exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	1cf7d7364a	DB: 2021-10-13 176 changes to exploits/shellcodes Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC) Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC) Sandboxie 5.49.7 - Denial of Service (PoC) WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) iDailyDiary 4.30 - Denial of Service (PoC) RarmaRadio 2.72.8 - Denial of Service (PoC) DupTerminator 1.4.5639.37199 - Denial of Service (PoC) Color Notes 1.4 - Denial of Service (PoC) Macaron Notes great notebook 5.5 - Denial of Service (PoC) My Notes Safe 5.3 - Denial of Service (PoC) Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC) NBMonitor 1.6.8 - Denial of Service (PoC) Nsauditor 3.2.3 - Denial of Service (PoC) Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC) n+otes 1.6.2 - Denial of Service (PoC) Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC) Post-it 5.0.1 - Denial of Service (PoC) Notex the best notes 6.4 - Denial of Service (PoC) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2) Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3) MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution Visual Studio Code 1.47.1 - Denial of Service (PoC) DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE) Backup Key Recovery 2.2.7 - Denial of Service (PoC) memono Notepad Version 4.2 - Denial of Service (PoC) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Dlink DSL2750U - 'Reboot' Command Injection E-Learning System 1.0 - Authentication Bypass & RCE POC Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit) ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation GetSimple CMS 3.3.16 - Reflected XSS to RCE House Rental and Property Listing 1.0 - Multiple Stored XSS Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection) EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC) Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated) Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated) CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated) WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC) Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE) Montiorr 1.7.6m - File Upload to XSS GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated) Markdown Explorer 0.1.1 - XSS to RCE Xmind 2020 - XSS to RCE Tagstoo 2.0.1 - Stored XSS to RCE SnipCommand 0.1.0 - XSS to RCE Moeditor 0.2.0 - XSS to RCE Marky 0.0.1 - XSS to RCE StudyMD 0.3.2 - XSS to RCE Freeter 1.2.1 - XSS to RCE Markright 1.0 - XSS to RCE Markdownify 1.2.0 - XSS to RCE Anote 1.0 - XSS to RCE Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated) Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated) Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) CHIYU IoT Devices - Denial of Service (DoS) Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated) WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS) Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated) Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection Dolibarr ERP/CRM 10.0.6 - Login Brute Force qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated) Simple Phone book/directory 1.0 - 'Username' SQL Injection (Unauthenticated) ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function Budget and Expense Tracker System 1.0 - Authenticated Bypass WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS) Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Phpwcms 1.9.30 - File Upload to XSS Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2) Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes) Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode	2021-10-13 05:02:15 +00:00
Offensive Security	b4c96a5864	DB: 2021-09-03 28807 changes to exploits/shellcodes	2021-09-03 20:19:21 +00:00
Offensive Security	36c084c351	DB: 2021-09-03 45419 changes to exploits/shellcodes 2 new exploits/shellcodes Too many to list!	2021-09-03 13:39:06 +00:00
Offensive Security	9008c67d8b	DB: 2021-06-29 5 changes to exploits/shellcodes WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting (XSS) SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting (XSS) Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS) Netgear WNAP320 2.0.3 - 'macAddress' Remote Code Execution (RCE) (Unauthenticated)	2021-06-29 05:01:55 +00:00
Offensive Security	f564ddfd17	DB: 2020-05-13 10 changes to exploits/shellcodes LanSend 3.2 - Buffer Overflow (SEH) MacOS 320.whatis Script - Privilege Escalation Phase Botnet - Blind SQL Injection Orchard Core RC1 - Persistent Cross-Site Scripting ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection CuteNews 2.1.2 - Authenticated Arbitrary File Upload Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting qdPM 9.1 - Arbitrary File Upload TylerTech Eagle 2018.3.11 - Remote Code Execution	2020-05-13 05:01:48 +00:00
