exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	c8181201fd	DB: 2019-11-13 38 changes to exploits/shellcodes Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH) Wondershare Application Framework Service - _WsAppService_ Unquote Service Path eMerge E3 Access Controller 4.6.07 - Remote Code Execution eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit) CBAS-Web 19.0.0 - Information Disclosure Prima FlexAir Access Control 2.3.38 - Remote Code Execution Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting eMerge E3 1.00-06 - Unauthenticated Directory Traversal eMerge E3 1.00-06 - Privilege Escalation eMerge E3 1.00-06 - Remote Code Execution eMerge E3 1.00-06 - Cross-Site Request Forgery Atlassian Confluence 6.15.1 - Directory Traversal eMerge E3 1.00-06 - Arbitrary File Upload eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting eMerge50P 5000P 4.6.07 - Remote Code Execution CBAS-Web 19.0.0 - Remote Code Execution CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin) CBAS-Web 19.0.0 - Username Enumeration CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection Joomla 3.9.13 - 'Host' Header Injection Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Prima Access Control 2.3.35 - Arbitrary File Upload Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit) Optergy 2.3.0a - Remote Code Execution FlexAir Access Control 2.4.9api3 - Remote Code Execution Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin) Optergy 2.3.0a - Username Disclosure Optergy 2.3.0a - Remote Code Execution (Backdoor) Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting FlexAir Access Control 2.3.35 - Authentication Bypass Bematech Printer MP-4200 - Denial of Service	2019-11-13 05:01:43 +00:00
Offensive Security	c99b957a9f	DB: 2019-11-01 3 changes to exploits/shellcodes WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow (SEH) MikroTik RouterOS 6.45.6 - DNS Cache Poisoning CommSy 8.6.5 - SQL injection Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection	2019-11-01 05:01:39 +00:00
Offensive Security	a464ad083a	DB: 2019-10-23 5 changes to exploits/shellcodes winrar 5.80 - XML External Entity Injection Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit) Moxa EDR-810 - Command Injection / Information Disclosure Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)	2019-10-23 05:01:41 +00:00
Offensive Security	21c1b71372	DB: 2019-10-01 6 changes to exploits/shellcodes GoAhead 2.5.0 - Host Header Injection Cisco Small Business 220 Series - Multiple Vulnerabilities vBulletin 5.x - Remote Command Execution (Metasploit) phpIPAM 1.4 - SQL Injection thesystem 1.0 - Cross-Site Scripting TheSystem 1.0 - Command Injection	2019-10-01 05:01:46 +00:00
Offensive Security	afd22dbcb0	DB: 2019-09-24 3 changes to exploits/shellcodes Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure Gila CMS < 1.11.1 - Local File Inclusion	2019-09-24 05:03:03 +00:00
Offensive Security	b6378fddcc	DB: 2019-09-17 6 changes to exploits/shellcodes Windows NTFS - Privileged File Access Enumeration AppXSvc - Privilege Escalation docPrint Pro 8.0 - SEH Buffer Overflow Inteno IOPSYS Gateway - Improper Access Restrictions Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection	2019-09-17 05:02:21 +00:00
Offensive Security	a26ef1328e	DB: 2019-09-04 6 changes to exploits/shellcodes ktsuss 1.4 - suid Privilege Escalation (Metasploit) ptrace - Sudo Token Privilege Escalation (Metasploit) Cisco UCS Director - default scpuser password (Metasploit) Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit) Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit) FileThingie 2.5.7 - Arbitrary File Upload	2019-09-04 05:02:30 +00:00
Offensive Security	bc4836bfc1	DB: 2019-09-03 12 changes to exploits/shellcodes ChaosPro 2.0 - SEH Buffer Overflow ChaosPro 2.1 - SEH Buffer Overflow ChaosPro 3.1 - SEH Buffer Overflow Kaseya VSA agent 9.5 - Privilege Escalation Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read Opencart 3.x - Cross-Site Scripting Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection Alkacon OpenCMS 10.5.x - Cross-Site Scripting Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2) Alkacon OpenCMS 10.5.x - Local File inclusion Craft CMS 2.7.9/3.2.5 - Information Disclosure	2019-09-03 05:02:22 +00:00
Offensive Security	4afcc04eda	DB: 2019-07-02 24 changes to exploits/shellcodes Linux Mint 18.3-19.1 - 'yelp' Command Injection FaceSentry Access Control System 6.4.8 - Remote SSH Root WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection PowerPanel Business Edition - Cross-Site Scripting ZoneMinder 1.32.3 - Cross-Site Scripting SAP Crystal Reports - Information Disclosure Sahi pro 8.x - Directory Traversal CyberPanel 1.8.4 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Command Injection FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Root Exploit Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes) Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes) Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes) Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes) Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes) Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes) Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)	2019-07-02 05:01:50 +00:00
Offensive Security	a90736625a	DB: 2019-06-26 7 changes to exploits/shellcodes SuperDoctor5 - 'NRPE' Remote Code Execution SAPIDO RB-1732 - Remote Command Execution Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution AZADMIN CMS 1.0 - SQL Injection BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting	2019-06-26 05:01:53 +00:00
Offensive Security	76be51b7d6	DB: 2019-06-05 8 changes to exploits/shellcodes DVD X Player 5.5 Pro - Local Buffer Overflow (SEH) NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow Cisco RV130W 1.0.3.44 - Remote Stack Overflow IceWarp 10.4.4 - Local File Inclusion Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting	2019-06-05 05:01:56 +00:00
