bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1749 commits 1 branch 0 tags 270 MiB
Commit graph

101 commits

Author SHA1 Message Date
Offensive Security
b68cbec24d DB: 2019-01-29 
26 changes to exploits/shellcodes

Sricam gSOAP 2.8 - Denial of Service
Smart VPN 1.1.3.0 - Denial of Service (PoC)
MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)
BEWARD Intercom 2.3.1 - Credentials Disclosure
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference
CMSsite 1.0 - 'cat_id' SQL Injection
CMSsite 1.0 - 'search' SQL Injection
Cisco RV300 / RV320 - Information Disclosure
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
Newsbull Haber Script 1.0.0 - 'search' SQL Injection
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection
Teameyo Project Management System 1.0 - SQL Injection
Mess Management System 1.0 - SQL Injection
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection

Linux/x86 - exit(0) Shellcode (5 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2)
Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes)
Linux/ARM -  Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
 2019-01-29 05:01:52 +00:00
Offensive Security
2ad3a5e94e DB: 2019-01-22 
11 changes to exploits/shellcodes

Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer
Echo Mirage 3.1 - Buffer Overflow (PoC)

GattLib 0.2 - Stack Buffer Overflow
Kepler Wallpaper Script 1.1 - SQL Injection
Coman 1.0 - 'id' SQL Injection
Reservic 1.0 - 'id' SQL Injection
MoneyFlux 1.0 - 'id' SQL Injection
PHP Dashboards NEW 5.8 - 'dashID' SQL Injection
PHP Dashboards NEW 5.8 - Local File Inclusion
PHP Uber-style GeoTracking 1.1 - SQL Injection
Adianti Framework 5.5.0 - SQL Injection
 2019-01-22 05:01:54 +00:00
Offensive Security
40d3df51a4 DB: 2019-01-19 
18 changes to exploits/shellcodes

Watchr 1.1.0.0 - Denial of Service (PoC)
One Search 1.1.0.0 - Denial of Service (PoC)
Eco Search 1.0.2.0 - Denial of Service (PoC)
7 Tik 1.0.1.0 - Denial of Service (PoC)
VPN Browser+ 1.1.0.0 - Denial of Service (PoC)
FastTube 1.0.1.0 - Denial of Service (PoC)
Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
Microsoft Edge Chakra - 'InitClass' Type Confusion
Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free
Webmin 1.900 - Remote Command Execution (Metasploit)
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion
phpTransformer 2016.9 - SQL Injection
phpTransformer 2016.9 - Directory Traversal
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload
 2019-01-19 05:01:57 +00:00
Offensive Security
fa261f0558 DB: 2019-01-17 
18 changes to exploits/shellcodes

Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
Roxy Fileman 1.4.5 - Arbitrary File Download
doorGets CMS 7.0 - Arbitrary File Download
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
 2019-01-17 05:01:45 +00:00
Offensive Security
0495dc483e DB: 2019-01-12 
12 changes to exploits/shellcodes

Selfie Studio 2.17 - Denial of Service (PoC)
Tree Studio 2.17 - Denial of Service (PoC)
Paint Studio 2.17 - Denial of Service (PoC)
Pixel Studio 2.17 - Denial of Service (PoC)
Liquid Studio 2.17 - Denial of Service (PoC)
Blob Studio 2.17 - Denial of Service (PoC)
Luminance Studio 2.17 - Denial of Service (PoC)

Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)
Adapt Inventory Management System 1.0 - SQL Injection
Joomla! Component JoomProject 1.1.3.2 - Information Disclosure
Joomla! Component JoomCRM 1.1.1 - SQL Injection

Windows/x86 - Download With TFTP And Execute Shellcode (51-60 bytes) (Generator)
 2019-01-12 05:01:47 +00:00
Offensive Security
c2a1585898 DB: 2019-01-10 
10 changes to exploits/shellcodes

Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
MDwiki < 0.6.2 - Cross-Site Scripting
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
BlogEngine 3.3 - XML External Entity Injection

Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
 2019-01-10 05:01:43 +00:00
Offensive Security
deaee53895 DB: 2019-01-08 
19 changes to exploits/shellcodes

Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference
BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC)
SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)

KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation

Mailcleaner - Authenticated Remote Code Execution (Metasploit)
Embed Video Scripts - Persistent Cross-Site Scripting
All in One Video Downloader 1.2 - Authenticated SQL Injection
LayerBB 1.1.1 - Persistent Cross-Site Scripting
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting
Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection
Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)
 2019-01-08 05:01:58 +00:00
Offensive Security
1b31850a46 DB: 2018-12-25 
15 changes to exploits/shellcodes

Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)
Google Chrome 70 - SQLite Magellan Crash (PoC)
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
Keybase keybase-redirector - '$PATH' Local Privilege Escalation
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
Netatalk - Bypass Authentication
Kubernetes - (Unauthenticated) Arbitrary Requests
Kubernetes - (Authenticated) Arbitrary Requests
WSTMart 2.0.8 - Cross-Site Scripting
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)

Linux/x86 - Kill All Processes Shellcode (14 bytes)
 2018-12-25 05:01:44 +00:00
Offensive Security
0275ca3128 DB: 2018-12-22 
6 changes to exploits/shellcodes

AnyBurn 4.3 - Local Buffer Overflow Denial of Service
AnyBurn 4.3 - Local Buffer Overflow (PoC)
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service

SQLScan 1.0 - Denial of Service (PoC)
AnyBurn 4.3 - Local Buffer Overflow (SEH)
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read

Netatalk < 3.1.12 - Authentication Bypass

ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
 2018-12-22 05:01:56 +00:00
Offensive Security
1ddc5edd5d DB: 2018-12-21 
6 changes to exploits/shellcodes

VBScript - VbsErase Reference Leak Use-After-Free
VBScript - MSXML Execution Policy Bypass
LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)
XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)

Erlang - Port Mapper Daemon Cookie RCE (Metasploit)
 2018-12-21 05:01:52 +00:00
Offensive Security
c6ebf8bc23 DB: 2018-12-19 
10 changes to exploits/shellcodes

VMware Fusion 2.0.5 - vmx86 kext Local Buffer Overflow (PoC)
Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write
AnyBurn 4.3 - Local Buffer Overflow Denial of Service
Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service
MegaPing - Local Buffer Overflow Denial of Service

Exim 4.41 - 'dns_build_reverse' Local
Exim 4.41 - 'dns_build_reverse' Local Buffer Overflow

Microsoft Jet Database - 'msjet40.dll' Reverse Shell (2)
Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2)

Microsoft Windows Server 2003 - Token Kidnapping Local
Microsoft Windows Server 2003 - Token Kidnapping Local Privilege Escalation

VMware Fusion 2.0.5 - vmx86 kext Local

Nsauditor 3.0.28.0 - Local SEH Buffer Overflow

Google Android 2.0 < 2.1 - Reverse Shell
Google Android 2.0 < 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222/TCP)

MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method

SDL Web Content Manager 8.5.0 - XML External Entity Injection
 2018-12-19 05:01:45 +00:00
Offensive Security
e3c06fe0f7 DB: 2018-12-15 
16 changes to exploits/shellcodes

Angry IP Scanner 3.5.3 - Denial of Service (PoC)
UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC)

Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)
Cisco RV110W - Password Disclosure / Command Execution
Safari - Proxy Object Type Confusion (Metasploit)

Adminer 4.3.1 - Server-Side Request Forgery
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)
Huawei Router HG532e - Command Execution
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
Double Your Bitcoin Script Automatic - Authentication Bypass
 2018-12-15 05:01:46 +00:00
Offensive Security
a07949d1c7 DB: 2018-12-12 
21 changes to exploits/shellcodes

SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation

DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting

Tourism Website Blog - Remote Code Execution / SQL Injection
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
ZTE ZXHN H168N - Improper Access Restrictions
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting
Apache OFBiz 16.11.05 - Cross-Site Scripting
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
Adobe ColdFusion 2018 - Arbitrary File Upload

Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
 2018-12-12 05:01:43 +00:00
Offensive Security
60710bbfd9 DB: 2018-12-05 
19 changes to exploits/shellcodes

Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
Wireshark - 'find_signature' Heap Out-of-Bounds Read
Xorg X11 Server (AIX) - Local Privilege Escalation
Emacs - movemail Privilege Escalation (Metasploit)
OpenSSH < 7.7 - User Enumeration (2)
HP Intelligent Management - Java Deserialization RCE (Metasploit)
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
KeyBase Botnet 1.5 - SQL Injection
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting

Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
 2018-12-05 05:01:44 +00:00
Offensive Security
0a4925cc93 DB: 2018-12-04 
10 changes to exploits/shellcodes

Mozilla Firefox 63.0.1 - Denial of Service (PoC)
Budabot 4.0 - Denial of Service (PoC)

CyberArk 9.7 - Memory Disclosure
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
Apache Superset 0.23 - Remote Code Execution
Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
 2018-12-04 05:01:48 +00:00
Offensive Security
7cc86c322f DB: 2018-12-01 
8 changes to exploits/shellcodes

Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
VBScript - 'rtFilter' Out-of-Bounds Read
HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation

Apache Spark - Unauthenticated Command Execution (Metasploit)
Schneider Electric PLC - Session Calculation Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
 2018-12-01 05:01:40 +00:00
Offensive Security
dcc75fdf49 DB: 2018-11-20 
3 changes to exploits/shellcodes

XMPlay 3.8.3 - '.m3u' Denial of Service (PoC)
Microsoft Edge Chakra - OP_Memset Type Confusion

HTML Video Player 1.2.5 - Buffer-Overflow (SEH)
 2018-11-20 05:01:39 +00:00
Offensive Security
1d25aee539 DB: 2018-11-15 
15 changes to exploits/shellcodes

AMPPS 2.7 - Denial of Service (PoC)
Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)
ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)
SwitchVPN for macOS 2.1012.03 - Privilege Escalation

Atlassian Jira - Authenticated Upload Code Execution (Metasploit)
iServiceOnline 1.0 - 'r' SQL Injection
Helpdezk 1.1.1 - 'query' SQL Injection
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
EdTv 2 - 'id' SQL Injection
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
Advanced Comment System 1.0 - SQL Injection
Rmedia SMS 1.0 - SQL Injection
Pedidos 1.0 - SQL Injection
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
 2018-11-15 05:01:40 +00:00
Offensive Security
3a7153b2ac DB: 2018-11-14 
24 changes to exploits/shellcodes

CuteFTP Mac 3.1 - Denial of Service (PoC)
Evince 3.24.0 - Command Injection
Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service
XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
xorg-x11-server < 1.20.1 - Local Privilege Escalation

Data Center Audit 2.6.2 - 'username' SQL Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection

Nominas 0.27 - 'username' SQL Injection
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
Surreal ToDo 0.6.1.2 - SQL Injection
Surreal ToDo 0.6.1.2 - Local File Inclusion
Alienor Web Libre 2.0 - SQL Injection
Musicco 2.0.0 - Arbitrary Directory Download
Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin)
Tina4 Stack 1.0.3 - SQL Injection / Database File Download
Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)
Easyndexer 1.0 - Arbitrary File Download
ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)
Gumbo CMS 0.99 - SQL Injection
Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload
Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download
Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
Webiness Inventory 2.3 - SQL Injection
SIPve 0.0.2-R19 - SQL Injection

Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)
 2018-11-14 05:01:43 +00:00
Offensive Security
3a6748b9d9 DB: 2018-11-13 
15 changes to exploits/shellcodes

HeidiSQL 9.5.0.5196 - Denial of Service (PoC)
CuteFTP 9.3.0.3 - Denial of Service (PoC)
Mongoose Web Server 6.9 - Denial of Service (PoC)
Data Center Audit 2.6.2 - 'username' SQL Injection
TufinOS 2.17 Build 1193 - XML External Entity Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
Nominas 0.27 - 'username' SQL Injection
 2018-11-13 05:01:42 +00:00
Offensive Security
11366ca935 DB: 2018-11-07 
18 changes to exploits/shellcodes

