exploit-db-mirror

Author	SHA1	Message	Date
Exploit-DB	b86fb6e1b7	DB: 2024-10-02 4 changes to exploits/shellcodes/ghdb dizqueTV 1.5.3 - Remote Code Execution (RCE) reNgine 2.2.0 - Command Injection (Authenticated) openSIS 9.1 - SQLi (Authenticated)	2024-10-02 00:16:50 +00:00
Exploit-DB	b59144d74e	DB: 2024-04-14 6 changes to exploits/shellcodes/ghdb BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE Online Fire Reporting System OFRS - SQL Injection Authentication Bypass Savsoft Quiz v6.0 Enterprise - Stored XSS Stock Management System v1.0 - Unauthenticated SQL Injection	2024-04-14 00:16:33 +00:00
Exploit-DB	25f2c0adca	DB: 2023-06-05 8 changes to exploits/shellcodes/ghdb STARFACE 7.3.0.10 - Authentication with Password Hash Possible Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated) Best POS Management System v1.0 - Unauthenticated Remote Code Execution Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI) Faculty Evaluation System 1.0 - Unauthenticated File Upload File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE) MotoCMS Version 3.4.3 - SQL Injection Online Security Guards Hiring System 1.0 - Reflected XSS Total CMS 1.7.4 - Remote Code Execution (RCE) Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)	2023-06-05 00:16:22 +00:00
Exploit-DB	85954a8fad	DB: 2023-04-09 34 changes to exploits/shellcodes/ghdb ENTAB ERP 1.0 - Username PII leak ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS) ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS) FortiRecorder 6.4.3 - Denial of Service Schneider Electric v1.0 - Directory traversal & Broken Authentication Altenergy Power Control Software C1.2.5 - OS command injection Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE) Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated) Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu) Lucee Scheduled Job v1.0 - Command Execution Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE) Adobe Connect 11.4.5 - Local File Disclosure Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS) Suprema BioStar 2 v2.8.16 - SQL Injection Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS) dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated) GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Icinga Web 2.10 - Arbitrary File Disclosure Joomla! v4.2.8 - Unauthenticated information disclosure Medicine Tracker System v1.0 - Sql Injection Online Appointment System V1.0 - Cross-Site Scripting (XSS) Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE) pfsenseCE v2.6.0 - Anti-brute force protection bypass Restaurant Management System 1.0 - SQL Injection WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS) X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated) X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated) Microsoft Windows 11 - 'cmd.exe' Denial of Service ActFax 10.10 - Unquoted Path Services ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation	2023-04-09 00:16:30 +00:00
Exploit-DB	6bc7a6f9b0	DB: 2023-03-29 25 changes to exploits/shellcodes/ghdb ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS) Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access ZKTeco ZEM/ZMM 8.88 - Missing Authentication Hashicorp Consul v1.0 - Remote Command Execution (RCE) X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF) OPSWAT Metadefender Core - Privilege Escalation Pega Platform 8.1.0 - Remote Code Execution (RCE) Beauty-salon v1.0 - Remote Code Execution (RCE) BoxBilling<=4.22.1.5 - Remote Code Execution (RCE) iBooking v1.0.8 - Arbitrary File Upload Jetpack 11.4 - Cross Site Scripting (XSS) Moodle LMS 4.0 - Cross-Site Scripting (XSS) Online shopping system advanced 1.0 - Multiple Vulnerabilities rukovoditel 3.2.1 - Cross-Site Scripting (XSS) Senayan Library Management System v9.5.0 - SQL Injection Social-Share-Buttons v2.2.3 - SQL Injection Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS) YouPHPTube<= 7.8 - Multiple Vulnerabilities Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF) SuperMailer v11.20 - Buffer overflow DoS Tunnel Interface Driver - Denial of Service VMware Workstation 15 Pro - Denial of Service HDD Health 4.2.0.112 - 'HDDHealth' Unquoted Service Path SugarSync 4.1.3 - 'SugarSync Service' Unquoted Service Path	2023-03-29 00:16:31 +00:00
Exploit-DB	b137003172	DB: 2023-03-28 36 changes to exploits/shellcodes/ghdb MiniDVBLinux 5.4 - Change Root Password MiniDVBLinux 5.4 - Remote Root Command Injection MiniDVBLinux 5.4 - Arbitrary File Read MiniDVBLinux 5.4 - Unauthenticated Stream Disclosure MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP - Remote Code Execution (RCE) MiniDVBLinux <=5.4 - Config Download Exploit Desktop Central 9.1.0 - Multiple Vulnerabilities FortiOS_ FortiProxy_ FortiSwitchManager v7.2.1 - Authentication Bypass Aero CMS v0.0.1 - PHP Code Injection (auth) Aero CMS v0.0.1 - SQL Injection (no auth) Atom CMS v2.0 - SQL Injection (no auth) Canteen-Management v1.0 - SQL Injection Canteen-Management v1.0 - XSS-Reflected Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS) eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE) FlatCore CMS 2.1.1 - Stored Cross-Site Scripting (XSS) Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution (RCE) WebTareas 2.4 - RCE (Authorized) WebTareas 2.4 - Reflected XSS (Unauthorised) WebTareas 2.4 - SQL Injection (Unauthorised) WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE) Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Grafana <=6.2.4 - HTML Injection Hex Workshop v6.7 - Buffer overflow DoS Scdbg 1.0 - Buffer overflow DoS Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC) AVS Audio Converter 10.3 - Stack Overflow (SEH) Explorer32++ v1.3.5.531 - Buffer overflow Frhed (Free hex editor) v1.6.0 - Buffer overflow Gestionale Open 12.00.00 - 'DB_GO_80' Unquoted Service Path Mediconta 3.7.27 - 'servermedicontservice' Unquoted Service Path Resource Hacker v3.6.0.92 - Buffer overflow Tftpd32_SE 4.60 - 'Tftpd32_svc' Unquoted Service Path WiFi Mouse 1.8.3.2 - Remote Code Execution (RCE)	2023-03-28 00:16:27 +00:00
Offensive Security	d63de06c7a	DB: 2022-11-10 2776 changes to exploits/shellcodes/ghdb	2022-11-10 16:39:50 +00:00
Offensive Security	679a62755b	DB: 2021-10-14 28 changes to exploits/shellcodes Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root (Telnet/SSH) Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated) Simple Payroll System 1.0 - SQLi Authentication Bypass Dolibarr ERP/CRM 14.0.1 - Privilege Escalation Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution (RCE) Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated) Budget and Expense Tracker System 1.0 - Arbitrary File Upload FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated) Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated) Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE) Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF) Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass Simple Issue Tracker System 1.0 - SQLi Authentication Bypass Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS) Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS) Sonicwall SonicOS 7.0 - Host Header Injection Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)	2021-10-14 05:02:11 +00:00
Offensive Security	b4c96a5864	DB: 2021-09-03 28807 changes to exploits/shellcodes	2021-09-03 20:19:21 +00:00
