket ICMP/checksum shell (235 bytes)
Linux/x86 - /sbin/iptables -F (40 bytes)
Linux/x86 - kill all processes (11 bytes)
Linux/x86 - connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode (39 bytes)
Linux/x86 - connect back (Port )8192.send.exit /etc/shadow shellcode (155 bytes)
Linux/x86 - writes a php connectback shell (/var/www/cb.php) to the filesystem shellcode (508 bytes)
Linux/x86 - rm -rf / attempts to block the process from being stopped shellcode (132 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off shellcode (79 bytes)
Linux/x86 - raw-socket ICMP/checksum shell shellcode (235 bytes)
Linux/x86 - /sbin/iptables -F shellcode (40 bytes)
Linux/x86 - kill all processes shellcode (11 bytes)
Linux/x86 - /sbin/ipchains -F (40 bytes)
Linux/x86 - set system time to 0 and exit (12 bytes)
Linux/x86 - add root user r00t with no password to /etc/passwd (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow (36 bytes)
Linux/x86 - forkbomb (7 bytes)
Linux/x86 - /sbin/ipchains -F shellcode (40 bytes)
Linux/x86 - set system time to 0 and exit shellcode (12 bytes)
Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow shellcode (36 bytes)
Linux/x86 - forkbomb shellcode (7 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh) (28 bytes)
Linux/x86 - execve(/bin/sh) (22 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111+ bytes)
Linux/x86 - executes command after setreuid (49+ bytes)
Linux/x86 - stdin re-open and /bin/sh exec shellcode
Linux/x86 - setuid(0) + execve(/bin/sh) shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) shellcode (22 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() shellcode (111+ bytes)
Linux/x86 - executes command after setreuid shellcode (49+ bytes)
Linux/x86 - stdin re-open and /bin/sh exec shellcode (39 bytes)
Linux/x86 - setuid/portbind shellcode (96 bytes)
Linux/x86 - portbind (define your own port) (84 bytes)
Linux/x86 - setuid/portbind (Port 31337) shellcode (96 bytes)
Linux/x86 - portbind (2707) shellcode (84 bytes)
Linux/x86 - SET_PORT() portbind (100 bytes)
Linux/x86 - SET_IP() Connectback Shellcode (82 bytes)
Linux/x86 - execve(/bin/sh) (24 bytes)
Linux/x86 - xor-encoded Connect Back Shellcode (371 bytes)
Linux/x86 - execve(/bin/sh) + ZIP Header (28 bytes)
Linux/x86 - execve(/bin/sh) + RTF Header (30 bytes)
Linux/x86 - execve(/bin/sh) + RIFF Header (28 bytes)
Linux/x86 - execve(/bin/sh) + Bitmap Header (27 bytes)
Linux/x86 - SWAP restore shellcode (109 bytes)
Linux/x86 - SWAP store shellcode (99 bytes)
Linux/x86 - Password Authentication portbind Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) (31 bytes)
Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) (37 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) (33 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68+ bytes)
Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes)
Linux/x86 - SET_IP() Connectback (192.168.13.22:31337) Shellcode (82 bytes)
Linux/x86 - execve(/bin/sh) shellcode (24 bytes)
Linux/x86 - xor-encoded Connect Back (127.0.0.1:80) Shellcode (371 bytes)
Linux/x86 - execve(/bin/sh) + ZIP Header shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + RTF Header shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + RIFF Header shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + Bitmap Header shellcode (27 bytes)
Linux/x86 - /tmp/swr to SWAP restore shellcode (109 bytes)
Linux/x86 - SWAP store from /tmp/sws shellcode (99 bytes)
Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) shellcode (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (31 bytes)
Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) shellcode (37 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (33 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP shellcode (68+ bytes)
Linux/x86 - execve /bin/sh anti-ids (40 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID (41 bytes)
Linux/x86 - execve /bin/sh (encoded by +1) (39 bytes)
Linux/x86 - Adduser without Password to /etc/passwd (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() (98 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) (39 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) (45 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() (32 bytes)
Linux/x86 - execve /bin/sh anti-ids shellcode (40 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID shellcode (41 bytes)
Linux/x86 - execve /bin/sh shellcode (encoded by +1) (39 bytes)
Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh shellcode (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) shellcode (39 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() shellcode (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) shellcode (45 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() shellcode (32 bytes)
Linux/x86 - normal exit with random (so to speak) return value (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) (51 bytes)
Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit (4 bytes)
Linux/x86 - reboot() (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) (31 bytes)
Linux/x86 - execve(/bin/sh) / PUSH (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console (63 bytes)
Linux/x86 - normal exit with random (so to speak) return value shellcode (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) shellcode (51 bytes)
Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes)
Linux/x86 - reboot() shellcode (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) / PUSH shellcode (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console shellcode (63 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); (29 bytes)
Linux/x86 - _exit(1); (7 bytes)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) (36 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); shellcode (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); shellcode (29 bytes)
Linux/x86 - _exit(1); shellcode (7 bytes)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) shellcode (36 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload (21 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (187+ bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (45 bytes)
Linux/x86 - chroot & standart (66 bytes)
Linux/x86 - upload & exec (189 bytes)
Linux/x86 - setreuid/execve (31 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload shellcode (21 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change shellcode (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change shellcode (187+ bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (45 bytes)
Linux/x86 - chroot & standart shellcode (66 bytes)
Linux/x86 - upload & exec shellcode (189 bytes)
Linux/x86 - setreuid/execve shellcode (31 bytes)
Linux/x86 - Radically Self Modifying Code (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code (76 bytes)
Linux/x86 - execve code (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); (21 bytes)
Linux/x86 - execve /bin/sh alphanumeric (392 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less (45 bytes)
Linux/x86 - symlink /bin/sh xoring (56 bytes)
Linux/x86 - portbind port 5074 toupper (226 bytes)
Linux/x86 - add user t00r ENCRYPT (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT (75 bytes)
Linux/x86 - symlink . /bin/sh (32 bytes)
Linux/x86 - kill snort (151 bytes)
Linux/x86 - shared memory exec (50 bytes)
Linux/x86 - iptables -F (45 bytes)
Linux/x86 - iptables -F (58 bytes)
Linux/x86 - Reverse telnet (134 bytes)
Linux/x86 - connect (120 bytes)
Linux/x86 - chmod 666 /etc/shadow (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy (126 bytes)
Linux/x86 - eject /dev/cdrom (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 (132 bytes)
Linux/x86 - ipchains -F (49 bytes)
Linux/x86 - chmod 666 /etc/shadow (82 bytes)
Linux/x86 - execve /bin/sh (29 bytes)
Linux/x86 - execve /bin/sh (24 bytes)
Linux/x86 - execve /bin/sh (38 bytes)
Linux/x86 - execve /bin/sh (30 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) (50 bytes)
Linux/x86 - portbind port 5074 (92 bytes)
Linux/x86 - portbind port 5074 + fork() (130 bytes)
Linux/x86 - add user t00r (82 bytes)
Linux/x86 - add user (104 bytes)
Linux/x86 - break chroot (34 bytes)
Linux/x86 - break chroot (46 bytes)
Linux/x86 - break chroot execve /bin/sh (80 bytes)
Linux/x86 - execve /bin/sh encrypted (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted (55 bytes)
Linux/x86 - execve /bin/sh tolower() evasion (41 bytes)
execve of /bin/sh after setreuid(0_0)
Linux - chroot()/execve() code (80 bytes)
Linux/x86 - execve /bin/sh toupper() evasion (55 bytes)
Linux/x86 - add user (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh (132 bytes)
Linux/x86_64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86_64 - execve(/bin/sh) (33 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes)
OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes)
Linux/x86 & unix/SPARC & irix/mips - execve /bin/sh irx.mips (141 bytes)
Linux/x86 & unix/SPARC - execve /bin/sh (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh (38 bytes)
netbsd/x86 - kill all processes shellcode (23 bytes)
netbsd/x86 - callback shellcode (port 6666) (83 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes)
netbsd/x86 - execve /bin/sh (68 bytes)
openbsd/x86 - execve(/bin/sh) (23 bytes)
openbsd/x86 - portbind port 6969 (148 bytes)
openbsd/x86 - add user w00w00 (112 bytes)
OS-X/ppc - sync()_ reboot() (32 bytes)
OS-X/PPC - execve(/bin/sh)_ exit() (72 bytes)
OS-X/PPC - Add user r00t (219 bytes)
OS-X/PPC - execve /bin/sh (72 bytes)
OS-X/PPC - add inetd backdoor (222 bytes)
OS-X/PPC - reboot (28 bytes)
OS-X/PPC - setuid(0) + execve /bin/sh (88 bytes)
OS-X/PPC - create /tmp/suid (122 bytes)
OS-X/PPC - simple write() (75 bytes)
OS-X/PPC - execve /usr/X11R6/bin/xterm (141 bytes)
sco/x86 - execve(_/bin/sh__ ..._ NULL); (43 bytes)
Solaris/SPARC - download and execute (278 bytes)
Solaris/SPARC - executes command after setreuid (92+ bytes)
Solaris/SPARC - connect-back (with XNOR encoded session) (600 bytes)
Solaris/SPARC - setreuid/execve (56 bytes)
Solaris/SPARC - portbind (port 6666) (240 bytes)
Solaris/SPARC - execve /bin/sh (52 bytes)
Solaris/SPARC - portbind port 6789 (228 bytes)
Solaris/SPARC - connect-back (204 bytes)
Solaris/SPARC - portbinding shellcode
Linux/x86 - Radically Self Modifying Code shellcode (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code shellcode (76 bytes)
Linux/x86 - execve code shellcode (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); shellcode (21 bytes)
Linux/x86 - execve /bin/sh alphanumeric shellcode (392 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring shellcode (56 bytes)
Linux/x86 - portbind port 5074 toupper shellcode (226 bytes)
Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh shellcode (32 bytes)
Linux/x86 - kill snort shellcode (151 bytes)
Linux/x86 - shared memory exec shellcode (50 bytes)
Linux/x86 - iptables -F shellcode (45 bytes)
Linux/x86 - iptables -F shellcode (58 bytes)
Linux/x86 - Reverse telnet shellcode (134 bytes)
Linux/x86 - connect shellcode (120 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy shellcode (126 bytes)
Linux/x86 - eject /dev/cdrom shellcode (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 shellcode (132 bytes)
Linux/x86 - ipchains -F shellcode (49 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (82 bytes)
Linux/x86 - execve /bin/sh shellcode (29 bytes)
Linux/x86 - execve /bin/sh shellcode (24 bytes)
Linux/x86 - execve /bin/sh shellcode (38 bytes)
Linux/x86 - execve /bin/sh shellcode (30 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) shellcode (50 bytes)
Linux/x86 - portbind port 5074 shellcode (92 bytes)
Linux/x86 - portbind port 5074 + fork() shellcode (130 bytes)
Linux/x86 - Add user _t00r_ shellcode (82 bytes)
Linux/x86 - Add user shellcode (104 bytes)
Linux/x86 - break chroot shellcode (34 bytes)
Linux/x86 - break chroot shellcode (46 bytes)
Linux/x86 - break chroot execve /bin/sh shellcode (80 bytes)
Linux/x86 - execve /bin/sh encrypted shellcode (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted shellcode (55 bytes)
Linux/x86 - execve /bin/sh tolower() evasion shellcode (41 bytes)
Linux/x86 - execve of /bin/sh after setreuid(0_0) shellcode (46+ bytes)
Linux/x86 - chroot()/execve() code shellcode (80 bytes)
Linux/x86 - execve /bin/sh toupper() evasion shellcode (55 bytes)
Linux/x86 - Add user _z_ shellcode (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh shellcode (132 bytes)
Linux/x86-64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (33 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (99 bytes)
OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (121 bytes)
Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh shellcode (141 bytes)
Linux/x86 & Unix/SPARC - execve /bin/sh shellcode (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh shellcode (38 bytes)
NetBSD/x86 - kill all processes shellcode (23 bytes)
NetBSD/x86 - callback shellcode (port 6666) (83 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (30 bytes)
NetBSD/x86 - execve /bin/sh shellcode (68 bytes)
OpenBSD/x86 - execve(/bin/sh) ( shellcode 23 bytes)
OpenBSD/x86 - portbind port 6969 shellcode (148 bytes)
OpenBSD/x86 - Add user _w00w00_ (112 shellcode bytes)
OS-X/PPC - sync()_ reboot() shellcode (32 bytes)
OS-X/PPC - execve(/bin/sh)_ exit() shellcode (72 bytes)
OS-X/PPC - Add user _r00t_ shellcode (219 bytes)
OS-X/PPC - execve /bin/sh shellcode (72 bytes)
OS-X/PPC - Add inetd backdoor shellcode (222 bytes)
OS-X/PPC - reboot shellcode (28 bytes)
OS-X/PPC - setuid(0) + execve /bin/sh shellcode (88 bytes)
OS-X/PPC - create /tmp/suid shellcode (122 bytes)
OS-X/PPC - simple write() shellcode (75 bytes)
OS-X/PPC - execve /usr/X11R6/bin/xterm shellcode (141 bytes)
SCO/x86 - execve(_/bin/sh__ ..._ NULL); shellcode (43 bytes)
Solaris/SPARC - download and execute shellcode (278 bytes)
Solaris/SPARC - executes command after setreuid shellcode (92+ bytes)
Solaris/SPARC - connect-back (with XNOR encoded session) shellcode (600 bytes)
Solaris/SPARC - setreuid/execve shellcode (56 bytes)
Solaris/SPARC - portbind (port 6666) shellcode (240 bytes)
Solaris/SPARC - execve /bin/sh shellcode (52 bytes)
Solaris/SPARC - portbind port 6789 shellcode (228 bytes)
Solaris/SPARC - connect-bac shellcode k (204 bytes)
Solaris/SPARC - portbinding shellcode (240 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes)
Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes)
Solaris/x86 - execve /bin/sh toupper evasion (84 bytes)
Solaris/x86 - add services and execve inetd (201 bytes)
Unixware - execve /bin/sh (95 bytes)
Windows 5.0 < 7.0 x86 - null-free bindshell
Win32/XP SP2 (EN) - cmd.exe (23 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes)
Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) shellcode (59 bytes)
Solaris/x86 - execve /bin/sh toupper evasion shellcode (84 bytes)
Solaris/x86 - Add services and execve inetd shellcode (201 bytes)
UnixWare - execve /bin/sh shellcode (95 bytes)
