exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	b1cf12c4ea	DB: 2021-05-28 2 changes to exploits/shellcodes Postbird 0.8.4 - Javascript Injection	2021-05-28 05:01:57 +00:00
Offensive Security	aa3c54402b	DB: 2021-05-27 4 changes to exploits/shellcodes RarmaRadio 2.72.8 - Denial of Service (PoC) ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2) Codiad 2.8.4 - Remote Code Execution (Authenticated) (3) Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)	2021-05-27 05:01:52 +00:00
Offensive Security	bd9f3cd966	DB: 2021-05-25 9 changes to exploits/shellcodes iDailyDiary 4.30 - Denial of Service (PoC) DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated) Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated) Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting (XSS) Codiad 2.8.4 - Remote Code Execution (Authenticated) (2) WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)	2021-05-25 05:01:58 +00:00
Offensive Security	fae217f419	DB: 2021-05-22 6 changes to exploits/shellcodes Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE) Solaris SunSSH 11.0 x86 - libpam Remote Root (2) Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS) WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated) Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)	2021-05-22 05:01:54 +00:00
Offensive Security	2f8f6dffbd	DB: 2021-05-20 8 changes to exploits/shellcodes WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) Visual Studio Code 1.47.1 - Denial of Service (PoC) WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS) In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection ManageEngine ADSelfService Plus 6.1 - CSV Injection COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass) COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (XSS)	2021-05-20 05:02:04 +00:00
Offensive Security	46c569f0e4	DB: 2021-05-13 2 changes to exploits/shellcodes Splinterware System Scheduler Professional 5.30 - Privilege Escalation Chevereto 3.17.1 - Cross Site Scripting (Stored)	2021-05-13 05:01:53 +00:00
Offensive Security	e4f4680368	DB: 2021-05-08 10 changes to exploits/shellcodes Sandboxie 5.49.7 - Denial of Service (PoC) Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path Epic Games Rocket League 1.95 - Stack Buffer Overrun Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated) Voting System 1.0 - Authentication Bypass (SQLI) Voting System 1.0 - Remote Code Execution (Unauthenticated) Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated) PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: May 3rd 2021	2021-05-08 05:01:52 +00:00
Offensive Security	72135d9121	DB: 2021-05-07 4 changes to exploits/shellcodes Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated) Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated) Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload b2evolution 7-2-2 - 'cf_name' SQL Injection	2021-05-07 05:02:58 +00:00
Offensive Security	ca3206ff78	DB: 2021-05-06 12 changes to exploits/shellcodes Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting Markdown Explorer 0.1.1 - XSS to RCE Xmind 2020 - XSS to RCE Tagstoo 2.0.1 - Stored XSS to RCE SnipCommand 0.1.0 - XSS to RCE Moeditor 0.2.0 - XSS to RCE Marky 0.0.1 - XSS to RCE StudyMD 0.3.2 - XSS to RCE Freeter 1.2.1 - XSS to RCE Markright 1.0 - XSS to RCE Markdownify 1.2.0 - XSS to RCE Anote 1.0 - XSS to RCE	2021-05-06 05:01:53 +00:00
Offensive Security	b8efbd55c3	DB: 2021-04-30 3 changes to exploits/shellcodes Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution FOGProject 1.5.9 - File Upload RCE (Authenticated) NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write	2021-04-30 05:01:55 +00:00
Offensive Security	092f2f0697	DB: 2021-04-27 6 changes to exploits/shellcodes SEO Panel 4.8.0 - 'order_col' Blind SQL Injection SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (1) Hasura GraphQL 1.3.3 - Remote Code Execution OpenPLC 3 - Remote Code Execution (Authenticated) SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2)	2021-04-27 05:02:00 +00:00
Offensive Security	37baf23611	DB: 2021-04-24 7 changes to exploits/shellcodes Moodle 3.10.3 - 'url' Persistent Cross Site Scripting GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS) Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS) Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)	2021-04-24 05:01:56 +00:00
Offensive Security	7fa85628bd	DB: 2021-04-22 19 changes to exploits/shellcodes Hasura GraphQL 1.3.3 - Denial of Service Tenda D151 & D301 - Configuration Download (Unauthenticated) rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access) Fast PHP Chat 1.3 - 'my_item_search' SQL Injection WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS) BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS) Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS) rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2) OpenEMR 5.0.2.1 - Remote Code Execution Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS) Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS) Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit) Hasura GraphQL 1.3.3 - Local File Read Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)	2021-04-22 05:01:54 +00:00