FaceTime - RTP Video Processing Heap Corruption
FaceTime - 'readSPSandGetDecoderParams' Stack Corruption
FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption
Blue Server 1.1 - Denial of Service (PoC)
eToolz 3.4.8.0 - Denial of Service (PoC)
VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)
Arm Whois 3.11 - Buffer Overflow (SEH)
libiec61850 1.3 - Stack Based Buffer Overflow
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)

PHP Proxy 3.0.3 - Local File Inclusion

Voovi Social Networking Script 1.0 - 'user' SQL Injection
CMS Made Simple 2.2.7 - Remote Code Execution
OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)
Grocery crud 1.6.1 - 'search_field' SQL Injection
OOP CMS BLOG 1.0 - 'search' SQL Injection
OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
LibreHealth 2.0.0 - Arbitrary File Actions
 2018-11-07 05:01:44 +00:00
Offensive Security
ef70ec156b DB: 2018-10-31 
22 changes to exploits/shellcodes

ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
SIPp 3.3.990 - Local Buffer Overflow (PoC)
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
xorg-x11-server 1.20.3 - Privilege Escalation
Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)

Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
Electricks eCommerce 1.0 - 'prodid' SQL Injection
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
Webiness Inventory 2.9 - Arbitrary File Upload
NETGEAR WiFi Router R6120 - Credential Disclosure
MyBB Downloads 2.0.3 - SQL Injection
Expense Management 1.0 - Arbitrary File Upload
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
Notes Manager 1.0 - Arbitrary File Upload
Instagram Clone 1.0 - Arbitrary File Upload
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
CI User Login and Management 1.0 - Arbitrary File Upload

Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)
 2018-10-31 05:01:53 +00:00
Offensive Security
15b77b5965 DB: 2018-10-30 
33 changes to exploits/shellcodes

Navicat 12.0.29 - 'SSH' Denial of Service (PoC)
AlienIP 2.41 - Denial of Service (PoC)
Local Server 1.0.9 - Denial of Service (PoC)
systemd - reexec State Injection
systemd - chown_one() can Dereference Symlinks
ASRock Drivers - Privilege Escalation
Modbus Slave 7.0.0 - Denial of Service (PoC)
School Equipment Monitoring System 1.0 - 'login' SQL Injection
Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)

Paramiko 2.4.1 - Authentication Bypass
Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection
Grapixel New Media 2 - 'pageref' SQL Injection
Library Management System 1.0 - 'frmListBooks' SQL Injection
Open Faculty Evaluation System 7 - 'batch_name' SQL Injection
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
MTGAS  MOGG Web Simulator Script - SQL Injection
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
Curriculum Evaluation System 1.0 - SQL Injection
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection
School Event Management System 1.0 - SQL Injection
School Event Management System 1.0 - Arbitrary File Upload
School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Arbitrary File Upload
School Attendance Monitoring System 1.0 - SQL Injection
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
RhinOS CMS 3.x - Arbitrary File Download
E-Negosyo System 1.0 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)
SaltOS Erp Crm 3.1 r8126 - Database File Download
K-iwi Framework 1775 - SQL Injection
 2018-10-30 05:01:46 +00:00
Offensive Security
832a222df4 DB: 2018-10-26 
21 changes to exploits/shellcodes

ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)
BORGChat 1.0.0 build 438 - Denial of Service (PoC)

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
Adult Filter 1.0 - Buffer Overflow (SEH)
WebEx - Local Service Permissions Exploit (Metasploit)

exim 4.90 - Remote Code Execution
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
exim 4.90 - Remote Code Execution
WebExec - Authenticated User Code Execution (Metasploit)

ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
phptpoint Pharmacy Management System 1.0 - 'username' SQL injection
phptpoint Hospital Management System 1.0 - 'user' SQL injection
Simple Chat System 1.0 - 'id' SQL Injection
Delta Sql 1.8.2 - Arbitrary File Upload
User Management 1.1 - Cross-Site Scripting
ClipBucket 2.8 - 'id' SQL Injection
Simple POS and Inventory 1.0 - 'cat' SQL Injection
AiOPMSD Final 1.0.0 - 'q' SQL Injection
AjentiCP 1.2.23.13 - Cross-Site Scripting
MPS Box 0.1.8.0 - 'uuid' SQL Injection
Open STA Manager 2.3 - Arbitrary File Download
 2018-10-26 05:01:46 +00:00
Offensive Security
4f60a3d8f2 DB: 2018-10-24 
9 changes to exploits/shellcodes

AudaCity 2.3 - Denial of Service (PoC)
Audacity 2.3 - Denial of Service (PoC)

ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)

Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass)
Appsource School Management System 1.0 - 'student_id' SQL Injection
SIM-PKH 2.4.1 - Arbitrary File Upload
ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
School ERP Pro+Responsive 1.0 - Arbitrary File Download
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
 2018-10-24 05:02:04 +00:00
Offensive Security
defa138d04 DB: 2018-10-23 
17 changes to exploits/shellcodes

Modbus Poll 7.2.2 - Denial of Service (PoC)
AudaCity 2.3 - Denial of Service (PoC)
Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking
Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas

Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)

Countly - Persistent Cross-Site Scripting
Countly - Cross-Site Scripting
MySQL Edit Table 1.0 - 'id' SQL Injection
School ERP Ultimate 2018 - Arbitrary File Download
Oracle Siebel CRM 8.1.1 - CSV Injection
The Open ISES Project 3.30A - 'tick_lat' SQL Injection
School ERP Ultimate 2018 - 'fid' SQL Injection
eNdonesia Portal 8.7 - 'artid' SQL Injection
The Open ISES Project 3.30A - Arbitrary File Download
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
 2018-10-23 05:01:48 +00:00
Offensive Security
712d629b6b DB: 2018-10-17 
13 changes to exploits/shellcodes

Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
VLC Media Player - MKV Use-After-Free (Metasploit)
HotelDruid 2.2.4 - 'anno' SQL Injection
Navigate CMS 2.8.5 - Arbitrary File Download
Library CMS 2.1.1 - Cross-Site Scripting
Kados R10 GreenBee - 'release_id' SQL Injection
Vishesh Auto Index 3.1 - 'fid' SQL Injection
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
 2018-10-17 05:01:42 +00:00
Offensive Security
6fe17058fb DB: 2018-10-10 
15 changes to exploits/shellcodes

Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass
Microsoft Edge Chakra JIT - Type Confusion

Seqrite End Point Security 7.4 - Privilege Escalation

Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass)

360 3.5.0.1033 - Sandbox Escape
ghostscript - executeonly Bypass with errorhandler Setup
ifwatchd - Privilege Escalation (Metasploit)

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit)

Wikidforum 2.20 - 'select_sort' SQL Injection

Wikidforum 2.20 - 'message_id' SQL Injection

Monstra 3.0.4 - Cross-Site Scripting
 2018-10-10 05:01:44 +00:00
Offensive Security
ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
 2018-09-25 05:01:51 +00:00
Offensive Security
c7cec74ceb DB: 2018-09-20 
6 changes to exploits/shellcodes

Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
LG SuperSign EZ CMS 2.5 - Local File Inclusion
 2018-09-20 05:01:45 +00:00
Offensive Security
29542c36ab DB: 2018-09-19 
7 changes to exploits/shellcodes

Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)
Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion
Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion

Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution

HongCMS 3.0.0 - SQL Injection
HongCMS 3.0.0 - (Authenticated) SQL Injection

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting

WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting

Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)
 2018-09-19 05:01:45 +00:00
Offensive Security
2785d40187 DB: 2018-09-14 
12 changes to exploits/shellcodes

Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)
MediaTek Wirless Utility rt2870 - Denial of Service (PoC)
TeamViewer App 13.0.100.0 - Denial of Service (PoC)
Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler
InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH)
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation
Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH)
Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH)
Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow
Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket

MyBB 1.8.17 - Cross-Site Scripting
Apache Portals Pluto 3.0.0 - Remote Code Execution
Apache Syncope 2.0.7 - Remote Code Execution
 2018-09-14 05:01:54 +00:00
Offensive Security
b42759b8b8 DB: 2018-09-13 
15 changes to exploits/shellcodes

jiNa OCR Image to Text 1.0 - Denial of Service (PoC)
PixGPS 1.1.8 - Denial of Service (PoC)
RoboImport 1.2.0.72 - Denial of Service (PoC)
PicaJet FX 2.6.5 - Denial of Service (PoC)
iCash 7.6.5 - Denial of Service (PoC)
PDF Explorer 1.5.66.2 - Denial of Service (PoC)
Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC)
Apple macOS 10.13.4 - Denial of Service (PoC)
CirCarLife SCADA 4.3.0 - Credential Disclosure
Rubedo CMS 3.4.0 - Directory Traversal
SynaMan 4.0 build 1488 - Authenticated Cross-Site Scripting (XSS)
SynaMan 4.0 build 1488 - SMTP Credential Disclosure
IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection
MyBB 1.8.17 - Cross-Site Scripting
LG Smart IP Camera 1508190 - Backup File Download
 2018-09-13 05:01:52 +00:00
Offensive Security
925b2171f4 DB: 2018-09-04 
10 changes to exploits/shellcodes

VSAXESS V2.6.2.70 build20171226_053 - 'Nickname' Denial of Service (PoC)
Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC)
D-Link DIR-615 - Denial of Service (PoC)
Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC)
Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)
Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC)
Wikipedia 12.0 - Denial of Service (PoC)
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting
Vox TG790 ADSL Router - Cross-Site Scripting
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting
Vox TG790 ADSL Router - Cross-Site Scripting
FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection
Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)
Online Quiz Maker 1.0 - 'catid' SQL Injection
 2018-09-04 05:01:55 +00:00
Offensive Security
ef80d21646 DB: 2018-08-29 
5 changes to exploits/shellcodes

Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service (PoC)
Instagram App 41.1788.50991.0 - Denial of Service (PoC)
Microsoft Windows - JScript RegExp.lastIndex Use-After-Free
UltraISO 9.7.1.3519 - Buffer Overflow (SEH)
Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation

WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection
WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection
 2018-08-29 05:01:57 +00:00
Offensive Security
16744756bc DB: 2018-08-18 
10 changes to exploits/shellcodes

TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
CEWE Photoshow 6.3.4 - Denial of Service (PoC)
Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl
Microsoft Edge Chakra JIT - Scope Parsing Type Confusion
Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion
Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion
Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion

OpenSSH 2.3 < 7.4 - Username Enumeration (PoC)

Mikrotik WinBox 6.42 - Credential Disclosure (golang)

Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)

Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection

ADM 3.1.2RHG1 - Remote Code Execution
 2018-08-18 05:01:47 +00:00
Offensive Security
1e34c2b6a5 DB: 2018-08-14 
11 changes to exploits/shellcodes

IP Finder 1.5 - Denial of Service (PoC)
Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)
PLC Wireless Router GPN2.4P21-C-CN - Denial of Service
Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow
PostgreSQL 9.4-0.5.3 - Privilege Escalation
Android - Directory Traversal over USB via Injection in blkid Output

Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution

Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)

Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking)
Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)

IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting

Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)
 2018-08-14 05:01:45 +00:00
Offensive Security
903bf974eb DB: 2018-08-02 
10 changes to exploits/shellcodes

ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)
Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)
WebRTC - VP8 Block Decoding Use-After-Free
WebRTC - FEC Processing Overflow
WebRTC - H264 NAL Packet Processing Type Confusion

Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH)
Axis Network Camera - .srv to parhand RCE (Metasploit)
SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit)

Synology DiskStation Manager 4.1 - Directory Traversal

Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)
 2018-08-02 05:02:43 +00:00
Offensive Security
b02440845e DB: 2018-07-31 
5 changes to exploits/shellcodes

fusermount - user_allow_other Restriction Bypass and SELinux Label Control
ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)
Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)