Windows 5.0 < 7.0 x86 - null-free bindshell shellcode
Win32/XP SP2 (EN) - cmd.exe shellcode (23 bytes)
Win32 -SEH omelet shellcode
Win32 - telnetbind by Winexec (111 bytes)
Win32 - PEB!NtGlobalFlags shellcode (14 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe (32 bytes)
Win32/XP SP2 - cmd.exe (57 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) (49 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Tiny Download and Exec Shellcode (192 bytes)
Win32 - download and execute (124 bytes)
Win32 (NT/XP) - IsDebuggerPresent ShellCode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box (110 bytes)
Win32 - WinExec() Command Parameter (104+ bytes)
Win32 - Download & Exec Shellcode (226+ bytes)
Windows NT/2000/XP - useradd shellcode for russian systems (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - PEB method (29 bytes)
Windows 9x/NT/2000/XP - PEB method (31 bytes)
Windows 9x/NT/2000/XP - PEB method (35 bytes)
Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes)
Windows XP/2000/2003 - Download File and Exec (241 bytes)
Windows XP - download and exec source
Windows XP SP1 - Portshell on port 58821 (116 bytes)
Windows - (DCOM RPC2) Universal Shellcode
Win64 - (URLDownloadToFileA) download and execute (218+ bytes)
Linux/x86 - kill all processes (9 bytes)
Linux - setuid(0) & execve(_/sbin/poweroff -f_) (47 bytes)
Linux - setuid(0) and cat /etc/shadow
Linux - chmod(/etc/shadow_ 0666) & exit() (33 bytes)
Linux - Linux/x86 execve() (51bytes)
Win32 - SEH omelet shellcode
Win32 - telnetbind by Winexec shellcode (111 bytes)
Win32 - PEB!NtGlobalFlags shellcode (14 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe shellcode (32 bytes)
Win32/XP SP2 - cmd.exe shellcode (57 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric shellcode (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) shellcode (49 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Tiny Download and Exec Shellcode (192 bytes)
Win32 - download and execute shellcode (124 bytes)
Win32/NT/XP - IsDebuggerPresent ShellCode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box shellcode (110 bytes)
Win32 - WinExec() Command Parameter shellcode (104+ bytes)
Win32 - Download & Exec Shellcode (226+ bytes)
Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (29 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (31 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (35 bytes)
Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes)
Windows XP/2000/2003 - Download File and Exec shellcode (241 bytes)
Windows XP - download and exec source shellcode
Windows XP SP1 - Portshell on port 58821 shellcode (116 bytes)
Windows - (DCOM RPC2) Universal Shellcode
Win64 - (URLDownloadToFileA) download and execute shellcode (218+ bytes)
Linux/x86 - kill all processes shellcode (9 bytes)
Linux/x86 - setuid(0) & execve(_/sbin/poweroff -f_) shellcode (47 bytes)
Linux/x86 - setuid(0) and cat /etc/shadow shellcode (49 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) & exit() shellcode (33 bytes)
Linux/x86 - Linux/x86 execve() shellcode (51 bytes)
Windows XP SP2 - PEB ISbeingdebugged shellcode
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' (43 bytes)
Win32 XP SP3 - ShellExecuteA shellcode
Linux - setreuid (0_0) & execve(/bin/rm /etc/shadow)
Win32 XP SP3 - addFirewallRule
freebsd/x86 - portbind shellcode (167 bytes)
Win32/XP SP2 - calc.exe (45 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() (35 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe (23 bytes)
Linux/x86 - chmod 666 /etc/shadow (27 bytes)
Linux/x86 - break chroot (79 bytes)
Linux/x86 - fork bomb (6 bytes)
Linux/x86 - append _/etc/passwd_ & exit() (107 bytes)
Windows XP SP2 - PEB ISbeingdebugged shellcode (56 bytes)
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' shellcode (43 bytes)
Win32 XP SP3 - ShellExecuteA shellcode
Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) shellcode
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 shellcode
FreeBSD/x86 - portbind (Port 1337) shellcode (167 bytes)
Win32/XP SP2 - calc.exe shellcode (45 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() shellcode (35 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe shellcode (23 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (27 bytes)
Linux/x86 - break chroot shellcode (79 bytes)
Linux/x86 - fork bomb shellcode (6 bytes)
Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes)
Linux/x86 - eject /dev/cdrom (42 bytes)
Win32 XP SP2 FR - calc (19 bytes)
Linux/x86 - eject /dev/cdrom shellcode (42 bytes)
Win32 XP SP2 FR - calc shellcode (19 bytes)
Linux/x86 - ip6tables -F (47 bytes)
Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes)
Linux i686 - pacman -R <package> (59 bytes)
Linux - bin/cat /etc/passwd (43 bytes)
Win32 XP SP3 English - cmd.exe (26 bytes)
Win32 XP SP2 Turkish - cmd.exe (26 bytes)
Linux/x86 - /bin/sh (8 bytes)
Linux/x86 - execve /bin/sh (21 bytes)
Windows XP Home Edition SP2 English - calc.exe (37 bytes)
Windows XP Home Edition SP3 English - calc.exe (37 bytes)
Linux/x86 - disabled modsecurity (64 bytes)
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Linux/x86 - ip6tables -F shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) shellcode (64 bytes)
Linux/i686 - pacman -R <package> shellcode (59 bytes)
Linux/x86 - bin/cat /etc/passwd shellcode (43 bytes)
Win32 XP SP3 English - cmd.exe shellcode (26 bytes)
Win32 XP SP2 Turkish - cmd.exe shellcode (26 bytes)
Linux/x86 - /bin/sh shellcode (8 bytes)
Linux/x86 - execve /bin/sh shellcode (21 bytes)
Windows XP Home Edition SP2 English - calc.exe shellcode (37 bytes)
Windows XP Home Edition SP3 English - calc.exe shellcode (37 bytes)
Linux/x86 - disabled modsecurity shellcode (64 bytes)
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - MessageBox (Metasploit)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - MessageBox shellcode (Metasploit)
chmod(_/etc/shadow__ 0666) shellcode (36 bytes)
execve(_/bin/sh_) shellcode (25 bytes)
DoS-Badger-Game shellcode (6 bytes)
SLoc-DoS shellcode (55 bytes)
execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
chmod(_/etc/shadow__ 0777) Shellcode(33 bytes)
chmod(_/etc/shadow__ 0777) shellcode (29 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0666) shellcode (36 bytes)
Linux/x86-64 - execve(_/bin/sh_) shellcode (25 bytes)
Linux/x86 - DoS-Badger-Game shellcode (6 bytes)
Linux/x86 - SLoc-DoS shellcode (55 bytes)
Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) shellcode (29 bytes)
Linux/x86 - polymorphic forkbombe (30 bytes)
Linux/x86 - forkbomb
setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86_64 - reboot(POWER_OFF) shellcode (19 bytes)
Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) (33 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes)
Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) (27 bytes)
Linux/x86 - polymorphic forkbombe shellcode (30 bytes)
Linux/x86 - forkbomb shellcode (6 bytes)
Linux/x86 - setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86-64 - reboot(POWER_OFF) shellcode (19 bytes)
Linux/x86-64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) shellcode (33 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) shellcode (57 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); shellcode (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) shellcode (45 bytes)
Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) shellcode (27 bytes)
Solaris/x86 - Reboot() (37 bytes)
Solaris/x86 - Remote Download file (79 bytes)
Linux/x86 - Disable randomize stack addresse (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83
Solaris/x86 - Reboot() shellcode (37 bytes)
Solaris/x86 - Remote Download file shellcode (79 bytes)
Linux/x86 - Disable randomize stack addresse shellcode (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Linux/x86 - Shellcode Polymorphic - setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
change mode 0777 of _/etc/shadow_ with sys_chmod syscall (39 bytes)
Linux/x86 - kill all running process (11 bytes)
change mode 0777 of _/etc/passwd_ with sys_chmod syscall (39 bytes)
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Linux/x86 - Polymorphic setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - kill all running process shellcode (11 bytes)
Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes)
Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - hard / unclean reboot (29 bytes)
Linux/x86 - hard / unclean reboot (33 bytes)
Solaris/x86 - SystemV killall command (39 bytes)
Linux/x86 - hard / unclean reboot shellcode (29 bytes)
Linux/x86 - hard / unclean reboot shellcode (33 bytes)
Solaris/x86 - SystemV killall command shellcode (39 bytes)
Linux/x86 - give all user root access when execute /bin/sh (45 bytes)
Linux/x86 - give all user root access when execute /bin/sh shellcode (45 bytes)
Linux/x86 - netcat connect back port 8080 (76 bytes)
Linux/x86 - netcat connect back port 8080 shellcode (76 bytes)
Windows - MessageBoxA Shellcode
Windows - MessageBoxA Shellcode (238 bytes)
Solaris/x86 - Sync() & reboot() & exit(0) (48 bytes)
Solaris/x86 - Sync() & reboot() & exit(0) shellcode (48 bytes)
Linux/x86_64 - Disable ASLR Security (143 bytes)
Linux/x86-64 - Disable ASLR Security shellcode (143 bytes)
Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) (131 bytes)
Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) shellcode (131 bytes)
Linux/x86_64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes)
Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) shellcode (63 bytes)
Linux/x86_64 - Add root user with password (390 bytes)
Linux/x86-64 - Add root user _shell-storm_ with password _leet_ shellcode (390 bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess (176+ bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess shellcode (176+ bytes)
Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes)
Linux/ARM - setuid(0) & kill(-1_ SIGKILL) shellcode (28 bytes)
Linux/ARM - execve(_/bin/sh___/bin/sh__0) (30 bytes)
Linux/ARM - execve(_/bin/sh___/bin/sh__0) shellcode (30 bytes)
Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) (84 bytes)
Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) shellcode (84 bytes)
Linux/ARM - Disable ASLR Security (102 bytes)
Linux/ARM - Disable ASLR Security shellcode (102 bytes)
Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded (78 bytes)
Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded shellcode (78 bytes)
Linux/x86 - bind shell port 64533 (97 bytes)
Linux/x86 - bind shell port 64533 shellcode (97 bytes)
Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode (161 bytes)
Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes)
Linux - 125 bind port to 6778 XOR encoded polymorphic
Linux - 125 bind port to 6778 XOR encoded polymorphic shellcode (125 bytes)
Linux - nc -lp 31337 -e /bin//sh polymorphic shellcode (91 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ polymorphic shellcode (91 bytes)
Win32 - Write-to-file Shellcode
Win32 - Write-to-file Shellcode (278 bytes)
Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) shellcode (49 bytes)
Linux/x86 - netcat bindshell port 8080 (75 bytes)
Linux/x86 - netcat bindshell port 8080 shellcode (75 bytes)
Mini-Stream RM-MP3 Converter 3.1.2.1 - (.pls) Stack Buffer Overflow universal
PHP-Nuke 8.1 SEO Arabic - Remote File Include
bds/x86 - bindshell on port 2525 shellcode (167 bytes)
BSD/x86 - bindshell on port 2525 shellcode (167 bytes)
Win32 - Shellcode Checksum Routine (18 bytes)
Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) (27 bytes)
Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (27 bytes)
Integard Home and Pro 2 - Remote HTTP Buffer Overflow Exploit
Audiotran 1.4.2.4 SEH Overflow Exploit
Joomla Component (com_elite_experts) SQL Injection
Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes)
Traidnt UP - Cross-Site Request Forgery Add Admin Account
Allpc 2.5 osCommerce - (SQL/XSS) Multiple Vulnerabilities
Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes)
Win32 - add new local administrator (326 bytes)
Win32/XP Pro SP3 (EN) 32-bit - Add new local administrator _secuid0_ shellcode (113 bytes)
Win32 - Add new local administrator shellcode _secuid0_ (326 bytes)
HP Data Protector Media Operations NULL Pointer Dereference Remote DoS
AnyDVD <= 6.7.1.0 - Denial of Service
ARM - Bindshell port 0x1337
ARM - Bind Connect UDP Port 68
ARM - Loader Port 0x1337
ARM - ifconfig eth0 and Assign Address
ARM - Bindshell port 0x1337shellcode
ARM - Bind Connect UDP Port 68 shellcode
ARM - Loader Port 0x1337 shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 shellcode
Linux/ARM - add root user with password (151 bytes)
Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes)
OS-X/Intel - setuid shell x86_64 (51 bytes)
OS-X/Intel - setuid shell x86_64 shellcode (51 bytes)
Create a New User with UID 0 - ARM (Metasploit)
ARM - Create a New User with UID 0 shellcode (Metasploit) (Generator) (66+ bytes)
Windows Win32k Pointer Dereferencement PoC (MS10-098)
Win32 - speaking shellcode
bds/x86 - connect back Shellcode (81 bytes)
bds/x86 - portbind + fork shellcode (111 bytes)
bsd/x86 - connect back Shellcode (81 bytes)
BSD/x86 - 31337 portbind + fork shellcode (111 bytes)
Win32 - eggsearch shellcode (33 bytes)
Arkeia Backup Client Type 77 - Overflow (Win32)
Oracle 9i XDB FTP PASS Overflow (Win32)
SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow
SHTTPD <= 1.34 - URI-Encoded POST Request Overflow (Win32)
Icecast <= 2.0.1 - Header Overwrite (Win32)
McAfee ePolicy Orchestrator / ProtectionPilot Overflow
Oracle 9i XDB HTTP PASS Overflow (Win32)
Linux/SuperH - sh4 - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) (43 bytes)
Linux/SuperH (sh4) - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) shellcode (43 bytes)
Linux/x86 - netcat bindshell port 6666 (69 bytes)
Linux/x86 - netcat bindshell port 6666 shellcode (69 bytes)
OS-X/Intel - reverse_tcp shell x86_64 (131 bytes)
OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes)
Windows - WinExec add new local administrator + ExitProcess Shellcode (279 bytes)
Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes)
Linux/x86 - ASLR deactivation (83 bytes)
Linux/x86 - ASLR deactivation shellcode (83 bytes)
Linux/x86 - ConnectBack with SSL connection (422 bytes)
Linux/x86 - ConnectBack with SSL connection shellcode (422 bytes)
SuperH (sh4) - Add root user with password (143 bytes)
Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes)
Win32/PerfectXp-pc1/SP3 TR - Add Admin Shellcode (112 bytes)
Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes)
Linux/MIPS - execve (52 bytes)
Linux/MIPS - execve shellcode (52 bytes)
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS
Linux/SuperH - sh4 - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) (27 bytes)
Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) shellcode (27 bytes)
Linux/MIPS - execve /bin/sh (48 bytes)
Linux/MIPS - add user(UID 0) with password (164 bytes)
