bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2803 commits 1 branch 0 tags 258 MiB
Commit graph

2803 commits

This branch
This branch
All branches
Author SHA1 Message Date
g0tmi1k
aa06ea8fec Fix URL 2022-11-21 14:55:48 +00:00
Offensive Security
842fcc5901 DB: 2022-11-19 
1 changes to exploits/shellcodes/ghdb

MSNSwitch Firmware MNT.2408 - Remote Code Exectuion (RCE)
MSNSwitch Firmware MNT.2408 - Remote Code Execution

Open Web Analytics 1.7.3 - Remote Code Execution (RCE)
Open Web Analytics 1.7.3 - Remote Code Execution

CVAT 2.0 - SSRF (Server Side Request Forgery)
CVAT 2.0 - Server Side Request Forgery
 2022-11-19 00:16:40 +00:00
Offensive Security
d77965c440 DB: 2022-11-17 
1 changes to exploits/shellcodes/ghdb

qdPM 9.1 - Remote Code Execution (RCE) (Authenticated)
qdPM 9.1 - Remote Code Execution (Authenticated)
 2022-11-17 07:08:08 +00:00
Offensive Security
c9e53fa57b DB: 2022-11-12 
7 changes to exploits/shellcodes/ghdb

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal

MSNSwitch Firmware MNT.2408 - Remote Code Exectuion (RCE)

SmartRG Router SR510n 2.6.13 - RCE (Remote Code Execution)

Open Web Analytics 1.7.3 - Remote Code Execution (RCE)

CVAT 2.0 - SSRF (Server Side Request Forgery)

IOTransfer V4 - Unquoted Service Path

NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass)

Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes)

Linux/MIPS - reboot() Shellcode (32 bytes)

Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)

Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)

Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes)
 2022-11-12 09:02:02 +00:00
g0tmi1k
871af74158 GitHub -> GitLab 2022-11-11 01:27:50 +00:00
g0tmi1k
653b3893e6 Version bump 2022-11-11 01:24:01 +00:00
g0tmi1k
7f3e900967 json_pp -> jq 2022-11-11 00:38:26 +00:00
g0tmi1k
8ff1798f71 Nicer formatting 2022-11-11 00:38:26 +00:00
g0tmi1k
3ae6e956a2 Split code output 2022-11-11 00:38:26 +00:00
g0tmi1k
033af0c325 File may not be installed 2022-11-11 00:38:26 +00:00
g0tmi1k
73e22c7346 Remove new line 2022-11-11 00:38:26 +00:00
g0tmi1k
8cb55f5f95 Update comments 2022-11-11 00:38:26 +00:00
g0tmi1k
142f38c279 Fix Incorrect processing of -t (GitHub 190) 
https://github.com/offensive-security/exploitdb/issues/190
 2022-11-11 00:38:26 +00:00
Offensive Security
b6e780c138 DB: 2022-11-10 
20 changes to exploits/shellcodes/ghdb

0 new exploits/shellcodes

Too many to list!
 2022-11-10 23:30:40 +00:00
Offensive Security
033a8167fc Merge branch 'main' of gitlab.com:exploit-database/exploitdb into main 2022-11-10 19:58:04 +00:00
g0tmi1k
7dc06078b3 SearchSploit v4.2.0 
Various fixes
 2022-11-10 18:01:01 +00:00
Offensive Security
8bf3aee631 DB: 2022-11-10 
2 changes to exploits/shellcodes/ghdb
 2022-11-10 17:10:37 +00:00
Offensive Security
d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
 2022-11-10 16:39:50 +00:00
Offensive Security
fba9658f51 Add more fields into csv dump 2022-11-10 16:38:06 +00:00
Offensive Security
f3b9af8dc8 Add GHDB 2022-11-10 16:37:04 +00:00
Offensive Security
b4e29f1fae DB: 2022-10-18 
1 changes to exploits/shellcodes

Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)
 2022-10-18 05:01:47 +00:00
Offensive Security
4d6a64eb6b DB: 2022-10-07 
1 changes to exploits/shellcodes

Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi
 2022-10-07 05:01:49 +00:00
Offensive Security
c5397147d9 DB: 2022-09-24 
7 changes to exploits/shellcodes

Teleport v10.1.1 - Remote Code Execution (RCE)
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)
Feehi CMS 2.1.1 - Remote Code Execution (RCE) (Authenticated)
Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)
Aero CMS v0.0.1 - SQLi
Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
 2022-09-24 05:01:44 +00:00
Offensive Security
3d2fa2f00a DB: 2022-09-22 
2 changes to exploits/shellcodes

Wifi HD Wireless Disk Drive 11 - Local File Inclusion
WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)
 2022-09-22 05:01:51 +00:00
Offensive Security
7cbe771564 DB: 2022-09-21 
5 changes to exploits/shellcodes

