bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2664 commits 1 branch 0 tags 264 MiB
Commit graph

24 commits

Author SHA1 Message Date
Exploit-DB
668314bbda DB: 2023-05-03 
19 changes to exploits/shellcodes/ghdb

FS-S3900-24T4S - Privilege Escalation

Virtual Reception v1.0 - Web Server Directory Traversal

admidio v4.2.5 - CSV Injection

Companymaps v8.0 - Stored Cross Site Scripting (XSS)

GLPI 9.5.7 - Username Enumeration

OpenEMR v7.0.1 - Authentication credentials brute force

PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting

PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)
PHPJabbers Simple CMS 5.0 - SQL Injection
PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)

phpMyFAQ v3.1.12 - CSV Injection

projectSend r1605 - Private file download

revive-adserver v5.4.1 - Cross-Site Scripting (XSS)

Serendipity 2.4.0 - File Inclusion RCE

SoftExpert (SE) Suite v2.1.3 - Local File Inclusion

Advanced Host Monitor v12.56 - Unquoted Service Path

MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
 2023-05-03 00:16:23 +00:00
Offensive Security
d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
 2022-11-10 16:39:50 +00:00
Offensive Security
8691f166f7 DB: 2022-02-22 
12 changes to exploits/shellcodes

HMA VPN 5.3 - Unquoted Service Path
Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation
Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path
WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)
Cab Management System 1.0 - 'id' SQLi (Authenticated)
Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)
Cab Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection
Thinfinity VirtualUI 2.5.26.2 - Information Disclosure
WordPress Plugin WP User Frontend 3.5.25 - SQLi (Authenticated)
FileCloud 21.2 - Cross-Site Request Forgery (CSRF)
Dbltek GoIP - Local File Inclusion
 2022-02-22 05:01:37 +00:00
Offensive Security
629e350774 DB: 2021-09-14 
18 changes to exploits/shellcodes

Active WebCam 11.5 - Unquoted Service Path
ECOA Building Automation System - Missing Encryption Of Sensitive Information
Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai

ECOA Building Automation System - Hard-coded Credentials SSH Access
Men Salon Management System 1.0 - Multiple Vulnerabilities
ECOA Building Automation System - Weak Default Credentials
ECOA Building Automation System - Path Traversal Arbitrary File Upload
ECOA Building Automation System - Directory Traversal Content Disclosure
ECOA Building Automation System - 'multiple' Cross-Site Request Forgery (CSRF)
ECOA Building Automation System - Cookie Poisoning Authentication Bypass
ECOA Building Automation System - Configuration Download Information Disclosure
ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function
ECOA Building Automation System - Remote Privilege Escalation
ECOA Building Automation System - Local File Disclosure
ECOA Building Automation System - Arbitrary File Deletion
Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload
Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE

Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)
 2021-09-14 05:02:12 +00:00
Offensive Security
c9a65a1f7b DB: 2021-09-03 
52 changes to exploits/shellcodes
 2021-09-03 21:04:54 +00:00
Offensive Security
b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
 2021-09-03 20:19:21 +00:00
Offensive Security
36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
 2021-09-03 13:39:06 +00:00
Offensive Security
4e7ab00187 DB: 2021-08-20 
204 changes to exploits/shellcodes

Charity Management System CMS 1.0 - Multiple Vulnerabilities
 2021-08-20 05:01:51 +00:00
Offensive Security
8f6367cf98 DB: 2020-07-08 
8 changes to exploits/shellcodes

Sony Playstation 4 (PS4) < 7.02 / FreeBSD 9 / FreeBSD 12 - 'ip6_setpktopt' Kernel Local Privilege Escalation (PoC)

Microsoft Windows mshta.exe 2019 - XML External Entity Injection

BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI'  Remote Code Execution
BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI'  Remote Code Execution (PoC)
Sickbeard 0.1 - Remote Command Injection
Online Shopping Portal 3.1 - 'email' SQL Injection
Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection
BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation
 2020-07-08 05:01:58 +00:00
Offensive Security
09d5da74fb DB: 2019-12-11 
3 changes to exploits/shellcodes

Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery
Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution
 2019-12-11 05:01:56 +00:00
Offensive Security
ce1901fc4f DB: 2019-03-12 
10 changes to exploits/shellcodes

Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak
Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)
NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode)
Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)
OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)
PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution
Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution

Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)
Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)
 2019-03-12 05:01:58 +00:00
Offensive Security
880bbe402e DB: 2019-03-08 
14991 changes to exploits/shellcodes

HTC Touch - vCard over IP Denial of Service

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities

PeerBlock 1.1 - Blue Screen of Death

WS10 Data Server - SCADA Overflow (PoC)

Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

man-db 2.4.1 - 'open_cat_stream()' Local uid=man

CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

CCProxy 6.2 - 'ping' Remote Buffer Overflow

Savant Web Server 3.1 - Remote Buffer Overflow (2)

