bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1948 commits 1 branch 0 tags 264 MiB
Commit graph

357 commits

Author SHA1 Message Date
Offensive Security
bae704d681 DB: 2019-10-16 
4 changes to exploits/shellcodes

sudo 1.8.28 - Security Bypass
ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path

Podman & Varlink 1.5.1 - Remote Code Execution

Bolt CMS 3.6.10 - Cross-Site Request Forgery
 2019-10-16 05:01:45 +00:00
Offensive Security
7c5ad20e72 DB: 2019-10-15 
6 changes to exploits/shellcodes

SpotAuditor 5.3.1.0 - Denial of Service
ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service

Uplay 92.0.0.6280 - Local Privilege Escalation
Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting
Ajenti 2.1.31 - Remote Code Execution
Kirona-DRS 5.5.3.5 - Information Disclosure
 2019-10-15 05:01:47 +00:00
Offensive Security
2b52915f75 DB: 2019-10-12 
3 changes to exploits/shellcodes

National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation
Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting
WordPress Arforms 3.7.1 - Directory Traversal
 2019-10-12 05:01:49 +00:00
Offensive Security
54bc76dcfd DB: 2019-10-09 
3 changes to exploits/shellcodes

vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution
vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution
Zabbix 4.4 - Authentication Bypass
vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution

Linux/ARM - Fork Bomb Shellcode (20 bytes)
 2019-10-09 05:01:45 +00:00
Offensive Security
bfcf0daec9 DB: 2019-10-08 
8 changes to exploits/shellcodes

logrotten 3.15.1 - Privilege Escalation
ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP)
CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation

freeFTP 1.0.8 - Remote Buffer Overflow
Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Zabbix 4.2 - Authentication Bypass
Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload
 2019-10-08 05:01:48 +00:00
Offensive Security
0486c1c8ad DB: 2019-10-05 
4 changes to exploits/shellcodes

Android - Binder Driver Use-After-Free

PHP 7.1 < 7.3 - disable_functions Bypass
PHP 7.1 < 7.3 - 'json serializer' Disable Functions Bypass
LabCollector 5.423 - SQL Injection
PHP 7.0 < 7.3 (Unix) - 'gc' Disable Functions Bypass

Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)
 2019-10-05 05:01:46 +00:00
Offensive Security
ee1067a45b DB: 2019-10-03 
3 changes to exploits/shellcodes

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)

Detrix EDMS 1.2.3.1505 - SQL Injection
 2019-10-03 05:01:46 +00:00
Offensive Security
4eaf273757 DB: 2019-10-02 
9 changes to exploits/shellcodes

kic 2.4a - Denial of Service
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads
WebKit - Universal XSS in WebCore::command
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
WebKit - Universal XSS Using Cached Pages

DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
vBulletin 5 - 'routestring' Remote Code Execution
vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion
vBulletin 5.x - 'routestring' Remote Code Execution
vBulletin 5.x - 'cacheTemplates' Remote Arbitrary File Deletion
PHP 7.1 < 7.3 - disable_functions Bypass
vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution
DotNetNuke < 9.4.0 - Cross-Site Scripting
 2019-10-02 05:01:46 +00:00
Offensive Security
21c1b71372 DB: 2019-10-01 
6 changes to exploits/shellcodes

GoAhead 2.5.0 - Host Header Injection
Cisco Small Business 220 Series - Multiple Vulnerabilities
vBulletin 5.x - Remote Command Execution (Metasploit)
phpIPAM 1.4 - SQL Injection
thesystem 1.0 - Cross-Site Scripting
TheSystem 1.0 - Command Injection
 2019-10-01 05:01:46 +00:00
Offensive Security
4802945877 DB: 2019-09-28 
10 changes to exploits/shellcodes

