bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1934 commits 1 branch 0 tags 261 MiB
Commit graph

19 commits

Author SHA1 Message Date
Offensive Security
ba928141e7 DB: 2019-09-26 
10 changes to exploits/shellcodes

SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service

Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow
ABRT - sosreport Privilege Escalation (Metasploit)

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting
WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting
NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
YzmCMS 5.3 - 'Host' Header Injection
 2019-09-26 05:01:47 +00:00
Offensive Security
549d18247c DB: 2019-07-12 
2 changes to exploits/shellcodes

SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow

Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting
 2019-07-12 05:02:17 +00:00
Offensive Security
a90736625a DB: 2019-06-26 
7 changes to exploits/shellcodes

SuperDoctor5 - 'NRPE' Remote Code Execution
SAPIDO RB-1732 - Remote Command Execution
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
AZADMIN CMS 1.0 - SQL Injection
BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
 2019-06-26 05:01:53 +00:00
Offensive Security
3ef90f18d0 DB: 2019-06-21 
6 changes to exploits/shellcodes

Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
Tuneclone 2.20 - Local SEH Buffer Overflow
Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)

Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)
WebERP 4.15 - SQL injection
BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection
 2019-06-21 05:01:58 +00:00
Offensive Security
7e48b809b3 DB: 2019-06-20 
3 changes to exploits/shellcodes

BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution
BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution
 2019-06-20 05:01:55 +00:00
Offensive Security
98346529ea DB: 2019-06-14 
2 changes to exploits/shellcodes

Pronestor Health Monitoring < 8.1.11.0  - Privilege Escalation

Sitecore 8.x - Deserialization Remote Code Execution
 2019-06-14 05:01:54 +00:00
Offensive Security
1982f33252 DB: 2019-02-13 
16 changes to exploits/shellcodes

AirDroid 4.2.1.6 - Denial of Service

River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
Android - binder Use-After-Free via fdget() Optimization
Android - binder Use-After-Free of VMA via race Between reclaim and munmap
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow
River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
Ubuntu snapd < 2.37.1 - Local Privilege Escalation
IPFire 2.21 - Cross-Site Scripting
MyBB Bans List 1.0 - Cross-Site Scripting
IPFire 2.21 - Cross-Site Scripting
MyBB Bans List 1.0 - Cross-Site Scripting

Webiness Inventory 2.3 - 'email' SQL Injection
OPNsense < 19.1.1 - Cross-Site Scripting
Jenkins 2.150.2 -  Remote Command Execution (Metasploit)
BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution
LayerBB 1.1.2 - Cross-Site Scripting
 2019-02-13 05:01:49 +00:00
Offensive Security
518c704a2f DB: 2019-01-15 
32 changes to exploits/shellcodes

xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation

Hootoo HT-05 - Remote Code Execution (Metasploit)
Across DR-810 ROM-0 - Backup File Disclosure
i-doit CMDB 1.12 - Arbitrary File Download
i-doit CMDB 1.12 - SQL Injection
Horde Imp - 'imap_open' Remote Command Execution
Modern POS 1.3 - Arbitrary File Download
Modern POS 1.3 - SQL Injection
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
Find a Place CMS Directory 1.5 - SQL Injection
Cleanto 5.0 - SQL Injection
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
HealthNode Hospital Management System 1.0 - SQL Injection
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
ThinkPHP 5.X - Remote Command Execution
Real Estate Custom Script 2.0 - SQL Injection
Job Portal Platform 1.0 - SQL Injection
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
AudioCode 400HD - Command Injection
 2019-01-15 05:01:52 +00:00
Offensive Security
a07949d1c7 DB: 2018-12-12 
21 changes to exploits/shellcodes

SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation

DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting

Tourism Website Blog - Remote Code Execution / SQL Injection
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
ZTE ZXHN H168N - Improper Access Restrictions
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting
Apache OFBiz 16.11.05 - Cross-Site Scripting
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
Adobe ColdFusion 2018 - Arbitrary File Upload

Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
 2018-12-12 05:01:43 +00:00
Offensive Security
15b77b5965 DB: 2018-10-30 
33 changes to exploits/shellcodes

Navicat 12.0.29 - 'SSH' Denial of Service (PoC)
AlienIP 2.41 - Denial of Service (PoC)
Local Server 1.0.9 - Denial of Service (PoC)
systemd - reexec State Injection
systemd - chown_one() can Dereference Symlinks
ASRock Drivers - Privilege Escalation
Modbus Slave 7.0.0 - Denial of Service (PoC)
School Equipment Monitoring System 1.0 - 'login' SQL Injection
Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)

