exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	d1ba848ff5	DB: 2019-08-06 4 changes to exploits/shellcodes macOS iMessage - Heap Overflow when Deserializing Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit) ARMBot Botnet - Arbitrary Code Execution	2019-08-06 05:02:23 +00:00
Offensive Security	40febc17ca	DB: 2019-07-18 5 changes to exploits/shellcodes WinMPG iPod Convert 3.0 - 'Register' Denial of Service Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting	2019-07-18 05:02:15 +00:00
Offensive Security	70a1295bcf	DB: 2019-07-06 2 changes to exploits/shellcodes Microsoft Exchange 2003 - base64-MIME Remote Code Execution WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC) Karenderia Multiple Restaurant System 5.3 - Local File Inclusion	2019-07-06 05:01:54 +00:00
Offensive Security	1a13989f12	DB: 2019-07-04 5 changes to exploits/shellcodes Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit) Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit) AZADMIN CMS 1.0 - SQL Injection WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection Symantec DLP 15.5 MP1 - Cross-Site Scripting Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)	2019-07-04 05:01:54 +00:00
Offensive Security	0e66e648a7	DB: 2019-06-22 1 changes to exploits/shellcodes EA Origin < 10.5.38 - Remote Code Execution	2019-06-22 05:01:55 +00:00
Offensive Security	e76aee5eaf	DB: 2019-06-06 4 changes to exploits/shellcodes Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit) LibreNMS - addhost Command Injection (Metasploit) Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery	2019-06-06 05:01:56 +00:00
Offensive Security	1a6935f64a	DB: 2019-05-29 3 changes to exploits/shellcodes Microsoft Windows - 'Win32k' Local Privilege Escalation EquityPandit 1.0 - Password Disclosure Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass Phraseanet < 4.0.7 - Cross-Site Scripting	2019-05-29 05:01:59 +00:00
Offensive Security	76aff025ee	DB: 2019-05-25 9 changes to exploits/shellcodes Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC) Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC) Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC) Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC) Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC) Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC) Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC	2019-05-25 05:01:58 +00:00
Offensive Security	5a4d21a1cf	DB: 2019-05-09 9 changes to exploits/shellcodes jetAudio 8.1.7.20702 Basic - 'Enter URL' Denial of Service (PoC) MiniFtp - 'parseconf_load_setting' Buffer Overflow Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE) Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit) PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit) Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit) NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass Linux/x86 - execve /bin/sh Shellcode (20 bytes)	2019-05-09 05:02:02 +00:00
Offensive Security	79a9df09f0	DB: 2019-05-07 13 changes to exploits/shellcodes iOS 12.1.3 - 'cfprefsd' Memory Corruption Windows PowerShell ISE - Remote Code Execution NSClient++ 0.5.2.35 - Privilege Escalation Windows PowerShell ISE - Remote Code Execution LG Supersign EZ CMS - Remote Code Execution (Metasploit) Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter) ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution PHPads 2.0 - 'click.php3?bannerID' SQL Injection microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes) Linux/x86 - shred file Shellcode (72 bytes)	2019-05-07 05:01:58 +00:00
Offensive Security	f3c28b3d62	DB: 2019-05-01 23 changes to exploits/shellcodes SpotAuditor 3.6.7 - Denial of Service (PoC) SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC) SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC) Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter) IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter) DeviceViewer 3.12.0.1 - 'user' SEH Overflow Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit) AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit) Pimcore < 5.71 - Unserialize RCE (Metasploit) Netgear DGN2200 / DGND3700 - Admin Password Disclosure Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Joomla! Component ARI Quiz 3.7.4 - SQL Injection Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery HumHub 1.3.12 - Cross-Site Scripting Spring Cloud Config 2.1.x - Path Traversal (Metasploit) Domoticz 4.10577 - Unauthenticated Remote Command Execution Joomla! Component JiFile 2.3.1 - Arbitrary File Download Hyvikk Fleet Manager - Shell Upload Agent Tesla Botnet - Information Disclosure Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution	2019-05-01 05:02:01 +00:00