Linux/MIPS - execve /bin/sh shellcode (48 bytes)
Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes)
Linux/x86_64 - execve(/bin/sh) (52 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (52 bytes)
Linux/MIPS - reboot() (32 bytes)
Linux/MIPS - reboot() shellcode (32 bytes)
GdiDrawStream BSoD using Safari
Linux/x86 - Polymorphic ShellCode - setuid(0)+setgid(0)+add user 'iph' without password to /etc/passwd
Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd
Linux/x86 - Search For php/html Writable Files and Add Your Code (380+ bytes)
Linux/x86 - Search For php/html Writable Files and Add Your Code shellcode (380+ bytes)
Linux/x86_64 - add user with passwd (189 bytes)
Linux/x86-64 - Add user _t0r_ with password _Winner_ shellcode (189 bytes)
Linux/x86 - execve(/bin/dash) (42 bytes)
Linux/x86 - execve(/bin/dash) shellcode (42 bytes)
Linux/x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes)
Linux/x86 - chmod 666 /etc/passwd & /etc/shadow shellcode (57 bytes)
Microsoft Windows Kernel - Intel x64 SYSRET PoC
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) (72 bytes)
Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) (41 bytes)
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (30 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) shellcode (41 bytes)
Windows XP Pro SP3 - Full ROP calc shellcode
Windows XP Pro SP3 - Full ROP calc shellcode (428 bytes)
Novell Client 2 SP3 - nicm.sys Local Privilege Escalation
MIPS Little Endian - Shellcode
MIPS - (Little Endian) system() Shellcode (80 bytes)
Windows RT ARM - Bind Shell (Port 4444)
Windows RT ARM - Bind Shell (Port 4444) shellcode
Linux Kernel <= 3.7.6 (Redhat x86/x64) - 'MSR' Driver Local Privilege Escalation
Linux/x86 - Multi-Egghunter
Linux/x86 - Multi-Egghunter shellcode
MIPS Little Endian - Reverse Shell Shellcode (Linux)
Linux/MIPS - (Little Endian) Reverse Shell (192.168.1.177:31337) Shellcode (200 bytes)
Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation
Windows - Add Admin User Shellcode (194 bytes)
Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035)
OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege
Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - ptrace/sysret Local Privilege Escalation
MQAC.sys Arbitrary Write Privilege Escalation
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes)
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh shellcode (378 bytes)
VirtualBox 3D Acceleration Virtual Machine Escape
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes)
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes)
Connect Back (139 bytes)
Linux/x86-64 - Connect Back shellcode (139 bytes)
Linux/x86 - Add map in /etc/hosts file
Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) shellcode (77 bytes)
Microsoft Bluetooth Personal Area Networking - (BthPan.sys) Privilege Escalation
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Position independent & Alphanumeric 64-bit execve(_/bin/sh\0__NULL_NULL); (87 bytes)
Linux/x86-64 - Position independent & Alphanumeric execve(_/bin/sh\0__NULL_NULL); shellcode (87 bytes)
Offset2lib: Bypassing Full ASLR On 64 bit Linux
Linux/x86 - rmdir (37 bytes)
Linux/x86 - rmdir shellcode (37 bytes)
Linux/x64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x64 - Reverse TCP connect (77 to 85 bytes / 90 to 98 bytes with password)
Linux/x86-64 - Reverse TCP connect shellcode (77 to 85 bytes / 90 to 98 bytes with password)
RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation
RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation
Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Linux/MIPS - execve (36 bytes)
Linux/MIPS - execve /bin/sh shellcode (36 bytes)
Windows XP x86-64 - Download & execute (Generator)
Windows XP x86-64 - Download & execute shellcode (Generator)
Linux Kernel <= 3.17.5 - IRET Instruction #SS Fault Handling Crash PoC
Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow (55 bytes)
Linux/MIPS - (Little Endian) Chmod 666 /etc/shadow shellcode (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd shellcode (55 bytes)
Reads Data From /etc/passwd To /tmp/outfile (118 bytes)
Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile shellcode (118 bytes)
Linux/x86 - ROT13 encoded execve(_/bin/sh_) (68 bytes)
Linux/x86 - ROT13 encoded execve(_/bin/sh_) shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated (84 bytes)
Linux/x86 - Obfuscated map google.com to 127.1.1.1 (98 bytes)
Linux/x86 - Obfuscated execve(_/bin/sh_) (40 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated shellcode (84 bytes)
Linux/x86 - Obfuscated map google.com to 127.1.1.1 shellcode (98 bytes)
Linux/x86 - Obfuscated execve(_/bin/sh_) shellcode (40 bytes)
Linux/x86 - Reverse TCP Shell (72 bytes)
Linux/x86 - TCP Bind Shell (96 bytes)
Linux/x86 - Reverse TCP Shell shellcode (72 bytes)
Linux/x86 - TCP Bind Shel shellcode l (96 bytes)
Linux - Disable ASLR (84 bytes)
Linux/x86 - Disable ASLR shellcode (84 bytes)
Linux/x86 - Egg-hunter (20 bytes)
Linux/x86 - Egg-hunter shellcode (20 bytes)
Create 'my.txt' Working Directory (37 bytes)
Linux/x86 - Create 'my.txt' Working Directory shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) (49 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) shellcode (49 bytes)
Win32/XP SP3 - Create (_file.txt_) (83 bytes)
Win32/XP SP3 - Restart computer
Linux - custom execve-shellcode Encoder/Decoder
Win32/XP SP3 - Create (_file.txt_) shellcode (83 bytes)
Win32/XP SP3 - Restart computer shellcode (57 bytes)
Linux/x86 - custom execve-shellcode Encoder/Decoder
Linux/x86_64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux/x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux/x86 - exit(0) (6 bytes)
Linux/x86 - exit(0) shellcode (6 bytes)
Windows 8.0 < 8.1 x64 - TrackPopupMenu Privilege Escalation (MS14-058)
Linux/x86 - chmod() 777 /etc/shadow & exit() (33 bytes)
Linux/x86 - chmod() 777 /etc/shadow & exit() shellcode (33 bytes)
Linux/x86 - /etc/passwd Reader (58 bytes)
Linux/x86 - /etc/passwd Reader shellcode (58 bytes)
Linux/x86 - mkdir HACK & chmod 777 and exit(0) (29 bytes)
Linux/x86 - Netcat BindShell Port 5555 (60 bytes)
Linux/x86 - mkdir HACK & chmod 777 and exit(0) shellcode (29 bytes)
Linux/x86 - Netcat BindShell Port 5555 shellcode (60 bytes)
Linux/x86_64 - execve(/bin/sh) (30 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (30 bytes)
Linux/x86 - Download & Execute
Linux/x86 - Reboot (28 bytes)
Linux/x86 - Download & Execute shellcode
Linux/x86 - Reboot shellcode (28 bytes)
Linux/x86 - execve /bin/sh (23 bytes)
Linux/x86 - execve /bin/sh shellcode (23 bytes)
Linux 64bit - Encoded execve shellcode
Linux/x86-64 - Encoded execve shellcode (57 bytes)
encoded 64 bit execve shellcode
Linux/x86-64 - encoded execve shellcode (57 bytes)
Win32/XP SP3 (TR) - MessageBox (24 bytes)
Win32/XP SP3 (TR) - MessageBox shellcode (24 bytes)
Windows XP SP3 x86 / 2003 SP2 x86 - NDProxy Privilege Escalation (MS14-002)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free (199 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes)
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
Adobe Flash XMLSocket Destructor Not Cleared Before Setting User Data in connect
Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash Shared Object Type Confusion
Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash Shared Object Type Confusion
Windows 2003 x64 - Token Stealing shellcode (59 bytes)
OS-X x64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
Mainframe/System Z - Bind Shell
Mainframe/System Z - Bind Shell shellcode (2488 bytes)
ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC
Linux/x86 - execve(/bin/bash) (31 bytes)
Linux/x86 - execve(/bin/bash) shellcode (31 bytes)
Linux/x86 - Create file with permission 7775 and exit (Shell Generator)
Linux/x86 - Create file with permission 7775 and exit shellcode (Generator)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) (75 bytes)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) shellcode (75 bytes)
OS-X x64 - tcp bind shellcode_ NULL byte free (144 bytes)
OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes)
Linux/x86_64 - /bin/sh
Linux/x86-64 - /bin/sh shellcode
Android Shellcode Telnetd with Parameters
Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Microsoft Windows - Font Driver Buffer Overflow (MS15-078)
Linux/x86_64 - execve Shellcode (22 bytes)
Linux/x86-64 - execve Shellcode (22 bytes)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061)
Windows Kernel - WindowStation Use-After-Free (MS15-061)
Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Windows Kernel - FlashWindowEx Memory Corruption (MS15-097)
Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)
Windows Kernel - WindowStation Use-After-Free (MS15-061)
Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Windows Kernel - FlashWindowEx Memory Corruption (MS15-097)
Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)
Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097)
Truecrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation
Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application)
Linux/x86_64 - Bindshell with Password (92 bytes)
Linux/x86-64 - Bindshell with Password shellcode (92 bytes)
Symantec pcAnywhere 12.5.0 Windows x86 - Remote Code Execution
Linux/x64 - egghunter (24 bytes)
Linux/x86-64 - egghunter shellcode (24 bytes)
Linux/x86_64 - Polymorphic execve Shellcode (31 bytes)
Linux/x86-64 - Polymorphic execve Shellcode (31 bytes)
Windows XP<10 - Null-Free WinExec Shellcode (Python)
Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator)
win32k Desktop and Clipboard - Null Pointer Derefence
win32k Clipboard Bitmap - Use-After-Free
win32k Desktop and Clipboard - Null Pointer Derefence
win32k Clipboard Bitmap - Use-After-Free
Microsoft Windows 8.1 - win32k Local Privilege Escalation (MS15-010)
Adobe Flash Selection.SetSelection - Use-After-Free
Adobe Flash Sound.setTransform - Use-After-Free
Linux/x64 - Bind TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bind TCP Port Shellcode (103 bytes)
Linux/x86_64 - bind TCP port shellcode (103 bytes)
TCP Bindshell with Password Prompt (162 bytes)
Linux/x86-64 - bind TCP port shellcode (103 bytes)
Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes)
TCP Reverse Shell with Password Prompt (151 bytes)
Linux/x86-64 - TCP Reverse Shell with Password Prompt shellcode (151 bytes)
Linux/x86_64 - Egghunter (18 bytes)
Linux/x86 - Egg-hunter (13 bytes)
Linux/x86-64 - Egghunter shellcode (18 bytes)
Linux/x86 - Egg-hunter shellcode (13 bytes)
Adobe Flash - Use-After-Free When Setting Stage
Linux/x86_64 - xor/not/div Encoded execve Shellcode (54 bytes)
Linux/x86-64 - xor/not/div Encoded execve Shellcode (54 bytes)
Linux x86 & x86_64 - reverse_tcp Shellcode
Linux x86 & x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86 & x86_64 - tcp_bind Shellcode
Linux x86 & x86_64 - Read etc/passwd Shellcode
Linux x86 & x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86 & x86_64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (1) (122 bytes)
Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (1) (122 bytes)
Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (2) (135 bytes)
Linux/x86 - Download & Execute Shellcode
Linux/x86_64 - Polymorphic Execve-Stack (47 bytes)
Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (2) (135 bytes)
Linux/x86 - Download & Execute Shellcode (135 bytes)
Linux/x86-64 - Polymorphic Execve-Stack shellcode (47 bytes)
Microsoft Windows - afd.sys Dangling Pointer Privilege Escalation (MS14-040)
Linux/ARM - Connect back to {ip:port} with /bin/sh (95 bytes)
Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh shellcode (95 bytes)
Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
Microsoft Windows 7 x64 - afd.sys Privilege Escalation (MS14-040)
Linux/x86_64 - Reverse Shell Shellcode
Linux/x86-64 - Reverse Shell Shellcode
Linux/x86_64 - execve(/bin/sh) (26 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (26 bytes)
Linux/x86_64 - execve(/bin/sh) (25 bytes)
Linux/x86_64 - execve(/bin/bash) (33 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (25 bytes)
Linux/x86-64 - execve(/bin/bash) shellcode (33 bytes)
Linux/x86_64 - bindshell (Pori: 5600) (81 bytes)
Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes)
Linux/x86_64 - Read /etc/passwd (65 bytes)
Linux/x86-64 - Read /etc/passwd shellcode (65 bytes)
Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)
Linux/x86_64 - bindshell (Port 5600) (86 bytes)
Linux/x86-64 - bindshell (Port 5600) shellcode (86 bytes)
Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode
Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode (394 bytes)
Linux/x86 - Reverse TCP Shellcode (IPv6)
Linux/x86 - Bind TCP Port 1472 (IPv6) (1250 bytes)
Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes)
Linux/x86 - Bind TCP Port 1472 (IPv6) shellcode (1250 bytes)
Linux/x64 - Bind Shell Shellcode (Generator)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
Linux/x86-64 - Bind Shell Shellcode (Generator)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
Win32 .Net Framework - Execute Native x86 Shellcode
Linux/x86_64 - Bind TCP Port 1472 (IPv6)
Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes)
Linux/x86_64 - Reverse TCP (IPv6)
Linux/x86-64 - Reverse TCP shellcode (IPv6) (203 bytes)
Linux/x86 - Bindshell with Configurable Port (87 bytes)
Linux/x86 - Bindshell with Configurable Port shellcode (87 bytes)
Linux/x86_64 - Null-Free Reverse TCP Shell
Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes)
Linux/x86_64 - Information Stealer Shellcode
Linux/x86-64 - Information Stealer Shellcode (399 bytes)
Linux/x86 - TCP Bind Shell Port 4444 (656 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes)
Linux/x86_64 - XOR Encode execve Shellcode
Linux/x86-64 - XOR Encode execve Shellcode
Windows x86 - WinExec(_cmd.exe__0) Shellcode
Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Windows x86 - system(_systeminfo_) Shellcode
Windows x86 - system(_systeminfo_) Shellcode (224 bytes)
Windows - Custom Font Disable Policy Bypass
PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit)
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)
Linux/x86_64 - /etc/passwd File Sender Shellcode
Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes)
Windows 7 SP1 x86 - Privilege Escalation (MS16-014)
Linux 64bit - NetCat Bind Shell Shellcode (64 bytes)
Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes)
Linux/x86 - TCP Bind Shell Port 4444 (98 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes)
Linux 64bit - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)
Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)
Linux/x86_64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes)
Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password shellcode (172 bytes)
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 shellcode (68 bytes)
2016-07-18 05:02:52 +00:00
Offensive Security
b51e0f27d5
DB: 2016-07-17
...