Offensive Security	79a9df09f0	DB: 2019-05-07 13 changes to exploits/shellcodes iOS 12.1.3 - 'cfprefsd' Memory Corruption Windows PowerShell ISE - Remote Code Execution NSClient++ 0.5.2.35 - Privilege Escalation Windows PowerShell ISE - Remote Code Execution LG Supersign EZ CMS - Remote Code Execution (Metasploit) Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter) ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution PHPads 2.0 - 'click.php3?bannerID' SQL Injection microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes) Linux/x86 - shred file Shellcode (72 bytes)	2019-05-07 05:01:58 +00:00
Offensive Security	0d739de6f9	DB: 2019-04-16 13 changes to exploits/shellcodes UltraVNC Viewer 1.2.2.4 - 'VNC Server' Denial of Service (PoC) UltraVNC Launcher 1.2.2.4 - 'Path' Denial of Service (PoC) MailCarrier 2.51 - 'RCPT TO' Buffer Overflow RemoteMouse 3.008 - Arbitrary Remote Command Execution CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit) MailCarrier 2.51 - POP3 'USER' Buffer Overflow MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit) Manage Engine ServiceDesk Plus 10.0 - Privilege Escalation DirectAdmin 1.561 - Multiple Vulnerabilities Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes) Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)	2019-04-16 05:02:04 +00:00
Offensive Security	be8aa5121b	DB: 2019-04-10 7 changes to exploits/shellcodes Microsoft Windows - AppX Deployment Service Privilege Escalation PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow Apache Axis 1.4 - Remote Code Execution Ashop Shopping Cart Software - 'bannedcustomers.php?blacklistitemid' SQL Injection Linux/x64 - XANAX Encoder Shellcode (127 bytes) Linux/x64 - XANAX Decoder Shellcode (127 bytes)	2019-04-10 05:02:03 +00:00
Offensive Security	9d7b2f64d5	DB: 2019-04-04 18 changes to exploits/shellcodes Canarytokens 2019-03-01 - Detection Bypass SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion) WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free WebKitGTK+ - 'ThreadedCompositor' Race Condition Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion AIDA64 Business 5.99.4900 - SEH Buffer Overflow (EggHunter) AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow AIDA64 Extreme / Engineer / Network Audit 5.99.4900 - SEH Buffer Overflow (EggHunter) TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit) PhreeBooks ERP 5.2.3 - Remote Command Execution Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit) iScripts ReserveLogic - SQL Injection Clinic Pro v4 - 'month' SQL Injection Ashop Shopping Cart Software - SQL Injection PhreeBooks ERP 5.2.3 - Arbitrary File Upload	2019-04-04 05:02:18 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	f7381cfe15	DB: 2019-02-22 9 changes to exploits/shellcodes Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC) Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC) ScreenStream 3.0.15 - Denial of Service AirDrop 2.0 - Denial of Service (DoS) RealTerm Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow (SEH) Memu Play 6.0.7 - Privilege Escalation MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection EI-Tube 3 - SQL Injection	2019-02-22 05:01:55 +00:00
Offensive Security	26efc559c7	DB: 2019-02-21 8 changes to exploits/shellcodes FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC) WinRAR 5.61 - '.lng' Denial of Service FaceTime - Texture Processing Memory Corruption Android Kernel < 4.8 - ptrace seccomp Filter Bypass MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - File Permissions SYSTEM Privilege Escalation MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation Apple macOS 10.13.5 - Local Privilege Escalation mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers mIRC < 7.55 - 'Custom URI Protocol Handlers' Remote Command Execution Belkin Wemo UPnP - Remote Code Execution (Metasploit) HotelDruid 2.3 - Cross-Site Scripting	2019-02-21 05:01:57 +00:00
Offensive Security	40d3df51a4	DB: 2019-01-19 18 changes to exploits/shellcodes Watchr 1.1.0.0 - Denial of Service (PoC) One Search 1.1.0.0 - Denial of Service (PoC) Eco Search 1.0.2.0 - Denial of Service (PoC) 7 Tik 1.0.1.0 - Denial of Service (PoC) VPN Browser+ 1.1.0.0 - Denial of Service (PoC) FastTube 1.0.1.0 - Denial of Service (PoC) Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion Microsoft Edge Chakra - 'InitClass' Type Confusion Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free Webmin 1.900 - Remote Command Execution (Metasploit) SCP Client - Multiple Vulnerabilities (SSHtranger Things) SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion phpTransformer 2016.9 - SQL Injection phpTransformer 2016.9 - Directory Traversal Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload	2019-01-19 05:01:57 +00:00
Offensive Security	518c704a2f	DB: 2019-01-15 32 changes to exploits/shellcodes xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab) Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation Microsoft Windows 10 - COM Desktop Broker Privilege Escalation Hootoo HT-05 - Remote Code Execution (Metasploit) Across DR-810 ROM-0 - Backup File Disclosure i-doit CMDB 1.12 - Arbitrary File Download i-doit CMDB 1.12 - SQL Injection Horde Imp - 'imap_open' Remote Command Execution Modern POS 1.3 - Arbitrary File Download Modern POS 1.3 - SQL Injection Twilio WEB To Fax Machine System Application 1.0 - SQL Injection Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin) Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection Find a Place CMS Directory 1.5 - SQL Injection Cleanto 5.0 - SQL Injection Lenovo R2105 - Cross-Site Request Forgery (Command Execution) HealthNode Hospital Management System 1.0 - SQL Injection Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account) ThinkPHP 5.X - Remote Command Execution Real Estate Custom Script 2.0 - SQL Injection Job Portal Platform 1.0 - SQL Injection Umbraco CMS 7.12.4 - Authenticated Remote Code Execution Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection AudioCode 400HD - Command Injection	2019-01-15 05:01:52 +00:00