Offensive Security	0f5a9de36d	DB: 2020-04-29 8 changes to exploits/shellcodes Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit) NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path CloudMe 1.11.2 - Buffer Overflow (PoC) School ERP Pro 1.0 - 'es_messagesid' SQL Injection School ERP Pro 1.0 - Remote Code Execution	2020-04-29 05:01:47 +00:00
Offensive Security	c3e827f657	DB: 2020-04-17 8 changes to exploits/shellcodes VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit) TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit) Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit) ThinkPHP - Multiple PHP Injection RCEs (Metasploit) Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit) PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit) DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit) Apache Solr - Remote Code Execution via Velocity Template (Metasploit)	2020-04-17 05:01:48 +00:00
Offensive Security	d3992973f1	DB: 2020-03-21 2 changes to exploits/shellcodes VMware Fusion 11.5.2 - Privilege Escalation Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)	2020-03-21 05:01:49 +00:00
Offensive Security	85cdf30cea	DB: 2020-03-19 7 changes to exploits/shellcodes NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Microsoft VSCode Python Extension - Code Execution VMWare Fusion - Local Privilege Escalation Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) Netlink GPON Router 1.0.11 - Remote Code Execution Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)	2020-03-19 05:01:49 +00:00
Offensive Security	b7471ba451	DB: 2019-12-19 9 changes to exploits/shellcodes XnView 2.49.1 - 'Research' Denial of Service (PoC) macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event() AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow OpenMRS - Java Deserialization RCE (Metasploit) Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown) Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin) Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting Telerik UI - Remote Code Execution via Insecure Deserialization	2019-12-19 05:01:59 +00:00
Offensive Security	f1354b784a	DB: 2019-11-23 4 changes to exploits/shellcodes Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path LiteManager 4.5.0 - Insecure File Permissions macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache	2019-11-23 05:01:42 +00:00
Offensive Security	52ab59aad8	DB: 2019-11-06 12 changes to exploits/shellcodes FileOptimizer 14.00.2524 - Denial of Service (PoC) JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common() Blue Stacks App Player 2.4.44.62.57 - _BstHdLogRotatorSvc_ Unquote Service Path Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path thejshen Globitek CMS 1.4 - 'id' SQL Injection thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting html5_snmp 1.11 - 'Router_ID' SQL Injection SD.NET RIM 4.7.3c - 'idtyp' SQL Injection	2019-11-06 05:01:40 +00:00
Offensive Security	577557762c	DB: 2019-11-05 6 changes to exploits/shellcodes Apple macOS 10.15.1 - Denial of Service (PoC) Aida64 6.10.5200 - Buffer Overflow (SEH) OpenVPN Connect 3.0.0.272 - 'agent_ovpnconnect' Unquoted Service Path Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit) Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow	2019-11-05 05:01:42 +00:00
Offensive Security	da622bb1aa	DB: 2019-10-10 3 changes to exploits/shellcodes Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service (PoC) XNU - Remote Double-Free via Data Race in IPComp Input Path DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow (DEP Bypass)	2019-10-10 05:01:46 +00:00
Offensive Security	d6e0b04877	DB: 2019-09-20 4 changes to exploits/shellcodes macOS 18.7.0 Kernel - Local Privilege Escalation Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting	2019-09-20 05:02:06 +00:00
Offensive Security	d1ba848ff5	DB: 2019-08-06 4 changes to exploits/shellcodes macOS iMessage - Heap Overflow when Deserializing Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit) ARMBot Botnet - Arbitrary Code Execution	2019-08-06 05:02:23 +00:00
Offensive Security	808010b53f	DB: 2019-07-03 2 changes to exploits/shellcodes Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit) Linux Mint 18.3-19.1 - 'yelp' Command Injection Linux Mint 18.3-19.1 - 'yelp' Command Injection (Metasploit) Centreon 19.04 - Remote Code Execution Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)	2019-07-03 05:01:50 +00:00
Offensive Security	7e48b809b3	DB: 2019-06-20 3 changes to exploits/shellcodes BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution	2019-06-20 05:01:55 +00:00