52 new exploits
Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) (38 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() (35 bytes)
Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes)
Linux i686 - pacman -R <package> (59 bytes)
Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes)
Linux i686 - pacman -R <package> (59 bytes)
JITed stage-0 shellcode
JITed exec notepad Shellcode
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
JITed egg-hunter stage-0 shellcode
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Windows - JITed egg-hunter stage-0 shellcode
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Linux/x86 - nc -lvve/bin/sh -p13377 shellcode
Linux/x86 - polymorphic forkbombe - (30 bytes)
Linux/x86 - forkbomb
Linux/x86 - polymorphic forkbombe (30 bytes)
Linux/x86 - forkbomb
Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes)
Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes)
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes)
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes)
Linux/x86 - Disable randomize stack addresse (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83
Linux/x86 - alphanumeric Bomb FORK Shellcode (117 bytes)
Linux/x86 - Disable randomize stack addresse (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83
Linux/x86 - alphanumeric Bomb FORK Shellcode (117 bytes)
Linux/x86 - Shellcode Polymorphic - setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
Linux/x86 - kill all running process (11 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes)
Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes)
Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes)
Linux/x86 - unlink _/etc/shadow_ shellcode (33 bytes)
Linux/x86 - hard / unclean reboot (29 bytes)
Linux/x86 - hard / unclean reboot (33 bytes)
Linux/x86 - unlink _/etc/shadow_ shellcode (33 bytes)
Linux/x86 - hard / unclean reboot (29 bytes)
Linux/x86 - hard / unclean reboot (33 bytes)
Linux/x86 - chown root:root /bin/sh shellcode (48 bytes)
Linux/x86 - give all user root access when execute /bin/sh (45 bytes)
Linux/x86 - chown root:root /bin/sh shellcode (48 bytes)
Linux/x86 - give all user root access when execute /bin/sh (45 bytes)
Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes)
Linux/ARM - execve(_/bin/sh___/bin/sh__0) (30 bytes)
Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) (84 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes)
Linux/ARM - Disable ASLR Security (102 bytes)
Linux/x86 - bind shell port 64533 (97 bytes)
Safari JS JITed shellcode - exec calc (ASLR/DEP bypass)
Windows - Safari JS JITed shellcode - exec calc (ASLR/DEP bypass)
Win32 - Write-to-file Shellcode
Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes)
Linux/x86 - netcat bindshell port 8080 (75 bytes)
Shellcode Checksum Routine (18 bytes)
Win32 - Shellcode Checksum Routine (18 bytes)
Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes)
Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes)
Win32 - add new local administrator (326 bytes)
Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes)
Win32 - add new local administrator (326 bytes)
Win32 - speaking shellcode
Linux/x86 - netcat bindshell port 6666 (69 bytes)
DNS Reverse Download and Exec Shellcode
Windows - DNS Reverse Download and Exec Shellcode
Linux/x86_32 - ConnectBack with SSL connection (422 bytes)
Linux/x86 - ConnectBack with SSL connection (422 bytes)
Linux/x86 - egghunt shellcode (29 bytes)
Linux/MIPS - execve /bin/sh (48 bytes)
Linux/MIPS - add user(UID 0) with password (164 bytes)
Linux/MIPS - execve /bin/sh (48 bytes)
Linux/MIPS - add user(UID 0) with password (164 bytes)
Linux/x86 - execve(/bin/dash) (42 bytes)
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes)
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes)
Linux/x86 - rmdir (37 bytes)
Linux/MIPS - execve (36 bytes)
Windows XP x86-64 - Download & execute (Generator)
Linux/x86 - /etc/passwd Reader (58 bytes)
Linux - execve /bin/sh (23 bytes)
Linux/x86 - execve /bin/sh (23 bytes)
Linux/x86/x86_64 - reverse_tcp Shellcode
Linux x86 & x86_64 - reverse_tcp Shellcode
Linux/x86/x86_64 - tcp_bind Shellcode
Linux/x86/x86_64 - Read etc/passwd Shellcode
Linux x86 & x86_64 - tcp_bind Shellcode
Linux x86 & x86_64 - Read etc/passwd Shellcode
.Net Framework - Execute Native x86 Shellcode
Win32 .Net Framework - Execute Native x86 Shellcode
2016-07-17 05:07:02 +00:00
Offensive Security
0a9242663c
DB: 2016-07-16
...
2 new exploits
BSD Passive Connection Shellcode
BSD - Passive Connection Shellcode
FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging
FreeBSD i386/AMD64 - Execve /bin/sh (Anti-Debugging)
freebsd/x86 rev connect_ recv_ jmp_ return results (90 bytes)
freebsd/x86 - rev connect_ recv_ jmp_ return results (90 bytes)
freebsd/x86 portbind 4883 with auth shellcode
freebsd/x86 - portbind 4883 with auth shellcode
freebsd/x86 - execve /bin/sh (23 bytes) (2)
freebsd/x86 - execve /bin/sh (2) (23 bytes)
freebsd/x86 chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes)
freebsd/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes)
Windows xp/sp1 generate portbind payload
Windows XP SP1 - portbind payload (Generator)
Linux/x86 - shellcode generator / null free
Alphanumeric Shellcode Encoder Decoder
Utility for generating HTTP/1.x requests for shellcodes
Multi-Format Shellcode Encoding Tool - Beta 2.0 (w32)
Linux/x86 - shellcode null free (Generator)
Alphanumeric Shellcode Encoder/Decoder
HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)
Multi-Format Shellcode Encoding Tool - Beta 2.0 (Win32) (Generator)
Cisco IOS Connectback Shellcode 1.0
Cisco IOS Bind Shellcode 1.0
Cisco IOS Tiny Shellcode 1.0
Cisco IOS Shellcode And Exploitation Techniques (BlackHat)
Cisco IOS - Connectback Shellcode
Cisco IOS - Bind Shellcode 1.0 (116 bytes)
Cisco IOS - Tiny Shellcode
Cisco IOS - Shellcode And Exploitation Techniques (BlackHat)
Linux/mips - (Linksys WRT54G/GL) port bind shellcode (276 bytes)
Linux/mips - (Linksys WRT54G/GL) execve shellcode (60 bytes)
Linux/mips - execve /bin/sh (56 bytes)
Linux/ppc - execve /bin/sh (60 bytes)
Linux/ppc - read & exec shellcode (32 bytes)
Linux/ppc - connect back execve /bin/sh (240 bytes)
Linux/ppc - execve /bin/sh (112 bytes)
Linux/MIPS (Linksys WRT54G/GL) - port bind shellcode (276 bytes)
Linux/MIPS (Linksys WRT54G/GL) - execve shellcode (60 bytes)
Linux/MIPS - execve /bin/sh (56 bytes)
Linux/PPC - execve /bin/sh (60 bytes)
Linux/PPC - read & exec shellcode (32 bytes)
Linux/PPC - connect back execve /bin/sh (240 bytes)
Linux/PPC - execve /bin/sh (112 bytes)
Linux/x86 - listens for shellcode on tcp/5555 and jumps to it
Linux/x86 - listens for shellcode on tcp/5555 and jumps to it (83 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) (49 bytes)
Linux/x86_64 - setuid(0) + execve(/bin/sh) (49 bytes)
Linux/x86 - File unlinker (18 bytes + file path length)
Linux/x86 - Perl script execution (99 bytes + script length)
Linux/x86 - file reader (65 bytes + pathname)
Linux/x86 - File unlinker (18+ bytes)
Linux/x86 - Perl script execution (99+ bytes)
Linux/x86 - file reader (65+ bytes)
Linux x86 shellcode obfuscator
Linux/x86 - shellcode obfuscator
Linux/86 setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode
Linux/x86 - rm -rf / attempts to block the process from being stopped
Linux/x86 - rm -rf / attempts to block the process from being stopped (132 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111 bytes+)
Linux/x86 - executes command after setreuid (9 + 40 bytes + cmd)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111+ bytes)
Linux/x86 - executes command after setreuid (49+ bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68 bytes+)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (.s)
Linux/x86 - examples of long-term payloads hide-wait-change 187 bytes+
Linux/x86 - examples of long-term payloads hide-wait-change (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (187+ bytes)
Linux - chroot()/execve() code
Linux - chroot()/execve() code (80 bytes)
Linux/x86-64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86-64 - execve(/bin/sh) (33 bytes)
Linux/PPC/x86 execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes)
OS-X/PPC/x86 execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes)
Linux/x86 - unix/SPARC irix/mips execve /bin/sh irx.mips (141 bytes)
Linux/x86 - unix/SPARC execve /bin/sh (80 bytes)
Linux/x86 - bsd/x86 execve /bin/sh (38 bytes)
netbsd/x86 kill all processes shellcode (23 bytes)
netbsd/x86 callback shellcode (port 6666) (83 bytes)
netbsd/x86 setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes)
netbsd/x86 setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes)
netbsd/x86 execve /bin/sh (68 bytes)
openbsd/x86 execve(/bin/sh) (23 bytes)
openbsd/x86 portbind port 6969 (148 bytes)
openbsd/x86 add user w00w00 (112 bytes)
OS-X/ppc sync()_ reboot() (32 bytes)
OS-X/PPC execve(/bin/sh)_ exit() (72 bytes)
OS-X/PPC Add user r00t (219 bytes)
OS-X/PPC execve /bin/sh (72 bytes)
OS-X/PPC add inetd backdoor (222 bytes)
OS-X/PPC reboot (28 bytes)
OS-X/PPC setuid(0) + execve /bin/sh (88 bytes)
OS-X/PPC create /tmp/suid (122 bytes)
OS-X/PPC simple write() (75 bytes)
OS-X/PPC execve /usr/X11R6/bin/xterm (141 bytes)
sco/x86 execve(_/bin/sh__ ..._ NULL); (43 bytes)
Solaris/sparc download and execute (278 bytes)
Solaris/sparc executes command after setreuid (92 bytes + cmd)
Solaris/sparc connect-back (with XNOR encoded session) (600 bytes)
Solaris/sparc setreuid/execve (56 bytes)
Solaris/sparc portbind (port 6666) (240 bytes)
Solaris/SPARC execve /bin/sh (52 bytes)
Solaris/SPARC portbind port 6789 (228 bytes)
Solaris/SPARC connect-back (204 bytes)
Solaris/SPARC portbinding shellcode
Solaris/x86 portbind/tcp shellcode generator
Solaris/x86 setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes)
Solaris/x86 setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes)
Solaris/x86 execve /bin/sh toupper evasion (84 bytes)
Solaris/x86 add services and execve inetd (201 bytes)
Linux/x86_64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86_64 - execve(/bin/sh) (33 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes)
OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes)
Linux/x86 & unix/SPARC & irix/mips - execve /bin/sh irx.mips (141 bytes)
Linux/x86 & unix/SPARC - execve /bin/sh (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh (38 bytes)
netbsd/x86 - kill all processes shellcode (23 bytes)
netbsd/x86 - callback shellcode (port 6666) (83 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes)
netbsd/x86 - execve /bin/sh (68 bytes)
openbsd/x86 - execve(/bin/sh) (23 bytes)
openbsd/x86 - portbind port 6969 (148 bytes)
openbsd/x86 - add user w00w00 (112 bytes)
OS-X/ppc - sync()_ reboot() (32 bytes)
OS-X/PPC - execve(/bin/sh)_ exit() (72 bytes)
OS-X/PPC - Add user r00t (219 bytes)
OS-X/PPC - execve /bin/sh (72 bytes)
OS-X/PPC - add inetd backdoor (222 bytes)
OS-X/PPC - reboot (28 bytes)
OS-X/PPC - setuid(0) + execve /bin/sh (88 bytes)
OS-X/PPC - create /tmp/suid (122 bytes)
OS-X/PPC - simple write() (75 bytes)
OS-X/PPC - execve /usr/X11R6/bin/xterm (141 bytes)
sco/x86 - execve(_/bin/sh__ ..._ NULL); (43 bytes)
Solaris/SPARC - download and execute (278 bytes)
Solaris/SPARC - executes command after setreuid (92+ bytes)
Solaris/SPARC - connect-back (with XNOR encoded session) (600 bytes)
Solaris/SPARC - setreuid/execve (56 bytes)
Solaris/SPARC - portbind (port 6666) (240 bytes)
Solaris/SPARC - execve /bin/sh (52 bytes)
Solaris/SPARC - portbind port 6789 (228 bytes)
Solaris/SPARC - connect-back (204 bytes)
Solaris/SPARC - portbinding shellcode
Solaris/x86 - portbind/tcp shellcode (Generator)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes)
Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes)
Solaris/x86 - execve /bin/sh toupper evasion (84 bytes)
Solaris/x86 - add services and execve inetd (201 bytes)
Win32/XP SP2 (En) - cmd.exe (23 bytes)
Win32/XP SP2 (EN) - cmd.exe (23 bytes)
Win32 SEH omelet shellcode 0.1
Win32 -SEH omelet shellcode
Win32 PEB!NtGlobalFlags shellcode (14 bytes)
Win32 - PEB!NtGlobalFlags shellcode (14 bytes)
Win32 PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes)
Win32 PEB Kernel32.dll ImageBase Finder (Ascii Printable) (49 bytes)
Win32 connectback_ receive_ save and execute shellcode
Win32 Download and Execute Shellcode Generator (browsers edition)
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) (49 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 IsDebuggerPresent ShellCode (NT/XP) (39 bytes)
Win32 (NT/XP) - IsDebuggerPresent ShellCode (39 bytes)
Win32 - Download & Exec Shellcode (226 bytes+)
Win32 - Download & Exec Shellcode (226+ bytes)
Windows 9x/NT/2000/XP Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP PEB method (29 bytes)
Windows 9x/NT/2000/XP PEB method (31 bytes)
Windows 9x/NT/2000/XP PEB method (35 bytes)
Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - PEB method (29 bytes)
Windows 9x/NT/2000/XP - PEB method (31 bytes)
Windows 9x/NT/2000/XP - PEB method (35 bytes)
Windows/XP download and exec source
Windows XP - download and exec source
Microsoft Windows - (DCOM RPC2) Universal Shellcode
Windows - (DCOM RPC2) Universal Shellcode
Linux - setuid(0) & execve(_/sbin/poweroff -f_)
Linux - setuid(0) & execve(_/sbin/poweroff -f_) (47 bytes)
Win xp sp2 PEB ISbeingdebugged shellcode
Windows XP SP2 - PEB ISbeingdebugged shellcode
Win32 XP SP3 ShellExecuteA shellcode
Win32 XP SP3 - ShellExecuteA shellcode
Win32 XP SP3 addFirewallRule
freebsd/x86 portbind shellcode (167 bytes)
Win32 XP SP3 - addFirewallRule
freebsd/x86 - portbind shellcode (167 bytes)
Win32/XP SP2 (En + Ar) - cmd.exe (23 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe (23 bytes)
Windows XP Pro Sp2 English _Message-Box_ Shellcode
Windows XP Pro Sp2 English _Wordpad_ Shellcode
Windows XP Pro SP2 English - _Message-Box_ Shellcode Null-Free (16 bytes)
Windows XP Pro SP2 English - _Wordpad_ Shellcode Null Free (12 bytes)
Linux x86 - polymorphic shellcode ip6tables -F (71 bytes)
Linux x86 - ip6tables -F (47 bytes)
Linux/x86 - polymorphic shellcode ip6tables -F (71 bytes)
Linux/x86 - ip6tables -F (47 bytes)
Linux x86 - /bin/sh (8 bytes)
Linux x86 - execve /bin/sh (21 bytes)
Linux/x86 - /bin/sh (8 bytes)
Linux/x86 - execve /bin/sh (21 bytes)
Linux x86 - disabled modsecurity (64 bytes)
Linux/x86 - disabled modsecurity (64 bytes)
Win32 Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Win32/XP SP3 (Ru) - WinExec+ExitProcess cmd shellcode (12 bytes)
Shellcode - Win32 MessageBox (Metasploit)
JITed egg-hunter stage-0 shellcode Adjusted universal for XP/Vista/Windows 7
Linux x86 - nc -lvve/bin/sh -p13377 shellcode