Offensive Security	e3c06fe0f7	DB: 2018-12-15 16 changes to exploits/shellcodes Angry IP Scanner 3.5.3 - Denial of Service (PoC) UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC) Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH) Cisco RV110W - Password Disclosure / Command Execution Safari - Proxy Object Type Confusion (Metasploit) Adminer 4.3.1 - Server-Side Request Forgery Responsive FileManager 9.13.4 - Multiple Vulnerabilities Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2) Huawei Router HG532e - Command Execution Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password) Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution Double Your Bitcoin Script Automatic - Authentication Bypass	2018-12-15 05:01:46 +00:00
Offensive Security	dfd1e454e1	DB: 2018-11-28 10 changes to exploits/shellcodes MariaDB Client 10.1.26 - Denial of Service (PoC) Arm Whois 3.11 - Buffer Overflow (ASLR) Xorg X11 Server - SUID privilege escalation (Metasploit) ELBA5 5.8.0 - Remote Code Execution Netgear Devices - Unauthenticated Remote Command Execution (Metasploit) Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting Ticketly 1.0 - 'kind_id' SQL Injection No-Cms 1.0 - 'order_by' SQL Injection Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal	2018-11-28 11:08:29 +00:00
Offensive Security	635345499a	DB: 2018-10-18 15 changes to exploits/shellcodes Git Submodule - Arbitrary Code Execution Git Submodule - Arbitrary Code Execution (PoC) Any Sound Recorder 2.93 - Buffer Overflow (SEH) Git Submodule - Arbitrary Code Execution Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials BigTree CMS 4.2.23 - Cross-Site Scripting Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin) TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Time and Expense Management System 3.0 - 'table' SQL Injection	2018-10-18 05:01:46 +00:00
Offensive Security	038ac7b860	DB: 2018-10-11 4 changes to exploits/shellcodes FileZilla 3.33 - Buffer Overflow (PoC) WhatsApp - RTP Processing Heap Corruption MicroTik RouterOS < 6.43rc3 - Remote Root Ektron CMS 9.20 SP2 - Improper Access Restrictions	2018-10-11 05:01:43 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	29542c36ab	DB: 2018-09-19 7 changes to exploits/shellcodes Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC) Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit) NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet) Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution HongCMS 3.0.0 - SQL Injection HongCMS 3.0.0 - (Authenticated) SQL Injection Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)	2018-09-19 05:01:45 +00:00
Offensive Security	32f471140a	DB: 2018-09-06 18 changes to exploits/shellcodes Microsoft people 10.1807.2131.0 - Denial of service (PoC) GNU glibc < 2.27 - Local Buffer Overflow UltraISO 9.7.1.3519 - Buffer Overflow (SEH) JBoss 4.2.x/4.3.x - Information Disclosure Git < 2.17.1 - Remote Code Execution FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH) Monstra CMS 3.0.4 - Remote Code Execution OpenDaylight - SQL Injection Tenda ADSL Router D152 - Cross-Site Scripting Pivotal Spring Java Framework < 5.0 - Remote Code Execution	2018-09-06 05:01:55 +00:00
Offensive Security	444206a6be	DB: 2018-08-30 21 changes to exploits/shellcodes NASA openVSP 3.16.1 - Denial of Service (PoC) Immunity Debugger 1.85 - Denial of Service (PoC) ipPulse 1.92 - 'TCP Port' Denial of Service (PoC) Fathom 2.4 - Denial Of Service (PoC) Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC) Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC) HD Tune Pro 5.70 - Denial of Service (PoC) Drive Power Manager 1.10 - Denial Of Service (PoC) Easy PhotoResQ 1.0 - Denial Of Service (PoC) Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC) SIPP 3.3 - Stack-Based Buffer Overflow R 3.4.4 - Buffer Overflow (SEH) Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure phpMyAdmin 4.7.x - Cross-Site Request Forgery Episerver 7 patch 4 - XML External Entity Injection Argus Surveillance DVR 4.0.0.0 - Directory Traversal Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes) Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes) Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)	2018-08-30 05:01:54 +00:00
Offensive Security	a2ac269de5	DB: 2018-07-19 8 changes to exploits/shellcodes JavaScript Core - Arbitrary Code Execution QNAP Q'Center - change_passwd Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs RCE (Metasploit) QNAP Q'Center - 'change_passwd' Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit) HomeMatic Zentrale CCU2 - Remote Code Execution MailGust 1.9 - Board Takeover SQL Injection MailGust 1.9 - Board Takeover (SQL Injection) Cyphor 0.19 - Board Takeover SQL Injection Cyphor 0.19 - Board Takeover (SQL Injection) versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection versatileBulletinBoard 1.00 RC2 - Board Takeover (SQL Injection) WordPress 2.6.1 - SQL Column Truncation Admin Takeover WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) Invision Power Board 1.x?/2.x/3.x - Admin Account Takeover Invision Power Board 1.x?/2.x/3.x - Admin Takeover Joomla! < 3.6.4 - Admin TakeOver Joomla! < 3.6.4 - Admin Takeover PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection Open-AudIT Community 2.1.1 - Cross-Site Scripting FTP2FTP 1.0 - Arbitrary File Download Modx Revolution < 2.6.4 - Remote Code Execution	2018-07-19 05:01:43 +00:00
Offensive Security	1f88d0a67a	DB: 2018-07-18 10 changes to exploits/shellcodes Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials QNAP Q'Center - change_passwd Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs RCE (Metasploit) Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)	2018-07-18 05:01:47 +00:00
