bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2590 commits 1 branch 0 tags 261 MiB
Commit graph

332 commits

Author SHA1 Message Date
Offensive Security
cd36764b57 DB: 2019-12-31 
28 changes to exploits/shellcodes

OpenBSD - Dynamic Loader chpass Privilege Escalation (Metasploit)
Reptile Rootkit - reptile_cmd Privilege Escalation (Metasploit)
Microsoft UPnP - Local Privilege Elevation (Metasploit)
AVS Audio Converter 9.1.2.600 - Stack Overflow (PoC)
FTP Navigator 8.03 - Stack Overflow (SEH)
Wing FTP Server 6.0.7 - Unquoted Service Path
Domain Quester Pro 6.02 - Stack Overflow (SEH)
FreeBSD-SA-19:02.fd - Privilege Escalation
FreeBSD-SA-19:15.mqueuefs - Privilege Escalation
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting
HomeAutomation 3.3.2 - Authentication Bypass
HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)
HomeAutomation 3.3.2 - Remote Code Execution
elearning-script 1.0 - Authentication Bypass
XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin)
Thrive Smart Home 1.1 - Authentication Bypass
XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)
XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin)
WEMS BEMS 21.3.1 - Undocumented Backdoor Account
AVE DOMINAplus 1.10.x - Credential Disclosure
AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enable/disable alarm)
AVE DOMINAplus 1.10.x - Authentication Bypass
Heatmiser Netmonitor 3.03 - Hardcoded Credentials
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure
RICOH SP 4510SF Printer - HTML Injection
RICOH Web Image Monitor 1.09 - HTML Injection
Heatmiser Netmonitor 3.03 - HTML Injection
 2019-12-31 05:02:03 +00:00
Offensive Security
b7471ba451 DB: 2019-12-19 
9 changes to exploits/shellcodes

XnView 2.49.1 - 'Research' Denial of Service (PoC)
macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()

AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow

OpenMRS - Java Deserialization RCE (Metasploit)
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting
Telerik UI - Remote Code Execution via Insecure Deserialization
 2019-12-19 05:01:59 +00:00
Offensive Security
b1b4d70ced DB: 2019-12-17 
3 changes to exploits/shellcodes

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds
OpenBSD 6.x - Dynamic Loader Privilege Escalation

D-Link DIR-615 - Privilege Escalation
 2019-12-17 05:01:50 +00:00
Offensive Security
ecbca9d505 DB: 2019-12-04 
6 changes to exploits/shellcodes

Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting
Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery
Revive Adserver 4.2 - Remote Code Execution
 2019-12-04 05:01:42 +00:00
Offensive Security
8ae8522082 DB: 2019-11-30 
8 changes to exploits/shellcodes

SpotAuditor 5.3.2 - 'Key' Denial of Service
SpotAuditor 5.3.2 - 'Name' Denial of Service
TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path
Bash 5.0 Patch 11 -  SUID Priv Drop Exploit

Mersive Solstice 2.8.0 - Remote Code Execution
Online Inventory Manager 3.2 - Persistent Cross-Site Scripting
 2019-11-30 05:01:42 +00:00
Offensive Security
8162754975 DB: 2019-11-26 
9 changes to exploits/shellcodes

SMPlayer 19.5.0 - Denial of Service (PoC)
InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)

ClamAV < 0.102.0 - 'bytecode_vm' Code Execution
Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path
Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation
VMware WorkStation 12.5.5 - Virtual Machine Escape
VMware WorkStation 12.5.3 - Virtual Machine Escape
 2019-11-26 05:01:44 +00:00
Offensive Security
58127b1f7c DB: 2019-11-22 
3 changes to exploits/shellcodes

GNU Mailutils 3.7 - Privilege Escalation
TestLink 1.9.19 - Persistent Cross-Site Scripting
Network Management Card 6.2.0 - Host Header Injection
 2019-11-22 05:01:53 +00:00
Offensive Security
cacee46726 DB: 2019-11-21 
11 changes to exploits/shellcodes

Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs
iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Xorg X11 Server - Local Privilege Escalation (Metasploit)
FusionPBX - Operator Panel exec.php Command Execution (Metasploit)
FreeSWITCH - Event Socket Command Execution (Metasploit)
Bludit - Directory Traversal Image File Upload (Metasploit)
Pulse Secure VPN - Arbitrary Command Execution (Metasploit)

OpenNetAdmin 18.1.1 - Remote Code Execution
 2019-11-21 05:01:49 +00:00
Offensive Security
72cddaee51 DB: 2019-11-20 
13 changes to exploits/shellcodes

ipPulse 1.92 - 'Enter Key' Denial of Service (PoC)
Centova Cast 3.2.12 - Denial of Service (PoC)
scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC)
XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service
BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path
Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation
DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable'
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
Apache Httpd mod_rewrite - Open Redirects
WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
 2019-11-20 05:01:41 +00:00
Offensive Security
3e9ff5a927 DB: 2019-11-19 
13 changes to exploits/shellcodes

iSmartViewPro 1.3.34 - Denial of Service (PoC)
Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path
MobileGo 8.5.0 - Insecure File Permissions
NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths

nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
Crystal Live HTTP Server 6.01 - Directory Traversal
Centova Cast 3.2.11 - Arbitrary File Download
TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)
TemaTres 3.0 - 'value' Persistent Cross-site Scripting
 2019-11-19 05:01:40 +00:00
Offensive Security
b6ed2c7176 DB: 2019-11-09 
6 changes to exploits/shellcodes

SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path
Android Janus - APK Signature Bypass (Metasploit)

rConfig - install Command Execution (Metasploit)
Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
Adive Framework 2.0.7 - Privilege Escalation
Nextcloud 17 - Cross-Site Request Forgery
 2019-11-09 05:01:40 +00:00
Offensive Security
4ec7754462 DB: 2019-11-08 
2 changes to exploits/shellcodes

Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path
 2019-11-08 05:01:40 +00:00
Offensive Security
577557762c DB: 2019-11-05 
6 changes to exploits/shellcodes

Apple macOS 10.15.1 - Denial of Service (PoC)
Aida64 6.10.5200 - Buffer Overflow (SEH)
OpenVPN Connect 3.0.0.272 - 'agent_ovpnconnect' Unquoted Service Path
Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path
Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit)

Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow
 2019-11-05 05:01:42 +00:00
Offensive Security
47d2a76f4f DB: 2019-11-02 
7 changes to exploits/shellcodes

OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path

Nostromo - Directory Traversal Remote Command Execution (Metasploit)
TheJshen contentManagementSystem 1.04 - 'id' SQL Injection
ownCloud 10.3.0 stable - Cross-Site Request Forgery
Apache Solr 8.2.0 - Remote Code Execution
 2019-11-02 05:01:41 +00:00
Offensive Security
52e6461f47 DB: 2019-10-25 
4 changes to exploits/shellcodes

Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)
Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection
AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control
AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection
 2019-10-25 05:01:41 +00:00
Offensive Security
afafb6c641 DB: 2019-10-24 
3 changes to exploits/shellcodes

IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
Rocket.Chat 2.1.0 - Cross-Site Scripting
Joomla! 3.4.6 - Remote Code Execution (Metasploit)
 2019-10-24 05:01:42 +00:00
Offensive Security
e4e566f5ff DB: 2019-10-22 
7 changes to exploits/shellcodes

winrar 5.80 64bit - Denial of Service
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)

sudo 1.2.27 - Security Bypass
sudo 1.8.27 - Security Bypass
winrar 5.80 - XML External Entity Injection
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
Solaris 11.4 - xscreensaver Privilege Escalation

CyberArk Password Vault 10.6 - Authentication Bypass
 2019-10-22 05:01:40 +00:00
Offensive Security
588067072a DB: 2019-10-17 
15 changes to exploits/shellcodes

sudo 1.8.28 - Security Bypass
sudo 1.2.27 - Security Bypass
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path
X.Org X Server 1.20.4 - Local Stack Overflow
LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
Solaris xscreensaver 11.4 - Privilege Escalation
Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path