Offensive Security	18a676ca3b	DB: 2019-05-28 3 changes to exploits/shellcodes Pidgin 2.13.0 - Denial of Service (PoC) Typora 0.9.9.24.6 - Directory Traversal Deltek Maconomy 2.2.5 - Local File Inclusion	2019-05-28 05:01:55 +00:00
Offensive Security	970f7b1104	DB: 2019-05-24 18 changes to exploits/shellcodes macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free NetAware 1.20 - 'Add Block' Denial of Service (PoC) NetAware 1.20 - 'Share Name' Denial of Service (PoC) Terminal Services Manager 3.2.1 - Denial of Service Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free Microsoft Windows 10 (17763.379) - Install DLL Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation Apple Mac OS X - Feedback Assistant Race Condition (Metasploit) Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation Microsoft Internet Explorer 11 - Sandbox Escape Microsoft Windows - 'Win32k' Local Privilege Escalation Axis Network Camera - .srv to parhand RCE (Metasploit) Axis Network Camera - .srv to parhand Remote Code Execution (Metasploit) HP Intelligent Management - Java Deserialization RCE (Metasploit) HP Intelligent Management - Java Deserialization Remote Code Execution (Metasploit) Erlang - Port Mapper Daemon Cookie RCE (Metasploit) Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit) CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit) CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit) AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit) Pimcore < 5.71 - Unserialize RCE (Metasploit) AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit) Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit) Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit) Nagios XI 5.6.1 - SQL injection BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind (31337/TCP) Shell (/bin/sh) Shellcode (94 bytes) Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes) Linux/x86 - Flush IPTables Rules (execve(/sbin/iptables -F)) Shellcode (70 bytes) Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables --flush) Shellcode (69 bytes) Linux/x86 - iptables --flush Shellcode (43 bytes) Linux/x86 - Flush IPTables Rules (iptables --flush) Shellcode (43 bytes) Linux/x86 - iptables -F Shellcode (43 bytes) Linux/x86 - Flush IPTables Rules (iptables -F) Shellcode (43 bytes) Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/x86 - Reverse (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/x86 - Reverse TCP (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes) Linux/x86 - Reverse (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes) Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes) macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) Apple macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Apple macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) Apple macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes) Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (63 bytes) Linux/x86 - Add User (sshd/root) to Passwd File Shellcode (149 bytes) Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes) Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes) Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes) Linux/x86 - Rabbit Shellcode Crypter (200 bytes) Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes) Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes) Linux/ARM - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (S59!) + Null-Free Shellcode (100 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes) Linux/x86 - OpenSSL Encrypt (aes256cbc) Files (test.txt) Shellcode (185 bytes) Linux/x86 - shred file Shellcode (72 bytes) Linux/x86 - execve /bin/sh Shellcode (20 bytes) Linux/x86 - /sbin/iptables -F Shellcode (43 bytes) Linux x86_64 - Delete File Shellcode (28 bytes) Linux/x86 - Shred file (test.txt) Shellcode (72 bytes) Linux/x86 - execve(/bin/sh) Shellcode (20 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (43 bytes) Linux/x86_64 - Delete File (test.txt) Shellcode (28 bytes) Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)	2019-05-24 05:02:03 +00:00
Offensive Security	ab955a9b5d	DB: 2019-04-19 5 changes to exploits/shellcodes Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC) Evernote 7.9 - Code Execution via Path Traversal LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit) ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)	2019-04-19 05:02:10 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	55fab34db7	DB: 2019-03-02 10 changes to exploits/shellcodes Linux Kernel 3.10.0 (CentOS7) - Denial of Service Linux Kernel 3.10.0 (CentOS 7) - Denial of Service Google Chrome < M72 - PaymentRequest Service Use-After-Free Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost Google Chrome < M72 - FileWriterImpl Use-After-Free tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation	2019-03-02 05:01:54 +00:00