Offensive Security	3df6650dac	DB: 2018-05-28 11 changes to exploits/shellcodes Werewolf Online 0.8.8 - Information Disclosure Bitmain Antminer D3/L3+/S9 - Remote Command Execution Wordpress Plugin Events Calendar - SQL Injection / Cross-Site Scripting Ingenious School Management System - 'id' SQL Injection Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting Lyrist - 'id' SQL Injection BookingWizz Booking System 5.5 - 'id' SQL Injection Listing Hub CMS 1.0 - SQL Injection ClipperCMS 1.3.3 - Cross-Site Scripting My Directory 2.0 - SQL Injection / Cross-Site Scripting Baby Names Search Engine 1.0 - 'a' SQL Injection	2018-05-28 05:01:49 +00:00
Offensive Security	608176a851	DB: 2018-05-26 8 changes to exploits/shellcodes Microsoft Edge Chakra - Cross Context Use-After-Free Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write D-Link DSL-2750B - OS Command Injection (Metasploit) KomSeo Cart 1.3 - 'my_item_search' SQL Injection MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting Oracle WebCenter FatWire Content Server < 7 - Improper Access Control Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting	2018-05-26 05:01:44 +00:00
Offensive Security	42f3759885	DB: 2018-05-21 6 changes to exploits/shellcodes Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass) mySCADA myPRO 7 - Hard-Coded Credentials D-Link DSL-3782 - Authentication Bypass Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection	2018-05-21 05:01:47 +00:00
Offensive Security	1873a7d234	DB: 2018-05-17 12 changes to exploits/shellcodes WhatsApp 2.18.31 - Memory Corruption Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Libuser - roothelper Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery VirtueMart 3.1.14 - Persistent Cross-Site Scripting Rockwell Scada System 27.011 - Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting	2018-05-17 05:01:47 +00:00
Offensive Security	813a3efbb5	DB: 2018-05-04 20 changes to exploits/shellcodes Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow Jnes 1.0.2 - Stack Buffer Overflow Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow netek 0.8.2 - Denial of Service Cisco Smart Install - Crash (PoC) Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Local Privilege Escalation (1) Linux Kernel 2.6.32 < 3.x (CentOS 5/6) - 'PERF_EVENTS' Local Privilege Escalation (1) Adobe Reader PDF - Client Side Request Injection Windows - Local Privilege Escalation Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit) Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit) Adobe Flash < 28.0.0.161 - Use-After-Free Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC) GPON Routers - Authentication Bypass / Command Injection TBK DVR4104 / DVR4216 - Credentials Leak Call of Duty Modern Warefare 2 - Buffer Overflow Squirrelcart 1.x.x - 'cart.php' Remote File Inclusion Squirrelcart 1.x - 'cart.php' Remote File Inclusion Infinity 2.x.x - options[style_dir] Local File Disclosure Infinity 2.x - 'options[style_dir]' Local File Disclosure PHP-Nuke 8.x.x - Blind SQL Injection PHP-Nuke 8.x - Blind SQL Injection WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - 'cart.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x.x - 'clientarea.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x - 'clientarea.php' Local File Disclosure Ajax Availability Calendar 3.x.x - Multiple Vulnerabilities Ajax Availability Calendar 3.x - Multiple Vulnerabilities vBulletin vBSEO 4.x.x - 'visitormessage.php' Remote Code Injection vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection WordPress Theme Photocrati 4.x.x - SQL Injection / Cross-Site Scripting WordPress Theme Photocrati 4.x - SQL Injection / Cross-Site Scripting Subrion 3.X.x - Multiple Vulnerabilities Subrion 3.x - Multiple Vulnerabilities Ciuis CRM 1.0.7 - SQL Injection LifeSize ClearSea 3.1.4 - Directory Traversal WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting DLINK DCS-5020L - Remote Code Execution (PoC) Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection	2018-05-04 05:01:47 +00:00
Offensive Security	c249d94cb7	DB: 2018-04-25 28 changes to exploits/shellcodes gif2apng 1.9 - '.gif' Stack Buffer Overflow VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC) Kaspersky KSN for Linux 5.2 - Memory Corruption Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service Adobe Flash - Overflow when Playing Sound Adobe Flash - Overflow in Slab Rendering Adobe Flash - Info Leak in Image Inflation Adobe Flash - Out-of-Bounds Write in blur Filtering Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion R 3.4.4 - Local Buffer Overflow Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH) lastore-daemon D-Bus - Privilege Escalation (Metasploit) Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass) ASUS infosvr - Auth Bypass Command Execution (Metasploit) UK Cookie Consent - Persistent Cross-Site Scripting WUZHI CMS 4.1.0 - Cross-Site Request Forgery Open-AudIT 2.1 - CSV Macro Injection Monstra CMS 3.0.4 - Arbitrary Folder Deletion Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes) Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes) Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes) Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)	2018-04-25 05:01:39 +00:00
Offensive Security	d0cba5625f	DB: 2018-04-18 12 changes to exploits/shellcodes Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017) Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039) D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit) Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Joomla! Component jDownloads 3.2.58 - Cross Site Scripting	2018-04-18 05:01:47 +00:00
Offensive Security	a8b515dd6d	DB: 2018-04-13 3 changes to exploits/shellcodes F5 BIG-IP SSL Virtual Server - Memory Disclosure F5 BIG-IP SSL Virtual Server - 'Ticketbleed' Memory Disclosure F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)	2018-04-13 05:01:51 +00:00