Offensive Security	53c15c17c6	DB: 2021-04-16 6 changes to exploits/shellcodes glFTPd 2.11a - Remote Denial of Service Horde Groupware Webmail 5.2.22 - Stored XSS Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS) htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS) Linux/x86 - execve(/bin/sh) Shellcode (17 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)	2021-04-16 05:02:00 +00:00
Offensive Security	bccca11e26	DB: 2021-04-15 8 changes to exploits/shellcodes MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass) CITSmart ITSM 9.1.2.22 - LDAP Injection CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated) Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE jQuery 1.2 - Cross-Site Scripting (XSS) jQuery 1.0.3 - Cross-Site Scripting (XSS)	2021-04-15 05:01:57 +00:00
Offensive Security	884f246971	DB: 2021-04-14 3 changes to exploits/shellcodes Simple Student Information System 1.0 - SQL Injection (Authentication Bypass) Blitar Tourism 1.0 - Authentication Bypass SQLi ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow	2021-04-14 05:01:57 +00:00
Offensive Security	4dbf640f70	DB: 2021-04-09 5 changes to exploits/shellcodes Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution CMSimple 5.2 - 'External' Stored XSS DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF) Composr 10.0.36 - Remote Code Execution	2021-04-09 05:02:00 +00:00
Offensive Security	17684f6fe1	DB: 2021-04-08 5 changes to exploits/shellcodes Google Chrome 86.0.4240 V8 - Remote Code Execution Google Chrome 81.0.4044 V8 - Remote Code Execution Google Chrome 86.0.4240 V8 - Remote Code Execution Google Chrome 81.0.4044 V8 - Remote Code Execution Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS Composr CMS 10.0.36 - Cross Site Scripting Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read	2021-04-08 05:02:19 +00:00
Offensive Security	356d0ac56b	DB: 2021-04-02 5 changes to exploits/shellcodes Latrix 0.6.0 - 'txtaccesscode' SQL Injection ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1) phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated) ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)	2021-04-02 05:01:54 +00:00
Offensive Security	3145bbcf80	DB: 2021-04-01 3 changes to exploits/shellcodes DD-WRT 45723 - UPNP Buffer Overflow (PoC) Zabbix 3.4.7 - Stored XSS CourseMS 2.1 - 'name' Stored XSS	2021-04-01 05:02:01 +00:00
Offensive Security	4c9eccdc6d	DB: 2021-03-31 2 changes to exploits/shellcodes GetSimple CMS 3.3.16 - Reflected XSS to RCE Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting	2021-03-31 05:01:55 +00:00
Offensive Security	3f12367de8	DB: 2021-03-24 8 changes to exploits/shellcodes Hi-Rez Studios 5.1.6.3 - 'HiPatchService' Unquoted Service Path ELAN Touchpad 15.2.13.1_X64_WHQL - 'ETDService' Unquoted Service Path ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path MyBB 1.8.25 - Poll Vote Count SQL Injection Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS Codiad 2.8.4 - Remote Code Execution (Authenticated)	2021-03-24 05:02:00 +00:00
Offensive Security	d85f0c8d35	DB: 2021-03-20 20 changes to exploits/shellcodes KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path SOYAL 701 Server 9.0.1 - Insecure Permissions SOYAL 701 Client 9.0.1 - Insecure Permissions KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access Plone CMS 5.2.3 - 'Title' Stored XSS LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Boonex Dolphin 7.4.2 - 'width' Stored XSS Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated) VestaCP 0.9.8 - 'v_sftp_licence' Command Injection SOYAL Biometric Access Control System 5.0 - Master Code Disclosure SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) Online News Portal 1.0 - 'name' SQL Injection Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting	2021-03-20 05:01:58 +00:00
Offensive Security	1f32ac253c	DB: 2021-03-19 9 changes to exploits/shellcodes VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) WordPress Plugin Wp-FileManager 6.8 - RCE Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC) rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated) VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS SEO Panel 4.8.0 - 'order_col' Blind SQL Injection Hestia Control Panel 1.3.2 - Arbitrary File Write rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated)	2021-03-19 05:02:05 +00:00
Offensive Security	2dc4594d19	DB: 2021-03-18 3 changes to exploits/shellcodes FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buffer Overflow (ASLR & DEP Bypass) WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection VestaCP 0.9.8 - File Upload CSRF	2021-03-18 05:02:04 +00:00