Offensive Security	ab955a9b5d	DB: 2019-04-19 5 changes to exploits/shellcodes Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC) Evernote 7.9 - Code Execution via Path Traversal LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit) ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)	2019-04-19 05:02:10 +00:00
Offensive Security	5e1aca383e	DB: 2019-04-18 5 changes to exploits/shellcodes ASUS HG100 - Denial of Service DHCP Server 2.5.2 - Denial of Service (PoC) Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4 Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow	2019-04-18 05:01:57 +00:00
Offensive Security	0d739de6f9	DB: 2019-04-16 13 changes to exploits/shellcodes UltraVNC Viewer 1.2.2.4 - 'VNC Server' Denial of Service (PoC) UltraVNC Launcher 1.2.2.4 - 'Path' Denial of Service (PoC) MailCarrier 2.51 - 'RCPT TO' Buffer Overflow RemoteMouse 3.008 - Arbitrary Remote Command Execution CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit) MailCarrier 2.51 - POP3 'USER' Buffer Overflow MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit) Manage Engine ServiceDesk Plus 10.0 - Privilege Escalation DirectAdmin 1.561 - Multiple Vulnerabilities Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes) Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)	2019-04-16 05:02:04 +00:00
Offensive Security	764ac4bf5c	DB: 2019-04-03 13 changes to exploits/shellcodes AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow Mozilla Firefox 3 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting Vulnerabilities Google Chrome 0.2.149 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting Vulnerabilities Inout EasyRooms - SQL Injection Inout RealEstate - 'city' SQL Injection WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery LimeSurvey < 3.16 - Remote Code Execution CMS Made Simple < 2.2.10 - SQL Injection Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting phpFileManager 1.7.8 - Local File Inclusion	2019-04-03 05:02:02 +00:00
Offensive Security	790034e7df	DB: 2019-03-16 7 changes to exploits/shellcodes Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow NetData 1.13.0 - HTML Injection CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload ICE HRM 23.0 - Multiple Vulnerabilities Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Laundry CMS - Multiple Vulnerabilities Moodle 3.4.1 - Remote Code Execution	2019-03-16 05:01:58 +00:00
Offensive Security	b4e61d43c1	DB: 2019-03-15 6 changes to exploits/shellcodes Microsoft Windows - .reg File / Dialog Box Message Spoofing Microsoft Windows - '.reg' File / Dialog Box Message Spoofing FTPGetter Standard 5.97.0.177 - Remote Code Execution Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password) Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution	2019-03-15 05:01:51 +00:00
Offensive Security	c5fbc00e3e	DB: 2019-03-14 8 changes to exploits/shellcodes Microsoft Windows - .reg File / Dialog Box Message Spoofing Core FTP Server FTP / SFTP Server v2 Build 674 - 'MDTM' Directory Traversal Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal Microsoft Windows MSHTML Engine - _Edit_ Remote Code Execution elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit) Apache Tika-server < 1.18 - Command Injection WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting	2019-03-14 05:01:58 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	e2ed64fffa	DB: 2019-02-23 5 changes to exploits/shellcodes WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter Nuuo Central Management - Authenticated SQL Server SQL Injection (Metasploit) Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation Teracue ENC-400 - Command Injection / Missing Authentication	2019-02-23 05:01:55 +00:00
Offensive Security	cd868436ff	DB: 2019-02-19 25 changes to exploits/shellcodes Realterm Serial Terminal 2.0.0.70 - Denial of Service Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH) NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC) Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers qdPM 9.1 - 'type' Cross-Site Scripting qdPM 9.1 - 'search[keywords]' Cross-Site Scripting Master IP CAM 01 3.3.4.2103 - Remote Command Execution MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module CMSsite 1.0 - 'post' SQL Injection M/Monit 3.7.2 - Privilege Escalation Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload Apache CouchDB 2.3.0 - Cross-Site Scripting ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes) macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes) macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)	2019-02-19 05:02:08 +00:00
Offensive Security	9e738d6dae	DB: 2019-01-23 3 changes to exploits/shellcodes CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt Microsoft Windows VCF or Contact' File - URL Manipulation-Spoof Arbitrary Code Execution PHP Dashboards NEW 5.8 - Local File Inclusion PHP Uber-style GeoTracking 1.1 - SQL Injection Adianti Framework 5.5.0 - SQL Injection PHP Dashboards NEW 5.8 - Local File Inclusion PHP Uber-style GeoTracking 1.1 - SQL Injection Adianti Framework 5.5.0 - SQL Injection Joomla! Component Easy Shop 1.2.3 - Local File Inclusion	2019-01-23 05:01:52 +00:00