Offensive Security	d81af66afd	DB: 2018-04-04 5 changes to exploits/shellcodes Google Chrome V8 - 'ElementsAccessorBase::CollectValuesOrEntriesImpl' Type Confusion Google Chrome V8 - 'Genesis::InitializeGlobal' Out-of-Bounds Read/Write Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix 2) Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection	2018-04-04 05:01:46 +00:00
Offensive Security	b0fc7bfd43	DB: 2018-03-17 6 changes to exploits/shellcodes Android DRM Services - Buffer Overflow MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution Spring Data REST < 2.6.9 (Ingalls SR9)_ 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution Contec Smart Home 4.15 - Unauthorized Password Reset	2018-03-17 05:01:46 +00:00
Offensive Security	17d2f47aad	DB: 2018-03-14 6 changes to exploits/shellcodes Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC) MicroTik RouterOS 3.13 - SNMP write (Set request) MikroTik RouterOS 3.13 - SNMP write (Set request) Mikrotik RouterOS sshd (ROSSSH) - Unauthenticated Remote Heap Corruption MikroTik RouterOS - sshd (ROSSSH) Unauthenticated Remote Heap Corruption MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities Tuleap 9.17.99.189 - Blind SQL Injection	2018-03-14 05:01:48 +00:00
Offensive Security	9897272892	DB: 2018-03-07 8 changes to exploits/shellcodes Memcached - 'memcrashed' Denial of Service Softros Network Time System Server 2.3.4 - Denial of Service Chrome V8 JIT - Simplified-lowererer IrOpcode::kStoreField_ IrOpcode::kStoreElement Optimization Bug Chrome V8 JIT - JSBuiltinReducer::ReduceObjectCreate Fails to Ensure that the Prototype is _null_ Chrome V8 JIT - 'GetSpecializationContext' Type Confusion Chrome V8 JIT - Empty BytecodeJumpTable Out-of-Bounds Read Tenda AC15 Router - Unauthenticated Remote Code Execution Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download (PoC) Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download (PoC) Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download Bravo Tejari Web Portal - Cross-Site Request Forgery	2018-03-07 05:01:51 +00:00
Offensive Security	6a017b10c8	DB: 2018-03-06 12 changes to exploits/shellcodes Suricata < 4.0.4 - IDS Detection Bypass ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions Xion 1.0.125 - '.m3u' Local SEH-Based Unicode Venetian Exploit Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow Sophos UTM 9.410 - 'loginuser' 'confd' Service Privilege Escalation Papenmeier WiFi Baby Monitor Free & Lite < 2.02.2 - Remote Audio Record NETGEAR - 'TelnetEnable' Magic Packet (Metasploit) Joomla! Component Joomanager 2.0.0 - Arbitrary File Download Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download (PoC) Parallels Remote Application Server 15.5 - Path Traversal ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection Joomla! Component Joomanager 2.0.0 - ' com_Joomanager' Arbitrary File Download	2018-03-06 05:01:50 +00:00
Offensive Security	b42c3d0ecd	DB: 2018-03-02 9 changes to exploits/shellcodes Nintendo Switch - WebKit Code Execution (PoC) Nintendo Switch - WebKit Code Execution (PoC) Monstra - Multiple HTML Injection Vulnerabilities Monstra CMS 1.2.1 - Multiple HTML Injection Vulnerabilities Monstra CMS - 'login' SQL Injection Monstra CMS 1.2.0 - 'login' SQL Injection Monstra CMS - Remote Code Execution Joomla! Component K2 2.8.0 - Arbitrary File Download	2018-03-02 05:01:47 +00:00
Offensive Security	6885f2dcc7	DB: 2018-03-01 26 changes to exploits/shellcodes Sony Playstation 4 (PS4) 5.01 < 5.05 - WebKit Code Execution (PoC) FreeBSD Kernel (FreeBSD 10.2 < 10.3 x64) - 'SETFKEY' (PoC) FreeBSD Kernel (FreeBSD 10.2 x64) - 'sendmsg' Kernel Heap Overflow (PoC) Apple iOS 11.2.5 / watchOS 4.2.2 / tvOS 11.2.5 - 'bluetoothd' Memory Corruption Apple iOS - '.pdf' Jailbreak Apple iOS - '.pdf' Local Privilege Escalation / Jailbreak Foxit Reader 4.0 - '.pdf' Jailbreak Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow / Jailbreak Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' File Handling Local Command Execution Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution Sony Playstation 4 4.05 FW - Local Kernel Loader Sony Playstation 4 (PS4) 4.05 - Jailbreak (WebKit / 'namedobj ' Kernel Loader) Sony Playstation 4 4.55 FW - Local Kernel Sony Playstation 4 (PS4) 4.07 < 4.55 - 'bpf' Local Kernel Code Execution (PoC) Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC) Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC) Sony Playstation 3 (PS3) < 2.50 - WebKit Code Execution (PoC) WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow Linux Kernel - 'BadIRET' Local Privilege Escalation Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader Nintendo Switch - WebKit Code Execution (PoC) Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation / Jailbreak Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55) EPIC MyChart - SQL Injection EPIC MyChart - X-Path Injection Routers2 2.24 - Cross-Site Scripting	2018-03-01 05:01:48 +00:00
Offensive Security	d0ed4bb0d2	DB: 2018-02-27 3 changes to exploits/shellcodes Disk Savvy Enterprise 10.4.18 - Stack-Based Buffer Overflow (Metasploit) CloudMe Sync 1.10.9 - Stack-Based Buffer Overflow (Metasploit) AsusWRT LAN - Unauthenticated Remote Code Execution (Metasploit)	2018-02-27 05:01:54 +00:00