Offensive Security	26efc559c7	DB: 2019-02-21 8 changes to exploits/shellcodes FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC) WinRAR 5.61 - '.lng' Denial of Service FaceTime - Texture Processing Memory Corruption Android Kernel < 4.8 - ptrace seccomp Filter Bypass MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - File Permissions SYSTEM Privilege Escalation MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation Apple macOS 10.13.5 - Local Privilege Escalation mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers mIRC < 7.55 - 'Custom URI Protocol Handlers' Remote Command Execution Belkin Wemo UPnP - Remote Code Execution (Metasploit) HotelDruid 2.3 - Cross-Site Scripting	2019-02-21 05:01:57 +00:00
Offensive Security	68794471c9	DB: 2019-02-01 13 changes to exploits/shellcodes Anyburn 4.3 - 'Convert image to file format' Denial of Service Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC) AMAC Address Change 5.4 - Denial of Service (PoC) ASPRunner Professional 6.0.766 - Denial of Service (PoC) FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC) LanHelper 1.74 - Denial of Service (PoC) macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass) 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) (DEP Bypass) R 3.5.0 - Local Buffer Overflow (SEH) UltraISO 9.7.1.3519 - 'Output FileName' Local Buffer Overflow (SEH)	2019-02-01 05:01:49 +00:00
Offensive Security	6e7548ed0d	DB: 2019-01-25 10 changes to exploits/shellcodes Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC) AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit) Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Joomla! Component J-CruisePortal 6.0.4 - SQL Injection Joomla! Component JHotelReservation 6.0.7 - SQL Injection SimplePress CMS 1.0.7 - SQL Injection SirsiDynix e-Library 3.5.x - Cross-Site Scripting Splunk Enterprise 7.2.3 - Authenticated Custom App RCE ImpressCMS 1.3.11 - 'bid' SQL Injection Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery	2019-01-25 05:01:41 +00:00
Offensive Security	e3c06fe0f7	DB: 2018-12-15 16 changes to exploits/shellcodes Angry IP Scanner 3.5.3 - Denial of Service (PoC) UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC) Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH) Cisco RV110W - Password Disclosure / Command Execution Safari - Proxy Object Type Confusion (Metasploit) Adminer 4.3.1 - Server-Side Request Forgery Responsive FileManager 9.13.4 - Multiple Vulnerabilities Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2) Huawei Router HG532e - Command Execution Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password) Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution Double Your Bitcoin Script Automatic - Authentication Bypass	2018-12-15 05:01:46 +00:00
Offensive Security	62445895aa	DB: 2018-11-30 8 changes to exploits/shellcodes WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit) Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit) Mac OS X - libxpc MITM Privilege Escalation (Metasploit) PHP imap_open - Remote Code Execution (Metasploit) TeamCity Agent - XML-RPC Command Execution (Metasploit)	2018-11-30 05:01:41 +00:00
Offensive Security	e3299ef341	DB: 2018-11-21 4 changes to exploits/shellcodes macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC) Qpopper 4.0.x - poppassd Privilege Escalation Qpopper 4.0.x - 'poppassd' Privilege Escalation HP-UX 11.0/11.11 - swxxx Privilege Escalation HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation ABRT - raceabrt Privilege Escalation(Metasploit) ABRT - 'raceabrt' Privilege Escalation (Metasploit) ImageMagick - Memory Leak Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Simple E-Document 1.31 - 'username' SQL Injection 2-Plan Team 1.0.4 - Arbitrary File Upload PHP Mass Mail 1.0 - Arbitrary File Upload WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Helpdezk 1.1.1 - Arbitrary File Upload DomainMOD 4.11.01 - Cross-Site Scripting Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Simple E-Document 1.31 - 'username' SQL Injection 2-Plan Team 1.0.4 - Arbitrary File Upload PHP Mass Mail 1.0 - Arbitrary File Upload WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Helpdezk 1.1.1 - Arbitrary File Upload DomainMOD 4.11.01 - Cross-Site Scripting Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)	2018-11-21 05:01:38 +00:00