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3  - Remote Code Execution

Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
 2019-03-08 05:01:50 +00:00
Offensive Security
363500a603 DB: 2018-11-06 
13 changes to exploits/shellcodes

Softros LAN Messenger 9.2 - Denial of Service (PoC)
Microsoft Internet Explorer 11 - Null Pointer Dereference
LiquidVPN 1.36 / 1.37 - Privilege Escalation
Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
SiAdmin 1.1 - 'id' SQL Injection
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
WebVet 0.1a - 'id' SQL Injection
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
Mongo Web Admin 6.0 - Information Disclosure
PHP Proxy 3.0.3 - Local File Inclusion
Royal TS/X - Information Disclosure
Voovi Social Networking Script 1.0 - 'user' SQL Injection
 2018-11-06 05:01:40 +00:00
Offensive Security
ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
 2018-09-25 05:01:51 +00:00
Offensive Security
1f88d0a67a DB: 2018-07-18 
10 changes to exploits/shellcodes

Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass
Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials
QNAP Q'Center - change_passwd Command Execution (Metasploit)
Nanopool Claymore Dual Miner - APIs RCE (Metasploit)
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root

Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)
 2018-07-18 05:01:47 +00:00
Offensive Security
52954b4751 DB: 2018-07-12 
5 changes to exploits/shellcodes

Nibbleblog - Arbitrary File Upload (Metasploit)
Nibbleblog 4.0.3 - Arbitrary File Upload (Metasploit)

IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)

Nibbleblog - Multiple SQL Injections
Nibbleblog 3 - Multiple SQL Injections
Instagram-Clone Script 2.0 - Cross-Site Scripting
Dicoogle PACS 2.5.0 - Directory Traversal
 2018-07-12 05:01:59 +00:00
Offensive Security
08110782dd DB: 2018-07-06 
4 changes to exploits/shellcodes

ADB Broadband Gateways / Routers - Local Root Jailbreak
ADB Broadband Gateways / Routers - Privilege Escalation

ADB Broadband Gateways / Routers - Authorization Bypass

SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection
 2018-07-06 05:01:46 +00:00
Offensive Security
22ba7ab5f3 DB: 2018-06-02 
5 changes to exploits/shellcodes

Epiphany 3.28.2.1 - Denial of Service
Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader
Sony Playstation 4 (PS4) 5.1 - Kernel (PoC)
Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP)

Git < 2.17.1 - Remote Code Execution

Wordpress Plugin Events Calendar - SQL Injection
WordPress Plugin Events Calendar - SQL Injection

Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes)
Linux/x86 - Egghunter + Null-Free Shellcode (11 Bytes)
Linux/x86 - EggHunter + access() Shellcode (38 bytes)
Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)
Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes)
Linux/x86 - Egghunter (0xdeadbeef) + access() + execve(/bin/sh) Shellcode (38 bytes)
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (105 bytes)
Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)
 2018-06-02 05:01:45 +00:00
Offensive Security
41ea196761 DB: 2018-05-19 
12 changes to exploits/shellcodes

Microsoft Edge - 'Array.filter' Info Leak
Microsoft Edge - 'Array.filter' Information Leak

Microsoft Edge Chakra JIT - Bound Check Elimination Bug
Windows - Local Privilege Escalation
Windows WMI - Recieve Notification Exploit (Metasploit)
Microsoft Windows - Local Privilege Escalation
Microsoft Windows WMI - Recieve Notification Exploit (Metasploit)
Microsoft Xbox One 10.0.14393.2152 - Code Execution (PoC)
Prime95 29.4b8 - Stack Buffer Overflow (SEH)
DynoRoot DHCP - Client Command Injection
Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit)

Microsoft Edge (Windows 10) - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution
Microsoft Edge (Windows 10) - 'chakra.dll' Information Leak / Type Confusion Remote Code Execution

Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)
Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)

HPE iMC 7.3 - Remote Code Execution (Metasploit)
Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Monstra CMS before 3.0.4 - Cross-Site Scripting
SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure
Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery
Cisco SA520W Security Appliance - Path Traversal
SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion
 2018-05-19 05:01:48 +00:00
Offensive Security
224c305b0d DB: 2018-03-20 
9 changes to exploits/shellcodes

Linux 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
Linux Kenel 2.6.37-rc1 - serial_core TIOCGICOUNT Leak

Linux 2.6.36 IGMP - Remote Denial of Service
Linux Kernel 2.6.36 IGMP - Remote Denial of Service

Linux - SELinux W+X Protection Bypass via AIO
Linux SELinux - W+X Protection Bypass via AIO

Linux group_info refcounter - Overflow Memory Corruption
Linux Kernel - 'group_info' refcounter Overflow Memory Corruption

Linux io_submit L2TP sendmsg - Integer Overflow
Linux Kernel - io_submit L2TP sendmsg Integer Overflow

Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited

Linux ARM/ARM64 - 'perf_event_open()' Arbitrary Memory Read
Linux Kernel (ARM/ARM64) - 'perf_event_open()' Arbitrary Memory Read