Offensive Security	e630f8c249	DB: 2018-02-16 45 changes to exploits/shellcodes Cisco ASA - Crash PoC Cisco ASA - Crash (PoC) GNU binutils 2.26.1 - Integer Overflow (POC) GNU binutils 2.26.1 - Integer Overflow (PoC) K7 Total Security 15.1.0.305 - Device Driver Arbitrary Memory Read Linux Kernel - 'AF_PACKET' Use-After-Free Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly (2) Microsoft Edge Chakra JIT - Memory Corruption Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions Microsoft Edge Chakra JIT - 'Array.prototype.reverse' Array Type Confusion Microsoft Edge Chakra JIT - 'NewScObjectNoCtor' Array Type Confusion Microsoft Edge Chakra JIT - 'LdThis' Type Confusion Pdfium - Pattern Shading Integer Overflows Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace Chrome V8 - 'Runtime_RegExpReplace' Integer Overflow Hotspot Shield - Information Disclosure Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation Nitro Pro PDF - Multiple Vulnerabilities Odoo CRM 10.0 - Code Execution Dashlane - DLL Hijacking LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation LightDM (Ubuntu 16.04/16.10) - 'Guest Account' Local Privilege Escalation Trustwave SWG 11.8.0.27 - SSH Unauthorized Access Ichano AtHome IP Cameras - Multiple Vulnerabilities Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution Ikraus Anti Virus 2.16.7 - Remote Code Execution McAfee Security Scan Plus - Remote Command Execution OrientDB - Code Execution 360 Total Security - Local Privilege Escalation HPE Intelligent Management Center (iMC) 7.2 (E0403P10) - Code Execution Oracle Knowledge Management 12.1.1 < 12.2.5 - XML External Entity Leading To Remote Code Execution iBall WRA150N - Multiple Vulnerabilities GitStack - Unauthenticated Remote Code Execution Monstra CMS - Remote Code Execution Ametys CMS 4.0.2 - Unauthenticated Password Reset DblTek - Multiple Vulnerabilities FiberHome - Directory Traversal PHP Melody 2.7.3 - Multiple Vulnerabilities Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure Horde Groupware 5.2.21 - Unauthorized File Download QNAP HelpDesk < 1.1.12 - SQL Injection Hanbanggaoke IP Camera - Arbitrary Password Change McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution Sophos XG Firewall 16.05.4 MR-4 - Path Traversal Cisco DPC3928 Router - Arbitrary File Disclosure IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities Geneko Routers - Unauthenticated Path Traversal Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution	2018-02-16 05:01:50 +00:00
Offensive Security	2c4b08963a	DB: 2018-02-08 25 changes to exploits/shellcodes QNAP NAS Devices - Heap Overflow QNAP NVR/NAS - Buffer Overflow (PoC) QNAP NVR/NAS Devices - Buffer Overflow (PoC) Cisco ASA - Crash PoC Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption Android - 'getpidcon' Permission Bypass in KeyStore Service Multiple OEM - 'nsd' Remote Stack Format String (PoC) HP-UX 11.0 - pppd Stack Buffer Overflow HP-UX 11.0 - 'pppd' Local Stack Buffer Overflow SGI IRIX - 'LsD' Multiple Buffer Overflows SGI IRIX - 'LsD' Multiple Local Buffer Overflows PostScript Utilities - 'psnup' Argument Buffer Overflow PostScript Utilities - 'psnup' Local Buffer Overflow Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflows Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Local Buffer Overflows MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access Geovision Inc. IP Camera & Video - Remote Command Execution Axis SSI - Remote Command Execution / Read Files Axis Communications MPQT/PACS - Heap Overflow / Information Leakage Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution Herospeed - 'TelnetSwitch' Remote Stack Overflow / Overwrite Password / Enable TelnetD Uniview - Remote Command Execution / Export Config (PoC) Vitek - Remote Command Execution / Information Disclosure (PoC) Vivotek IP Cameras - Remote Stack Overflow (PoC) Dahua Generation 2/3 - Backdoor Access HiSilicon DVR Devices - Remote Code Execution JiRos Banner Experience 1.0 - Unauthorised Create Admin JiRos Banner Experience 1.0 - Unauthorized Create Admin Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting Naukri Clone Script - Persistent Cross-Site Scripting Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting Online Test Script 2.0.7 - 'cid' SQL Injection Entrepreneur Dating Script 2.0.2 - Authentication Bypass	2018-02-08 05:01:53 +00:00
Offensive Security	cf96346519	DB: 2018-01-25 124 changes to exploits/shellcodes Airsensor M520 - HTTPD Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Samsung DVR SHR2040 - HTTPD Remote Denial of Service Denial of Service (PoC) Samsung DVR SHR2040 - HTTPd Remote Denial of Service Denial of Service (PoC) Novell ZenWorks 10/11 - TFTPD Remote Code Execution Novell ZENworks 10/11 - TFTPD Remote Code Execution Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi WhitSoft SlimServe HTTPd 1.1 - Get Denial of Service WhitSoft SlimServe HTTPd 1.1 - 'GET_ Denial of Service GoAhead Software GoAhead WebServer (Windows) 2.1 - Denial of Service GoAhead Web Server 2.1 (Windows) - Denial of Service Anti-Web HTTPD 2.2 Script - Engine File Opening Denial of Service Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service Rosiello Security Sphiro HTTPD 0.1B - Remote Heap Buffer Overflow Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow D-Link DWL-G700AP 2.00/2.01 - HTTPD Denial of Service D-Link DWL-G700AP 2.00/2.01 - HTTPd Denial of Service Lorex LH300 Series - ActiveX Buffer Overflow (PoC) Debut Embedded httpd 1.20 - Denial of Service Debut Embedded HTTPd 1.20 - Denial of Service Xorg 1.4 < 1.11.2 - File Permission Change X.Org xorg 1.4 < 1.11.2 - File Permission Change Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit) Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit) ICU library 52 < 54 - Multiple Vulnerabilities rooter VDSL Device - Goahead WebServer Disclosure FS4104-AW VDSL Device (Rooter) - GoAhead WebServer Disclosure Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal Simple HTTPd 1.42 - PUT Request Remote Buffer Overflow Simple HTTPd 1.42 - 'PUT' Remote Buffer Overflow Debian 2.1 - httpd Debian 2.1 - HTTPd Apache 0.8.x/1.0.x / NCSA httpd 1.x - test-cgi Directory Listing Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing Inso DynaWeb httpd 3.1/4.0.2/4.1 - Format String Inso DynaWeb HTTPd 3.1/4.0.2/4.1 - Format String W3C CERN httpd 3.0 Proxy - Cross-Site Scripting W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting ATP httpd 0.4 - Single Byte Buffer Overflow ATP HTTPd 0.4 - Single Byte Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - 'SOCKS4' Buffer Overflow Light HTTPd 0.1 - GET Buffer Overflow (1) Light HTTPd 0.1 - GET Buffer Overflow (2) Light HTTPd 0.1 - 