Offensive Security	3e6d011cf0	DB: 2021-03-17 6 changes to exploits/shellcodes GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service (PoC) GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC) GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC) GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC) Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (File Upload + SQL injection)	2021-03-17 05:02:05 +00:00
Offensive Security	28bd450c1a	DB: 2021-03-16 13 changes to exploits/shellcodes Libpango 1.40.8 - Denial of Service (PoC) QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path eBeam education suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path Zenario CMS 8.8.53370 - 'id' Blind SQL Injection MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated) openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)	2021-03-16 05:02:01 +00:00
Offensive Security	128b9cd185	DB: 2021-03-11 1 changes to exploits/shellcodes Atlassian JIRA 8.11.1 - User Enumeration	2021-03-11 05:02:04 +00:00
Offensive Security	c031a43059	DB: 2021-03-06 2 changes to exploits/shellcodes CatDV 9.2 - RMI Authentication Bypass Fluig 1.7.0 - Path Traversal	2021-03-06 05:01:53 +00:00
Offensive Security	75667550f6	DB: 2021-03-02 5 changes to exploits/shellcodes WiFi Mouse 1.7.8.5 - Remote Code Execution FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit) VMware vCenter Server 7.0 - Unauthenticated File Upload Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated) Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)	2021-03-02 05:02:01 +00:00
Offensive Security	b9c4ec0226	DB: 2021-02-27 4 changes to exploits/shellcodes Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module) Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated) Triconsole 3.75 - Reflected XSS LightCMS 1.3.4 - 'exclusive' Stored XSS	2021-02-27 05:01:56 +00:00
Offensive Security	44132fc90b	DB: 2021-02-24 4 changes to exploits/shellcodes HFS (HTTP File Server) 2.3.x - Remote Command Execution (3) Monica 2.19.1 - 'last_name' Stored XSS Batflat CMS 1.3.6 - 'multiple' Stored XSS	2021-02-24 05:01:57 +00:00
Offensive Security	8e76e536b7	DB: 2021-02-20 6 changes to exploits/shellcodes dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow (PoC) PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting Comment System 1.0 - 'multiple' Stored Cross-Site Scripting Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting Beauty Parlour Management System 1.0 - 'sername' SQL Injection	2021-02-20 05:01:55 +00:00
Offensive Security	cc85c56b4c	DB: 2021-02-19 7 changes to exploits/shellcodes BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH) Microsoft GamingServices 2.47.10001.0 - 'GamingServices' Unquoted Service Path Apport 2.20 - Local Privilege Escalation Rukovoditel 2.7.1 - Remote Code Execution (2) (Authenticated) Rukovoditel 2.6.1 - RCE Rukovoditel 2.6.1 - RCE (1) Gitea 1.12.5 - Remote Code Execution (Authenticated) Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)	2021-02-19 05:01:53 +00:00
Offensive Security	b96bdbcfa5	DB: 2021-02-12 8 changes to exploits/shellcodes Online Marriage Registration System 1.0 - Remote Code Execution Online Marriage Registration System 1.0 - Remote Code Execution (1) Gitlab 11.4.7 - Remote Code Execution GitLab 11.4.7 - Remote Code Execution (Authenticated) (1) Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (Authenticated) Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (2) GitLab 11.4.7 - Remote Code Execution (Authenticated) GitLab 11.4.7 - RCE (Authenticated) GitLab 11.4.7 - RCE (Authenticated) (2) Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1) PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting b2evolution 6.11.6 - 'redirect_to' Open Redirect b2evolution 6.11.6 - 'tab3' Reflected XSS Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2) Online Marriage Registration System (OMRS) 1.0 - Remote code execution (3)	2021-02-12 05:01:57 +00:00
Offensive Security	0ebed6d4c4	DB: 2021-02-10 5 changes to exploits/shellcodes Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquote Service Path AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path Online Car Rental System 1.0 - Stored Cross Site Scripting Adobe Connect 10 - Username Disclosure Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes)	2021-02-10 05:01:58 +00:00
Offensive Security	84533192ae	DB: 2021-02-09 19 changes to exploits/shellcodes SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution SmartFoxServer 2X 2.17.0 - Credentials Disclosure Millewin 13.39.146.1 - Local Privilege Escalation AMD Fuel Service - 'Fuel.service' Unquote Service Path Microsoft Internet Explorer 11 32-bit - Use-After-Free SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS Jenzabar 9.2.2 - 'query' Reflected XSS. WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS) Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS) WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion	2021-02-09 05:01:57 +00:00