Offensive Security	c6ebf8bc23	DB: 2018-12-19 10 changes to exploits/shellcodes VMware Fusion 2.0.5 - vmx86 kext Local Buffer Overflow (PoC) Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write AnyBurn 4.3 - Local Buffer Overflow Denial of Service Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service MegaPing - Local Buffer Overflow Denial of Service Exim 4.41 - 'dns_build_reverse' Local Exim 4.41 - 'dns_build_reverse' Local Buffer Overflow Microsoft Jet Database - 'msjet40.dll' Reverse Shell (2) Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2) Microsoft Windows Server 2003 - Token Kidnapping Local Microsoft Windows Server 2003 - Token Kidnapping Local Privilege Escalation VMware Fusion 2.0.5 - vmx86 kext Local Nsauditor 3.0.28.0 - Local SEH Buffer Overflow Google Android 2.0 < 2.1 - Reverse Shell Google Android 2.0 < 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222/TCP) MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method SDL Web Content Manager 8.5.0 - XML External Entity Injection	2018-12-19 05:01:45 +00:00
Offensive Security	9bd9fb0da3	DB: 2018-12-11 2 changes to exploits/shellcodes Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting	2018-12-11 05:01:44 +00:00
Offensive Security	60710bbfd9	DB: 2018-12-05 19 changes to exploits/shellcodes Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption Wireshark - 'find_signature' Heap Out-of-Bounds Read Xorg X11 Server (AIX) - Local Privilege Escalation Emacs - movemail Privilege Escalation (Metasploit) OpenSSH < 7.7 - User Enumeration (2) HP Intelligent Management - Java Deserialization RCE (Metasploit) Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage KeyBase Botnet 1.5 - SQL Injection Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting NUUO NVRMini2 3.9.1 - Authenticated Command Injection DomainMOD 4.11.01 - Registrar Cross-Site Scripting FreshRSS 1.11.1 - Cross-Site Scripting Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)	2018-12-05 05:01:44 +00:00
Offensive Security	0a4925cc93	DB: 2018-12-04 10 changes to exploits/shellcodes Mozilla Firefox 63.0.1 - Denial of Service (PoC) Budabot 4.0 - Denial of Service (PoC) CyberArk 9.7 - Memory Disclosure Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Apache Superset 0.23 - Remote Code Execution Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting	2018-12-04 05:01:48 +00:00
Offensive Security	dfd1e454e1	DB: 2018-11-28 10 changes to exploits/shellcodes MariaDB Client 10.1.26 - Denial of Service (PoC) Arm Whois 3.11 - Buffer Overflow (ASLR) Xorg X11 Server - SUID privilege escalation (Metasploit) ELBA5 5.8.0 - Remote Code Execution Netgear Devices - Unauthenticated Remote Command Execution (Metasploit) Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting Ticketly 1.0 - 'kind_id' SQL Injection No-Cms 1.0 - 'order_by' SQL Injection Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal	2018-11-28 11:08:29 +00:00
Offensive Security	832a222df4	DB: 2018-10-26 21 changes to exploits/shellcodes ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC) BORGChat 1.0.0 build 438 - Denial of Service (PoC) libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer Adult Filter 1.0 - Buffer Overflow (SEH) WebEx - Local Service Permissions Exploit (Metasploit) exim 4.90 - Remote Code Execution ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write exim 4.90 - Remote Code Execution WebExec - Authenticated User Code Execution (Metasploit) ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Ekushey Project Manager CRM 3.1 - Cross-Site Scripting phptpoint Pharmacy Management System 1.0 - 'username' SQL injection phptpoint Hospital Management System 1.0 - 'user' SQL injection Simple Chat System 1.0 - 'id' SQL Injection Delta Sql 1.8.2 - Arbitrary File Upload User Management 1.1 - Cross-Site Scripting ClipBucket 2.8 - 'id' SQL Injection Simple POS and Inventory 1.0 - 'cat' SQL Injection AiOPMSD Final 1.0.0 - 'q' SQL Injection AjentiCP 1.2.23.13 - Cross-Site Scripting MPS Box 0.1.8.0 - 'uuid' SQL Injection Open STA Manager 2.3 - Arbitrary File Download	2018-10-26 05:01:46 +00:00
Offensive Security	635345499a	DB: 2018-10-18 15 changes to exploits/shellcodes Git Submodule - Arbitrary Code Execution Git Submodule - Arbitrary Code Execution (PoC) Any Sound Recorder 2.93 - Buffer Overflow (SEH) Git Submodule - Arbitrary Code Execution Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials BigTree CMS 4.2.23 - Cross-Site Scripting Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin) TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Time and Expense Management System 3.0 - 'table' SQL Injection	2018-10-18 05:01:46 +00:00