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - MessageBox (Metasploit)
Windows XP/Vista/Windows 7 - JITed egg-hunter stage-0 shellcode Adjusted universal
Linux/x86 - nc -lvve/bin/sh -p13377 shellcode
Linux write() & exit(0) shellcode genearator with customizable text
Linux x86 - polymorphic forkbombe - (30 bytes)
Linux x86 forkbombe
Linux - write() & exit(0) shellcode genearator with customizable text
Linux/x86 - polymorphic forkbombe - (30 bytes)
Linux/x86 - forkbomb
Linux/x86_64 execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux x86 - execve(_/bin/bash___-p__NULL) (33 bytes)
Linux x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) (33 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes)
Linux x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes)
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes)
Windows 7 Pro SP1 64 Fr (Beep) Shellcode (39 bytes)
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
change mode 0777 of _/etc/shadow_ with sys_chmod syscall
Linux/x86 - kill all running process
change mode 0777 of _/etc/passwd_ with sys_chmod syscall
Linux x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes)
Linux x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes)
Windows 7 x64 (cmd) Shellcode (61 bytes)
Linux x86 - unlink _/etc/shadow_ shellcode (33 bytes)
Linux x86 - hard / unclean reboot (29 bytes)
Linux x86 - hard / unclean reboot (33 bytes)
change mode 0777 of _/etc/shadow_ with sys_chmod syscall (39 bytes)
Linux/x86 - kill all running process (11 bytes)
change mode 0777 of _/etc/passwd_ with sys_chmod syscall (39 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) shellcode (45 bytes)
Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) shellcode (39 bytes)
Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - unlink _/etc/shadow_ shellcode (33 bytes)
Linux/x86 - hard / unclean reboot (29 bytes)
Linux/x86 - hard / unclean reboot (33 bytes)
Linux - chown root:root /bin/sh x86 shellcode (48 bytes)
Linux/x86 - chown root:root /bin/sh shellcode (48 bytes)
Linux x86 - netcat connect back port 8080 (76 bytes)
Linux/x86 - netcat connect back port 8080 (76 bytes)
Allwin MessageBoxA Shellcode
Windows - MessageBoxA Shellcode
Linux/x86-64 - Disable ASLR Security (143 bytes)
Linux/x86_64 - Disable ASLR Security (143 bytes)
Polymorphic Bindport 31337 with setreuid (0_0) linux/x86
Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) (131 bytes)
Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes)
Linux/x86_64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes)
Linux/x86-64 - Add root user with password (390 bytes)
Linux/x86_64 - Add root user with password (390 bytes)
ShellCode WinXP SP3 SPA URLDownloadToFileA + CreateProcessA + ExitProcess
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess (176+ bytes)
Polymorphic /bin/sh x86 linux shellcode
Linux/x86 - Polymorphic /bin/sh shellcode (116 bytes)
Linux/ARM chmod(_/etc/shadow__ 0777) Shellcode (35 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes)
Linux x86 - bind shell port 64533 (97 bytes)
Linux/x86 - bind shell port 64533 (97 bytes)
125 bind port to 6778 XOR encoded polymorphic linux shellcode
Linux - 125 bind port to 6778 XOR encoded polymorphic
ARM Polymorphic - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode Generator
ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (Generator)
Win32 - Write-to-file Shellcode
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes)
Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes)
Linux x86 - netcat bindshell port 8080 (75 bytes)
Linux/x86 - netcat bindshell port 8080 (75 bytes)
Linux x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes)
Linux/x86 - /bin/sh Null-Free Polymorphic Shellcode (46 bytes)
Shellcode Checksum Routine
Shellcode Checksum Routine (18 bytes)
Win32/XP SP3 (Tr) - Add Admin Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes)
Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM)
Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM)
Windows Mobile 6.5 TR Phone Call Shellcode
Windows Mobile 6.5 TR - Phone Call Shellcode
Win32/xp pro sp3 (EN) 32-bit - add new local administrator (113 bytes)
Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes)
ARM Bindshell port 0x1337
ARM Bind Connect UDP Port 68
ARM Loader Port 0x1337
ARM ifconfig eth0 and Assign Address
ARM - Bindshell port 0x1337
ARM - Bind Connect UDP Port 68
ARM - Loader Port 0x1337
ARM - ifconfig eth0 and Assign Address
w32 speaking shellcode
Win32 - speaking shellcode
BSD x86 connect back Shellcode (81 bytes)
BSD x86 portbind + fork shellcode (111 bytes)
bds/x86 - connect back Shellcode (81 bytes)
bds/x86 - portbind + fork shellcode (111 bytes)
OS-X/Intel reverse_tcp shell x86_64 (131 bytes)
OS-X/Intel - reverse_tcp shell x86_64 (131 bytes)
Allwin WinExec add new local administrator + ExitProcess Shellcode
Windows - WinExec add new local administrator + ExitProcess Shellcode (279 bytes)
Linux x86 - ASLR deactivation (83 bytes)
Linux/x86 - ASLR deactivation (83 bytes)
Linux/x86-32 - ConnectBack with SSL connection (422 bytes)
Linux/x86_32 - ConnectBack with SSL connection (422 bytes)
SuperH (sh4) Add root user with password
SuperH (sh4) - Add root user with password (143 bytes)
Linux x86 egghunt shellcode
Linux/x86 - egghunt shellcode (29 bytes)
OSX - Universal ROP shellcode
OS-X - Universal ROP shellcode
52 byte Linux MIPS execve
Linux/MIPS - execve (52 bytes)
MIPS Linux XOR Shellcode Encoder (60 bytes)
Linux/MIPS - XOR Shellcode Encoder (60 bytes)
Linux/x86-64 - execve(/bin/sh) (52 bytes)
Linux/x86_64 - execve(/bin/sh) (52 bytes)
Linux/x86 - Search For php/html Writable Files and Add Your Code
Linux/x86 - Search For php/html Writable Files and Add Your Code (380+ bytes)
Linux x86_64 - add user with passwd (189 bytes)
Linux/x86_64 - add user with passwd (189 bytes)
Linux x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes)
Linux/x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes)
ntop 1.x - -i Local Format String
ntop 1.x - i Local Format String
(Raspberry Pi) Linux/ARM - reverse_shell (tcp_10.1.1.2_0x1337)
(Raspberry Pi) Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes)
(Raspberry Pi) Linux/ARM - chmod(_/etc/shadow__ 0777) (41 bytes)
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) (72 bytes)
Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) (41 bytes)
Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode
Windows - URLDownloadToFile + WinExec + ExitProcess Shellcode
MIPS Little Endian Shellcode
MIPS Little Endian - Shellcode
Media Player Classic 6.4.9 - - FLI File Remote Buffer Overflow
Media Player Classic 6.4.9 - FLI File Remote Buffer Overflow
Linux x86 - Socket Re-use Shellcode (50 bytes)
Linux/x86 - Socket Re-use Shellcode (50 bytes)
Linux x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes)
Obfuscated Shellcode Linux x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes)
Mouse Media Script 1.6 - - Stored XSS
Mouse Media Script 1.6 - Stored XSS
Linux x86 - rmdir (37 bytes)
Linux/x86 - rmdir (37 bytes)
Linux x64 - Bind TCP port shellcode (81 bytes_ 96 with password)
Linux/x64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux x64 - Reverse TCP connect (77 to 85 bytes_ 90 to 98 with password)
Linux/x64 - Reverse TCP connect (77 to 85 bytes / 90 to 98 bytes with password)
Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 Bytes)
Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 Bytes)
Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Linux MIPS - execve (36 bytes)
Linux/MIPS - execve (36 bytes)
Win x86-64 - Download & execute (Generator)
Windows XP x86-64 - Download & execute (Generator)
Linux x86 - Egg-hunter (20 bytes)
Linux x86 - Typewriter Shellcode Generator
Linux/x86 - Egg-hunter (20 bytes)
Linux/x86 - Typewriter Shellcode (Generator)
Linux/x86 - execve _/bin/sh_ - shellcode (35 bytes)
Linux/x86 - execve _/bin/sh_ shellcode (35 bytes)
Linux custom execve-shellcode Encoder/Decoder
Linux - custom execve-shellcode Encoder/Decoder
Linux x86 - Execve /bin/sh Shellcode Via Push (21 bytes)
Linux x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux/x86 - Execve /bin/sh Shellcode Via Push (21 bytes)
Linux/x86_64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes)
Linux/x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes)
Linux/x86 - execve /bin/sh shellcode (21 bytes) (2)
Linux/x86 - execve /bin/sh shellcode (2) (21 bytes)
Linux - execve(/bin/sh) (30 bytes)
Linux/x86_64 - execve(/bin/sh) (30 bytes)
Linux 64 bit - Encoded execve shellcode
Linux 64bit - Encoded execve shellcode
Linux x86 /bin/sh ROT7 Encoded Shellcode
Linux/x86 - /bin/sh ROT7 Encoded Shellcode
Win32/xp[TR] sp3 - MessageBox (24 bytes)
Win32/XP SP3 (TR) - MessageBox (24 bytes)
Linux x86 - Egg Hunter Shellcode (19 bytes)
Linux/x86 - Egg Hunter Shellcode (19 bytes)
Windows x86 - user32!MessageBox _Hello World!_ (199 Bytes Null-Free)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free (199 bytes)
Linux x86 - /bin/sh ROL/ROR Encoded Shellcode
Linux/x86 - /bin/sh ROL/ROR Encoded Shellcode
OS X x64 /bin/sh Shellcode - NULL Byte Free (34 bytes)
OS-X x64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
Mainframe/System Z Bind Shell
Mainframe/System Z - Bind Shell
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) (75 bytes)
OS X x64 - tcp bind shellcode_ NULL byte free (144 bytes)
OS-X x64 - tcp bind shellcode_ NULL byte free (144 bytes)
Linux x86_64 - /bin/sh
Linux/x86_64 - /bin/sh
Linux x86_64 - execve Shellcode (22 bytes)
Linux/x86_64 - execve Shellcode (22 bytes)
Linux x86_64 - Bindshell with Password (92 bytes)
Linux/x86_64 - Bindshell with Password (92 bytes)
Linux x64 - egghunter (24 bytes)
Linux/x64 - egghunter (24 bytes)
Linux x86_64 - Polymorphic execve Shellcode (31 bytes)
Linux/x86_64 - Polymorphic execve Shellcode (31 bytes)
Windows XP-10 - Null-Free WinExec Shellcode (Python)
Windows XP<10 - Null-Free WinExec Shellcode (Python)
x64 Linux Bind TCP Port Shellcode
Linux/x64 - Bind TCP Port Shellcode (103 bytes)
x86_64 Linux bind TCP port shellcode
Linux/x86_64 - bind TCP port shellcode (103 bytes)
Linux/x86 - execve _/bin/sh_ - shellcode 24 byte
Linux/x86 - execve _/bin/sh_ shellcode (24 bytes)
Linux x86_64 - Egghunter (18 bytes)
Linux x86 - Egg-hunter (13 bytes)
Linux/x86_64 - Egghunter (18 bytes)
Linux/x86 - Egg-hunter (13 bytes)
WordPress Booking Calendar Contact Form Plugin <=1.1.23 - Unauthenticated SQL injection
WordPress Booking Calendar Contact Form Plugin <= 1.1.23 - Unauthenticated SQL injection
x86_64 Linux xor/not/div Encoded execve Shellcode
Linux/x86_64 - xor/not/div Encoded execve Shellcode (54 bytes)
WordPress Booking Calendar Contact Form Plugin <=1.1.23 - Shortcode SQL Injection
WordPress Booking Calendar Contact Form Plugin <= 1.1.23 - Shortcode SQL Injection
Linux x86/x86_64 reverse_tcp Shellcode
Linux/x86/x86_64 - reverse_tcp Shellcode
Linux x86/x86_64 tcp_bind Shellcode
Linux x86/x86_64 Read etc/passwd Shellcode
Linux/x86/x86_64 - tcp_bind Shellcode
Linux/x86/x86_64 - Read etc/passwd Shellcode
WordPress Booking Calendar Contact Form <=1.1.24 - Multiple Vulnerabilities
WordPress Booking Calendar Contact Form <= 1.1.24 - Multiple Vulnerabilities
x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version (1)
Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (1) (122 bytes)
x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version (2)
Linux x86 Download & Execute Shellcode
Linux x86_64 - Polymorphic Execve-Stack (47 bytes)
Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (2) (135 bytes)
Linux/x86 - Download & Execute Shellcode
Linux/x86_64 - Polymorphic Execve-Stack (47 bytes)
Linux x86_64 - Reverse Shell Shellcode
Linux/x86_64 - Reverse Shell Shellcode
Linux/x86_x64 - execve(/bin/sh) (26 bytes)
Linux/x86_64 - execve(/bin/sh) (26 bytes)
Linux/x86_x64 - execve(/bin/sh) (25 bytes)
Linux/x86_x64 - execve(/bin/bash) (33 bytes)
Linux/x86_64 - execve(/bin/sh) (25 bytes)
Linux/x86_64 - execve(/bin/bash) (33 bytes)
Linux/x86_64 - bindshell (PORT: 5600) (81 bytes)
Linux/x86_64 - bindshell (Pori: 5600) (81 bytes)
Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode
Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode
Linux x86 Reverse TCP Shellcode (ipv6)
Linux x86 Shellcode - Bind TCP Port 1472 (ipv6)
Linux/x86 - Reverse TCP Shellcode (IPv6)
Linux/x86 - Bind TCP Port 1472 (IPv6) (1250 bytes)
Linux x64 - Bind Shell Shellcode Generator
Linux/x64 - Bind Shell Shellcode (Generator)
Windows Null-Free Shellcode - Primitive Keylogger to File (431 (0x01AF) bytes)
Windows - Null-Free Shellcode Primitive Keylogger to File (431 (0x01AF) bytes)
.Net Framework Execute Native x86 Shellcode
.Net Framework - Execute Native x86 Shellcode
Linux x86_64 Shellcode - Bind TCP Port 1472 (ipv6)
Linux/x86_64 - Bind TCP Port 1472 (IPv6)
Linux x86_64 Shellcode - Reverse TCP (ipv6)
Linux/x86_64 - Reverse TCP (IPv6)
Windows - Null-Free Shellcode - Functional Keylogger to File (601 (0x0259) bytes)
Windows - Null-Free Shellcode Functional Keylogger to File (601 (0x0259) bytes)
Linux x86_64 Shellcode Null-Free Reverse TCP Shell
Linux/x86_64 - Null-Free Reverse TCP Shell
Linux x86_64 Information Stealer Shellcode
Linux/x86_64 - Information Stealer Shellcode
Linux x86 - TCP Bind Shell Port 4444 (656 bytes)
Linux/x86 - TCP Bind Shell Port 4444 (656 bytes)
Linux x86_64 XOR Encode execve Shellcode
Linux/x86_64 - XOR Encode execve Shellcode
Linux/Windows/BSD x86_64 execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode
Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Windows x86 WinExec(_cmd.exe__0) Shellcode
Linux x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes)
Windows x86 - WinExec(_cmd.exe__0) Shellcode
Linux/x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes)
Windows x86 system(_systeminfo_) Shellcode
Windows x86 - system(_systeminfo_) Shellcode
Windows x86 ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode
Linux x86 /bin/sh Shellcode + ASLR Bruteforce
Linux/x86 - /bin/sh Shellcode + ASLR Bruteforce
Linux x86_64 /etc/passwd File Sender Shellcode
Linux/x86_64 - /etc/passwd File Sender Shellcode
Linux x86 - TCP Bind Shell Port 4444 (98 bytes)
Linux/x86 - TCP Bind Shell Port 4444 (98 bytes)
Linux x86 - TCP Reverse Shellcode (75 bytes)
Linux/x86 - TCP Reverse Shellcode (75 bytes)
Linux x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes)
Linux/x86_64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes)
Linux x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10
Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure
2016-07-16 05:06:26 +00:00
Offensive Security
0d018828aa
DB: 2016-07-15
2016-07-15 06:29:45 +00:00
Offensive Security
13e9ec719b
DB: 2016-07-14
...