Offensive Security	ed5a9457b6	DB: 2021-02-04 4 changes to exploits/shellcodes Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (1) Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (2) Pixelimity 1.0 - 'password' Cross-Site Request Forgery Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution	2021-02-04 05:01:56 +00:00
Offensive Security	f268b6f221	DB: 2021-01-28 4 changes to exploits/shellcodes Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) STVS ProVision 5.9.10 - File Disclosure (Authenticated) STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)	2021-01-28 05:01:55 +00:00
Offensive Security	3e80d07fdb	DB: 2021-01-23 15 changes to exploits/shellcodes Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated) Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated) Selea Targa IP OCR-ANPR Camera - CSRF Add Admin Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated) Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated) Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated) Library System 1.0 - Authentication Bypass Via SQL Injection CASAP Automated Enrollment System 1.0 - Authentication Bypass ERPNext 12.14.0 - SQL Injection (Authenticated) Atlassian Confluence Widget Connector Macro - SSTI Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes) Linux/x86 - Socat Bind Shellcode (113 bytes) Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes) Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes) Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes) Linux/x86 - Egghunter (0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes) Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes)	2021-01-23 05:01:59 +00:00
Offensive Security	aa473257e9	DB: 2021-01-22 5 changes to exploits/shellcodes Online Documents Sharing Platform 1.0 - 'user' SQL Injection Apartment Visitors Management System 1.0 - 'email' SQL Injection Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit) Anchor CMS 0.12.7 - CSRF (Delete user)	2021-01-22 05:01:56 +00:00
Offensive Security	d65226277c	DB: 2021-01-21 4 changes to exploits/shellcodes ChurchRota 2.6.4 - RCE (Authenticated) Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution) Linux/x86 - Socat Bind Shellcode (113 bytes)	2021-01-21 05:01:57 +00:00
Offensive Security	8d70b4e885	DB: 2021-01-19 6 changes to exploits/shellcodes Life Insurance Management System 1.0 - 'client_id' SQL Injection Life Insurance Management System 1.0 - File Upload RCE (Authenticated) Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated) Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated) Cisco UCS Manager 2.2(1d) - Remote Command Execution Xwiki CMS 12.10.2 - Cross Site Scripting (XSS) Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)	2021-01-19 05:01:58 +00:00
Offensive Security	969e7d6c90	DB: 2021-01-16 13 changes to exploits/shellcodes Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS E-Learning System 1.0 - Authentication Bypass & RCE POC Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit) PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message) WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS) Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF) Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection EyesOfNetwork 5.3 - File Upload Remote Code Execution BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes) BSD/x86 - execve(/bin/sh) + Encoded Shellcode (49 bytes) FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes) FreeBSD x86/x64 - execve(/bin/sh) + Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - setreuid() + execve(pfctl -d) Shellcode (56 bytes) FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes) FreeBSD/x86 - execve(/bin/sh) + Encoded Shellcode (48 bytes) Linux/PPC - read + exec Shellcode (32 bytes) Linux/PPC - read() + exec Shellcode (32 bytes) Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Append RSA Key To /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - Reverse PHP (Writes To /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive + Payload Loader Shellcode (68+ bytes) BSD/x86 - symlink . /bin/sh Shellcode (32 bytes) BSD/x86 - symlink /bin/sh Shellcode (32 bytes) Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Linux/x86 - Overwrite MBR On /dev/sda With _LOL!' Shellcode (43 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + No Password + exit() Shellcode (107 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) With umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x64 - setuid(0) + chmod (/etc/passwd 0777) + exit(0) Shellcode (63 bytes) Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - chmod(/etc/shadow 0777) + Polymorphic Shellcode (84 bytes) Linux/ARM - chmod(/etc/shadow 0777) Shellcode (35 bytes) Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (6778/TCP) Shell + Polymorphic + XOR Encoded Shellcode (125 bytes) Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind (0x1337/TCP) Listener + Receive + Payload Loader Shellcode Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/SuperH (sh4) - setuid(0) + chmod (/etc/shadow 0666) + exit(0) Shellcode (43 bytes) Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit) Windows - Download File + Execute Via DNS + IPv6 Shellcode (Generator) (Metasploit) Linux/MIPS (Little Endian) - system() Shellcode (80 bytes) Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid() + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts Shellcode (77 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (77-85/90-98 bytes) Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Windows/x64 (XP) - Download File + Execute Shellcode Using PowerShell (Generator) Linux/MIPS (Little Endian) - chmod(/etc/shadow 666) Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod(/etc/passwd 666) Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - execve(/bin/sh) + ROT13 Encoded Shellcode (68 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts + Obfuscated Shellcode (98 bytes) Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Custom execve() + 'Followtheleader' Shellcode (Encoder/Decoder) (Generator) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - mkdir(HACK) + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Reboot() Shellcode (28 bytes) Linux/x86 - reboot() Shellcode (28 bytes) Linux/x64 - execve() Encoded Shellcode (57 bytes) Linux/x64 - execve() + Encoded Shellcode (57 bytes) Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Windows/x86 - Download File (//192.168.1.19/c) Via WebDAV + Execute Null-Free Shellcode (96 bytes) Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes) Windows - Keylogger To File (./log.bin) + Null-Free Shellcode (431 bytes) Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes) Windows - Keylogger To File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes) BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) BSD / Linux / Windows (x86/x64) - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Shellcode (194 bytes) (Generator) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing Via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes) BSD/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes) Linux/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes) BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (31 bytes) Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes) Linux/x86 - Audio (knock knock knock) Via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes) Linux/x86 - Remote File Download Shellcode (42 bytes) Linux/x86 - Download File Shellcode (42 bytes) Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes) Linux/x86 - reboot() + Mutated + Null-Free Shellcode (55 bytes) Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes) Linux/x86 - execve(wget) + Mutated + Null-Free Shellcode (96 bytes) Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes) Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes) Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes) Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + Execute Shellcode (108 bytes) Linux/x86 - execve(/bin/sh) Using jump/call/pop Shellcode (52 bytes) Linux/x86 - Copy /etc/passwd To /tmp/outfile Shellcode (97 bytes) Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Linux/x64 - execve(/bin/sh -c reboot) Shellcode (89 bytes) Linux/x64 - mkdir() Shellcode (25 bytes) Linux/x64 - mkdir(ajit) Shellcode (25 bytes) IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes) IRIX - Bind (/TCP) Shell (/bin/sh) Shellcode (364 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes) Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (79 bytes) Linux/ARM - chmod(/etc/passwd 0777) Shellcode (39 bytes) Linux/x64 - Execute /bin/sh Shellcode (27 bytes) Linux/x64 - execve(/bin/sh) Shellcode (27 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (96 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes) Linux/x64 - shutdown -h now Shellcode (64 bytes) Linux/x64 - /sbin/shutdown -h now Shellcode (65 bytes) Linux/x64 - /sbin/shutdown -h now Shellcode (64 bytes) Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator) Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes) Linux/x64 - execve(/bin/sh) + Custom Encoded XOR Shellcode Linux/x64 - execve(/bin/sh) + Custom Encoded XOR + Polymorphic Shellcode (Generator) Linux/x64 - execve(/bin/sh) + Twofish Encoded + DNS (CNAME) Password + Shellcode Linux/x86 - execve(/bin/sh) + NOT Encoder / Decoder Shellcode (44 bytes) Linux/x64 - x64 Assembly Shellcode (Generator) Linux/x64 - execve() Assembly Shellcode (Generator) Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes) Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (37 