Paramiko 2.4.1 - Authentication Bypass
Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection
Grapixel New Media 2 - 'pageref' SQL Injection
Library Management System 1.0 - 'frmListBooks' SQL Injection
Open Faculty Evaluation System 7 - 'batch_name' SQL Injection
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
MTGAS  MOGG Web Simulator Script - SQL Injection
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
Curriculum Evaluation System 1.0 - SQL Injection
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection
School Event Management System 1.0 - SQL Injection
School Event Management System 1.0 - Arbitrary File Upload
School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Arbitrary File Upload
School Attendance Monitoring System 1.0 - SQL Injection
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
RhinOS CMS 3.x - Arbitrary File Download
E-Negosyo System 1.0 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)
SaltOS Erp Crm 3.1 r8126 - Database File Download
K-iwi Framework 1775 - SQL Injection
 2018-10-30 05:01:46 +00:00
Offensive Security
dac8dd4731 DB: 2018-10-25 
15 changes to exploits/shellcodes

Adult Filter 1.0 - Denial of Service (PoC)

Microsoft Data Sharing - Local Privilege Escalation (PoC)

Webmin 1.5 - Web Brute Force (CGI)

exim 4.90 - Remote Code Execution
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
SG ERP 1.0 - 'info' SQL Injection
Fifa Master XLS 2.3.2 - 'usw' SQL Injection
Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
Apache OFBiz 16.11.04 - XML External Entity Injection
D-Link Routers - Command Injection
D-Link Routers - Plaintext Password
D-Link Routers - Directory Traversal

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes
 2018-10-25 05:01:46 +00:00
Offensive Security
038ac7b860 DB: 2018-10-11 
4 changes to exploits/shellcodes

FileZilla 3.33 - Buffer Overflow (PoC)

WhatsApp - RTP Processing Heap Corruption

MicroTik RouterOS < 6.43rc3 - Remote Root

Ektron CMS 9.20 SP2 - Improper Access Restrictions
 2018-10-11 05:01:43 +00:00
Offensive Security
1d21694058 DB: 2018-08-10 
13 changes to exploits/shellcodes

reSIProcate 1.10.2 - Heap Overflow

CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)

AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)

Linux Kernel  4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)

Responsive Filemanager 9.13.1 - Server-Side Request Forgery

Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection

Sitecore.Net 8.1 - Directory Traversal

Monstra 3.0.4 - Cross-Site Scripting
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
 2018-08-10 05:01:46 +00:00
Offensive Security
61159b7f3e DB: 2018-06-05 
5 changes to exploits/shellcodes

R 3.4.4 - Local Buffer Overflow
RGui 3.4.4 - Local Buffer Overflow
Zip-n-Go 4.9 - Buffer Overflow (SEH)
Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)

CyberArk < 10 - Memory Disclosure
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
SearchBlox 8.6.7 - XML External Entity Injection
EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting
 2018-06-05 05:01:52 +00:00
Offensive Security
17d2f47aad DB: 2018-03-14 
6 changes to exploits/shellcodes

Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC)

MicroTik RouterOS 3.13 - SNMP write (Set request)
MikroTik RouterOS 3.13 - SNMP write (Set request)

Mikrotik RouterOS sshd (ROSSSH) - Unauthenticated Remote Heap Corruption
MikroTik RouterOS - sshd (ROSSSH) Unauthenticated Remote Heap Corruption
MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution
MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
Tuleap 9.17.99.189 - Blind SQL Injection
 2018-03-14 05:01:48 +00:00
Offensive Security
d12dffd438 DB: 2018-02-03 
21 changes to exploits/shellcodes

Microsoft Windows Subsystem for Linux - 'execve()' Local Privilege Escalation
Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection
Event Manager 1.0 - SQL Injection
Fancy Clone Script - 'search_browse_product' SQL Injection
Real Estate Custom Script - 'route' SQL Injection
Advance Loan Management System - 'id' SQL Injection
IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting
Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection
Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection
Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection
Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload
Joomla! Component JMS Music 1.1.1 - SQL Injection
Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal
FiberHome AN5506 - Unauthenticated Remote DNS Change

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes)
Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes)
Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode
Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator)
Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode
 2018-02-03 05:01:48 +00:00
Offensive Security
bd1b51b595 DB: 2018-01-27 
9 changes to exploits/shellcodes

RAVPower 2.000.056 - Memory Disclosure

Acunetix WVS 10 - Local Privilege Escalation

NoMachine 5.3.9 - Local Privilege Escalation

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)

Acunetix WVS 10 - Remote Command Execution

Exodus Wallet (ElectronJS Framework) - Remote Code Execution

BMC BladeLogic 8.3.00.64 - Remote Command Execution

Vodafone Mobile Wifi - Reset Admin Password

Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution

ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload

Dodocool DC38 N300 - Cross-site Request Forgery

WordPress Plugin Learning Management System - 'course_id' SQL Injection

Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)
 2018-01-27 05:01:58 +00:00
Offensive Security
267f841bd8 DB: 2017-12-28 
9 changes to exploits/shellcodes

Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service
SysGauge Server 3.6.18 - Denial of Service
ALLMediaServer 0.95 - Buffer Overflow

Sony Playstation 4 4.05 FW - Local Kernel Loader
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
Easy!Appointments 1.2.1 - Cross-Site Scripting
Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery
Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download
 2017-12-28 05:02:19 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00