'GET' Buffer Overflow (1) Light HTTPd 0.1 - 'GET' Buffer Overflow (2) Light HTTPD 0.1 (Windows) - Remote Buffer Overflow Light HTTPd 0.1 (Windows) - Remote Buffer Overflow Ultra Mini HTTPD 1.21 - Remote Stack Buffer Overflow Ultra Mini HTTPd 1.21 - Remote Stack Buffer Overflow Ultra Mini HTTPD - Remote Stack Buffer Overflow (Metasploit) Ultra Mini HTTPd - Remote Stack Buffer Overflow (Metasploit) BusyBox 1.01 - HTTPD Directory Traversal BusyBox 1.01 - HTTPd Directory Traversal Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1) Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (1) Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2) Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (2) Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection Apache mod_cgi - 'Shellshock' Remote Command Injection Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection Apache mod_cgi - 'Shellshock' Remote Command Injection IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit) GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit) GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit) Getsimple 2.01 - Local File Inclusion Getsimple CMS 2.01 - Local File Inclusion Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) Novell ZENworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) ManageEngine DesktopCentral 8.0.0 build < 80293 - Arbitrary File Upload ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File Upload ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution ManageEngine EventLog Analyzer - Multiple Vulnerabilities ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1) Bash CGI - 'Shellshock' Remote Command Injection (Metasploit) Bash CGI - 'Shellshock' Remote Command Injection (Metasploit) Getsimple 3.0 - 'set' Local File Inclusion Getsimple CMS 3.0 - 'set' Local File Inclusion ZENworks Configuration Management 11.3.1 - Remote Code Execution Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution Kaseya Virtual System Administrator - Multiple Vulnerabilities (1) Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1) Getsimple - 'path' Local File Inclusion Getsimple CMS 3.1.2 - 'path' Local File Inclusion Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit) SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit) ManageEngine Password Manager Pro and ManageEngine IT360 - SQL Injection ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection BMC Track-It! 11.4 - Multiple Vulnerabilities Billion / TrueOnline / ZyXEL Routers - Multiple Vulnerabilities SysAid Help Desk 14.4 - Multiple Vulnerabilities Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities GetSimple CMS 3.3.1 - Cross-Site Scripting CMS Made Simple 1.11.9 - Multiple Vulnerabilities ManageEngine Desktop Central - Create Administrator ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2) ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes) FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes) FreeBSD/x64 - exec /bin/sh Shellcode (31 bytes) FreeBSD/x64 - execve(/bin/sh) Shellcode (34 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x64 - execve(/bin/sh) Shellcode (33 bytes) NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes) Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes) UnixWare - execve(/bin/sh) Shellcode (95 bytes) Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes) UnixWare - execve(/bin/sh) Shellcode (95 bytes) Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Windows/x64 - URLDownloadToFileA(http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Windows/x86 (XP SP3) - ShellExecuteA Shellcode Windows/x86 (XP SP3) - ShellExecuteA() Shellcode Linux/x86 - Fork Bomb Shellcode (6 bytes) (1) Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Windows/x86 - JITed Stage-0 Shellcode Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes) Windows/x86 (XP SP2) - WinExec(write.exe) + ExitProcess Shellcode (16 bytes) Windows/x86 - MessageBox Shellcode (Metasploit) Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode Windows/x86 - MessageBox Shellcode (Generator) (Metasploit) Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes) Windows/x64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes) Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes) Windows/x64 (7) - cmd.exe Shellcode (61 bytes) Windows - MessageBoxA Shellcode (238 bytes) Windows - MessageBoxA() Shellcode (238 bytes) Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes) Linux/x64 - Disable ASLR Security Shellcode (143 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes) Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator) Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes) Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes) Windows (XP SP3) (Spanish) - URLDownloadToFileA() + CreateProcessA() + ExitProcess() Shellcode (176+ bytes) (Generator) Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) Windows - WinExec(cmd.exe) + ExitProcess Shellcode (195 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes) Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes) Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes) Windows (XP SP3) (English) - MessageBoxA() Shellcode (87 bytes) OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) OSX/x64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes) ARM - Add Root User Shellcode (66+ bytes) (Generator) (Metasploit) Windows/x86 - Eggsearch Shellcode (33 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes) Linux/x64 - execve(/bin/sh) Shellcode (52 bytes) Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes) Linux/x64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes) Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode Windows (2000/XP/7) - URLDownloadToFile(http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes) Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir() Shellcode (37 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir() Shellcode (37 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes) Linux/x64 - execve(/bin/sh) Via Push Shellcode (23 bytes) Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes) Linux/x64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes) Linux/x86-64 - execve() Encoded Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode Linux/x64 - execve() Encoded Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode (Generator) Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes) OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes) Windows/x86 - user32!MessageBox(Hello World!) + Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode (Generator) Windows/x64 (2003) - Token Stealing Shellcode (59 bytes) OSX/x64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes) OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes) OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Linux/x64 - execve(/bin/sh) Shellcode (34 bytes) Linux/x86-64 - execve() Shellcode (22 bytes) Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes) Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes) Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - execve() Shellcode (22 bytes) Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Egghunter (0x6b634068) Shellcode (24 bytes) Linux/x64 - execve() + Polymorphic Shellcode (31 bytes) Windows (XP < 10) - Command Generator WinExec() + Null-Free Shellcode (Generator) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x64 - Read /etc/passwd Shellcode (156 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes) Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1) Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - execve(/bin/sh) Shellcode (26 bytes) Linux/x64 - execve(/bin/sh) Shellcode (25 bytes) (1) Linux/x64 - execve(/bin/bash) Shellcode (33 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Read /etc/passwd Shellcode (65 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Windows/x86 - URLDownloadToFileA(http://192.168.86.130/sample.exe) + SetFileAttributesA(pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x86-64 - Bind TCP Shell Shellcode (Generator) Linux/x64 - Bind TCP Shell Shellcode (Generator) Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x64 - execve() + XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Windows/x86 - MessageBoxA Shellcode (242 bytes) Windows/x86 - MessageBoxA() Shellcode (242 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes) Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes) Linux/x64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes) Linux/x64 - Read /etc/passwd Shellcode (82 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - sethostname(Rooted !) + killall Shellcode (33 bytes) Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes) Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes) Windows/x64 - WinExec(cmd.exe) Shellcode (93 bytes) Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Windows/x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir() Shellcode (25 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes) Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x64 - mkdir() Shellcode (25 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x64 - execve(/bin/sh) Shellcode (22 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes) Linux/x64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes) Linux/x64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes) Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes) Linux/x64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes) FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x64 - execve(/bin/sh) Shellcode (28 bytes) FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x86-64 - shutdown -h now Shellcode (65 bytes) Linux/x86-64 - shutdown -h now Shellcode (64 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes) Linux/x64 - Execute /bin/sh Shellcode (27 bytes) Linux/x64 - Execute /bin/sh Shellcode (24 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes) Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes) Linux/x64 - shutdown -h now Shellcode (64 bytes) Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) Windows/x86-64 (10) - Egghunter Shellcode (45 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2) Windows/x64 (10) - Egghunter Shellcode (45 bytes) Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (2) Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1) Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Windows - cmd.exe Shellcode (718 bytes) Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (1) Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes) Linux/x64 - execve(/bin/sh) Shellcode (24 bytes) Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x64 - Kill All Processes Shellcode (19 bytes) Linux/x64 - Fork Bomb Shellcode (11 bytes) Linux/x86-64 - mkdir(evil) Shellcode (30 bytes) Linux/x64 - mkdir(evil) Shellcode (30 bytes) Windows/x86-64 - API Hooking Shellcode (117 bytes) Windows/x64 - API Hooking Shellcode (117 bytes)	2018-01-25 18:22:06 +00:00
Offensive Security	d1b70e7a13	DB: 2018-01-25 8 changes to exploits/shellcodes RAVPower 2.000.056 - Memory Disclosure Acunetix WVS 10 - Local Privilege Escalation Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit) Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape Blizzard Update Agent - JSON RPC DNS Rebinding NoMachine 5.3.9 - Local Privilege Escalation Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1) Acunetix WVS 10 - Remote Command Execution RAVPower 2.000.056 - Root Remote Code Execution Kaltura - Remote PHP Code Execution over Cookie (Metasploit) GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit) Vodafone Mobile Wifi - Reset Admin Password Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution Professional Local Directory Script 1.0 - SQL Injection WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure	2018-01-25 05:01:47 +00:00

1 2 3 4

161 commits