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + (Dual IPv4 and IPv6) Shellcode (146 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + IPv4/6 Shellcode (146 bytes) Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (28 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (20 Bytes) Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes) Linux/x86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes) Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes) Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (4 Bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse (192.168.2.157:31337/TCP) Shellcode (181 bytes) Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x86 - execve(/usr/bin/head -n99 cat etc/passwd) Shellcode (61 Bytes) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes) Windows/x86 - Download With TFTP And Execute Shellcode (51-60 bytes) (Generator) Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + Execute Shellcode (119 bytes) Windows/x86 (XP Pro SP3) - Download File Via TFTP + Execute Shellcode (51-60 bytes) (Generator) Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes) Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes) Linux/ARM - Reverse (192.168.1.124:4321/TCP) Shell (/bin/sh) Shellcode (64 bytes) Windows/x86 - Download File (http://192.168.0.13/ms.msi) Via msiexec + Execute Shellcode (95 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (119 bytes) Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes) Linux/x86 - Add User (sshd/root) To /etc/passwd Shellcode (149 bytes) Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes) Linux/x86 - cat .bash_history + base64 Encode + cURL (http://localhost:8080) Shellcode (125 bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes) Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) Shellcode (91 Bytes) (Generator) Linux/x86 - Shred file (test.txt) Shellcode (72 bytes) Linux/x86 - Shred File (test.txt) Shellcode (72 bytes) Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes) Linux/x64 - execve(/bin/sh) Shellcode (23 bytes) Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + Reposition + INC Encoder Shellcode (66 bytes) Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe _c:\evil.exe_) Shellcode (210 Bytes) Windows/x86 - Download File (http://192.168.10.10/evil.exe _c:\evil.exe_) Via bitsadmin + Execute Shellcode (210 Bytes) Linux/x86 - Chmod + Execute (/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes) Linux/x86 - chmod + execute(/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (140 bytes) Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes) Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes) Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + mmap() + read() Stager Shellcode (60 Bytes) Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (8 Bytes) Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) Using JMP-CALL-POP Shellcode (21 bytes) Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes) Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes) Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (168 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + Polymorphic Shellcode (53 bytes) Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (107 bytes) Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes) Linux/x86_64 - execve(_/bin/sh_) + AVX2 XOR Decoder Shellcode (62 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes) Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes) Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (107 Bytes) Linux/x86 - Bind (43690/TCP) + Null-Free Shellcode (53 Bytes) Linux/x86 - execve(/bin/sh) + NOT + XOR-N + Random Encoded Shellcode (132 bytes) Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode (25 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes) Linux/x86 - (NOT\|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes) Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Byte Free Shellcode (188 bytes) Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes) Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes) Windows/7 - Screen Lock Shellcode (9 bytes) Linux/x86 - Add Root User (vl43ck/test) To /etc/passwd Shellcode (59 bytes) Linux/x86 - adduser (User) To /etc/passwd Shellcode (74 bytes) Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (91 bytes) Linux/x86 - execve(/bin/sh) Socket Reuse Shellcode (42 bytes) Linux/x86 - execve(/bin/sh) + NOT\|ROT+8 Encoded + Null-Free Shellcode (47 bytes) Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Free Shellcode (188 bytes) Linux/x86 - execve() + Alphanumeric Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + Random Bytes Encoder + XOR/SUB/NOT/ROR Shellcode (114 bytes) Windows/x64 (7) - Screen Lock Shellcode (9 bytes) Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes) Windows/x86 - WinExec Calc.exe + Null-Free Shellcode (195 