Offensive Security	6cbe6ebbb6	DB: 2021-09-03 395 changes to exploits/shellcodes EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC) Electronics Workbench - '.ewb' Local Stack Overflow (PoC) BulletProof FTP Client 2.63 - Local Heap Overflow (PoC) Easy Web Password 1.2 - Local Heap Memory Consumption (PoC) Compface 1.5.2 - '.xbm' Local Buffer Overflow (PoC) eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC) Zortam MP3 Media Studio 9.40 - Multiple Memory Corruption Vulnerabilities ImTOO MPEG Encoder 3.1.53 - '.cue' / '.m3u' Local Buffer Overflow (PoC) ZoIPer 2.22 - Call-Info Remote Denial of Service PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service PHP - MultiPart Form-Data Denial of Service (PoC) PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service PHP - MultiPart Form-Data Denial of Service (PoC) Nuked KLan 1.7.7 & SP4 - Denial of Service AIC Audio Player 1.4.1.587 - Local Crash (PoC) Xerox 4595 - Denial of Service WinMerge 2.12.4 - Project File Handling Stack Overflow Acoustica Mixcraft 1.00 - Local Crash SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC) Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption Spotify 0.8.2.610 - search func Memory Exhaustion Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC) WaveSurfer 1.8.8p4 - Memory Corruption (PoC) DIMIN Viewer 5.4.0 - Crash (PoC) FreeVimager 4.1.0 - Crash (PoC) DIMIN Viewer 5.4.0 - Crash (PoC) FreeVimager 4.1.0 - Crash (PoC) CoolPlayer+ Portable 2.19.4 - Local Buffer Overflow Light Audio Player 1.0.14 - Memory Corruption (PoC) Image Transfer IOS - Remote Crash (PoC) Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH) VUPlayer 2.49 - '.cue' Universal Buffer Overflow Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite Hex Workshop 4.23/5.1/6.0 - '.hex' Universal Local Buffer Overflow (SEH) Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflow Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflow (SEH) Alleycode HTML Editor 2.2.1 - Local Buffer Overflow GPG2/Kleopatra 2.0.11 - Malformed Certificate Free WMA MP3 Converter 1.1 - '.wav' Local Buffer Overflow OtsTurntables Free 1.00.047 - '.olf' Universal Buffer Overflow Watermark Master 2.2.23 - '.wstyle' Local Buffer Overflow (SEH) Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2) eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (3) QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2) CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow quickshare file share 1.2.1 - Directory Traversal (1) SPlayer 3.7 (build 2055) - Remote Buffer Overflow Acunetix 8 build 20120704 - Remote Stack Overflow Omeka 2.2.1 - Remote Code Execution D-Link DSL-2740R - Remote DNS Change D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure Netgear JNR1010 ADSL Router - (Authenticated) Remote File Disclosure Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution TorrentTrader 1.0 RC2 - SQL Injection WEBInsta CMS 0.3.1 - 'templates_dir' Remote File Inclusion MiniPort@l 0.1.5 Beta - 'skiny' Remote File Inclusion PHP DocWriter 0.3 - 'script' Remote File Inclusion phpBB Journals System Mod 1.0.2 RC2 - Remote File Inclusion phpBB SpamBlocker Mod 1.0.2 - Remote File Inclusion RSSonate - 'xml2rss.php' Remote File Inclusion CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion RSSonate - 'xml2rss.php' Remote File Inclusion CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion QnECMS 2.5.6 - 'adminfolderpath' Remote File Inclusion BrewBlogger 1.3.1 - 'printLog.php' SQL Injection e-Ark 1.0 - '/src/ark_inc.php' Remote File Inclusion awrate.com Message Board 1.0 - 'search.php' Remote File Inclusion Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion Gizzar 03162002 - 'index.php' Remote File Inclusion SH-News 0.93 - 'misc.php' Remote File Inclusion JSBoard 2.0.10 - 'login.php?table' Local File Inclusion XOOPS Module WF-Links 1.03 - 'cid' SQL Injection Scorp Book 1.0 - 'smilies.php?config' Remote File Inclusion WEBInsta FM 0.1.4 - 'login.php' absolute_path Remote File Inclusion mxBB Module FAQ & RULES 2.0.0 - Remote File Inclusion EQdkp 1.3.2 - 'listmembers.php' SQL Injection FlashBB 1.1.8 - 'sendmsg.php' Remote File Inclusion SimpleBlog 3.0 - 'comments_get.asp?id' SQL Injection Pakupaku CMS 0.4 - Arbitrary File Upload / Local File Inclusion CCMS 3.1 Demo - SQL Injection MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection AuraCMS 1.62 - Multiple SQL Injections sCssBoard (Multiple Versions) - 'pwnpack' Remote s EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion RevokeBB 1.0 RC11 - 'Search' SQL Injection Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection PHPortal 1.2 - Multiple Remote File Inclusions Libera CMS 1.12 - 'cookie' SQL Injection Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload WCMS 1.0b - Arbitrary Add Admin FOSS Gallery Admin 1.0 - Arbitrary File Upload MemHT Portal 4.0.1 - SQL Injection / Code Execution Mediatheka 4.2 - Blind SQL Injection Pligg 9.9.5b - Arbitrary File Upload / SQL Injection XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution Joomla! Component Casino 0.3.1 - Multiple SQL Injections s ZeusCart 2.3 - 'maincatid' SQL Injection ASP Football Pool 2.3 - Remote Database Disclosure LightNEasy sql/no-db 2.2.x - System Configuration Disclosure Zen Cart 1.3.8 - Remote Code Execution Joomla! Component com_pinboard - 'task' SQL Injection Joomla! Component com_bookflip - 'book_id' SQL Injection Messages Library 2.0 - Arbitrary Delete Message Arab Portal 2.2 - Blind Cookie Authentication Bypass Joomla! Plugin JD-WordPress 2.0 RC2 - Remote File Inclusion REZERVI 3.0.2 - Remote Command Execution Joomla! Component BF Quiz 1.0 - SQL Injection (2) E-Xoopport Samsara 3.1 (eCal Module) - Blind SQL Injection AJ Matrix DNA - SQL Injection Joomla! Component JE Story Submit - Local File Inclusion CF Image Hosting Script 1.3.82 - File Disclosure hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting CMSLogik 1.2.1 - Multiple Vulnerabilities C.P.Sub 4.5 - Authentication Bypass WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload PHPMailer < 5.2.20 - Remote Code Execution phpIPAM 1.4 - SQL Injection Joomla! 3.9.0 < 3.9.7 - CSV Injection	2021-09-03 14:58:20 +00:00
Offensive Security	36c084c351	DB: 2021-09-03 45419 changes to exploits/shellcodes 2 new exploits/shellcodes Too many to list!	2021-09-03 13:39:06 +00:00
Offensive Security	4e7ab00187	DB: 2021-08-20 204 changes to exploits/shellcodes Charity Management System CMS 1.0 - Multiple Vulnerabilities	2021-08-20 05:01:51 +00:00
Offensive Security	bccca11e26	DB: 2021-04-15 8 changes to exploits/shellcodes MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass) CITSmart ITSM 9.1.2.22 - LDAP Injection CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated) Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE jQuery 1.2 - Cross-Site Scripting (XSS) jQuery 1.0.3 - Cross-Site Scripting (XSS)	2021-04-15 05:01:57 +00:00
Offensive Security	fc0129fabf	DB: 2020-12-12 12 changes to exploits/shellcodes Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011) Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014) Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting Openfire 4.6.0 - 'groupchatJID' Stored XSS Openfire 4.6.0 - 'users' Stored XSS Openfire 4.6.0 - 'sql' Stored XSS Medical Center Portal Management System 1.0 - Multiple Stored XSS Jenkins 2.235.3 - 'Description' Stored XSS Rukovoditel 2.6.1 - RCE Supply Chain Management System - Auth Bypass SQL Injection Dolibarr 12.0.3 - SQLi to RCE Courier Management System 1.0 - 'First Name' Stored XSS Courier Management System 1.0 - 'MULTIPART street ((custom) ' SQL Injection Courier Management System 1.0 - 'ref_no' SQL Injection	2020-12-12 05:01:57 +00:00
Offensive Security	42b9ff04f0	DB: 2020-12-11 7 changes to exploits/shellcodes PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path Barcodes generator 1.0 - 'name' Stored Cross Site Scripting OpenCart 3.0.3.6 - Cross Site Request Forgery Openfire 4.6.0 - 'path' Stored XSS Library Management System 2.0 - Auth Bypass SQL Injection WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting	2020-12-11 05:01:59 +00:00