Whatsapp 2.19.216 - Remote Code Execution
Accounts Accounting 7.02 - Persistent Cross-Site Scripting
CyberArk Password Vault 10.6 - Authentication Bypass

Linux/x86 -  Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
 2019-10-17 05:01:44 +00:00
Offensive Security
bae704d681 DB: 2019-10-16 
4 changes to exploits/shellcodes

sudo 1.8.28 - Security Bypass
ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path

Podman & Varlink 1.5.1 - Remote Code Execution

Bolt CMS 3.6.10 - Cross-Site Request Forgery
 2019-10-16 05:01:45 +00:00
Offensive Security
c4b3e48aea DB: 2019-10-11 
10 changes to exploits/shellcodes

Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit_ DEP Bypass)

freeFTP 1.0.8 - Remote Buffer Overflow
freeFTP 1.0.8 - 'PASS' Remote Buffer Overflow
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
TP-Link TL-WR1043ND 2 - Authentication Bypass

Linux/x86 -  Add User to /etc/passwd Shellcode (59 bytes)
 2019-10-11 05:01:46 +00:00
Offensive Security
bfcf0daec9 DB: 2019-10-08 
8 changes to exploits/shellcodes

logrotten 3.15.1 - Privilege Escalation
ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP)
CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation

freeFTP 1.0.8 - Remote Buffer Overflow
Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Zabbix 4.2 - Authentication Bypass
Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload
 2019-10-08 05:01:48 +00:00
Offensive Security
d1bcd4121d DB: 2019-10-04 
5 changes to exploits/shellcodes

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)
mintinstall 7.9.9 - Code Execution
AnchorCMS < 0.12.3a - Information Disclosure
 2019-10-04 05:01:47 +00:00
Offensive Security
4eaf273757 DB: 2019-10-02 
9 changes to exploits/shellcodes

kic 2.4a - Denial of Service
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads
WebKit - Universal XSS in WebCore::command
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
WebKit - Universal XSS Using Cached Pages

DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
vBulletin 5 - 'routestring' Remote Code Execution
vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion
vBulletin 5.x - 'routestring' Remote Code Execution
vBulletin 5.x - 'cacheTemplates' Remote Arbitrary File Deletion
PHP 7.1 < 7.3 - disable_functions Bypass
vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution
DotNetNuke < 9.4.0 - Cross-Site Scripting
 2019-10-02 05:01:46 +00:00
Offensive Security
ba928141e7 DB: 2019-09-26 
10 changes to exploits/shellcodes

SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service

Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow
ABRT - sosreport Privilege Escalation (Metasploit)

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting
WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting
NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
YzmCMS 5.3 - 'Host' Header Injection
 2019-09-26 05:01:47 +00:00
Offensive Security
a3b360fc6c DB: 2019-09-11 
7 changes to exploits/shellcodes

Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
LibreNMS - Collectd Command Injection (Metasploit)
October CMS - Upload Protection Bypass Code Execution (Metasploit)

Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection
Enigma NMS 65.0.0 - SQL Injection
Online Appointment - SQL Injection
Enigma NMS 65.0.0 - SQL Injection
Online Appointment - SQL Injection
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
Dolibarr ERP-CRM 10.0.1 - SQL Injection
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
Dolibarr ERP-CRM 10.0.1 - SQL Injection
WordPress Plugin Photo Gallery 1.5.34 - SQL Injection
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
 2019-09-11 05:02:35 +00:00
Offensive Security
ad97ff4198 DB: 2019-09-07 
3 changes to exploits/shellcodes

SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation

Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation

Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2)

Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3)

SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
FusionPBX 4.4.8 - Remote Code Execution

Inventory Webapp - 'itemquery' SQL injection

Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)
 2019-09-07 05:02:21 +00:00
Offensive Security
835218237b DB: 2019-09-06 
2 changes to exploits/shellcodes

AwindInc SNMP Service - Command Injection (Metasploit)

Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
 2019-09-06 05:02:26 +00:00
Offensive Security
a26ef1328e DB: 2019-09-04 
6 changes to exploits/shellcodes

ktsuss 1.4 - suid Privilege Escalation (Metasploit)
ptrace - Sudo Token Privilege Escalation (Metasploit)
Cisco UCS Director - default scpuser password (Metasploit)
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)

FileThingie 2.5.7 - Arbitrary File Upload
 2019-09-04 05:02:30 +00:00
Offensive Security
b4225f5fa8 DB: 2019-08-31 
12 changes to exploits/shellcodes

SQL Server Password Changer 1.90 - Denial of Service
Easy MP3 Downloader 4.7.8.8 - 'Unlock Code' Denial of Service
Asus Precision TouchPad 11.0.0.25 - Denial of Service
VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service

Canon PRINT 2.5.5 - Information Disclosure

QEMU - Denial of Service
Sentrifugo 3.2 - File Upload Restriction Bypass
Sentrifugo 3.2 - Persistent Cross-Site Scripting
DomainMod 4.13 - Cross-Site Scripting
YouPHPTube 7.4 - Remote Code Execution
WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
 2019-08-31 05:02:54 +00:00
Offensive Security
6adaedca69 DB: 2019-08-27 
6 changes to exploits/shellcodes

Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)
LSoft ListServ < 16.5-2018a - Cross-Site Scripting
WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection
WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting
openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery
 2019-08-27 05:02:18 +00:00
Offensive Security
c0ff0bbedd DB: 2019-08-20 
10 changes to exploits/shellcodes

RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service
Kimai 2 - Persistent Cross-Site Scripting
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
Neo Billing 3.5 - Persistent Cross-Site Scripting
Webmin 1.920 - Remote Code Execution
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection

Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes)
Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)
Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)
 2019-08-20 05:02:44 +00:00
Offensive Security
7e6884af13 DB: 2019-08-15 
12 changes to exploits/shellcodes

Windows PowerShell - Unsanitized Filename Command Execution
ABC2MTEX 1.6.1 - Command Line Stack Overflow

Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion

Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection
D-Link DIR-600M - Authentication Bypass (Metasploit)
WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery
TortoiseSVN 1.12.1 - Remote Code Execution
ManageEngine opManager 12.3.150 - Authenticated Code Execution
 2019-08-15 05:02:48 +00:00
Offensive Security
a32e028b88 DB: 2019-08-13 
17 changes to exploits/shellcodes

VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
Linux - Use-After-Free Reads in show_numa_stats()
WebKit - UXSS via XSLT and Nested Document Replacements

Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Formula Injection
osTicket 1.12 - Persistent Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection

Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)

Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)

Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
 2019-08-13 05:02:31 +00:00
Offensive Security
fe9103a0fb DB: 2019-08-07 
2 changes to exploits/shellcodes

Tor Browser < 0.3.2.10 - Use After Free (PoC)
 2019-08-07 05:02:36 +00:00
Offensive Security
00f5094d48 DB: 2019-07-31 
8 changes to exploits/shellcodes

macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects

WP Database Backup < 5.2 - Remote Code Execution (Metasploit)
WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit)
Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)

Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
 2019-07-31 05:02:25 +00:00
Offensive Security
6f49190671 DB: 2019-07-27 
19 changes to exploits/shellcodes

pdfresurrect 0.15 - Buffer Overflow

Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (1)
Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)
Linux Kernel 4.8.0-34 < 4.8.0-45  (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
VMware Workstation/Player < 12.5.5 - Local Privilege Escalation
S-nail < 14.8.16 - Local Privilege Escalation
Deepin Linux 15 - 'lastore-daemon' Local Privilege Escalation
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2)
ASAN/SUID - Local Privilege Escalation
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation

Ovidentia 8.4.3 - SQL Injection
Moodle Filepicker 3.5.2 - Server Side Request Forgery
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
 2019-07-27 05:02:19 +00:00
Offensive Security
a8a07cdedf DB: 2019-07-23 
4 changes to exploits/shellcodes