17 new exploits
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (2)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (3)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (4)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (5)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (6)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (7)
Adobe Flash Player 22.0.0.192 - DefineBitsJPEG2 Memory Corruption
Adobe Flash Player 22.0.0.192 - DefineSprite Memory Corruption
Adobe Flash Player 22.0.0.192 - TAG Memory Corruption
Adobe Flash Player 22.0.0.192 - SceneAndFrameData Memory Corruption
Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode
GSX Analyzer 10.12 and 11 - Main.swf Hardcoded Superadmin Credentials
MS16-032 Secondary Logon Handle Privilege Escalation
Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution
Apache Archiva 1.3.9 - Multiple CSRF Vulnerabilities
Linux x86 Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10
2016-07-14 05:05:01 +00:00
Offensive Security
5cf8f533ae
DB: 2016-07-13
2016-07-13 05:07:07 +00:00
Offensive Security
fc4bc08825
DB: 2016-07-12
...
15 new exploits
Apache HTTPd - Arbitrary Long HTTP Headers DoS
Apache HTTPd - Arbitrary Long HTTP Headers DoS (Perl)
Apache HTTPd - Arbitrary Long HTTP Headers DoS
Apache HTTPd - Arbitrary Long HTTP Headers DoS (C)
Mercury Mail 4.01 (Pegasus) IMAP Buffer Overflow Exploit (c code)
Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow Exploit (C) (1)
Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (2) (c code)
Mercury Mail 4.01 - (Pegasus) IMAP Buffer Overflow (C) (2)
Webhints <= 1.03 - Remote Command Execution Exploit (perl code) (1)
Webhints <= 1.03 - Remote Command Execution Exploit (c code) (2)
Webhints <= 1.03 - Remote Command Execution Exploit (perl code) (3)
Webhints <= 1.03 - Remote Command Execution Exploit (Perl) (1)
Webhints <= 1.03 - Remote Command Execution Exploit (C) (2)
Webhints <= 1.03 - Remote Command Execution Exploit (Perl) (3)
phpBB <= 2.0.15 - Register Multiple Users Denial of Service (Perl Code)
phpBB <= 2.0.15 - Register Multiple Users Denial of Service (C Code)
phpBB <= 2.0.15 - Register Multiple Users Denial of Service (Perl)
phpBB <= 2.0.15 - Register Multiple Users Denial of Service (C)
SimpleBBS <= 1.1 - Remote Commands Execution Exploit (c code)
SimpleBBS <= 1.1 - Remote Commands Execution Exploit (C)
Xmame 0.102 (-lang) Local Buffer Overflow Exploit (c code)
Xmame 0.102 - (lang) Local Buffer Overflow Exploit (C)
aFAQ 1.0 (faqDsp.asp catcode) Remote SQL Injection Vulnerability
aFAQ 1.0 - (faqDsp.asp catcode) Remote SQL Injection Vulnerability
Apple CFNetwork HTTP Response Denial of Service Exploit (rb code)
Apple CFNetwork - HTTP Response Denial of Service Exploit (RB)
PhpBlock a8.4 (PATH_TO_CODE) Remote File Inclusion Vulnerability
PhpBlock a8.4 - (PATH_TO_CODE) Remote File Inclusion Vulnerability
WebPortal CMS <= 0.7.4 (code) Remote Code Execution Vulnerability
WebPortal CMS <= 0.7.4 - (code) Remote Code Execution Vulnerability
emergecolab 1.0 (sitecode) Local File Inclusion Vulnerability
emergecolab 1.0 - (sitecode) Local File Inclusion Vulnerability
Simple Machines Forums (BBCode) Cookie Stealing Vulnerability
Simple Machines Forums - (BBCode) Cookie Stealing Vulnerability
Movie PHP Script 2.0 (init.php anticode) Code Execution Vulnerability
Movie PHP Script 2.0 - (init.php anticode) Code Execution Vulnerability
Kjtechforce mailman b1 (code) SQL Injection Delete Row Vulnerability
Kjtechforce mailman b1 - (code) SQL Injection Delete Row Vulnerability
WordPress Activity Log Plugin 2.3.1 - Persistent XSS
IPS Community Suite 4.1.12.3 - PHP Code Injection
Adobe Flash - ATF Processing Overflow
Adobe Flash - JXR Processing Double Free
Adobe Flash - LMZA Property Decoding Heap Corruption
Adobe Flash - ATF Image Packing Overflow
Tiki Wiki 15.1 - Unauthenticated File Upload Vulnerability (msf)
Ho' Detector (Promiscuous mode detector shellcode) (56 bytes)
Ho' Detector - Promiscuous mode detector shellcode (56 bytes)
MS16-016 mrxdav.sys WebDav Local Privilege Escalation
Ruby on Rails ActionPack Inline ERB Code Execution
Lan Messenger sending PM Buffer Overflow (UNICODE) - Overwrite SEH
Lan Messenger - sending PM Buffer Overflow (UNICODE) Overwrite SEH
Tiki Wiki CMS 15.0 - Arbitrary File Download
Belkin Router AC1200 Firmware 1.00.27 - Authentication Bypass
WordPress All in One SEO Pack Plugin 2.3.6.1 - Persistent XSS
Device42 WAN Emulator 2.3 Traceroute Command Injection
Device42 WAN Emulator 2.3 Ping Command Injection
Device42 WAN Emulator 2.3 - Traceroute Command Injection
Device42 WAN Emulator 2.3 - Ping Command Injection
Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash
Dell KACE K1000 File Upload
Dell KACE K1000 - File Upload
Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
Dell SonicWALL Scrutinizer 11.01 - methodDetail SQL Injection
Valve Steam 3.42.16.13 - Local Privilege Escalation
Beauty Parlour & SPA Saloon Management System - Blind SQL Injection
Clinic Management System - Blind SQL Injection
Linux x86-64 Continuously-Probing Reverse Shell via Socket + Port-range + Password - 172 Bytes
2016-07-12 05:05:04 +00:00
Offensive Security
76bc268c80
DB: 2016-07-11
2016-07-11 05:06:57 +00:00
Offensive Security
c9a818eb76
DB: 2016-07-10
2016-07-10 05:03:45 +00:00
Offensive Security
29f0764fac
DB: 2016-07-09
...
9 new exploits
Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit
Joomla <= 1.0.9 - (Weblinks) Remote Blind SQL Injection Exploit
Microsoft Excel Malformed FEATHEADER Record Exploit (MS09-067)
Microsoft Excel - Malformed FEATHEADER Record Exploit (MS09-067)
Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability
Seo Panel 2.2.0 - Cookie-Rendered Persistent XSS Vulnerability
VLC AMV Dangling Pointer Vulnerability
VLC - AMV Dangling Pointer Vulnerability
Movable Type 4.2x_ 4.3x Web Upgrade Remote Code Execution
Movable Type 4.2x_ 4.3x - Web Upgrade Remote Code Execution
Roxio CinePlayer 3.2 SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability
Roxio CinePlayer 3.2 - SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability
HP Client Automation Command Injection
HP Client - Automation Command Injection
Persistent Systems Client Automation Command Injection RCE
Persistent Systems Client Automation - Command Injection RCE
ElasticSearch Unauthenticated Remote Code Execution
ElasticSearch - Unauthenticated Remote Code Execution
ElasticSearch Search Groovy Sandbox Bypass
ElasticSearch - Search Groovy Sandbox Bypass
Fedora abrt Race Condition Exploit
Fedora - abrt Race Condition Exploit
ProFTPD 1.3.5 Mod_Copy Command Execution
ProFTPD 1.3.5 - Mod_Copy Command Execution
Windows ClientCopyImage Win32k Exploit
Microsoft Windows - ClientCopyImage Win32k Exploit
Wolf CMS Arbitrary File Upload To Command Execution
Wolf CMS - Arbitrary File Upload To Command Execution
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Kaseya VSA uploader.aspx Arbitrary File Upload
Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload
Samsung Galaxy S6 - Samsung Gallery Bitmap Decoding Crash
Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash
Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux 2 (MS16-008)
Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008)
Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008)
Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008)
Microsoft Windows 7 SP1 x86 - WebDAV Privilege Escalation (MS16-016)
Microsoft Windows 7 SP1 x86 - WebDAV Privilege Escalation (MS16-016) (1)
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
NETGEAR ProSafe Network Management System 300 - Arbitrary File Upload
Windows - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)
Microsoft Windows 8.1/10 - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)
OS X / iOS Suid Binary Logic Error Kernel Code Execution
OS X / iOS - Suid Binary Logic Error Kernel Code Execution
Novell ServiceDesk Authenticated File Upload
Novell ServiceDesk - Authenticated File Upload
Mach Race OS X Local Privilege Escalation Exploit
Mach Race OS X - Local Privilege Escalation Exploit
Oracle ATS Arbitrary File Upload
Oracle Application Testing Suite (ATS) - Arbitrary File Upload
Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
WordPress Lazy Content Slider Plugin 3.4 - (Add Catetory) CSRF
Hide.Me VPN Client 1.2.4 - Privilege Escalation
InstantHMI 6.1 - Privilege Escalation
Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash PoC
Microsoft WinDbg logviewer.exe - Crash PoC
Linux x86 TCP Reverse Shellcode - 75 bytes
php Real Estate Script 3 - Arbitrary File Disclosure
CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval
Streamo Online Radio And TV Streaming CMS - SQL Injection
2016-07-09 05:06:22 +00:00
Offensive Security
c7daadde64
DB: 2016-07-08
...
8 new exploits
WordPress Q and A (Focus Plus) FAQ Plugin 1.3.9.7 - Multiple Vulnerabilities
WordPress Huge-IT Image Gallery Plugin 1.8.9 - Multiple Vulnerabilities
Codoforum 3.4 - Stored Cross-Site Scripting
MediaCoder 0.8.43.5830 - .m3u Buffer Overflow SEH Exploit
VUPlayer 2.49 - .m3u Buffer Overflow Exploit (Win 7 DEP Bypass)
Core FTP LE 2.2 - Path Field Local Buffer Overflow
OPAC KpwinSQL - Multiple Vulnerabilities
GE Proficy HMI/SCADA CIMPLICITY 8.2 - Local Privilege Escalation
2016-07-08 05:06:14 +00:00
Offensive Security
52cf6a3185
DB: 2016-07-07
...
9 new exploits
CIMA DocuClass ECM - Multiple Vulnerabilities
24online SMS_2500i 8.3.6 build 9.0 - SQL Injection
Linux 64bit Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) - 176 bytes
Advanced Webhost Billing System (AWBS) 2.9.6 - Multiple Vulnerabilities
PaKnPost Pro 1.14 - Multiple Vulnerabilities
GNU Wget < 1.18 - Arbitrary File Upload/Remote Code Execution
OpenFire 3.10.2 - 4.0.1 - Multiple Vulnerabilities
Samsung Android JACK - Privilege Escalation
Nagios XI Chained Remote Code Execution
2016-07-07 05:06:28 +00:00
Offensive Security
49a443eece
DB: 2016-07-06
2016-07-06 05:02:46 +00:00
Offensive Security
b530dd470e
DB: 2016-07-05
...
8 new exploits
BigDump - (Cross Site Scripting/SQL Injection/Arbitrary File Upload) Multiple Vulnerabilities
BigDump 0.29b and 0.32b - Multiple Vulnerabilities
Linux - netfilter IPT_SO_SET_REPLACE Memory Corruption
Linux Kernel 3.10_ 3.18 + 4.4 - netfilter IPT_SO_SET_REPLACE Memory Corruption
Debian Exim - Spool Local Root Privilege Escalation
Ubuntu 16.04 local root exploit - netfilter target_offset OOB
Linux Kernel 4.4.0-2 (Ubuntu 16.04) - netfilter target_offset OOB Local Root Exploit
XpoLog Center 6 - Remote Command Execution CSRF
Ktools Photostore 4.7.5 - Multiple Vulnerabilities
Linux 64bit NetCat Bind Shell Shellcode - 64 bytes
WordPress Real3D FlipBook Plugin - Multiple Vulnerabilities
Linux x86 TCP Bind Shell Port 4444 - 98 bytes
WebCalendar 1.2.7 - Multiple Vulnerabilities
eCardMAX 10.5 - Multiple Vulnerabilities
2016-07-05 05:06:28 +00:00
Offensive Security
aeca36b114
DB: 2016-07-04
...
1 new exploits
Ubuntu 16.04 local root exploit - netfilter target_offset OOB
2016-07-04 05:05:27 +00:00
Offensive Security
58c236d738
DB: 2016-07-02
...
1 new exploits
Sudo 1.3.1 - 1.6.8p - Pathname Validation Local Root Exploit (OpenBSD)
Sudo 1.3.1 - 1.6.8p (OpenBSD) - Pathname Validation Local Root Exploit
Seattle Lab Software Emurl 2.0 Email Account Access Vulnerability
Seattle Lab Software Emurl 2.0 - Email Account Access Vulnerability
Phoenix Exploit Kit - Remote Code Execution
2016-07-02 05:02:45 +00:00
Offensive Security
0fddce018e
DB: 2016-07-01
...
2 new exploits
phpBookingCalendar <= 1.0c - (details_view.php) Remote SQL Injection
TFT Gallery <= 0.10 - Password Disclosure Remote Exploit
phpBookingCalendar 1.0c - (details_view.php) SQL Injection
TFT Gallery 0.10 - Password Disclosure Remote Exploit
Seattle Lab Mail 5.5 - POP3 Buffer Overflow
Seattle Lab Mail (SLMail) 5.5 - POP3 Buffer Overflow
Ktools Photostore 4.7.5 - Blind SQL Injection
Easy RM to MP3 Converter 2.7.3.700 - (.m3u) Exploit with Universal DEP+ASLR Bypass
2016-07-01 05:05:35 +00:00
Offensive Security
f74a7dfb7e
DB: 2016-06-30
...
13 new exploits
Symantec Antivirus - Multiple Remote Memory Corruption Unpacking RAR
Symantec Antivirus - Remote Stack Buffer Overflow in dec2lha Library
Symantec Antivirus - Heap Overflow Modifying MIME Messages
Symantec Antivirus - Integer Overflow in TNEF Decoder
Symantec Antivirus - Missing Bounds Checks in dec2zip ALPkOldFormatDecompressor::UnShrink
Symantec Antivirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow
Windows 7 SP1 x86 - Privilege Escalation (MS16-014)
Lenovo ThinkPad - System Management Mode Arbitrary Code Execution Exploit
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities
WordPress Ultimate Membership Pro Plugin 3.3 - SQL Injection
Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution
Ubiquiti Administration Portal - CSRF to Remote Command Execution
Concrete5 5.7.3.1 - (Application::dispatch) Local File Inclusion
2016-06-30 05:05:39 +00:00
Offensive Security
94e65060ad
DB: 2016-06-29
...
2 new exploits
Linux x86_64 /etc/passwd File Sender Shellcode
Untangle NGFW 12.1.0 beta - execEvil() Command Injection
2016-06-29 05:06:40 +00:00
Offensive Security
e9145685e4
DB: 2016-06-28
...