Offensive Security	1979df6cb3	DB: 2020-06-19 51 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Notepad++ < 7.7 (x64) - Denial of Service SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service InputMapper 1.6.10 - Denial of Service SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH) XnConvert 1.82 - Denial of Service (PoC) SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC) SpotDialup 1.6.7 - 'Key' Denial of Service (PoC) Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) FreeBSD 12.0 - 'fd' Local Privilege Escalation iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH) DeviceViewer 3.12.0.1 - Arbitrary Password Change Winrar 5.80 - XML External Entity Injection Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution Siemens TIA Portal - Remote Command Execution Android 7 < 9 - Remote Code Execution CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit) CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit) CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit) MyBB < 1.8.21 - Remote Code Execution Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit) Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery Publisure Hybrid - Multiple Vulnerabilities NetGain EM Plus 10.1.68 - Remote Command Execution Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion DotNetNuke 9.3.2 - Cross-Site Scripting VehicleWorkshop 1.0 - 'bookingid' SQL Injection WordPress Plugin Tutor.1.5.3 - Local File Inclusion WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting WordPress Plugin Wordfence.7.4.5 - Local File Disclosure WordPress Plugin contact-form-7 5.1.6 - Remote File Upload WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Joomla! 3.9.0 < 3.9.7 - CSV Injection PlaySMS 1.4.3 - Template Injection / Remote Code Execution Wing FTP Server - Authenticated CSRF (Delete Admin) WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification UADMIN Botnet 1.0 - 'link' SQL Injection Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload Wordpress Plugin PicUploader 1.0 - Remote File Upload PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution WordPress Plugin Helpful 2.4.11 - SQL Injection Prestashop 1.7.6.4 - Cross-Site Request Forgery WordPress Plugin Simple File List 5.4 - Remote Code Execution Library CMS Powerful Book Management System 2.2.0 - Session Fixation Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated) Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection Beauty Parlour Management System 1.0 - Authentication Bypass Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes) Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes) Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes) Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)	2020-06-19 05:02:01 +00:00
Offensive Security	c8181201fd	DB: 2019-11-13 38 changes to exploits/shellcodes Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH) Wondershare Application Framework Service - _WsAppService_ Unquote Service Path eMerge E3 Access Controller 4.6.07 - Remote Code Execution eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit) CBAS-Web 19.0.0 - Information Disclosure Prima FlexAir Access Control 2.3.38 - Remote Code Execution Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting eMerge E3 1.00-06 - Unauthenticated Directory Traversal eMerge E3 1.00-06 - Privilege Escalation eMerge E3 1.00-06 - Remote Code Execution eMerge E3 1.00-06 - Cross-Site Request Forgery Atlassian Confluence 6.15.1 - Directory Traversal eMerge E3 1.00-06 - Arbitrary File Upload eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting eMerge50P 5000P 4.6.07 - Remote Code Execution CBAS-Web 19.0.0 - Remote Code Execution CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin) CBAS-Web 19.0.0 - Username Enumeration CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection Joomla 3.9.13 - 'Host' Header Injection Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Prima Access Control 2.3.35 - Arbitrary File Upload Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit) Optergy 2.3.0a - Remote Code Execution FlexAir Access Control 2.4.9api3 - Remote Code Execution Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin) Optergy 2.3.0a - Username Disclosure Optergy 2.3.0a - Remote Code Execution (Backdoor) Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting FlexAir Access Control 2.3.35 - Authentication Bypass Bematech Printer MP-4200 - Denial of Service	2019-11-13 05:01:43 +00:00
Offensive Security	6f49190671	DB: 2019-07-27 19 changes to exploits/shellcodes pdfresurrect 0.15 - Buffer Overflow Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation Serv-U FTP Server < 15.1.7 - Local Privilege Escalation Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (1) Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method) Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method) Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method) Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method) Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP) Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation VMware Workstation/Player < 12.5.5 - Local Privilege Escalation S-nail < 14.8.16 - Local Privilege Escalation Deepin Linux 15 - 'lastore-daemon' Local Privilege Escalation Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2) ASAN/SUID - Local Privilege Escalation Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation Ovidentia 8.4.3 - SQL Injection Moodle Filepicker 3.5.2 - Server Side Request Forgery Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit) Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection	2019-07-27 05:02:19 +00:00
Offensive Security	29aeb0c030	DB: 2019-06-12 5 changes to exploits/shellcodes ProShow 9.0.3797 - Local Privilege Escalation Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit) WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution phpMyAdmin 4.8 - Cross-Site Request Forgery Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting	2019-06-12 05:01:53 +00:00
Offensive Security	e76aee5eaf	DB: 2019-06-06 4 changes to exploits/shellcodes Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit) LibreNMS - addhost Command Injection (Metasploit) Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery	2019-06-06 05:01:56 +00:00
Offensive Security	5a28a97130	DB: 2019-05-11 12 changes to exploits/shellcodes jetCast Server 2.0 - Denial of Service (PoC) SpotIM 2.2 - Denial of Service (PoC) SpotPaltalk 1.1.5 - Denial of Service (PoC) ASPRunner.NET 10.1 - Denial of Service (PoC) PHPRunner 10.1 - Denial of Service (PoC) TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery dotCMS 5.1.1 - HTML Injection RICOH SP 4510DN Printer - HTML Injection RICOH SP 4520DN Printer - HTML Injection CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection	2019-05-11 05:02:00 +00:00
Offensive Security	0d739de6f9	DB: 2019-04-16 13 changes to exploits/shellcodes UltraVNC Viewer 1.2.2.4 - 'VNC Server' Denial of Service (PoC) UltraVNC Launcher 1.2.2.4 - 'Path' Denial of Service (PoC) MailCarrier 2.51 - 'RCPT TO' Buffer Overflow RemoteMouse 3.008 - Arbitrary Remote Command Execution CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit) MailCarrier 2.51 - POP3 'USER' Buffer Overflow MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit) Manage Engine ServiceDesk Plus 10.0 - Privilege Escalation DirectAdmin 1.561 - Multiple Vulnerabilities Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes) Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)	2019-04-16 05:02:04 +00:00