bytes) Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes) Linux/x86 - Reboot + Polymorphic Shellcode (26 bytes) Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes) Linux/ARM - execve /bin/dash Shellcode (32 bytes) Windows/x86 - MSVCRT System + Dynamic Null-Free + Add RDP Admin (MajinBuu/TurnU2C@ndy!!) + Disable Firewall + Enable RDP Shellcode (644 Bytes) Linux/x64 - Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Password (P3WP3Wl4ZerZ) + Null-free Shellcode (272 Bytes) Linux/ARM - execve(/bin/dash) Shellcode (32 bytes) Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes) Linux/x86 - Disable ASLR Security + Polymorphic Shellcode (124 bytes) Windows/x86 - Download using mshta.exe Shellcode (100 bytes) Windows/x86 - Download File (http://192.168.43.192:8080/9MKWaRO.hta) Via mshta Shellcode (100 bytes)	2021-01-16 05:01:56 +00:00
Offensive Security	91f4f8025d	DB: 2021-01-13 4 changes to exploits/shellcodes Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated) Cemetry Mapping and Information System 1.0 - Multiple SQL Injections SmartAgent 3.1.0 - Privilege Escalation Linux/x86 - bind shell on port 13377 Shellcode (65 bytes)	2021-01-13 05:01:55 +00:00
Offensive Security	66f2f8c3b5	DB: 2021-01-12 9 changes to exploits/shellcodes PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval EyesOfNetwork 5.3 - RCE & PrivEsc Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting EyesOfNetwork 5.3 - LFI Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS) OpenCart 3.0.36 - ATO via Cross Site Request Forgery Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection	2021-01-12 05:01:58 +00:00
Offensive Security	206c9f4f7e	DB: 2021-01-09 9 changes to exploits/shellcodes dnsrecon 0.10.0 - CSV Injection PHP Handicapper - 'Process_signup.php' HTTP Response Splitting PHP Handicapper (2005) - 'Process_signup.php' HTTP Response Splitting Life Insurance Management System 1.0 - Multiple Stored XSS Online Doctor Appointment System 1.0 - Multiple Stored XSS Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated) Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit) WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit) Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)	2021-01-09 05:01:55 +00:00
Offensive Security	e95d9f2c13	DB: 2021-01-07 23 changes to exploits/shellcodes dirsearch 0.4.1 - CSV Injection IObit Uninstaller 10 Pro - Unquoted Service Path WinAVR Version 20100110 - Insecure Folder Permissions PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation H2 Database 1.4.199 - JNI Code Execution Responsive ELearning System 1.0 - 'id' Sql Injection Responsive E-Learning System 1.0 - 'id' Sql Injection Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF) IPeakCMS 3.5 - Boolean-based blind SQLi Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE Responsive E-Learning System 1.0 - Stored Cross Site Scripting WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting Newgen Correspondence Management System (corms) eGov 12.0 - IDOR Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated) Resumes Management and Job Application Website 1.0 - Multiple Stored XSS Gitea 1.7.5 - Remote Code Execution Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)	2021-01-07 05:01:58 +00:00
Offensive Security	2c7e8b1ddc	DB: 2021-01-06 19 changes to exploits/shellcodes Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission IncomCMS 2.0 - Insecure File Upload House Rental and Property Listing 1.0 - Multiple Stored XSS Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection) WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[currency_code]' Stored XSS WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS Online Movie Streaming 1.0 - Authentication Bypass Responsive ELearning System 1.0 - 'id' Sql Injection Baby Care System 1.0 - 'Post title' Stored XSS Responsive FileManager 9.13.4 - 'path' Path Traversal Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated) HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities Cassandra Web 0.5.0 - Remote File Read CSZ CMS 1.2.9 - Multiple Cross-Site Scripting Online Learning Management System 1.0 - RCE (Authenticated) Klog Server 2.4.1 - Command Injection (Unauthenticated) EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting	2021-01-06 05:01:59 +00:00
Offensive Security	8e0113decc	DB: 2021-01-05 12 changes to exploits/shellcodes Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path Knockpy 4.1.1 - CSV Injection Wordpress Core 5.2.2 - 'post previews' XSS 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Advanced Comment System 1.0 - 'ACS_path' Path Traversal sar2html 3.2.1 - 'plot' Remote Code Execution CMS Made Simple 2.2.15 - RCE (Authenticated) Subrion CMS 4.2.1 - 'avatar[path]' XSS Click2Magic 1.1.5 - Stored Cross-Site Scripting Arteco Web Client DVR/NVR - 'SessionId' Brute Force	2021-01-05 05:02:00 +00:00

1 2 3 4

191 commits