14 new exploits
Linux Netcat Reverse Shell - 32bit - 77 bytes
XM Easy Personal FTP Server 5.8 - (HELP) Remote DoS Vulnerability
Linux x86_64 execve Shellcode - 15 bytes
WordPress Ultimate Product Catalog Plugin 3.8.6 - Arbitrary File Upload
OPAC KpwinSQL - SQL Injection
Magnet Networks Tesley CPVA 642 Router – Weak WPA-PSK Passphrase Algorithm
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
Kagao 3.0 - Multiple Vulnerabilities
Panda Security Multiple Products - Privilege Escalation
MyLittleForum 2.3.5 - PHP Command Injection
iBilling 3.7.0 - Stored and Reflected XSS
PInfo 0.6.9-5.1 - Local Buffer Overflow
BigTree CMS 4.2.11 - SQL Injection
HNB 1.9.18-10 - Local Buffer Overflow
Linux x86 /bin/sh Shellcode + ASLR Bruteforce
SugarCRM 6.5.18 - PHP Code Injection
Riverbed SteelCentral NetProfiler & NetExpress 10.8.7 - Multiple Vulnerabilities
2016-06-28 05:03:46 +00:00
Offensive Security
3739831fb2
DB: 2016-06-24
...
16 new exploits
Banner Exchange Script 1.0 - (targetid) Blind SQL Injection Vulnerability
PHP 5.3.3 - ibase_gen_id() off-by-one Overflow Vulnerability
ARM Bindshell port 0x1337
ARM Bind Connect UDP Port 68
ARM Loader Port 0x1337
ARM ifconfig eth0 and Assign Address
ARM Bindshell port 0x1337
ARM Bind Connect UDP Port 68
ARM Loader Port 0x1337
ARM ifconfig eth0 and Assign Address
G Data TotalCare 2011 - NtOpenKey Race Condition Vulnerability
ImpressPages CMS 3.8 - Stored XSS Vulnerability
Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Vulnerability
Linux Netcat Reverse Shell - 32bit - 77 bytes
PrestaShop 1.4.4.1 modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php Multiple Parameter XSS
PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Parameter XSS
Getsimple CMS 3.3.10 - Arbitrary File Upload
op5 v7.1.9 Configuration Command Execution
op5 7.1.9 - Configuration Command Execution
Alibaba Clone B2B Script - Arbitrary File Disclosure
XuezhuLi FileSharing - Directory Traversal
XuezhuLi FileSharing - (Add User) CSRF
FinderView - Multiple Vulnerabilities
2016-06-24 05:06:19 +00:00
Offensive Security
412cc0a204
DB: 2016-06-23
...
4 new exploits
Linux Kernel 2.4 - uselib() Privilege Elevation Exploit (2)
Linux Kernel 2.4 - 'uselib()' Privilege Elevation Exploit (2)
Linux Kernel 2.4.x / 2.6.x - uselib() Local Privilege Escalation Exploit (3)
Linux Kernel 2.4.x / 2.6.x - 'uselib()' Local Privilege Escalation Exploit (3)
Linux Kernel 2.6.23 <= 2.6.24 - vmsplice Local Root Exploit (1)
Linux Kernel 2.6.23 <= 2.6.24 - 'vmsplice' Local Root Exploit (1)
Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV Local Privilege Escalation Exploit (1)
Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - < UDEV 1.4.1 Local Privilege Escalation Exploit (1)
Linux Kernel 2.x - 'sock_sendpage()' Local Root Exploit (2)
Linux Kernel 2.x - 'sock_sendpage()' Local Root Exploit (4)
Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' ring0 Root Exploit (3)
Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' ring0 Root Exploit (5)
Linux Kernel 2.4 / 2.6 (Fedora 11) - 'sock_sendpage()' Local Root Exploit (4)
Linux Kernel 2.4 / 2.6 (Fedora 11) - 'sock_sendpage()' Local Root Exploit (2)
Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Local Root Exploit (5)
Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Local Root Exploit (3)
Linux Kernel 2.4.1-2.4.37 / 2.6.1-2.6.32-rc5 - Pipe.c Privilege Escalation (3)
Linux Kernel 2.4.1-2.4.37 / 2.6.1-2.6.32-rc5 - 'Pipe.c' Privilege Escalation (3)
Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation
Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation (1)
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation Exploit
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation Exploit (2)
UNICOS 9/MAX 1.3/mk 1.5_AIX <= 4.2_libc <= 5.2.18_RedHat 4_IRIX 6_Slackware 3 NLS Vuln(1)
UNICOS 9/MAX 1.3/mk 1.5_AIX <= 4.2_libc <= 5.2.18_RedHat 4_IRIX 6_Slackware 3 NLS Vuln(2)
UNICOS 9/MAX 1.3/mk 1.5_AIX <= 4.2_libc <= 5.2.18_RedHat 4_IRIX 6_Slackware 3 NLS Vulnerability (1)
UNICOS 9/MAX 1.3/mk 1.5_AIX <= 4.2_libc <= 5.2.18_RedHat 4_IRIX 6_Slackware 3 NLS Vulnerability (2)
Linux Kernel 3.3 < 3.8 (Ubuntu/Fedora 18) - SOCK_DIAG Local Root Exploit (3)
Linux Kernel 3.3 < 3.8 (Ubuntu / Fedora 18) - 'sock_diag_handlers()' Local Root Exploit (3)
Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root (2)
Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root (1)
Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root (2)
Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (MSF)
Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (MSF)
Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (Metasploit)
Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (Metasploit)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (MSF)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (msf)
Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
Poison Ivy 2.1.x C2 Buffer Overflow (msf)
Poison Ivy 2.1.x C2 Buffer Overflow (Metasploit)
Bomgar Remote Support Unauthenticated Code Execution (msf)
Bomgar Remote Support Unauthenticated Code Execution (Metasploit)
Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (msf)
Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (Metasploit)
DarkComet Server Remote File Download Exploit (msf)
DarkComet Server Remote File Download Exploit (Metasploit)
PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit)
Wolf CMS 0.8.2 - Arbitrary File Upload Exploit (Metasploit)
Windows x86 ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode
2016-06-23 05:06:16 +00:00
Offensive Security
0fe9b46f79
DB: 2016-06-22
...
14 new exploits
Linux Kernel <= 2.4.22 - 'do_brk' Local Root Exploit (2)
Linux Kernel <= 2.4.22 - 'do_brk()' Local Root Exploit (2)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap' Local Proof of Concept (1)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap' Local Proof of Concept (2)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (1)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (2)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit (3)
Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit
Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit (1)
Linux Kernel <= 2.4.29-rc2 - uselib() Privilege Elevation
Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Elevation (1)
Linux Kernel 2.4 - uselib() Privilege Elevation Exploit
Linux Kernel 2.4 - uselib() Privilege Elevation Exploit (2)
Linux Kernel 2.4.x / 2.6.x - uselib() Local Privilege Escalation Exploit
Linux Kernel 2.4.x / 2.6.x - uselib() Local Privilege Escalation Exploit (3)
Linux Kernel 2.6.17 <= 2.6.24.1 - vmsplice Local Root Exploit
Linux Kernel 2.6.23 <= 2.6.24 - vmsplice Local Root Exploit
Linux Kernel 2.6.17 <= 2.6.24.1 - 'vmsplice' Local Root Exploit (2)
Linux Kernel 2.6.23 <= 2.6.24 - vmsplice Local Root Exploit (1)
Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV Local Privilege Escalation Exploit
Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV Local Privilege Escalation Exploit (1)
Linux Kernel 2.6 UDEV < 141 (Gentoo / Ubuntu 8.10/9.04) - Local Privilege Escalation Exploit
Linux Kernel 2.6 (Gentoo / Ubuntu 8.10/9.04) - UDEV < 141 Local Privilege Escalation Exploit (2)
Linux Kernel 2.x (Redhat) - sock_sendpage() Ring0 Local Root Exploit (1)
Linux Kernel 2.x - sock_sendpage() Local Root Exploit (2)
Linux Kernel 2.x (Redhat) - 'sock_sendpage()' Ring0 Local Root Exploit (1)
Linux Kernel 2.x - 'sock_sendpage()' Local Root Exploit (2)
Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - sock_sendpage() ring0 Root Exploit (1)
Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4~11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' ring0 Root Exploit (3)
Linux Kernel <= 2.6.30 - atalk_getname() 8-bytes Stack Disclosure Exploit
Linux Kernel <= 2.6.30 - 'atalk_getname()' 8-bytes Stack Disclosure Exploit (1)
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit
Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit (1)
Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit (2)
Linux Kernel < 2.6.19 (x86/x64) - udp_sendmsg Local Root Exploit
Linux Kernel < 2.6.19 (Debian 4) - udp_sendmsg Local Root Exploit
Linux Kernel < 2.6.19 (x86/x64) - udp_sendmsg Local Root Exploit (2)
Linux Kernel < 2.6.19 (Debian 4) - 'udp_sendmsg' Local Root Exploit (3)
Linux Kernel 2.4 / 2.6 (Fedora 11) - sock_sendpage() Local Root Exploit (2)
Linux Kernel 2.4 / 2.6 (Fedora 11) - 'sock_sendpage()' Local Root Exploit (4)
Linux Kernel 2.4 / 2.6 - sock_sendpage() Local Root Exploit (3)
Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Local Root Exploit (5)
Linux Kernel 2.4.1-2.4.37 / 2.6.1-2.6.32-rc5 - Pipe.c Privilege Escalation
Linux Kernel 2.4.1-2.4.37 / 2.6.1-2.6.32-rc5 - Pipe.c Privilege Escalation (3)
Linux Kernel <= 2.6.32 - 'pipe.c' Local Privilege Escalation Vulnerability
Linux Kernel <= 2.6.32 - 'pipe.c' Local Privilege Escalation Vulnerability (4)
Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full Nelson' Local Privilege Escalation
Linux Kernel <= 2.6.37 (Redhat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation
Linux Kernel <= 2.6.37 - Local Kernel Denial of Service
Linux Kernel <= 2.6.37 - Local Kernel Denial of Service (1)
Linux Kernel < 2.6.37-rc2 - TCP_MAXSEG Kernel Panic DoS
Linux Kernel < 2.6.37-rc2 - TCP_MAXSEG Kernel Panic DoS (2)
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - Econet Privilege Escalation Exploit
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation Exploit
Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - Mempodipper Local Root (1)
Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Local Root (1)
Linux Kernel 2.0/2.1_ Digital UNIX <= 4.0 D_ FreeBSD <= 2.2.4_ HP HP-UX 10.20/11.0_ IBM AIX <= 3.2.5_ NetBSD 1.2_ Solaris <= 2.5.1 - Smurf Denial of Service Vulnerability
Linux Kernel 2.0/2.1 (Digital UNIX <= 4.0 D / FreeBSD <= 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX <= 3.2.5 / NetBSD 1.2 / Solaris <= 2.5.1) - Smurf Denial of Service Vulnerability
Linux Kernel <= 2.3_ BSD/OS <= 4.0_ FreeBSD <= 3.2_ NetBSD <= 1.4 - Shared Memory Denial of Service Vulnerability
Linux Kernel <= 2.3 (BSD/OS <= 4.0 / FreeBSD <= 3.2 / NetBSD <= 1.4) - Shared Memory Denial of Service Vulnerability
Linux Kernel 2.2.12/2.2.14/2.3.99_ RedHat 6.x - Socket Denial of Service
Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service
Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail) Vulnerability (1)
Linux Kernel 2.2.x/2.4.0-test1_ SGI ProPack 1.2/1.3 - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2)
Linux Kernel 2.2.x <= 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Local Root 'sendmail' Vulnerability (1)
Linux Kernel 2.2.x <= 2.4.0-test1 (SGI ProPack 1.2/1.3) - Capabilities Local Root (sendmail <= 8.10.1) Vulnerability (2)
Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86_64) - sock_diag_handlers[] Local Root
Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86_64) - 'sock_diag_handlers[]' Local Root (1)
Linux Kernel <= 3.7.10 (Ubuntu 12.10 x64) - sock_diag_handlers Local Root Exploit
Linux Kernel <= 3.7.10 (Ubuntu 12.10 x64) - 'sock_diag_handlers' Local Root Exploit (2)
Linux Kernel 2.6.x - SYS_EPoll_Wait Local Integer Overflow Local Root Vulnerability (1)
Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow Local Root Vulnerability (1)
Linux Kernel 2.6.32 <= 3.x.x (CentOS) - PERF_EVENTS Local Root Exploit
Linux Kernel 2.6.32 <= 3.x.x (CentOS) - 'PERF_EVENTS' Local Root Exploit (1)
Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit
Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit (2)
Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat - Proof of Concept
Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat - Proof of Concept (1)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - Arbitrary Write with CONFIG_X86_X32 Exploit
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Local Root Exploit
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - Arbitrary Write with 'CONFIG_X86_X32' Exploit (2)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10) - 'CONFIG_X86_X32=y' Local Root Exploit (3)
Linux Kernel 2.6.x - 'fput()' NULL Pointer Dereference Local Denial of Service Vulnerabilty
Linux Kernel 3.3 < 3.8 (Ubuntu/Fedora 18) - SOCK_DIAG Local Root Exploit
Linux Kernel 3.3 < 3.8 (Ubuntu/Fedora 18) - SOCK_DIAG Local Root Exploit (3)
Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.(0_1_2) x64) - perf_swevent_init Local Root Exploit
Linux Kernel 2.6.x - 'fasync_helper()' Local Privilege Escalation Vulnerability
Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.0/1/2 x64) - perf_swevent_init Local Root Exploit (3)
Linux Kernel < 2.6.28 - 'fasync_helper()' Local Privilege Escalation Vulnerability
Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - Mempodipper Local Root (2)
Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - 'Mempodipper.c' Local Root (2)
Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Root Shell
Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Local Root Shell
Linux Kernel <= 4.3.3 (Ubuntu 14.04/15.10) - overlayfs Local Root Exploit
Linux Kernel <= 4.3.3 (Ubuntu 14.04/15.10) - 'overlayfs' Local Root Exploit (1)
Linux Kernel <= 4.3.3 - overlayfs Local Privilege Escalation
Linux Kernel <= 4.3.3 - 'overlayfs' Local Privilege Escalation (2)
DarkComet Server Remote File Download Exploit (msf)
Banshee 2.6.2 - .mp3 Crash PoC
IonizeCMS 1.0.8 - (Add Admin) CSRF
Yona CMS - (Add Admin) CSRF
Joomla Publisher Pro (com_publisher) Component - SQL Injection
Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap-Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)
Windows Kernel - ATMFD.DLL NamedEscape 0x250C Pool Corruption (MS16-074)
Linux - ecryptfs and /proc/$pid/environ Privilege Escalation
Windows - Custom Font Disable Policy Bypass
Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063)
SAP NetWeaver AS JAVA 7.1 - 7.5 - ctcprotocol Servlet XXE
SAP NetWeaver AS JAVA 7.1 - 7.5 - Directory Traversal
Radiant CMS 1.1.3 - Mutiple Persistent XSS Vulnerabilities
YetiForce CRM < 3.1 - Persistent XSS
2016-06-22 05:06:31 +00:00
Offensive Security
da158cde92
DB: 2016-06-21
...
11 new exploits
Linux Kernel 2.2. / 2.4.x - /proc Filesystem Potential Information Disclosure Vulnerability
Linux Kernel 2.2.x / 2.4.x - /proc Filesystem Potential Information Disclosure Vulnerability
WordPress Ultimate Product Catalog Plugin 3.8.1 - Privilege Escalation
Linux x86_64 execve Shellcode - 15 bytes
sNews CMS 1.7.1 - Multiple Vulnerabilities
Joomla BT Media (com_bt_media) Component - SQL Injection
Premium SEO Pack 1.9.1.3 - wp_options Overwrite
Windows XP - 10 - Download & Execute Shellcode
Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow (msf)
Airia - (Add Content) CSRF
Airia - Webshell Upload Exploit
Symphony CMS 2.6.7 - Session Fixation
ACROS Security 0patch 2016.05.19.539 - (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation
2016-06-21 05:03:48 +00:00
Offensive Security
eb4f2190bb
DB: 2016-06-20
2016-06-20 05:06:31 +00:00
Offensive Security
a7daa4c3b6
DB: 2016-06-19
2016-06-19 05:05:20 +00:00
Offensive Security
929e1cb538
DB: 2016-06-18
...