Offensive Security	ce1901fc4f	DB: 2019-03-12 10 changes to exploits/shellcodes Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC) NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode) Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit) OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit) PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes) Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)	2019-03-12 05:01:58 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	79a4beaea4	DB: 2019-02-20 13 changes to exploits/shellcodes NetSetMan 4.7.1 - 'Workgroup' Denial of Service (PoC) Valentina Studio 9.0.4 - 'Host' Denial of Service (PoC) BulletProof FTP Server 2019.0.0.50 - 'SMTP Server' Denial of Service (PoC) MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - File Permissions SYSTEM Privilege Escalation Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting eDirectory - SQL Injection XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection Jenkins - Remote Code Execution	2019-02-20 05:01:54 +00:00
Offensive Security	cd868436ff	DB: 2019-02-19 25 changes to exploits/shellcodes Realterm Serial Terminal 2.0.0.70 - Denial of Service Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH) NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC) Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers qdPM 9.1 - 'type' Cross-Site Scripting qdPM 9.1 - 'search[keywords]' Cross-Site Scripting Master IP CAM 01 3.3.4.2103 - Remote Command Execution MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module CMSsite 1.0 - 'post' SQL Injection M/Monit 3.7.2 - Privilege Escalation Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload Apache CouchDB 2.3.0 - Cross-Site Scripting ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)	2019-02-19 05:02:08 +00:00
Offensive Security	ef70ec156b	DB: 2018-10-31 22 changes to exploits/shellcodes ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC) SIPp 3.3.990 - Local Buffer Overflow (PoC) R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass) xorg-x11-server 1.20.3 - Privilege Escalation Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit) Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection Electricks eCommerce 1.0 - 'prodid' SQL Injection phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection Webiness Inventory 2.9 - Arbitrary File Upload NETGEAR WiFi Router R6120 - Credential Disclosure MyBB Downloads 2.0.3 - SQL Injection Expense Management 1.0 - Arbitrary File Upload University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin) Notes Manager 1.0 - Arbitrary File Upload Instagram Clone 1.0 - Arbitrary File Upload Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection CI User Login and Management 1.0 - Arbitrary File Upload Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)	2018-10-31 05:01:53 +00:00
Offensive Security	08c35595ed	DB: 2018-05-22 23 changes to exploits/shellcodes Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit) R 3.4.4 - Local Buffer Overflow (DEP Bypass) KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Superfood 1.0 - Multiple Vulnerabilities Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Zenar Content Management System - Cross-Site Scripting GitBucket 4.23.1 - Remote Code Execution ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery Teradek Cube 7.3.6 - Cross-Site Request Forgery Teradek Slice 7.3.15 - Cross-Site Request Forgery Schneider Electric PLCs - Cross-Site Request Forgery Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Merge PACS 7.0 - Cross-Site Request Forgery Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting	2018-05-22 05:01:47 +00:00
Offensive Security	42f3759885	DB: 2018-05-21 6 changes to exploits/shellcodes Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass) mySCADA myPRO 7 - Hard-Coded Credentials D-Link DSL-3782 - Authentication Bypass Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection	2018-05-21 05:01:47 +00:00
Offensive Security	f34469db27	DB: 2018-04-17 17 changes to exploits/shellcodes Barco ClickShare CSE-200 - Remote Denial of Service Microsoft Windows - 'nt!NtQueryFullAttributesFile' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryAttributesFile' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryVolumeInformationFile' Kernel Stack Memory Disclosure Microsoft Windows - 'nt!NtQuerySystemInformation (SystemPageFileInformation(Ex))' Kernel 64-bit Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation)' Kernel Pool Memory Disclosure Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessImageFileName)' Kernel 64-bit Pool/Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation)' Kernel 64-bit Stack Memory Disclosure Microsoft Windows - 'nt!NtQueryVirtualMemory (MemoryImageInformation)' Kernel 64-bit Stack Memory Disclosure Microsoft Windows - 'CiSetFileCache' TOCTOU Incomplete Fix Microsoft Edge - 'OpenProcess()' ACG Bypass Zortam MP3 Media Studio 23.45 - Local Buffer Overflow (SEH) SysGauge Pro 4.6.12 - Local Buffer Overflow (SEH) CloudMe Sync 1.11.0 - Local Buffer Overflow Cobub Razor 0.8.0 - SQL injection Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference	2018-04-17 05:01:45 +00:00
Offensive Security	7a33f5d0bf	DB: 2018-02-23 15 changes to exploits/shellcodes NoMachine x86 < 6.0.80 - 'nxfuse' Privilege Escalation NoMachine x64 < 6.0.80 - 'nxfuse' Privilege Escalation Armadito Antivirus 0.12.7.2 - Detection Bypass Joomla! Component CW Tags 2.0.6 - SQL Injection Joomla! Component Proclaim 9.1.1 - Backup File Download Joomla! Component PrayerCenter 3.0.2 - 'sessionid' SQL Injection Joomla! Component Ek Rishta 2.9 - SQL Injection Joomla! Component Alexandria Book Library 3.1.2 - 'letter' SQL Injection Joomla! Component CheckList 1.1.1 - SQL Injection Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities Learning and Examination Management System - Cross-Site Scripting Alibaba Clone Script 1.0.2 - Cross-Site Scripting Groupon Clone Script 3.0.2 - Cross-Site Scripting	2018-02-23 05:01:47 +00:00
Offensive Security	50c008ba06	DB: 2018-01-16 39 changes to exploits/shellcodes OBS studio 20.1.3 - Local Buffer Overflow Kingsoft Antivirus/Internet Security 9+ - Privilege Escalation Kingsoft Antivirus/Internet Security 9+ - Local Privilege Escalation SysGauge Server 3.6.18 - Buffer Overflow Disk Pulse Enterprise 10.1.18 - Buffer Overflow Synology Photo Station 6.8.2-3461 - 'SYNOPHOTO_Flickr_MultiUpload' Race Condition File Write Remote Code Execution ImgHosting 1.5 - Cross-Site Scripting Domains & Hostings Manager PRO 3.0 - Authentication Bypass PerfexCRM 1.9.7 - Arbitrary File Upload RISE 1.9 - 'search' SQL Injection Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect Adminer 4.3.1 - Server-Side Request Forgery Oracle PeopleSoft 8.5x - Remote Code Execution ILIAS < 5.2.4 - Cross-Site Scripting Flash Operator Panel 2.31.03 - Command Execution pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes) BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD/x86 - setuid(0) + Bind TCP Shell (31337/TCP) Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes) BSD/x86 - Bind TCP Shell (Random TCP Port) Shellcode (143 bytes) BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes) BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes) BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes) FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000/TCP) Null-Free Shellcode (89 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes) FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator) Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes) Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes) Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/SPARC - Reverse TCP Shell (192.168.100.1:2313/TCP) Shellcode (216 bytes) Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes) Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes) Linux/x86 - Raw-Socket ICMP/Checksum Shell (/bin/sh) Shellcode (235 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337/TCP) Shellcode (82 bytes) (Generator) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes) Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) NetBSD/x86 - Reverse TCP Shell (6666/TCP) Shellcode (83 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (30 bytes) OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes) OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes) Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - Reverse TCP (44434/TCP) Shell + XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes) Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind TCP /bin/sh Shell (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53/TCP) Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Windows XP SP1 - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes) FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes) Linux - Bind TCP (6778/TCP) Shell + XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes) BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes) Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode Linux/ARM - Bind UDP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + Fork Shellcode (111 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes) OSX/Intel x86-64 - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic XOR Encoded Shellcode (69/93 bytes) OSX/Intel x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes) Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Windows x86 - Bind TCP Password (damn_it!$$##@;#) Shell Shellcode (637 bytes) Windows x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Windows x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode Windows RT ARM - Bind TCP (4444/TCP) Shell Shellcode Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes) Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes) Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes) Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes) OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes) Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux x86/x86-64 - Reverse TCP Shell (192.168.1.29:4444/TCP) Shellcode (195 bytes) Linux x86/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (251 bytes) Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes) Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator) Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + Fork + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x86-64 - Bind TCP Stager (4444/TCP) + Egghunter Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd Shellcode (273 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes) Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes) OpenBSD/x86 - reboot() Shellcode (15 bytes) Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes) Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes) Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes) Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes) Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes) FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes) FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes) IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes) Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes) Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Linux/StrongARM - Bind TCP /bin/sh Shell Shellcode (203 bytes) Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes) Linux/SuperH (sh4) - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (132 bytes) Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes) Linux/x86-64 - shutdown -h now Shellcode (65 bytes) Linux/x86-64 - shutdown -h now Shellcode (64 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Polymorphic Shellcode (273 bytes) Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes) Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)	2018-01-16 05:02:18 +00:00
Offensive Security	3d73ec60b6	DB: 2018-01-06 23 changes to exploits/shellcodes Emulive Server4 7560 - Remote Denial of Service Emulive Server4 Build 7560 - Remote Denial of Service ShareCenter D-Link DNS-320 - Remote reboot/shutdown/reset (Denial of Service) D-Link DNS-320 ShareCenter - Remote Reboot/Shutdown/Reset (Denial of Service) DNS4Me 3.0 - Denial of Service / Cross-Site Scripting EmuLive Server4 - Authentication Bypass / Denial of Service GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit) keene digital media server 1.0.2 - Directory Traversal variant Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - Traversal Arbitrary File Access Keene Digital Media Server 1.0.2 - Directory Traversal Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting Xedus Web Server 1.0 - Traversal Arbitrary File Access D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access WDMyCloud < 2.30.165 - Multiple Vulnerabilities Ayukov NFTP FTP Client 2.0 - Buffer Overflow (Metasploit) Cisco IOS - Remote Code Execution Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection WordPress 1.5.1.2 - xmlrpc Interface SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection MySQL Eventum 1.5.5 - 'login.php' SQL Injection PHP live helper 2.0.1 - Multiple Vulnerabilities PHP Live Helper 2.0.1 - Multiple Vulnerabilities Zen Cart 1.3.9f (typefilter) - Local File Inclusion Zen Cart 1.3.9f - 'typefilter' Local File Inclusion phpWebSite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting phpWebSite 0.7.3/0.8.x/0.9.x Comment Module - 'CM_pid' Cross-Site Scripting YaBB 1.x/9.1.2000 - YaBB.pl IMSend Cross-Site Scripting YaBB 1.x/9.1.2000 - 'YaBB.pl IMSend' Cross-Site Scripting SugarCRM 1.x/2.0 Module - 'record' SQL Injection SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access SugarCRM 1.x/2.0 Module - 'record' SQL Injection SugarCRM 1.x/2.0 Module - Traversal Arbitrary File Access phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting Kayako eSupport 2.x - Ticket System Multiple SQL Injections Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting Kayako eSupport 2.x - Ticket System Multiple SQL Injections Kayako ESupport 2.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities Double Choco Latte 0.9.3/0.9.4 - 'main.php' Arbitrary PHP Code Execution PHPCOIN 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access phpCoin 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion ModernGigabyte ModernBill 4.3 - 'C_CODE' Cross-Site Scripting ModernGigabyte ModernBill 4.3 - 'Aid' Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Notes Module for phpBB - SQL Injection phpBB Notes Module - SQL Injection osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities Help Center Live 1.0/1.2.x - Multiple Input Validation Vulnerabilities HelpCenter Live! 1.0/1.2.x - Multiple Input Validation Vulnerabilities FusionBB 0.x - Multiple Input Validation Vulnerabilities Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities osCommerce 2.1/2.2 - Multiple HTTP Response Splitting Vulnerabilities PAFaq - Question Cross-Site Scripting PAFaq - Administrator 'Username' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection Kayako LiveResponse 2.0 - 'index.php?Username' Cross-Site Scripting Kayako LiveResponse 2.0 - 'index.php' Calendar Feature Multiple SQL Injections Kayako Live Response 2.0 - 'index.php?Username' Cross-Site Scripting Kayako Live Response 2.0 - 'index.php' Calendar Feature Multiple SQL Injections MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection EyeOS 0.8.x - Session Remote Command Execution eyeOS 0.8.x - Session Remote Command Execution CPAINT 1.3/2.0 - 'TYPE.php' Cross-Site Scripting CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting XMB Forum 1.8/1.9 - 'u2u.php?Username' Cross-Site Scripting Zen Cart Web Shopping Cart 1.x - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion Zen Cart Web Shopping Cart 1.3.0.2 - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion osCommerce 2.1/2.2 - 'product_info.php' SQL Injection CakePHP 1.1.7.3363 - 'Vendors.php' Directory Traversal HAMweather 3.9.8 - 'template.php' Script Code Injection Kayako SupportSuite 3.0.32 - PHP_SELF Trigger_Error Function Cross-Site Scripting Kayako SupportSuite 3.0.32 - 'PHP_SELF Trigger_Error' Function Cross-Site Scripting Jamroom 3.3.8 - Cookie Authentication Bypass Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting Kayako SupportSuite 3.x - 'index.php?filter' Cross-Site Scripting Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection Vanilla 1.1.4 - HTML Injection / Cross-Site Scripting UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities Zen Cart < 1.3.8a - SQL Injection PHP Topsites < 2.2 - Multiple Vulnerabilities phpLinks < 2.1.2 - Multiple Vulnerabilities P-Synch < 6.2.5 - Multiple Vulnerabilities WinMX < 2.6 - Design Error FTP Service < 1.2 - Multiple Vulnerabilities MegaBrowser < 0.71b - Multiple Vulnerabilities Max Web Portal < 1.30 - Multiple Vulnerabilities Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities Gespage 7.4.8 - SQL Injection Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)	2018-01-06 05:02:14 +00:00
Offensive Security	a24ecf72c3	DB: 2017-12-01 82 changes to exploits/shellcodes 32 new exploits/shellcodes Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Overrun (PoC) CA BrightStor HSM r11.5 - Remote Stack Based Overflow / Denial of Service CA BrightStor HSM r11.5 - Remote Stack Overflow / Denial of Service Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC) Rosoft Media Player 4.1.8 - RML Stack Buffer Overflow (PoC) Aircrack-NG Tools svn r1675 - Remote Heap-Based Buffer Overflow Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow FontForge - '.BDF' Font File Stack Based Buffer Overflow FontForge - '.BDF' Font File Stack Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Based Buffer Overflow Native Instruments Traktor Pro 1.2.6 - Stack Buffer Overflow Libmodplug 0.8.8.2 - '.abc' Stack Based Buffer Overflow (PoC) Libmodplug 0.8.8.2 - '.abc' Stack Buffer Overflow (PoC) Citrix XenApp / XenDesktop - Stack Based Buffer Overflow Citrix XenApp / XenDesktop - Stack Buffer Overflow Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflows Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC) Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC) IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow Oracle Outside-In - '.LWP' File Parsing Stack Based Buffer Overflow Oracle Outside-In - '.LWP' File Parsing Stack Buffer Overflow mcrypt 2.6.8 - Stack Based Buffer Overflow (PoC) mcrypt 2.6.8 - Stack Buffer Overflow (PoC) MySQL (Linux) - Stack Based Buffer Overrun (PoC) MySQL (Linux) - Heap Based Overrun (PoC) MySQL (Linux) - Stack Buffer Overrun (PoC) MySQL (Linux) - Heap Overrun (PoC) Sony PC Companion 2.1 - 'DownloadURLToFile()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Load()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Stack Based Unicode Buffer Overflow Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Based Buffer Overflow DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Buffer Overflow GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (1) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1) Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Based Buffer Overflow Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Based Buffer Overflow Denial of Service Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow Denial of Service Multiple Vendor Telnet Client - Env_opt_add Heap Based Buffer Overflow Multiple Vendor Telnet Client - Env_opt_add Heap Buffer Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Based Overflow SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow Winamp 5.63 - Stack Based Buffer Overflow Winamp 5.63 - Stack Buffer Overflow Apple Mac OSX 10.x - '.zip' BOMStackPop()' Overflow Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap-Based Buffer Overflow (MS14-056) Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap Buffer Overflow (MS14-056) MPlayer 1.0 - AVIHeader.C Heap Based Buffer Overflow MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Based Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Based Buffer Overflow ProWizard 4 PC 1.62 - Multiple Remote Stack Buffer Overflow Vulnerabilities WinUAE 1.4.4 - 'zfile.c' Stack Buffer Overflow Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow Google Android Web Browser - '.GIF' File Heap Buffer Overflow Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC) Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC) NASA Ames Research Center BigView 1.8 - '.PNM' Stack Based Buffer Overflow NASA Ames Research Center BigView 1.8 - '.PNM' Stack Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow OpenVms 8.3 Finger Service - Stack Based Buffer Overflow OpenVms 8.3 Finger Service - Stack Buffer Overflow Free Download Manager - Stack Based Buffer Overflow Free Download Manager - Stack Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow Sonique 2.0 - '.xpl' Remote Stack Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow eXPert PDF 7.0.880.0 - '.pj' Heap Buffer Overflow Adobe Flash - Heap Based Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Based Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Valhala Honeypot 1.8 - Stack Based Buffer Overflow Valhala Honeypot 1.8 - Stack Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Based Buffer Overflow Microsoft Office 2007 - Malformed Document Stack Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Based Buffer Overflow Xion Audio Player 1.5 build 155 - Stack Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Based Buffer Overflow Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow Last PassBroker 3.2.16 - Stack Based Buffer Overflow Last PassBroker 3.2.16 - Stack Buffer Overflow FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read FBZX 2.10 - Local Stack Based Buffer Overflow TACK 1.07 - Local Stack Based Buffer Overflow FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Out-of-Bounds Read FBZX 2.10 - Local Stack Buffer Overflow TACK 1.07 - Local Stack Buffer Overflow Gnome Nautilus 3.16 - Denial of Service Wireshark - iseries_parse_packet Heap Based Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Based Buffer Overflow Wireshark - iseries_parse_packet Heap Buffer Overflow Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Based Buffer Overflow Wireshark - file_read 'wtap_read_bytes_or_eof/mp2t_find_next_pcr' Stack Buffer Overflow Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow Wireshark - find_signature Stack Based Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Based Buffer Overflow Wireshark - getRate Stack Based Out-of-Bounds Read Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow Wireshark - find_signature Stack Out-of-Bounds Read Wireshark - AirPDcapPacketProcess Stack Buffer Overflow Wireshark - getRate Stack Out-of-Bounds Read Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1) Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (1) pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Based Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Based Out-of-Bounds Read pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read pdfium - CPDF_Function::Call Stack Based Buffer Overflow pdfium - CPDF_Function::Call