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)

thesystem App 1.0 - Persistent Cross-Site Scripting
InoERP 0.7.2 - Persistent Cross-Site Scripting
thesystem App 1.0 - 'server_name' SQL Injection
thesystem App 1.0 - 'username' SQL Injection
V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download
V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery
V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation
WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting
 2019-09-28 05:01:47 +00:00
Offensive Security
dc44a5e5a6 DB: 2019-09-27 
5 changes to exploits/shellcodes

Chamillo LMS 1.11.8 - Arbitrary File Upload
Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting
all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting
inoERP 4.15 - 'download' SQL Injection
citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection
 2019-09-27 05:01:48 +00:00
Offensive Security
ba928141e7 DB: 2019-09-26 
10 changes to exploits/shellcodes

SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service

Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow
ABRT - sosreport Privilege Escalation (Metasploit)

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting
WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting
NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
YzmCMS 5.3 - 'Host' Header Injection
 2019-09-26 05:01:47 +00:00
Offensive Security
d7ea903400 DB: 2019-09-25 
7 changes to exploits/shellcodes

DeviceViewer 3.12.0.1 - 'creating user' Denial of Service
Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds

Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow
File Sharing Wizard 1.5.0 - POST SEH Overflow
Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
 2019-09-25 05:04:03 +00:00
Offensive Security
7ceaed0205 DB: 2019-09-21 
1 changes to exploits/shellcodes

Concrete5 FlashUploader - Arbitrary '.SWF' File Upload
Concrete5 CMS FlashUploader - Arbitrary '.SWF' File Upload

Concrete5 < 8.3.0 - Username / Comments Enumeration
Concrete5 CMS < 8.3.0 - Username / Comments Enumeration

LayerBB < 1.1.4 - Cross-Site Request Forgery
 2019-09-21 05:04:22 +00:00
Offensive Security
d6e0b04877 DB: 2019-09-20 
4 changes to exploits/shellcodes

macOS 18.7.0 Kernel - Local Privilege Escalation
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution
DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection
GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting
 2019-09-20 05:02:06 +00:00
Offensive Security
401d4ea8dc DB: 2019-09-19 
1 changes to exploits/shellcodes

Hospital-Management 1.26 - 'fname' SQL Injection
 2019-09-19 05:03:18 +00:00
Offensive Security
b6378fddcc DB: 2019-09-17 
6 changes to exploits/shellcodes

Windows NTFS - Privileged File Access Enumeration
AppXSvc - Privilege Escalation
docPrint Pro 8.0 - SEH Buffer Overflow

Inteno IOPSYS Gateway - Improper Access Restrictions
Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload
CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection
 2019-09-17 05:02:21 +00:00
Offensive Security
a6db0c9d90 DB: 2019-09-15 
2 changes to exploits/shellcodes

Ticket-Booking 1.4 - Authentication Bypass
College-Management-System 1.2 - Authentication Bypass
 2019-09-15 05:02:26 +00:00
Offensive Security
d154146052 DB: 2019-09-14 
4 changes to exploits/shellcodes

Folder Lock 7.7.9 - Denial of Service
Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
LimeSurvey 3.17.13 - Cross-Site Scripting
 2019-09-14 05:02:28 +00:00
Offensive Security
a3b360fc6c DB: 2019-09-11 
7 changes to exploits/shellcodes

Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
LibreNMS - Collectd Command Injection (Metasploit)
October CMS - Upload Protection Bypass Code Execution (Metasploit)

Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection
Enigma NMS 65.0.0 - SQL Injection
Online Appointment - SQL Injection
Enigma NMS 65.0.0 - SQL Injection
Online Appointment - SQL Injection
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
Dolibarr ERP-CRM 10.0.1 - SQL Injection
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
Dolibarr ERP-CRM 10.0.1 - SQL Injection
WordPress Plugin Photo Gallery 1.5.34 - SQL Injection
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
 2019-09-11 05:02:35 +00:00
Offensive Security
fcce3705a3 DB: 2019-09-10 
9 changes to exploits/shellcodes