Offensive Security	731dd0f423	DB: 2018-10-16 22 changes to exploits/shellcodes Snes9K 0.0.9z - Buffer Overflow (SEH) NoMachine < 5.3.27 - Remote Code Execution MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection FLIR Brickstream 3D+ - RTSP Stream Disclosure FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure CAMALEON CMS 2.4 - Cross-Site Scripting Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin) AlchemyCMS 4.1 - Cross-Site Scripting FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution College Notes Management System 1.0 - 'user' SQL Injection Advanced HRM 1.6 - Remote Code Execution Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities Academic Timetable Final Build 7.0 - Information Disclosure KORA 2.7.0 - 'cid' SQL Injection	2018-10-16 05:01:45 +00:00
Offensive Security	6fe17058fb	DB: 2018-10-10 15 changes to exploits/shellcodes Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass Microsoft Edge Chakra JIT - Type Confusion Seqrite End Point Security 7.4 - Privilege Escalation Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass) 360 3.5.0.1033 - Sandbox Escape ghostscript - executeonly Bypass with errorhandler Setup ifwatchd - Privilege Escalation (Metasploit) FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH) Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit) Wikidforum 2.20 - 'select_sort' SQL Injection Wikidforum 2.20 - 'message_id' SQL Injection Monstra 3.0.4 - Cross-Site Scripting	2018-10-10 05:01:44 +00:00
Offensive Security	a54a696d48	DB: 2018-09-29 2 changes to exploits/shellcodes Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation PCProtect 4.8.35 - Privilege Escalation Microsoft Edge - Sandbox Escape	2018-09-29 05:01:58 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	29542c36ab	DB: 2018-09-19 7 changes to exploits/shellcodes Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC) Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit) NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet) Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution HongCMS 3.0.0 - SQL Injection HongCMS 3.0.0 - (Authenticated) SQL Injection Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)	2018-09-19 05:01:45 +00:00
Offensive Security	1e34c2b6a5	DB: 2018-08-14 11 changes to exploits/shellcodes IP Finder 1.5 - Denial of Service (PoC) Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC) PLC Wireless Router GPN2.4P21-C-CN - Denial of Service Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC) Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow PostgreSQL 9.4-0.5.3 - Privilege Escalation Android - Directory Traversal over USB via Injection in blkid Output Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit) Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking) Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking) IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)	2018-08-14 05:01:45 +00:00
Offensive Security	1d21694058	DB: 2018-08-10 13 changes to exploits/shellcodes reSIProcate 1.10.2 - Heap Overflow CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass) AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH) Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit) Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page) Responsive Filemanager 9.13.1 - Server-Side Request Forgery Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Sitecore.Net 8.1 - Directory Traversal Monstra 3.0.4 - Cross-Site Scripting TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot) TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)	2018-08-10 05:01:46 +00:00
Offensive Security	300aada6a5	DB: 2018-07-24 7 changes to exploits/shellcodes Windows Speech Recognition - Buffer Overflow Knox Software Arkeia 4.0 - Backup Local Overflow Knox Arkeia 4.0 Backup - Local Overflow Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH) Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) Knox Arkeia Backup Client 5.3.3 Type 77 (OSX) - Overflow (Metasploit) Microsoft Windows - 'dnslint.exe' Drive-By Download NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution Davolink DVW 3200 Router - Password Disclosure Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router) Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)	2018-07-24 05:01:45 +00:00
Offensive Security	727943f775	DB: 2018-07-10 8 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH) Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow HP VAN SDN Controller - Root Command Injection (Metasploit) HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit) GitList 0.6.0 - Argument Injection (Metasploit) Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Linux/x86 - Kill Process Shellcode (20 bytes)	2018-07-10 05:01:55 +00:00