Stack Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Based Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Based Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Based Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Based Buffer Overflow pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read Wireshark - 'iseries_check_file_type' Stack Out-of-Bounds Read Wireshark - dissect_nhdr_extopt Stack Buffer Overflow Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Based Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Out-of-Bounds Read Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC) glibc - 'getaddrinfo' Stack Buffer Overflow (PoC) Wireshark - vwr_read_s2_s3_W_rec Heap Based Buffer Overflow libxml2 - xmlDictAddString Heap Based Buffer Overread libxml2 - xmlParseEndTag2 Heap Based Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread libxml2 - htmlCurrentChar Heap Based Buffer Overread Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow libxml2 - xmlDictAddString Heap Buffer Overread libxml2 - xmlParseEndTag2 Heap Buffer Overread libxml2 - xmlParserPrintFileContextInternal Heap Buffer Overread libxml2 - htmlCurrentChar Heap Buffer Overread Kamailio 4.3.4 - Heap Based Buffer Overflow Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read Kamailio 4.3.4 - Heap Buffer Overflow Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2) Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2) Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055) Graphite2 - GlyphCache::GlyphCache Heap Based Buffer Overflow Graphite2 - GlyphCache::Loader Heap Based Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Based Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Based Overread Graphite2 - NameTable::getName Multiple Heap Based Out-of-Bounds Reads Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow Graphite2 - GlyphCache::Loader Heap Overreads Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097) Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'LoadUvsTable()' Heap-based Buffer Overflow Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap-Based Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap-Based Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011) Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap-Based Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011) Microsoft Windows - Uniscribe Heap-Based Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013) SAP SAPCAR 721.510 - Heap-Based Buffer Overflow SAP SAPCAR 721.510 - Heap Buffer Overflow Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap-Based Memory Corruption Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption LAME 3.99.5 - 'III_dequantize_sample' Stack Based Buffer Overflow LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow OpenJPEG - 'mqc.c' Heap-Based Buffer Overflow OpenJPEG - 'mqc.c' Heap Buffer Overflow tcprewrite - Heap-Based Buffer Overflow tcprewrite - Heap Buffer Overflow Dnsmasq < 2.78 - 2-byte Heap-Based Overflow Dnsmasq < 2.78 - Heap-Based Overflow Dnsmasq < 2.78 - Stack-Based Overflow Dnsmasq < 2.78 - 2-byte Heap Overflow Dnsmasq < 2.78 - Heap Overflow Dnsmasq < 2.78 - Stack Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap-Based Buffer Overflow binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow PHP 7.1.8 - Heap-Based Buffer Overflow PHP 7.1.8 - Heap Buffer Overflow QEMU - NBD Server Long Export Name Stack Buffer Overflow Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page TerminatorX 3.81 - Local Stack Overflow / Privilege Escalation TerminatorX 3.81 - Local Stack Overflow / Local Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Privilege Escalation BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Privilege Escalation RedHat 6.1 - 'man' Local Overflow / Local Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Privilege Escalation IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/bin/lpstat' Local Overflow / Local Privilege Escalation AIX lquerylv - Local Buffer Overflow / Privilege Escalation AIX lquerylv - Local Buffer Overflow / Local Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Privilege Escalation IRIX 5.3 - '/usr/sbin/iwsh' Local Buffer Overflow / Local Privilege Escalation libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC) libxml 2.6.12 nanoftp - Buffer Overflow (PoC) Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Privilege Escalation Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow / Local Privilege Escalation Gopher 3.0.9 - '+VIEWS' Remote Client-Side Buffer Overflow Gopher 3.0.9 - '+VIEWS' Client-Side Buffer Overflow XMail 1.21 - '-t' Command Line Option Buffer Overflow / Privilege Escalation XMail 1.21 - '-t' Command Line Option Local Buffer Overflow / Local Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation Microsoft Excel - Remote Code Execution Microsoft Excel - Code Execution HP-UX 11i - 'swpackage' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Privilege Escalation HP-UX 11i - 'swpackage' Local Stack Overflow / Local Privilege Escalation HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Overflow / Privilege Escalation Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation News Rover 12.1 Rev 1 - Remote Stack Overflow (1) News Rover 12.1 Rev 1 - Stack Overflow (1) News Rover 12.1 Rev 1 - Remote Stack Overflow (2) News Rover 12.1 Rev 1 - Stack Overflow (2) FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Local Buffer Overflow / Local Privilege Escalation Apple Mac OSX - mount_smbfs Stack Based Buffer Overflow Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' File Stack Based Buffer Overflow VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow Free Download Manager - Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities (Metasploit) Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit) MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Buffer Overflows Libmodplug - 's3m' Remote Buffer Overflow Libmodplug - 's3m' Buffer Overflow Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin) Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Remote Buffer Overflow (PoC) EDraw Flowchart ActiveX Control 2.3 - '.edd parsing' Buffer Overflow (PoC) Microsoft Visio 2002 - '.DXF' File Stack based Overflow Microsoft Visio 2002 - '.DXF' Local Stack Overflow AOL 9.5 - 'Phobos.Playlist Import()' Stack Based Buffer Overflow (Metasploit) AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (SEH) (Metasploit) CCMPlayer 1.5 - '.m3u' Stack based Buffer Overflow (Metasploit) CCMPlayer 1.5 - '.m3u' Stack Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit) Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit) Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/sdtcm_convert' Local Overflow / Local Privilege Escalation BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Privilege Escalation (3) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Local Overflow / Local Privilege Escalation (3) S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Privilege Escalation S.u.S.E Linux 5.2 - 'gnuplot' Local Overflow / Local Privilege Escalation Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Privilege Escalation SuSE Linux 6.1/6.2 - 'cwdtools' Local Overflow / Local Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Privilege Escalation Solaris 7.0 - 'kcms_configure' Local Overflow / Local Privilege Escalation Internet Download Manager - Stack Based Buffer Overflow Internet Download Manager - Local Stack Buffer Overflow AFD 1.2.x - Working Directory Local Buffer Overflow / Privilege Escalation AFD 1.2.x - Working Directory Local Buffer Overflow / Local Privilege Escalation mcrypt 2.5.8 - Stack Based Overflow