BACnet Stack 0.8.6 - Denial of Service

Docker - Container Escape

Comtrend-AR-5310 - Restricted Shell Escape

Axway SecureTransport 5 - Unauthenticated XML Injection
 2019-07-23 05:02:15 +00:00
Offensive Security
7ec7ea72de DB: 2019-07-20 
10 changes to exploits/shellcodes

MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter)
fuelCMS 1.4.1 - Remote Code Execution
Web Ofisi E-Ticaret 3 - 'a' SQL Injection
Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection
Web Ofisi Emlak 2 - 'ara' SQL Injection
Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection
Web Ofisi Firma Rehberi 1 - 'il' SQL Injection
Web Ofisi Rent a Car 3 - 'klima' SQL Injection
Web Ofisi Firma 13 - 'oz' SQL Injection
REDCap < 9.1.2 - Cross-Site Scripting
 2019-07-20 05:02:15 +00:00
Offensive Security
c4cf663c5d DB: 2019-07-19 
2 changes to exploits/shellcodes

Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation

WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting
 2019-07-19 05:02:11 +00:00
Offensive Security
40febc17ca DB: 2019-07-18 
5 changes to exploits/shellcodes

WinMPG iPod Convert 3.0 - 'Register' Denial of Service
Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME
Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting
 2019-07-18 05:02:15 +00:00
Offensive Security
2935a5c0af DB: 2019-07-17 
10 changes to exploits/shellcodes

Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH)
Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)

PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
CentOS Control Web Panel 0.9.8.836 - Privilege Escalation
CentOS Control Web Panel 0.9.8.838 - User Enumeration
 2019-07-17 05:02:03 +00:00
Offensive Security
894b9e59aa DB: 2019-07-10 
3 changes to exploits/shellcodes

Firefox 67.0.4 - Denial of Service

Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)

Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)

WordPress Plugin Like Button 1.6.0 - Authentication Bypass
 2019-07-10 05:02:07 +00:00
Offensive Security
3f8a751f28 DB: 2019-07-07 
1 changes to exploits/shellcodes
 2019-07-07 05:01:58 +00:00
Offensive Security
1a13989f12 DB: 2019-07-04 
5 changes to exploits/shellcodes

Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)

Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)

AZADMIN CMS 1.0 - SQL Injection
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection

Symantec DLP 15.5 MP1 - Cross-Site Scripting

Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-04 05:01:54 +00:00
Offensive Security
4afcc04eda DB: 2019-07-02 
24 changes to exploits/shellcodes

Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-02 05:01:50 +00:00
Offensive Security
ee2531c421 DB: 2019-06-27 
2 changes to exploits/shellcodes

Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion

Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
 2019-06-27 05:01:52 +00:00
Offensive Security
3ef90f18d0 DB: 2019-06-21 
6 changes to exploits/shellcodes

Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
Tuneclone 2.20 - Local SEH Buffer Overflow
Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)

Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)
WebERP 4.15 - SQL injection
BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection
 2019-06-21 05:01:58 +00:00
Offensive Security
745971e212 DB: 2019-06-19 
5 changes to exploits/shellcodes

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
Sahi pro 7.x/8.x - Directory Traversal
Sahi pro 8.x - SQL Injection
Sahi pro 8.x - Cross-Site Scripting

Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)
 2019-06-19 05:01:55 +00:00
Offensive Security
8cbfa5df7f DB: 2019-06-18 
13 changes to exploits/shellcodes

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
Netperf 2.6.0 - Stack-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - Type Confusion
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
Exim 4.87 - 4.91 - Local Privilege Escalation
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
RedwoodHQ 2.5.5 - Authentication Bypass
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Spring Security OAuth - Open Redirector

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
 2019-06-18 05:01:54 +00:00
Offensive Security
5e935da854 DB: 2019-06-15 
3 changes to exploits/shellcodes

CentOS 7.6 - 'ptrace_scope' Privilege Escalation
Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow
 2019-06-15 05:01:55 +00:00