Linux - 'mincore()' Uninitialized Kernel Heap Page Disclosure
Linux Kernel - 'mincore()' Uninitialized Kernel Heap Page Disclosure

Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (1)
Linux Kernel < 4.5.1 - Off-By-One (PoC)
Linux Kernel - 'mincore()' Heap Page Disclosure (PoC)
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (2)

Linux libc 5.3.12 / RedHat Linux 4.0 / Slackware Linux 3.1 - libc NLSPATH
Linux libc 5.3.12 (RedHat Linux 4.0 / Slackware Linux 3.1) - libc NLSPATH

Linux libc 5.3.12/5.4 / RedHat Linux 4.0 - 'vsyslog()' Local Buffer Overflow
Linux libc 5.3.12/5.4 (RedHat Linux 4.0) - 'vsyslog()' Local Buffer Overflow

Linux 6.1/6.2/7.0/7.1 Man Page - Source Buffer Overflow
Linux Man Page 6.1/6.2/7.0/7.1- Source Buffer Overflow

Linux VServer Project 1.2x - CHRoot Breakout
Linux VServer Project 1.2x - Chroot Breakout
Linux espfix64 - Nested NMIs Interrupting Privilege Escalation
Linux (x86) - Memory Sinkhole Privilege Escalation
Linux Kernel - 'espfix64' Nested NMIs Interrupting Privilege Escalation
Linux Kernel (x86) - Memory Sinkhole Privilege Escalation

Linux 3.17 - 'Python ctypes and memfd_create' noexec File Security Bypass
Linux Kernel 3.17 - 'Python ctypes and memfd_create' noexec File Security Bypass

Linux - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation
Linux Kernel - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation
Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) -  'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) -  'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation
Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation
 2018-03-20 05:01:55 +00:00
Offensive Security
17d2f47aad DB: 2018-03-14 
6 changes to exploits/shellcodes

Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC)

MicroTik RouterOS 3.13 - SNMP write (Set request)
MikroTik RouterOS 3.13 - SNMP write (Set request)

Mikrotik RouterOS sshd (ROSSSH) - Unauthenticated Remote Heap Corruption
MikroTik RouterOS - sshd (ROSSSH) Unauthenticated Remote Heap Corruption
MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution
MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
Tuleap 9.17.99.189 - Blind SQL Injection
 2018-03-14 05:01:48 +00:00
Offensive Security
b42c3d0ecd DB: 2018-03-02 
9 changes to exploits/shellcodes

Nintendo Switch - WebKit Code Execution (PoC)

Nintendo Switch - WebKit Code Execution (PoC)

Monstra - Multiple HTML Injection Vulnerabilities
Monstra CMS 1.2.1 - Multiple HTML Injection Vulnerabilities

Monstra CMS - 'login' SQL Injection
Monstra CMS 1.2.0 - 'login' SQL Injection

Monstra CMS - Remote Code Execution

Joomla! Component K2 2.8.0 - Arbitrary File Download
 2018-03-02 05:01:47 +00:00
Offensive Security
6885f2dcc7 DB: 2018-03-01 
26 changes to exploits/shellcodes

Sony Playstation 4 (PS4) 5.01 < 5.05 - WebKit Code Execution (PoC)
FreeBSD Kernel (FreeBSD 10.2 < 10.3 x64) - 'SETFKEY' (PoC)
FreeBSD Kernel (FreeBSD 10.2 x64) - 'sendmsg' Kernel Heap Overflow (PoC)
Apple iOS 11.2.5 / watchOS 4.2.2 / tvOS 11.2.5 - 'bluetoothd' Memory Corruption

Apple iOS - '.pdf' Jailbreak
Apple iOS - '.pdf' Local Privilege Escalation / Jailbreak

Foxit Reader 4.0 - '.pdf' Jailbreak
Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow / Jailbreak

Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' File Handling Local Command Execution
Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution

Sony Playstation 4 4.05 FW - Local Kernel Loader
Sony Playstation 4 (PS4) 4.05 - Jailbreak (WebKit / 'namedobj ' Kernel Loader)

Sony Playstation 4 4.55 FW - Local Kernel
Sony Playstation 4 (PS4) 4.07 < 4.55 - 'bpf' Local Kernel Code Execution (PoC)
Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC)
Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC)
Sony Playstation 3 (PS3) < 2.50 - WebKit Code Execution (PoC)
WebKitGTK 2.1.2  (Ubuntu 14.04) - Heap based Buffer Overflow
Linux Kernel - 'BadIRET' Local Privilege Escalation
Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader
Nintendo Switch - WebKit Code Execution (PoC)

Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak
Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation / Jailbreak

Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55)

EPIC MyChart - SQL Injection
EPIC MyChart - X-Path Injection

Routers2 2.24 - Cross-Site Scripting
 2018-03-01 05:01:48 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00