mcrypt 2.5.8 - Local Stack Overflow Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow / Privilege Escalation (MS04-020) Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Integer Overflow / Privilege Escalation (1) Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation (1) Winamp 5.12 - '.m3u' Stack Based Buffer Overflow Winamp 5.12 - '.m3u' Local Stack Buffer Overflow RealNetworks RealOne Player/RealPlayer - '.RM' Local Stack Buffer Overflow KingView 6.53 - 'KChartXY' ActiveX Remote File Creation / Overwrite KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite BlazeDVD Pro Player 6.1 - Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow Super Player 3500 - '.m3u' Local Stack Based Buffer Overflow Super Player 3500 - '.m3u' Local Stack Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Based Buffer Overflow IBM AIX 5.2/5.3 - Capture Command Local Stack Buffer Overflow MuPDF 1.3 - Stack Based Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Based Buffer Overflow MuPDF 1.3 - Stack Buffer Overflow in xps_parse_color() GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Based Buffer Overflow MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Privilege Escalation Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow / Local Privilege Escalation BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Privilege Escalation Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation BlazeDVD Pro Player 7.0 - '.plf' Stack Based Direct RET Buffer Overflow BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow Sim Editor 6.6 - Stack Based Buffer Overflow Sim Editor 6.6 - Local Stack Buffer Overflow Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022) Microsoft Word - Local Machine Zone Code Execution (MS15-022) Symantec Encryption Desktop 10 - Local Buffer Overflow / Privilege Escalation Symantec Encryption Desktop 10 - Local Buffer Overflow / Local Privilege Escalation AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow AdobeWorkgroupHelper 2.8.3.3 - Local Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Privilege Escalation (2) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1) Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2) Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042) Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042) TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow NRSS Reader 0.3.9 - Local Stack Based Overflow NRSS Reader 0.3.9 - Local Stack Overflow Linux - ecryptfs and /proc/$pid/environ Privilege Escalation Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099) Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099) NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow Callback / Privilege Escalation NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation Cemu 1.6.4b - Information Leak / Buffer Overflow (Emulator Breakout) Microsoft Remote Desktop Client for Mac 8.0.36 - Remote Code Execution Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution Man-db 2.6.7.1 - Local Privilege Escalation (PoC) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Remote Code Execution (Metasploit) Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit) Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit) PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution PDF-XChange Viewer 2.5 Build 314.0 - Code Execution Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Privilege Escalation (2) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2) UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation macOS High Sierra - Root Privilege Escalation (Metasploit) lftp 2.6.9 - Remote Stack based Overflow lftp 2.6.9 - Remote Stack Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack/SEH Overflow BlueCoat WinProxy 6.0 R1c - 'Host' Remote Stack Overflow (SEH) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow (PoC) KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow (PoC) HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit) Microsoft MPEG Layer-3 Audio - Stack Overflow (MS10-026) (Metasploit) Citrix Gateway - ActiveX Control Stack Based Buffer Overflow (Metasploit) Citrix Gateway - ActiveX Control Stack Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack Buffer Overflow (Metasploit) Novell Netware 4.1/4.11 - SP5B Remote.NLM Weak Encryption Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Based Buffer Overrun (3) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (1) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (2) Jordan Windows Telnet Server 1.0/1.2 - 'Username' Stack Buffer Overrun (3) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun (2) GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2) Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities RealNetworks RealOne Player/RealPlayer - '.RM' File Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Based Buffer Overflow Trend Micro ServerProtect 5.58 - 'SpntSvc.exe' Remote Stack Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Based Buffer Overflow Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Based Buffer Overflow AkkyWareHOUSE '7-zip32.dll' 4.42 - Heap Buffer Overflow Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities Vim - 'mch_expand_wildcards()' Heap Based Buffer Overflow Vim - 'mch_expand_wildcards()' Heap Buffer Overflow Acunetix 8 build 20120704 - Remote Stack Based Overflow Acunetix 8 build 20120704 - Remote Stack Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Based Buffer Overflow Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Based Buffer Overflow Stub TORQUE Resource Manager 2.5.x < 2.5.13 - Stack Buffer Overflow Stub glibc - 'getaddrinfo' Stack Based Buffer Overflow glibc - 'getaddrinfo' Remote Stack Buffer Overflow BlueVoda Website Builder 11 - '.bvp' File Stack Based Buffer Overflow Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities R2/Extreme 1.65 - Stack Based Buffer Overflow / Directory Traversal R2/Extreme 1.65 - Stack Buffer Overflow / Directory Traversal Alligra Calligra - Heap Based Buffer Overflow Alligra Calligra - Heap Buffer Overflow Aloaha PDF Suite - Stack Based Buffer Overflow Aloaha PDF Suite - Remote Stack Buffer Overflow EasyCafe Server 2.2.14 - Remote File Read Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow (Metasploit) ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow (Metasploit) Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit) pfSense - Authenticated Group Member Remote Command Execution (Metasploit) Almnzm - 'COOKIE: customer' SQL Injection Tutorialms 1.4 (show) - SQL Injection Tutorialms 1.4 - 'show' SQL Injection osCommerce 2.3.4.1 - Arbitrary File Upload Knowledge Base Enterprise Edition 4.62.00 - SQL Injection Knowledge Base Enterprise Edition 4.62.0 - SQL Injection WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload phpDolphin 2.0.5 - Multiple Vulnerabilities OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities AbanteCart 1.2.7 - Cross-Site Scripting MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection EyesOfNetwork (EON) 5.0 - Remote Code Execution EyesOfNetwork (EON) 5.0 - SQL Injection ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution Symantec Messaging Gateway 10.6.3-2 - Unauthenticated Root Remote Command Execution phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection phpCollab 2.5.1 - Arbitrary File Upload phpCollab 2.5.1 - SQL Injection Synology StorageManager 5.2 - Remote Root Command Execution Synology StorageManager 5.2 - Root Remote Command Execution WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal	2017-12-01 10:57:46 +00:00
Offensive Security	d304cc3d3e	DB: 2017-11-24 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00

35 commits