Offensive Security	1d25aee539	DB: 2018-11-15 15 changes to exploits/shellcodes AMPPS 2.7 - Denial of Service (PoC) Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC) ntpd 4.2.8p10 - Out-of-Bounds Read (PoC) SwitchVPN for macOS 2.1012.03 - Privilege Escalation Atlassian Jira - Authenticated Upload Code Execution (Metasploit) iServiceOnline 1.0 - 'r' SQL Injection Helpdezk 1.1.1 - 'query' SQL Injection Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password) EdTv 2 - 'id' SQL Injection Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities Advanced Comment System 1.0 - SQL Injection Rmedia SMS 1.0 - SQL Injection Pedidos 1.0 - SQL Injection Electricks eCommerce 1.0 - Persistent Cross-Site Scripting DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload	2018-11-15 05:01:40 +00:00
Offensive Security	3a7153b2ac	DB: 2018-11-14 24 changes to exploits/shellcodes CuteFTP Mac 3.1 - Denial of Service (PoC) Evince 3.24.0 - Command Injection Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode) xorg-x11-server < 1.20.1 - Local Privilege Escalation Data Center Audit 2.6.2 - 'username' SQL Injection Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal Paroiciel 11.20 - 'tRecIdListe' SQL Injection Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting Paroiciel 11.20 - 'tRecIdListe' SQL Injection The Don 1.0.1 - 'login' SQL Injection Facturation System 1.0 - 'modid' SQL Injection The Don 1.0.1 - 'login' SQL Injection Facturation System 1.0 - 'modid' SQL Injection GPS Tracking System 2.12 - 'username' SQL Injection ServerZilla 1.0 - 'email' SQL Injection GPS Tracking System 2.12 - 'username' SQL Injection ServerZilla 1.0 - 'email' SQL Injection Nominas 0.27 - 'username' SQL Injection CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting Surreal ToDo 0.6.1.2 - SQL Injection Surreal ToDo 0.6.1.2 - Local File Inclusion Alienor Web Libre 2.0 - SQL Injection Musicco 2.0.0 - Arbitrary Directory Download Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin) Tina4 Stack 1.0.3 - SQL Injection / Database File Download Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin) Easyndexer 1.0 - Arbitrary File Download ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin) Gumbo CMS 0.99 - SQL Injection Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin) Webiness Inventory 2.3 - SQL Injection SIPve 0.0.2-R19 - SQL Injection Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)	2018-11-14 05:01:43 +00:00
Offensive Security	11366ca935	DB: 2018-11-07 18 changes to exploits/shellcodes FaceTime - RTP Video Processing Heap Corruption FaceTime - 'readSPSandGetDecoderParams' Stack Corruption FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption Blue Server 1.1 - Denial of Service (PoC) eToolz 3.4.8.0 - Denial of Service (PoC) VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC) Arm Whois 3.11 - Buffer Overflow (SEH) libiec61850 1.3 - Stack Based Buffer Overflow Morris Worm - sendmail Debug Mode Shell Escape (Metasploit) blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit) Morris Worm - fingerd Stack Buffer Overflow (Metasploit) PHP Proxy 3.0.3 - Local File Inclusion Voovi Social Networking Script 1.0 - 'user' SQL Injection CMS Made Simple 2.2.7 - Remote Code Execution OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin) Grocery crud 1.6.1 - 'search_field' SQL Injection OOP CMS BLOG 1.0 - 'search' SQL Injection OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection LibreHealth 2.0.0 - Arbitrary File Actions	2018-11-07 05:01:44 +00:00
Offensive Security	363500a603	DB: 2018-11-06 13 changes to exploits/shellcodes Softros LAN Messenger 9.2 - Denial of Service (PoC) Microsoft Internet Explorer 11 - Null Pointer Dereference LiquidVPN 1.36 / 1.37 - Privilege Escalation Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel SiAdmin 1.1 - 'id' SQL Injection Advantech WebAccess SCADA 8.3.2 - Remote Code Execution WebVet 0.1a - 'id' SQL Injection Virgin Media Hub 3.0 Router - Denial of Service (PoC) Poppy Web Interface Generator 0.8 - Arbitrary File Upload Mongo Web Admin 6.0 - Information Disclosure PHP Proxy 3.0.3 - Local File Inclusion Royal TS/X - Information Disclosure Voovi Social Networking Script 1.0 - 'user' SQL Injection	2018-11-06 05:01:40 +00:00
Offensive Security	defa138d04	DB: 2018-10-23 17 changes to exploits/shellcodes Modbus Poll 7.2.2 - Denial of Service (PoC) AudaCity 2.3 - Denial of Service (PoC) Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit) Countly - Persistent Cross-Site Scripting Countly - Cross-Site Scripting MySQL Edit Table 1.0 - 'id' SQL Injection School ERP Ultimate 2018 - Arbitrary File Download Oracle Siebel CRM 8.1.1 - CSV Injection The Open ISES Project 3.30A - 'tick_lat' SQL Injection School ERP Ultimate 2018 - 'fid' SQL Injection eNdonesia Portal 8.7 - 'artid' SQL Injection The Open ISES Project 3.30A - Arbitrary File Download Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection	2018-10-23 05:01:48 