Charles Proxy 4.2 - Local Privilege Escalation

H2 Database 1.4.197 - Information Disclosure
 2018-07-31 05:01:47 +00:00
Offensive Security
582d8f748e DB: 2018-07-28 
6 changes to exploits/shellcodes

QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)
NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC)
Skia - Heap Overflow in SkScan::FillPath due to Precision Error

WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)

Wordpress Background Takeover < 4.1.4 - Directory Traversal
WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal

Wordpress < 4.9.6 - (Authenticated) Arbitrary File Deletion
WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion
WordPress Form Maker Plugin 1.12.24 - SQL Injection
WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection
WordPress Plugin Form Maker 1.12.24 - SQL Injection
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
Online Trade 1 - Information Disclosure
SoftNAS Cloud < 4.0.3 - OS Command Injection
 2018-07-28 05:01:47 +00:00
Offensive Security
cfbfaba0a7 DB: 2018-07-27 
3 changes to exploits/shellcodes

Core FTP 2.0 - 'XRMD' Denial of Service (PoC)

Inteno’s IOPSYS - (Authenticated) Local Privilege Escalation

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
 2018-07-27 05:01:45 +00:00
Offensive Security
ed985d30e0 DB: 2018-07-26 
3 changes to exploits/shellcodes

PoDoFo 0.9.5 - Buffer Overflow
PoDoFo 0.9.5 - Buffer Overflow (PoC)

Windows Speech Recognition - Buffer Overflow
Windows Speech Recognition - Buffer Overflow (PoC)
GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC)
10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)
10-Strike LANState 8.8 - Local Buffer Overflow (SEH)

D-link DAP-1360 - Path Traversal / Cross-Site Scripting
 2018-07-26 05:01:45 +00:00
Offensive Security
300aada6a5 DB: 2018-07-24 
7 changes to exploits/shellcodes

Windows Speech Recognition - Buffer Overflow

Knox Software Arkeia 4.0 - Backup Local Overflow
Knox Arkeia 4.0 Backup - Local Overflow

Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)

Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit)
Knox Arkeia Backup Client 5.3.3 Type 77 (OSX) - Overflow (Metasploit)

Microsoft Windows - 'dnslint.exe' Drive-By Download
NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution
Davolink DVW 3200 Router - Password Disclosure
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)

Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)
 2018-07-24 05:01:45 +00:00
Offensive Security
b374aca9a3 DB: 2018-07-14 
10 changes to exploits/shellcodes

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow

Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)

HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit)
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)

IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)
IBM QRadar SIEM - Remote Code Execution (Metasploit)
Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)
Apache CouchDB - Arbitrary Command Execution (Metasploit)
phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)
Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)

Dolibarr 3.2.0 < Alpha - File Inclusion
Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion

Dolibarr ERP/CRM - OS Command Injection
Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection

Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection
Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection

Dolibarr CMS 3.5.3 - Multiple Vulnerabilities
Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities

Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr ERP/CRM 3.0 - Local File Inclusion / Cross-Site Scripting
Dolibarr ERP/CRM - '/user/index.php' Multiple SQL Injections
Dolibarr ERP/CRM - '/user/info.php?id' SQL Injection
Dolibarr ERP/CRM - '/admin/boxes.php?rowid' SQL Injection
Dolibarr ERP/CRM 3.1.0 - '/user/index.php' Multiple SQL Injections
Dolibarr ERP/CRM 3.1.0 - '/user/info.php?id' SQL Injection
Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection

Dolibarr CMS 3.x - '/adherents/fiche.php' SQL Injection
Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection

Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities

Dolibarr 7.0.0 - SQL Injection
Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection

Dolibarr ERP CRM  < 7.0.3 - PHP Code Injection
Dolibarr ERP/CRM  < 7.0.3 - PHP Code Injection

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution

WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure
Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery
 2018-07-14 05:01:50 +00:00
Offensive Security
e76244b41a DB: 2018-07-13 
8 changes to exploits/shellcodes