WordPress 5.2.3 - Cross-Site Host Modification
Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection
Enigma NMS 65.0.0 - Cross-Site Request Forgery
Enigma NMS 65.0.0 - OS Command Injection
Enigma NMS 65.0.0 - SQL Injection
Online Appointment - SQL Injection
Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
Dolibarr ERP-CRM 10.0.1 - SQL Injection
 2019-09-10 05:02:21 +00:00
Offensive Security
ad97ff4198 DB: 2019-09-07 
3 changes to exploits/shellcodes

SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation

Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation

Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2)

Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3)

SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
FusionPBX 4.4.8 - Remote Code Execution

Inventory Webapp - 'itemquery' SQL injection

Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)
 2019-09-07 05:02:21 +00:00
Offensive Security
45bddc9b1b DB: 2019-09-05 
2 changes to exploits/shellcodes

WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting
 2019-09-05 05:02:54 +00:00
Offensive Security
a26ef1328e DB: 2019-09-04 
6 changes to exploits/shellcodes

ktsuss 1.4 - suid Privilege Escalation (Metasploit)
ptrace - Sudo Token Privilege Escalation (Metasploit)
Cisco UCS Director - default scpuser password (Metasploit)
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)

FileThingie 2.5.7 - Arbitrary File Upload
 2019-09-04 05:02:30 +00:00
Offensive Security
bc4836bfc1 DB: 2019-09-03 
12 changes to exploits/shellcodes

ChaosPro 2.0 - SEH Buffer Overflow
ChaosPro 2.1 - SEH Buffer Overflow
ChaosPro 3.1 - SEH Buffer Overflow
Kaseya VSA agent 9.5 - Privilege Escalation
Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection
IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read
Opencart 3.x - Cross-Site Scripting
Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
Alkacon OpenCMS 10.5.x - Cross-Site Scripting
Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)
Alkacon OpenCMS 10.5.x - Local File inclusion
Craft CMS 2.7.9/3.2.5 - Information Disclosure
 2019-09-03 05:02:22 +00:00
Offensive Security
b4225f5fa8 DB: 2019-08-31 
12 changes to exploits/shellcodes

SQL Server Password Changer 1.90 - Denial of Service
Easy MP3 Downloader 4.7.8.8 - 'Unlock Code' Denial of Service
Asus Precision TouchPad 11.0.0.25 - Denial of Service
VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service

Canon PRINT 2.5.5 - Information Disclosure

QEMU - Denial of Service
Sentrifugo 3.2 - File Upload Restriction Bypass
Sentrifugo 3.2 - Persistent Cross-Site Scripting
DomainMod 4.13 - Cross-Site Scripting
YouPHPTube 7.4 - Remote Code Execution
WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
 2019-08-31 05:02:54 +00:00
Offensive Security
0364a6e37f DB: 2019-08-30 
3 changes to exploits/shellcodes

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform
Jobberbase 2.0 - 'subscribe' SQL Injection
PilusCart 1.4.1 - Local File Disclosure
 2019-08-30 05:02:43 +00:00
Offensive Security
6852d5abf3 DB: 2019-08-29 
5 changes to exploits/shellcodes

Outlook Password Recovery 2.10 - Denial of Service

Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities
SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection
Jobberbase 2.0 CMS - 'jobs-in' SQL Injection
WordPress Plugin GoURL.io < 1.4.14 - File Upload
 2019-08-29 05:02:22 +00:00
Offensive Security
6adaedca69 DB: 2019-08-27 
6 changes to exploits/shellcodes

Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)
LSoft ListServ < 16.5-2018a - Cross-Site Scripting
WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection
WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting
openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery
 2019-08-27 05:02:18 +00:00
Offensive Security
0a59eb70a8 DB: 2019-08-21 
3 changes to exploits/shellcodes

SilverSHielD 6.x - Local Privilege Escalation

WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery

Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes)
Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (129 bytes)
Linux/x86_64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (120 bytes)