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	3e5849385e	DB: 2018-09-17 29 changes to exploits/shellcodes Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting Naukri Clone Script - Persistent Cross-Site Scripting Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting Facebook Clone Script 1.0.5 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Arbitrary File Upload Lawyer Search Script 1.0.2 - Cross-Site Scripting Bitcoin MLM Software 1.0.2 - Cross-Site Scripting Select Your College Script 2.0.2 - Authentication Bypass Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting Learning and Examination Management System - Cross-Site Scripting Alibaba Clone Script 1.0.2 - Cross-Site Scripting Groupon Clone Script 3.0.2 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Authentication Bypass	2018-09-17 05:02:03 +00:00
Offensive Security	b42759b8b8	DB: 2018-09-13 15 changes to exploits/shellcodes jiNa OCR Image to Text 1.0 - Denial of Service (PoC) PixGPS 1.1.8 - Denial of Service (PoC) RoboImport 1.2.0.72 - Denial of Service (PoC) PicaJet FX 2.6.5 - Denial of Service (PoC) iCash 7.6.5 - Denial of Service (PoC) PDF Explorer 1.5.66.2 - Denial of Service (PoC) Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC) Apple macOS 10.13.4 - Denial of Service (PoC) CirCarLife SCADA 4.3.0 - Credential Disclosure Rubedo CMS 3.4.0 - Directory Traversal SynaMan 4.0 build 1488 - Authenticated Cross-Site Scripting (XSS) SynaMan 4.0 build 1488 - SMTP Credential Disclosure IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection MyBB 1.8.17 - Cross-Site Scripting LG Smart IP Camera 1508190 - Backup File Download	2018-09-13 05:01:52 +00:00
Offensive Security	b02440845e	DB: 2018-07-31 5 changes to exploits/shellcodes fusermount - user_allow_other Restriction Bypass and SELinux Label Control ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC) Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC) Charles Proxy 4.2 - Local Privilege Escalation H2 Database 1.4.197 - Information Disclosure	2018-07-31 05:01:47 +00:00
Offensive Security	0909e63d9e	DB: 2018-06-07 6 changes to exploits/shellcodes PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass Canon MF210/MF220 - Authenticaton Bypass	2018-06-07 05:01:47 +00:00
Offensive Security	89ee92def8	DB: 2018-05-31 6 changes to exploits/shellcodes Siemens SIMATIC S7-300 CPU - Remote Denial of Service Procps-ng - Multiple Vulnerabilities SearchBlox 8.6.6 - Cross-Site Request Forgery Yosoro 1.0.4 - Remote Code Execution MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Dolibarr 7.0.0 - SQL Injection	2018-05-31 05:01:44 +00:00
Offensive Security	df4d831719	DB: 2018-05-01 6 changes to exploits/shellcodes Navicat < 12.0.27 - Oracle Connection Overflow macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit) WordPress Plugin Form Maker 1.12.20 - CSV Injection Nagios XI 5.2.[6-9]_ 5.3_ 5.4 - Chained Remote Root	2018-05-01 05:01:45 +00:00
Offensive Security	dd3b710ae8	DB: 2018-03-21 14 changes to exploits/shellcodes Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit Pool Memory Disclosure Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit Stack Memory Disclosure Microsoft Windows Kernel - 'nt!KiDispatchException' 64-bit Stack Memory Disclosure Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure Internet Explorer - 'RegExp.lastMatch' Memory Disclosure Kamailio 5.1.1 / 5.1.0 / 5.0.0 - Off-by-One Heap Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation Microsoft Windows - Desktop Bridge VFS Privilege Escalation Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Escalation Intelbras Telefone IP TIP200 LITE - Local File Disclosure Vehicle Sales Management System - Multiple Vulnerabilities Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)	2018-03-21 05:01:50 +00:00
Offensive Security	7cb274b763	DB: 2018-03-04 6 changes to exploits/shellcodes Microsoft Windows Windows 8.1/2012 R2 - SMB Denial of Service Microsoft Windows 8.1/2012 R2 - SMBv3 Null Pointer Dereference Denial of Service Apple macOS Sierra 10.12.1 - 'IOFireWireFamily' FireWire Port Denial of Service Apple OS X Yosemite - 'flow_divert-heap-overflow' Kernel Panic Apple macOS Sierra 10.12.3 - 'IOFireWireFamily-null-deref' FireWire Port Denial of Service Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'namedobj ' Kernel Loader Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'NamedObj ' Kernel Loader Apple macOS High Sierra 10.13 - 'ctl_ctloutput-leak' Information Leak Apple macOS Sierra 10.12.1 - 'physmem' Local Privilege Escalation Apple OS X 10.10.5 - 'rootsh' Local Privilege Escalation Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' WebKit 5.01 / 'bpf' Kernel Loader 4.55 Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' 'setAttributeNodeNS' WebKit 5.02 / 'bpf' Kernel Loader 4.55	2018-03-04 05:01:52 +00:00