5 new exploits
WordPress Gravity Forms Plugin 1.8.19 - Arbitrary File Upload
Vicidial 2.11 - Scripts Stored XSS
phpATM 1.32 - Remote Command Execution (Shell Upload) on Windows Servers
phpATM 1.32 - Multiple Vulnerabilities
op5 v7.1.9 Configuration Command Execution
2016-06-18 05:02:53 +00:00
Offensive Security
2815f48e25
DB: 2016-06-17
...
12 new exploits
Linux x86_64 - Reverse Shell Shellcode
Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal
Solarwinds Virtualization Manager - Privilege Escalation
Blat 3.2.14 - Stack Overflow
Linux/x86 - Bindshell with Configurable Port - 87 bytes
Linux x86_64 Shellcode Null-Free Reverse TCP Shell
Linux x86 TCP Bind Shell Port 4444 (656 bytes)
Tiki-Wiki CMS Calendar 14.2_ 12.5 LTS_ 9.11 LTS_ and 6.15 - Remote Code Execution
Linux/Windows/BSD x86_64 execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode
ATCOM PBX IP01_ IP08 _ IP4G_ IP2G4A - Authentication Bypass
Roxy Fileman 1.4.4 - Arbitrary File Upload
SlimCMS 0.1 - CSRF (Change Admin Password)
2016-06-17 05:05:00 +00:00
Offensive Security
33dd246d8a
DB: 2016-06-16
...
14 new exploits
Ultrabenosaurus ChatBoard - Stored XSS
Ultrabenosaurus ChatBoard - CSRF (Send Message)
w2wiki - Multiple XSS Vulnerabilities
Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities
Dokeos 2.2.1 - Blind SQL Injection
Joomla En Masse (com_enmasse) Component 5.1 - 6.4 - SQL Injection
AdobeUpdateService 3.6.0.248 - Unquoted Service Path Privilege Escalation
BookingWizz Booking System < 5.5 - Multiple Vulnerabilities
jbFileManager - Directory Traversal
PHPLive 4.4.8 - 4.5.4 - Password Recovery SQL Injection
Bomgar Remote Support Unauthenticated Code Execution (msf)
Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (1)
Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (2)
Google Chrome - GPU Process MailboxManagerImpl Double-Read
2016-06-16 05:02:53 +00:00
Offensive Security
6c005f3b2b
DB: 2016-06-15
...
3 new exploits
Easy RM to MP3 Converter 2.7.3.700 - (.m3u) Exploit with Universal DEP+ASLR Bypass
Apache Continuum Arbitrary Command Execution
WordPress Social Stream Plugin 1.5.15 - wp_options Overwrite
Oracle Orakill.exe 11.2.0 - Buffer Overflow
2016-06-15 05:06:23 +00:00
Offensive Security
264d15855e
DB: 2016-06-14
...
14 new exploits
FRticket Ticket System - Stored XSS
Viart Shopping Cart 5.0 - CSRF Shell Upload
Easy RM to MP3 Converter 2.7.3.700 - (.m3u) Exploit with Universal DEP+ASLR Bypass
Dream Gallery 2.0 - Admin Panel Authentication Bypass
Grid Gallery 1.0 - Admin Panel Authentication Bypass
Joomla PayPlans (com_payplans) Extension 3.3.6 - SQL Injection
Zabbix 2.2 - 3.0.3 - RCE with API JSON-RPC
iSQL 1.0 - Shell Command Injection
iSQL 1.0 - isql_main.c Buffer Overflow PoC
Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap-Based Memory Corruption
Foxit PDF Reader 1.0.1.0925 - CPDF_DIBSource::TranslateScanline24bpp Out-of-Bounds Read
Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator= Invalid Read
Foxit PDF Reader 1.0.1.0925 -kdu_core::kdu_codestream::get_subsampling Memory Corruption
Foxit PDF Reader 1.0.1.0925 - CFX_BaseSegmentedArray::IterateIndex Memory Corruption
2016-06-14 05:03:54 +00:00
Offensive Security
076ef173f9
DB: 2016-06-11
...
23 new exploits
Poison Ivy 2.1.x C2 Buffer Overflow (msf)
Matrix42 Remote Control Host 3.20.0031 - Unquoted Path Privilege Escalation
Dell OpenManage Server Administrator 8.3 - XML External Entity Exploit
Mobiketa 1.0 - CSRF Add Admin Exploit
miniMySQLAdmin 1.1.3 - CSRF Execute SQL Query
phpMyFAQ 2.9.0 - Stored XSS
Windows x86 system(_systeminfo_) Shellcode
Armadito Antimalware - Backdoor/Bypass
Riot Games League of Legends - Insecure File Permissions Privilege Escalation
IPFire proxy.cgi RCE
IPFire Bash Environment Variable Injection (Shellshock)
Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution
OS X Kernel - Exploitable NULL Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext
Android - /system/bin/sdcard Stack Buffer Overflow
OS X Kernel - Exploitable NULL Pointer Dereference in AppleMuxControl.kext
OS X Kernel - Exploitable NULL Pointer Dereference in AppleGraphicsDeviceControl
OS X Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource
OS X Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value
OS X Kernel - Exploitable NULL Pointer Dereference in IOAudioEngine
OS X Kernel - OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type
OS X Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2
OS X/iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient
OS X Kernel - Stack Buffer Overflow in GeForce GPU Driver
2016-06-11 05:06:22 +00:00
Offensive Security
4bc4dc0218
DB: 2016-06-10
...
1 new exploits
Microsoft Word (Win/Mac) - Crash PoC
2016-06-10 05:06:43 +00:00
Offensive Security
74f927013e
DB: 2016-06-09
...
1 new exploits
Drale DBTableViewer 100123 - Blind SQL Injection
2016-06-09 05:02:54 +00:00
Offensive Security
858079a4fe
DB: 2016-06-08
...
5 new exploits
Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root
Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root (2)
Windows x86 WinExec(_cmd.exe__0) Shellcode
Linux x86 /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes)
League of Legends Screensaver - Unquoted Service Path Privilege Escalation
League of Legends Screensaver - Insecure File Permissions Privilege Escalation
Cisco EPC 3928 - Multiple Vulnerabilities
2016-06-08 05:05:38 +00:00
Offensive Security
62962d90b0
DB: 2016-06-07
...
16 new exploits
Linux Kernel < 2.6.34 (Ubuntu 11.10 x86 & x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)
Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)
Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit)
Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit)
Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings
Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root
WordPress Simple Backup Plugin 2.7.11 - Multiple Vulnerabilities
Dream Gallery 1.0 - CSRF Add Admin Exploit
Apache Continuum 1.4.2 - Multiple Vulnerabilities
Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - ShellShock Exploit
Valve Steam 3.42.16.13 - Local Privilege Escalation
ArticleSetup 1.00 - CSRF Change Admin Password
Electroweb Online Examination System 1.0 - SQL Injection
WordPress WP Mobile Detector Plugin 3.5 - Arbitrary File Upload
WordPress Creative Multi-Purpose Theme 9.1.3 - Stored XSS
WordPress WP PRO Advertising System Plugin 4.6.18 - SQL Injection
WordPress Newspaper Theme 6.7.1 - Privilege Escalation
WordPress Uncode Theme 1.3.1 - Arbitrary File Upload
WordPress Double Opt-In for Download Plugin 2.0.9 - SQL Injection
Notilus Travel Solution Software 2012 R3 - SQL Injection
rConfig 3.1.1 - Local File Inclusion
Nagios XI 5.2.7 - Multiple Vulnerabilities
2016-06-07 05:07:41 +00:00
Offensive Security
2808c59ead
DB: 2016-06-04
2016-06-04 05:06:24 +00:00
Offensive Security
2dba371921
DB: 2016-06-03
...
4 new exploits
Linux Kernel 2.4 / 2.6 x86-64 - System Call Emulation Exploit
Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Exploit
Linux Kernel 2.6.x (<= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10) (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit
Linux Kernel 2.6.x (<= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10) (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit
Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10) (x86-64) - set_selection() UTF-8 Off By One Local Exploit
Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6) - (32-bit) ip_append_data() ring0 Root Exploit
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit
Linux Kernel < 2.6.36-rc4-git2 - x86_64 ia32syscall Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (x86_64) (Redhat) - compat Local Root Exploit
Linux Kernel < 2.6.36-rc4-git2 (x86_64) - ia32syscall Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (Redhat x86_64) - compat Local Root Exploit
Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 11.10) - Local Privilege Escalation Exploit (2)
Linux Kernel < 2.6.34 (Ubuntu 11.10 x86 & x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)
Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) (Gentoo / Ubuntu) - Mempodipper Local Root (1)
Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - Mempodipper Local Root (1)
Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86-64) - sock_diag_handlers[] Local Root
Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86_64) - sock_diag_handlers[] Local Root
Linux Kernel <= 3.7.10 (Ubuntu 12.10) (64-Bit) - sock_diag_handlers Local Root Exploit
Linux Kernel <= 3.7.10 (Ubuntu 12.10 x64) - sock_diag_handlers Local Root Exploit
Linux Kernel < 3.8.9 - x86_64 perf_swevent_init Local Root Exploit
Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit
Linux Kernel <= 3.7.6 (Redhat) (32bit/64bit) - 'MSR' Driver Local Privilege Escalation
Linux Kernel <= 3.7.6 (Redhat x86/x64) - 'MSR' Driver Local Privilege Escalation
Systrace 1.x (64-Bit) - Aware Linux Kernel Privilege Escalation Vulnerability
Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation Vulnerability
Linux Kernel 2.6.x - (64 bit) Personality Handling Local Denial of Service Vulnerability
Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service Vulnerability
Linux Kernel < 3.2.0-23 (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation
Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - ptrace/sysret Local Privilege Escalation
Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) - Mempodipper Local Root (2)
Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - Mempodipper Local Root (2)
Joomla SecurityCheck Extension 2.8.9 - Multiple Vulnerabilities
Liferay CE < 6.2 CE GA6 - Stored XSS
Relay Ajax Directory Manager relayb01-071706_ 1.5.1_ 1.5.3 - Unauthenticated File Upload
Websockify (C Implementation) 0.8.0 - Buffer Overflow
2016-06-03 05:02:50 +00:00
Offensive Security
3a855523ef
DB: 2016-06-02
...
2 new exploits
GeekLog 2.x ImageImageMagick.php Remote File Inclusion Vulnerability
GeekLog 2.x - ImageImageMagick.php Remote File Inclusion Vulnerability
ImageMagick 6.x PNM Image Decoding Remote Buffer Overflow Vulnerability
ImageMagick 6.x - .PNM Image Decoding Remote Buffer Overflow Vulnerability
ImageMagick 6.x SGI Image File Remote Heap Buffer Overflow Vulnerability
ImageMagick 6.x - .SGI Image File Remote Heap Buffer Overflow Vulnerability
ImageMagick < 6.9.3-9 - Multiple Vulnerabilities
ImageMagick <= 6.9.3-9 / <= 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
ImageMagick Delegate Arbitrary Command Execution
ImageMagick <= 6.9.3-9 / <= 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)
AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities
Wireshark - erf_meta_read_tag SIGSEGV
2016-06-02 05:03:04 +00:00
Offensive Security
8164665ff7
DB: 2016-06-01
...
6 new exploits
FlatPress 1.0.3 - CSRF Arbitrary File Upload
AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities
ProcessMaker 3.0.1.7 - Multiple vulnerabilities
CCextractor 0.80 - Crash PoC
Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (msf)
TCPDump 4.5.1 - Crash PoC
2016-06-01 05:01:50 +00:00
Offensive Security
22d168d0bc
DB: 2016-05-31
...
3 new exploits
MySQL 5.5.45 - procedure analyse Function Denial of Service
Open Source Real Estate Script 3.6.0 - SQL Injection
Linux x86_64 XOR Encode execve Shellcode
2016-05-31 05:03:26 +00:00
Offensive Security
ab85a62fd6
DB: 2016-05-28
...
1 new exploits
PHP Realestate Script Script 4.9.0 - SQL Injection
2016-05-28 05:05:01 +00:00
Offensive Security
2e7bce9702
DB: 2016-05-27
...
9 new exploits
Real Estate Portal 4.1 - Multiple Vulnerabilities
EduSec 4.2.5 - SQL Injection
Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities
HP Data Protector A.09.00 - Arbitrary Command Execution
Graphite2 - GlyphCache::GlyphCache Heap-Based Buffer Overflow
Graphite2 - GlyphCache::Loader Heap-Based Overreads
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap-Based Overread
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap-Based Overread
Graphite2 - NameTable::getName Multiple Heap-Based Out-of-Bounds Reads
2016-05-27 05:03:14 +00:00
Offensive Security
e7c0882001
DB: 2016-05-26
...
3 new exploits
Oracle ATS Arbitrary File Upload
Ubiquiti airOS Arbitrary File Upload
PowerFolder Server 10.4.321 - Remote Code Execution
2016-05-26 05:02:47 +00:00
Offensive Security
b189e25266
DB: 2016-05-25
...
1 new exploits
AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XXE Injection
2016-05-25 05:01:52 +00:00
Offensive Security
399580a6c2
DB: 2016-05-24
...
5 new exploits
Operation Technology ETAP 14.1.0 - Local Privilege Escalation
Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities
Linux x86_64 Information Stealer Shellcode
Job Script by Scubez - Remote Code Execution
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
2016-05-24 05:03:46 +00:00
Offensive Security
84d38df739
DB: 2016-05-23
2016-05-23 05:03:55 +00:00
Offensive Security
931bae6679
DB: 2016-05-21
2016-05-21 05:05:57 +00:00
Offensive Security
a447a01cb8
DB: 2016-05-20
2016-05-20 06:50:49 +00:00
Offensive Security
feb7c15c11
DB: 2016-05-19
...
1 new exploits
Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Perl)
Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Bruteforce SSH Exploit (Perl)
Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Ruby)
Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Bruteforce SSH Exploit (Ruby)
Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Python)
Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Bruteforce SSH Exploit (Python)
PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (1)
PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (2)
PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (3)
PHP 4.x/5.x MySQL Library - 'Safe_Mode' Filesystem Circumvention Vulnerability (1)
PHP 4.x/5.x MySQL Library - 'Safe_Mode' Filesystem Circumvention Vulnerability (2)
PHP 4.x/5.x MySQL Library - 'Safe_Mode' Filesystem Circumvention Vulnerability (3)
phpliteadmin 1.1 - Multiple Vulnerabilities
phpLiteAdmin 1.1 - Multiple Vulnerabilities
PHP <= 7.0.4/5.5.33 - SNMP Format String Exploit
PHP <= 5.5.33 / <= 7.0.4 - SNMP Format String Exploit
Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File
2016-05-19 05:05:38 +00:00
Offensive Security