Linux/MIPS64 - Reverse (localhost:4444/TCP) Shell Shellcode (157 bytes)
 2019-08-21 05:02:32 +00:00
Offensive Security
c0ff0bbedd DB: 2019-08-20 
10 changes to exploits/shellcodes

RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service
Kimai 2 - Persistent Cross-Site Scripting
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
Neo Billing 3.5 - Persistent Cross-Site Scripting
Webmin 1.920 - Remote Code Execution
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection

Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes)
Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)
Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)
 2019-08-20 05:02:44 +00:00
Offensive Security
2c0d2ff550 DB: 2019-08-17 
5 changes to exploits/shellcodes

GetGo Download Manager 6.2.2.3300 - Denial of Service
EyesOfNetwork 5.1 - Authenticated Remote Command Execution
Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion
Integria IMS 5.0.86 - Arbitrary File Upload
Web Wiz Forums 12.01 - 'PF' SQL Injection
 2019-08-17 05:02:29 +00:00
Offensive Security
7e6884af13 DB: 2019-08-15 
12 changes to exploits/shellcodes

Windows PowerShell - Unsanitized Filename Command Execution
ABC2MTEX 1.6.1 - Command Line Stack Overflow

Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion

Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection
D-Link DIR-600M - Authentication Bypass (Metasploit)
WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery
TortoiseSVN 1.12.1 - Remote Code Execution
ManageEngine opManager 12.3.150 - Authenticated Code Execution
 2019-08-15 05:02:48 +00:00
Offensive Security
998fb1eeec DB: 2019-08-14 
6 changes to exploits/shellcodes

Steam Windows Client - Local Privilege Escalation
Agent Tesla Botnet - Arbitrary Code Execution
AZORult Botnet - SQL Injection

Linux/Tru64 alpha - execve(/bin/sh) Shellcode (108 bytes)
Linux/x86 - execve(_/bin/sh_) + tolower() Shellcode
Linux/x86 - Multiple In-Memory Modules (Prompt + Privilege Restore + Break­ Chroot Jail + Backdoor) + Signature Evasion Shellcode
 2019-08-14 05:02:24 +00:00
Offensive Security
a32e028b88 DB: 2019-08-13 
17 changes to exploits/shellcodes

VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
Linux - Use-After-Free Reads in show_numa_stats()
WebKit - UXSS via XSLT and Nested Document Replacements

Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Formula Injection
osTicket 1.12 - Persistent Cross-Site Scripting
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection

Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)

Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)

Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
 2019-08-13 05:02:31 +00:00
Offensive Security
d82ffc9cd0 DB: 2019-08-09 
7 changes to exploits/shellcodes

Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)
Aptana Jaxer 1.0.3.4547 - Local File inclusion
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download
Adive Framework 2.0.7 - Cross-Site Request Forgery
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection
 2019-08-09 05:02:23 +00:00
Offensive Security
44a9c2cd04 DB: 2019-08-08 
2 changes to exploits/shellcodes

Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability

WordPress Plugin JoomSport 3.3 - SQL Injection
 2019-08-08 05:02:37 +00:00
Offensive Security
5cabe1e1de DB: 2019-08-03 
3 changes to exploits/shellcodes

Ultimate Loan Manager 2.0 - Cross-Site Scripting
WebIncorp ERP - SQL injection
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
Ultimate Loan Manager 2.0 - Cross-Site Scripting
WebIncorp ERP - SQL injection
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
Sar2HTML 3.2.1 - Remote Command Execution
Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection
1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting
 2019-08-03 05:02:16 +00:00
Offensive Security
2b7a0122f2 DB: 2019-08-02 
6 changes to exploits/shellcodes

Ultimate Loan Manager 2.0 - Cross-Site Scripting
WebIncorp ERP - SQL injection
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery

Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes)
Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)
Linux/x86 - Force Reboot Shellcode (51 bytes)
 2019-08-02 05:02:24 +00:00
Offensive Security
852694f982 DB: 2019-07-30 
6 changes to exploits/shellcodes

Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)
WP Database Backup < 5.2 - Remote Code Execution (Metasploit)
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting
GigToDo 1.3 - Cross-Site Scripting

Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode
 2019-07-30 05:02:12 +00:00
Offensive Security
6f49190671 DB: 2019-07-27 
19 changes to exploits/shellcodes

pdfresurrect 0.15 - Buffer Overflow

Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (1)
Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method)
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)
Linux Kernel 4.8.0-34 < 4.8.0-45  (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
VMware Workstation/Player < 12.5.5 - Local Privilege Escalation
S-nail < 14.8.16 - Local Privilege Escalation
Deepin Linux 15 - 'lastore-daemon' Local Privilege Escalation
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2)
ASAN/SUID - Local Privilege Escalation
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation

Ovidentia 8.4.3 - SQL Injection
Moodle Filepicker 3.5.2 - Server Side Request Forgery
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
 2019-07-27 05:02:19 +00:00
Offensive Security
f671a16b46 DB: 2019-07-26 
4 changes to exploits/shellcodes

WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads
Ovidentia 8.4.3 - Cross-Site Scripting
Ovidentia 8.4.3 - SQL Injection
 2019-07-26 05:02:11 +00:00
Offensive Security
f529fc0415 DB: 2019-07-25 
5 changes to exploits/shellcodes

Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read

Trend Micro Deep Discovery Inspector IDS - Security Bypass
NoviSmart CMS - SQL injection
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery
WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions
 2019-07-25 05:02:07 +00:00
Offensive Security
7ec7ea72de DB: 2019-07-20 
10 changes to exploits/shellcodes

MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter)
fuelCMS 1.4.1 - Remote Code Execution
Web Ofisi E-Ticaret 3 - 'a' SQL Injection
Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection
Web Ofisi Emlak 2 - 'ara' SQL Injection
Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection
Web Ofisi Firma Rehberi 1 - 'il' SQL Injection
Web Ofisi Rent a Car 3 - 'klima' SQL Injection
Web Ofisi Firma 13 - 'oz' SQL Injection
REDCap < 9.1.2 - Cross-Site Scripting
 2019-07-20 05:02:15 +00:00
Offensive Security
4169f5d10e DB: 2019-07-16 
6 changes to exploits/shellcodes

Android 7 - 9 VideoPlayer - 'ihevcd_parse_pps' Out-of-Bounds Write
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)

Streamripper 2.6 - 'Song Pattern' Buffer Overflow
NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities
FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion
 2019-07-16 05:02:16 +00:00
Offensive Security
978c16266a DB: 2019-07-13 
9 changes to exploits/shellcodes

Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData

SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow
Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation

Xymon 4.3.25 - useradm Command Execution (Metasploit)
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
Sahi Pro 8.0.0 - Remote Command Execution
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution

Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)
 2019-07-13 05:02:17 +00:00
Offensive Security
09258ea750 DB: 2019-07-09 
2 changes to exploits/shellcodes

Karenderia Multiple Restaurant System 5.3 - SQL Injection

WordPress Plugin Like Button 1.6.0 - Authentication Bypass
 2019-07-09 05:02:18 +00:00
Offensive Security
70a1295bcf DB: 2019-07-06 
2 changes to exploits/shellcodes

Microsoft Exchange 2003 - base64-MIME Remote Code Execution

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion
WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)

Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
 2019-07-06 05:01:54 +00:00
Offensive Security
808010b53f DB: 2019-07-03 
2 changes to exploits/shellcodes

Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit)

Linux Mint 18.3-19.1 - 'yelp' Command Injection
Linux Mint 18.3-19.1 - 'yelp' Command Injection (Metasploit)

Centreon 19.04  - Remote Code Execution

Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-03 05:01:50 +00:00
Offensive Security
4afcc04eda DB: 2019-07-02 
24 changes to exploits/shellcodes

Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-02 05:01:50 +00:00