Offensive Security	145dac58fb	DB: 2018-02-10 1 changes to exploits/shellcodes macOS Kernel - Use-After-Free Due to Lack of Locking in 'AppleEmbeddedOSSupportHostClient::registerNotificationPort' HPE iLO4 < 2.53 - Add New Administrator User HPE iLO 4 < 2.53 - Add New Administrator User	2018-02-10 05:01:52 +00:00
Offensive Security	ef96c0511b	DB: 2018-01-30 4 changes to exploits/shellcodes macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding Arq 5.10 - Local Privilege Escalation (1) Arq 5.10 - Local Privilege Escalation (2) Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)	2018-01-30 05:01:49 +00:00
Offensive Security	bfebc3fa5a	DB: 2018-01-20 62 changes to exploits/shellcodes macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability' Peercast < 0.1211 - Format String Trillian Pro < 2.01 - Design Error dbPowerAmp < 2.0/10.0 - Buffer Overflow PsychoStats < 2.2.4 Beta - Cross Site Scripting MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution GitStack 2.3.10 - Unauthenticated Remote Code Execution Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection (PoC) Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC) Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities DUWare Multiple Products - Multiple Vulnerabilities AutoRank PHP < 2.0.4 - SQL Injection (PoC) ASPapp Multiple Products - Multiple Vulnerabilities osCommerce < 2.2-MS2 - Multiple Vulnerabilities PostNuke < 0.726 Phoenix - Multiple Vulnerabilities MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities phpGedView < 2.65 beta 5 - Multiple Vulnerabilities phpShop < 0.6.1-b - Multiple Vulnerabilities Invision Power Board (IP.Board) < 1.3 - SQL Injection phpBB < 2.0.6d - Cross Site Scripting Phorum < 5.0.3 Beta - Cross Site Scripting vBulletin < 3.0.0 RC4 - Cross Site Scripting Mambo < 4.5 - Multiple Vulnerabilities phpBB < 2.0.7a - Multiple Vulnerabilities Invision Power Top Site List < 1.1 RC 2 - SQL Injection Invision Gallery < 1.0.1 - SQL Injection PhotoPost < 4.6 - Multiple Vulnerabilities TikiWiki < 1.8.1 - Multiple Vulnerabilities phpBugTracker < 0.9.1 - Multiple Vulnerabilities OpenBB < 1.0.6 - Multiple Vulnerabilities PHPX < 3.26 - Multiple Vulnerabilities Invision Power Board (IP.Board) < 1.3.1 - Design Error HelpCenter Live! < 1.2.7 - Multiple Vulnerabilities LiveWorld Multiple Products - Cross Site Scripting WHM.AutoPilot < 2.4.6.5 - Multiple Vulnerabilities PHP-Calendar < 0.10.1 - Arbitrary File Inclusion PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities ReviewPost < 2.84 - Multiple Vulnerabilities PhotoPost < 4.85 - Multiple Vulnerabilities AZBB < 1.0.07d - Multiple Vulnerabilities Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities Burning Board < 2.3.1 - SQL Injection XOOPS < 2.0.11 - Multiple Vulnerabilities PEAR XML_RPC < 1.3.0 - Remote Code Execution PHPXMLRPC < 1.1 - Remote Code Execution SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite XPCOM - Race Condition ADOdb < 4.71 - Cross Site Scripting Geeklog < 1.4.0 - Multiple Vulnerabilities PEAR LiveUser < 0.16.8 - Arbitrary File Access Mambo < 4.5.3h - Multiple Vulnerabilities phpRPC < 0.7 - Remote Code Execution Gallery 2 < 2.0.2 - Multiple Vulnerabilities PHPLib < 7.4 - SQL Injection SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite CubeCart < 3.0.12 - Multiple Vulnerabilities Claroline < 1.7.7 - Arbitrary File Inclusion X-Cart < 4.1.3 - Arbitrary Variable Overwrite Mambo < 4.5.4 - SQL Injection Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities D-Link DNS-343 ShareCenter < 1.05 - Command Injection D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)	2018-01-20 05:01:49 +00:00
Offensive Security	81d6f781ab	DB: 2018-01-12 31 changes to exploits/shellcodes MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege Escalation macOS - 'process_policy' Stack Leak Through Uninitialized Field Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read Jungo Windriver 12.5.1 - Privilege Escalation Jungo Windriver 12.5.1 - Local Privilege Escalation Parity Browser < 1.6.10 - Bypass Same Origin Policy Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' Man In The Middle Remote Code Execution Granding MA300 - Traffic Sniffing MitM Fingerprint PIN Disclosure Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit) phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit) eVestigator Forensic PenTester - MITM Remote Code Execution eVestigator Forensic PenTester - Man In The Middle Remote Code Execution BestSafe Browser - MITM Remote Code Execution BestSafe Browser - Man In The Middle Remote Code Execution SKILLS.com.au