Offensive Security	5e6d432161	DB: 2018-07-07 2 changes to exploits/shellcodes PolarisOffice 2017 8 - Remote Code Execution Airties AIR5444TT - Cross-Site Scripting	2018-07-07 05:01:49 +00:00
Offensive Security	e8a3702c6c	DB: 2018-07-03 11 changes to exploits/shellcodes Core FTP LE 2.2 - Buffer Overflow (PoC) SIPp 3.6 - Local Buffer Overflow (PoC) Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC) Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit) Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit) VMware NSX SD-WAN Edge < 3.1.2 - Command Injection DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)	2018-07-03 05:01:48 +00:00
Offensive Security	d8206fb5eb	DB: 2018-06-26 13 changes to exploits/shellcodes KVM (Nested Virtualization) - L1 Guest Privilege Escalation DIGISOL DG-BR4000NG - Buffer Overflow (PoC) Foxit Reader 9.0.1.1049 - Remote Code Execution WordPress Plugin iThemes Security < 7.0.3 - SQL Injection phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1) phpMyAdmin 4.8.1 - Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2) WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Cross-Site Request Forgery (Add Admin) DIGISOL DG-BR4000NG - Cross-Site Scripting Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser) AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password) Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Arbitrary File Upload WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection	2018-06-26 05:01:46 +00:00
Offensive Security	41ea196761	DB: 2018-05-19 12 changes to exploits/shellcodes Microsoft Edge - 'Array.filter' Info Leak Microsoft Edge - 'Array.filter' Information Leak Microsoft Edge Chakra JIT - Bound Check Elimination Bug Windows - Local Privilege Escalation Windows WMI - Recieve Notification Exploit (Metasploit) Microsoft Windows - Local Privilege Escalation Microsoft Windows WMI - Recieve Notification Exploit (Metasploit) Microsoft Xbox One 10.0.14393.2152 - Code Execution (PoC) Prime95 29.4b8 - Stack Buffer Overflow (SEH) DynoRoot DHCP - Client Command Injection Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit) Microsoft Edge (Windows 10) - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution Microsoft Edge (Windows 10) - 'chakra.dll' Information Leak / Type Confusion Remote Code Execution Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010) Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010) HPE iMC 7.3 - Remote Code Execution (Metasploit) Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Monstra CMS before 3.0.4 - Cross-Site Scripting SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery Cisco SA520W Security Appliance - Path Traversal SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion	2018-05-19 05:01:48 +00:00
Offensive Security	5aca1b9763	DB: 2018-05-18 8 changes to exploits/shellcodes Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall Libuser - roothelper Privilege Escalation (Metasploit) Libuser - 'roothelper' Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Jenkins CLI - HTTP Java Deserialization (Metasploit) Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit) NodAPS 4.0 - SQL injection / Cross-Site Request Forgery Intelbras NCLOUD 300 1.0 - Authentication bypass SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery	2018-05-18 05:01:49 +00:00
Offensive Security	0ca4688023	DB: 2018-05-14 3 changes to exploits/shellcodes Microsoft Windows 2003 SP2 - 'RRAS' SMB Remote Code Execution WUZHI CMS 4.1.0 - 'form[qq_10]' Cross-Site Scripting WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting	2018-05-14 05:01:48 +00:00
Offensive Security	635ec84504	DB: 2018-05-09 5 changes to exploits/shellcodes 2345 Security Guard 3.7 - Denial of Service FTPShell Client 6.7 - Buffer Overflow Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit) PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit) PlaySMS 1.4 - sendfromfile.php Authenticated _Filename_ Field Code Execution (Metasploit) Linux/x86 - execve(/bin/sh) NOT Encoded Shellcode (27 bytes) Linux/x86 - execve(/bin/sh) + NOT Encoded Shellcode (27 bytes)	2018-05-09 05:01:46 +00:00