Adobe Flash Player 10.0.22 and AIR - 'intf_count' Integer Overflow
Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow
Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes
Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read
Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions

VLC media player 2.2.8 - Arbitrary Code Execution (PoC)

Linux Kernel <  4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation

212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities
212Cafe Board 0.08 Beta / 6.30 Beta - Multiple Cross-Site Scripting Vulnerabilities

123 Flash Chat - Multiple Vulnerabilities
123 Flash Chat 7.8 - Multiple Vulnerabilities

Dicoogle PACS 2.5.0 - Directory Traversal
 2018-07-13 05:02:00 +00:00
Offensive Security
e8a3702c6c DB: 2018-07-03 
11 changes to exploits/shellcodes

Core FTP LE 2.2 - Buffer Overflow (PoC)
SIPp 3.6 - Local Buffer Overflow (PoC)
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)

Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection
FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)
Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)

Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
Dolibarr ERP CRM  < 7.0.3 - PHP Code Injection

Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)
 2018-07-03 05:01:48 +00:00
Offensive Security
ac267cb298 DB: 2018-06-21 
11 changes to exploits/shellcodes

Redis 5.0 - Denial of Service
ntp 4.2.8p11 - Local Buffer Overflow (PoC)
Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation

Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Mirasys DVMS Workstation 5.12.6 - Path Traversal
MaDDash 2.0.2 - Directory Listing
NewMark CMS 2.1 - 'sec_id' SQL Injection
TP-Link TL-WA850RE - Remote Command Execution
Apache CouchDB < 2.1.0 - Remote Code Execution
IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
VideoInsight WebClient 5 - SQL Injection
 2018-06-21 05:01:44 +00:00
Offensive Security
0f18636d14 DB: 2018-06-01 
9 changes to exploits/shellcodes

Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion
TAC Xenta 511/911 - Directory Traversal
New STAR 2.1 - SQL Injection / Cross-Site Scripting
PHP Dashboards NEW 5.5 - 'email' SQL Injection
CSV Import & Export 1.1.0 - SQL Injection / Cross-Site Scripting
Grid Pro Big Data 1.0 - SQL Injection

Linux/x86 - EggHunter + access() Shellcode (38 bytes)
Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)
Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes)
 2018-06-01 05:01:45 +00:00
Offensive Security
608176a851 DB: 2018-05-26 
8 changes to exploits/shellcodes

Microsoft Edge Chakra - Cross Context Use-After-Free
Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write

D-Link DSL-2750B - OS Command Injection (Metasploit)
KomSeo Cart 1.3 - 'my_item_search' SQL Injection
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting
SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
Oracle WebCenter FatWire Content Server < 7 - Improper Access Control
Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting
 2018-05-26 05:01:44 +00:00
Offensive Security
7bbc323854 DB: 2018-05-23 
20 changes to exploits/shellcodes

Siemens SIMATIC S7-1500 CPU - Remote Denial of Service
Microsoft Edge Chakra JIT - Magic Value Type Confusion
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read
MakeMyTrip 7.2.4 - Information Disclosure
Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)
Microsoft Windows - 'POP/MOV SS' Privilege Escalation

Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting
Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting
Zechat 1.5 - SQL Injection / Cross-Site Request Forgery

Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery
Private Message PHP Script 2.0 - Persistent Cross-Site Scripting
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Private Message PHP Script 2.0 - Cross-Site Scripting
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery

ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting
ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting

Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass
Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities
Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass
Wchat PHP AJAX Chat Script  1.5 - Persistent Cross-Site Scripting
Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities
Wchat PHP AJAX Chat Script  1.5 - Cross-Site Scripting
Nordex N149/4.0-4.5 - SQL Injection
WebSocket Live Chat - Cross-Site Scripting
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
PaulPrinting CMS Printing 1.0 - SQL Injection
iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery
ERPnext 11 - Cross-Site Scripting
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
Feedy RSS News Ticker 2.0 - 'cat' SQL Injection
NewsBee CMS 1.4 - 'download.php' SQL Injection
Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting
 2018-05-23 05:01:45 +00:00