Industry App - MITM Remote Code Execution Virtual Postage (VPA) - MITM Remote Code Execution SKILLS.com.au Industry App - Man In The Middle Remote Code Execution Virtual Postage (VPA) - Man In The Middle Remote Code Execution Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution SAP NetWeaver J2EE Engine 7.40 - SQL Injection D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes) BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes) FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes) FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes) Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode HPUX - execve /bin/sh Shellcode (58 bytes) Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode HP-UX - execve /bin/sh Shellcode (58 bytes) OpenBSD/x86 - execve /bin/sh Shellcode (23 Bytes) OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes) ARM - Bind TCP Shell (0x1337/TCP) Shellcode ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes) Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 Bytes) Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 Bytes) Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes) FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes) FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes) FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes) FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes) FreeBSD - reboot() Shellcode (15 Bytes) IRIX - execve(/bin/sh -c) Shellcode (72 bytes) IRIX - execve(/bin/sh) Shellcode (43 bytes) IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes) IRIX - execve(/bin/sh) Shellcode (68 bytes) IRIX - stdin-read Shellcode (40 bytes) Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 Bytes) Linux/x86 - Read /etc/passwd Shellcode (54 bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 Bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)	2018-01-12 05:02:17 +00:00
Offensive Security	f6c5c427c3	DB: 2018-01-02 5 changes to exploits/shellcodes Apple macOS - IOHIDSystem Kernel Read/Write HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit) Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit) Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit) Huawei Router HG532 - Arbitrary Command Execution	2018-01-02 05:02:10 +00:00
Offensive Security	d07aa0ed2a	DB: 2017-12-13 6 changes to exploits/shellcodes Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling Joomla! Component JBuildozer 1.4.1 - 'appid' SQL Injection Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload	2017-12-13 05:02:40 +00:00
Offensive Security	9cea53a35b	DB: 2017-12-12 35 changes to exploits/shellcodes MikroTik RouterBoard 6.39.2 / 6.40.5 DNS - Denial of Service MikroTik 6.40.5 ICMP - Denial of Service iOS/macOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures macOS - 'getrusage' Stack Leak Through struct Padding macOS - 'necp_get_socket_attributes' so_pcb Type Confusion LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow Entrepreneur Dating Script 2.0.1 - 'marital' / 'gender' / 'country' / 'profileid' SQL Injection Secure E-commerce Script 2.0.1 - 'searchcat' / 'searchmain' SQL Injection Laundry Booking Script 1.0 - 'list?city' SQL Injection Lawyer Search Script 1.1 - 'lawyer-list?city' SQL Injection Multivendor Penny Auction Clone Script 1.0 - SQL Injection Online Exam Test Application Script 1.6 - 'exams.php?sort' SQL Injection Opensource Classified Ads Script 3.2 - SQL Injection PHP Multivendor Ecommerce 1.0 - 'sid' / 'searchcat' / 'chid1' SQL Injection Professional Service Script 1.0 - 'service-list?city' SQL Injection Readymade PHP Classified Script 3.3 - 'subctid' / 'mctid' SQL Injection Readymade Video Sharing Script 3.2 - SQL Injection Responsive Realestate Script 3.2 - 'property-list?tbud' SQL Injection Multireligion Responsive Matrimonial 4.7.2 - 'succid' SQL Injection Responsive Events & Movie Ticket Booking Script 3.2.1 - 'findcity.php?q' SQL Injection Multiplex Movie Theater Booking Script 3.1.5 - 'moid' / 'eid' SQL Injection Single Theater Booking Script 3.2.1 - 'findcity.php?q' SQL Injection Advanced Real Estate Script 4.0.7 - SQL Injection Entrepreneur Bus Booking Script 3.0.4 - 'sourcebus' SQL Injection MLM Forex Market Plan Script 2.0.4 - 'newid' / 'eventid' SQL Injection MLM Forced Matrix 2.0.9 - 'newid' SQL Injection Car Rental Script 2.0.4 - 'val' SQL Injection Groupon Clone Script 3.01 - 'state_id' / 'search' SQL Injection Muslim Matrimonial Script 3.02 - 'succid' SQL Injection Advanced World Database 2.0.5 - SQL Injection Resume Clone Script 2.0.5 - SQL Injection Basic Job Site Script 2.0.5 - SQL Injection Vanguard 1.4 - Arbitrary File Upload Vanguard 1.4 - SQL Injection	2017-12-12 05:02:17 +00:00

1 2

54 commits