Offensive Security	813a3efbb5	DB: 2018-05-04 20 changes to exploits/shellcodes Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow Jnes 1.0.2 - Stack Buffer Overflow Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow netek 0.8.2 - Denial of Service Cisco Smart Install - Crash (PoC) Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Local Privilege Escalation (1) Linux Kernel 2.6.32 < 3.x (CentOS 5/6) - 'PERF_EVENTS' Local Privilege Escalation (1) Adobe Reader PDF - Client Side Request Injection Windows - Local Privilege Escalation Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit) Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit) Adobe Flash < 28.0.0.161 - Use-After-Free Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC) GPON Routers - Authentication Bypass / Command Injection TBK DVR4104 / DVR4216 - Credentials Leak Call of Duty Modern Warefare 2 - Buffer Overflow Squirrelcart 1.x.x - 'cart.php' Remote File Inclusion Squirrelcart 1.x - 'cart.php' Remote File Inclusion Infinity 2.x.x - options[style_dir] Local File Disclosure Infinity 2.x - 'options[style_dir]' Local File Disclosure PHP-Nuke 8.x.x - Blind SQL Injection PHP-Nuke 8.x - Blind SQL Injection WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - 'cart.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x.x - 'clientarea.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x - 'clientarea.php' Local File Disclosure Ajax Availability Calendar 3.x.x - Multiple Vulnerabilities Ajax Availability Calendar 3.x - Multiple Vulnerabilities vBulletin vBSEO 4.x.x - 'visitormessage.php' Remote Code Injection vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection WordPress Theme Photocrati 4.x.x - SQL Injection / Cross-Site Scripting WordPress Theme Photocrati 4.x - SQL Injection / Cross-Site Scripting Subrion 3.X.x - Multiple Vulnerabilities Subrion 3.x - Multiple Vulnerabilities Ciuis CRM 1.0.7 - SQL Injection LifeSize ClearSea 3.1.4 - Directory Traversal WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting DLINK DCS-5020L - Remote Code Execution (PoC) Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection	2018-05-04 05:01:47 +00:00
Offensive Security	b1f00227f1	DB: 2018-04-27 12 changes to exploits/shellcodes Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH) Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH) Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow Shopy Point of Sale v1.0 - CSV Injection Shopy Point of Sale 1.0 - CSV Injection Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC) Blog Master Pro v1.0 - CSV Injection HRSALE The Ultimate HRM v1.0.2 - CSV Injection HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection Blog Master Pro 1.0 - CSV Injection HRSALE The Ultimate HRM 1.0.2 - CSV Injection HRSALE The Ultimate HRM 1.0.2 - 'award_id' SQL Injection HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting GitList 0.6 - Unauthenticated Remote Code Execution TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot Frog CMS 0.9.5 - Persistent Cross-Site Scripting	2018-04-27 05:01:49 +00:00
Offensive Security	c249d94cb7	DB: 2018-04-25 28 changes to exploits/shellcodes gif2apng 1.9 - '.gif' Stack Buffer Overflow VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC) Kaspersky KSN for Linux 5.2 - Memory Corruption Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service Adobe Flash - Overflow when Playing Sound Adobe Flash - Overflow in Slab Rendering Adobe Flash - Info Leak in Image Inflation Adobe Flash - Out-of-Bounds Write in blur Filtering Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion R 3.4.4 - Local Buffer Overflow Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH) lastore-daemon D-Bus - Privilege Escalation (Metasploit) Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass) ASUS infosvr - Auth Bypass Command Execution (Metasploit) UK Cookie Consent - Persistent Cross-Site Scripting WUZHI CMS 4.1.0 - Cross-Site Request Forgery Open-AudIT 2.1 - CSV Macro Injection Monstra CMS 3.0.4 - Arbitrary Folder Deletion Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes) Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes) Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes) Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)	2018-04-25 05:01:39 +00:00
Offensive Security	e8f4ef9188	DB: 2018-04-19 14 changes to exploits/shellcodes PDFunite 0.41.0 - '.pdf' Local Buffer Overflow RSVG 2.40.13 / 2.42.2 - '.svg' Buffer Overflow VX Search 10.6.18 - 'directory' Local Buffer Overflow Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit) Easy File Sharing Web Server 7.2 - Stack Buffer Overflow Coship RT3052 Wireless Router - Persistent Cross-Site Scripting Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting Rvsitebuilder CMS - Database Backup Download Match Clone Script 1.0.4 - Cross-Site Scripting Kodi 17.6 - Persistent Cross-Site Scripting Lutron Quantum 2.0 - 3.2.243 - Information Disclosure WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities	2018-04-19 05:01:48 +00:00
Offensive Security	bef325a736	DB: 2018-04-14 9 changes to exploits/shellcodes GNU Beep 1.3 - 'HoleyBeep' Local Privilege Escalation Microsoft Credential Security Support Provider - Remote Code Execution WordPress Plugin Shopping Cart 3.0.4 - Unrestricted Arbitrary File Upload Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) MikroTik 6.41.4 - FTP daemon Denial of Service PoC Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution	2018-04-14 05:01:49 +00:00

1 2

83 commits