Blink1Control2 2.2.7 - Weak Password Encryption
Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE)
Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)
Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass
Bookwyrm v0.4.3 - Authentication Bypass
 2022-09-21 05:01:54 +00:00
Offensive Security
187c559c55 DB: 2022-09-16 
1 changes to exploits/shellcodes

Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
 2022-09-16 05:01:58 +00:00
Offensive Security
2f709ff851 DB: 2022-09-02 
3 changes to exploits/shellcodes

Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass
WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)
WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)
 2022-09-02 05:01:57 +00:00
Offensive Security
a8cb58b3e5 DB: 2022-08-10 
5 changes to exploits/shellcodes

PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)
Prestashop blockwishlist module 2.1.0 - SQLi
Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)
ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
 2022-08-10 05:01:48 +00:00
Offensive Security
34afdf0a9d DB: 2022-08-04 
1 changes to exploits/shellcodes
 2022-08-04 05:01:48 +00:00
Offensive Security
636f9a743d DB: 2022-08-03 
1 changes to exploits/shellcodes

uftpd 2.10 - Directory Traversal (Authenticated)
 2022-08-03 05:01:51 +00:00
Offensive Security
16b24da825 DB: 2022-08-02 
19 changes to exploits/shellcodes

Omnia MPX 1.5.0+r1 - Path Traversal
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)

OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)
Wavlink WN533A8 - Cross-Site Scripting (XSS)
Wavlink WN530HG4 - Password Disclosure
Wavlink WN533A8 - Password Disclosure
WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
WordPress Plugin Duplicator 1.4.7 - Information Disclosure
CuteEditor for PHP 6.6 - Directory Traversal
mPDF 7.0 - Local File Inclusion
NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated)
Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
 2022-08-02 05:01:49 +00:00
Offensive Security
dfb28913d0 DB: 2022-07-30 
7 changes to exploits/shellcodes

Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path
rpc.py 0.6.0 - Remote Code Execution (RCE)
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution
Geonetwork 4.2.0 - XML External Entity (XXE)
Dingtian-DT-R002 3.1.276A - Authentication Bypass
Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal
WordPress Plugin WP-UserOnline 2.87.6 - Stored Cross-Site Scripting (XSS)
 2022-07-30 05:01:47 +00:00
Offensive Security
7c6e7bc19d DB: 2022-07-27 
1 changes to exploits/shellcodes

WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi
 2022-07-27 05:01:49 +00:00
Offensive Security
46346f8944 DB: 2022-07-22 
6 changes to exploits/shellcodes

Kite 1.2021.610.0 - Unquoted Service Path
Dr. Fone 4.0.8 - 'net_updater32.exe' Unquoted Service Path

IOTransfer 4.0 - Remote Code Execution (RCE)
Magnolia CMS 6.2.19 - Stored Cross-Site Scripting (XSS)
CodoForum v5.1 - Remote Code Execution (RCE)
OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)
 2022-07-22 05:01:50 +00:00
Offensive Security
d84f857e94 DB: 2022-07-12 
1 changes to exploits/shellcodes

Nginx 1.20.0 - Denial of Service (DOS)
 2022-07-12 05:01:53 +00:00
Offensive Security
3bd99ff836 DB: 2022-07-02 
1 changes to exploits/shellcodes

WiFi Mouse 1.7.8.5 - Remote Code Execution(v2)
 2022-07-02 05:01:54 +00:00
Offensive Security
32b480d8b7 DB: 2022-06-28 
3 changes to exploits/shellcodes

WordPress Plugin Weblizar 8.9 - Backdoor
WSO2 Management Console (Multiple Products) - Unauthenticated Reflected Cross-Site Scripting (XSS)
Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)
 2022-06-28 05:01:52 +00:00
Offensive Security
b692218041 DB: 2022-06-16 2022-06-16 05:01:57 +00:00
Offensive Security
29e275db94 DB: 2022-06-15 
16 changes to exploits/shellcodes

Real Player v.20.0.8.310 G2 Control - 'DoGoToURL()' Remote Code Execution (RCE)
Real Player 16.0.3.51 - 'external::Import()' Directory Traversal to Remote Code Execution (RCE)
HP LaserJet Professional M1210 MFP Series Receive Fax Service - Unquoted Service Path
Marval MSM v14.19.0.12476 - Remote Code Execution (RCE) (Authenticated)
Virtua Software Cobranca 12S - SQLi
Marval MSM v14.19.0.12476 - Cross-Site Request Forgery (CSRF)
Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)
TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated)
Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)
Avantune Genialcloud ProJ 10 - Cross-Site Scripting (XSS)
Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated)
phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)
ChurchCRM 4.4.5 - SQLi
Old Age Home Management System 1.0 - SQLi Authentication Bypass
SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting (XSS)
SolarView Compact 6.00 - 'pow' Cross-Site Scripting (XSS)
 2022-06-15 05:01:57 +00:00
Offensive Security
5012842b97 DB: 2022-06-11 
2 changes to exploits/shellcodes

WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - Stored Cross-Site Scripting (XSS)
Confluence Data Center 7.18.0 - Remote Code Execution (RCE)
 2022-06-11 05:01:58 +00:00
Offensive Security
3daddca955 DB: 2022-06-04 
7 changes to exploits/shellcodes

Zyxel USG FLEX 5.21 - OS Command Injection
Telesquare SDT-CW3B1 1.1.0 - OS Command Injection
Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 - Remote Code Execution (RCE)
SolarView Compact 6.00 - Directory Traversal
Contao 4.13.2 - Cross-Site Scripting (XSS)
Microweber CMS 1.2.15 - Account Takeover
 2022-06-04 05:01:36 +00:00
Offensive Security
79ae41201e DB: 2022-05-26 
1 changes to exploits/shellcodes

qdPM 9.1 - Remote Code Execution (RCE) (Authenticated) (v2)
 2022-05-26 05:01:38 +00:00
Offensive Security
0a55016064 DB: 2022-05-24 
2 changes to exploits/shellcodes

OpenCart v3.x Newsletter Module - Blind SQLi
m1k1o's Blog v.10 - Remote Code Execution (RCE) (Authenticated)
 2022-05-24 05:01:36 +00:00
Offensive Security
cbee98ca48 DB: 2022-05-18 
6 changes to exploits/shellcodes

SDT-CW3B1 1.1.0 - OS Command Injection
SolarView Compact 6.0 - OS Command Injection
Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)
T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)
T-Soft E-Commerce 4 - SQLi (Authenticated)
Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
 2022-05-18 05:01:36 +00:00
Offensive Security
6b9b8c5434 DB: 2022-05-13 
7 changes to exploits/shellcodes

Wondershare Dr.Fone 12.0.7 - Privilege Escalation (InstallAssistService)
Wondershare Dr.Fone 12.0.7 - Remote Code Execution (RCE)
F5 BIG-IP 16.0.x - Remote Code Execution (RCE)
College Management System 1.0 - 'course_code' SQL Injection (Authenticated)
Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)
TLR-2005KSH - Arbitrary File Delete
 2022-05-13 05:01:39 +00:00
Offensive Security
be24992411 DB: 2022-05-12 
42 changes to exploits/shellcodes

UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path
TCQ - ITeCProteccioAppServer.exe - Unquoted Service Path
Wondershare Dr.Fone 11.4.10 - Insecure File Permissions
ExifTool 12.23 - Arbitrary Code Execution
Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService)
Wondershare Dr.Fone 12.0.7 - Privilege Escalation (InstallAssistService)
Prime95 Version 30.7 build 9 - Remote Code Execution (RCE)
Akka HTTP 10.1.14 - Denial of Service
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor
Bookeen Notea - Directory Traversal
SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure
DLINK DIR850 - Insecure Access Control
DLINK DIR850 - Open Redirect
Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
Tenda HG6 v3.3.0 - Remote Command Injection
Google Chrome 78.0.3904.70 - Remote Code Execution
PyScript - Read Remote Python Source Code
DLINK DAP-1620 A1 v1.01 - Directory Traversal
Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)
ImpressCMS v1.4.4 - Unrestricted File Upload
Microfinance Management System 1.0 - 'customer_number' SQLi
WebTareas 2.4 - Blind SQLi (Authenticated)
WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload (Authenticated)
Magento eCommerce CE v2.3.5-p2 - Blind SQLi
Bitrix24 - Remote Code Execution (RCE) (Authenticated)
CSZ CMS 1.3.0 - 'Multiple' Blind SQLi
Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS)
Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)
e107 CMS v3.2.1 - Multiple Vulnerabilities
Anuko Time Tracker - SQLi (Authenticated)
TLR-2005KSH - Arbitrary File Upload
Explore CMS 1.0 - SQL Injection
Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated)
PHProjekt PhpSimplyGest v1.3. - Stored Cross-Site Scripting (XSS)
Beehive Forum - Account Takeover
MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)
WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)
Joomla Plugin SexyPolling 2.1.7 - SQLi
WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)
 2022-05-12 05:01:39 +00:00
Offensive Security
004fdfd467 DB: 2022-04-27 
4 changes to exploits/shellcodes

7-zip - Code Execution / Local Privilege Escalation
Gitlab 14.9 - Authentication Bypass
GitLab 14.9 - Stored Cross-Site Scripting (XSS)
 2022-04-27 05:01:59 +00:00
Offensive Security
6350525c20 DB: 2022-04-23 
2 changes to exploits/shellcodes
 2022-04-23 05:01:59 +00:00
Offensive Security
093714dc70 DB: 2022-04-20 
21 changes to exploits/shellcodes

Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path
Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path
7-zip - Code Execution / Local Privilege Escalation
PTPublisher v2.3.4 - Unquoted Service Path
EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path
Zyxel NWA-1100-NH - Command Injection
ManageEngine ADSelfService Plus 6.1 - User Enumeration
Verizon 4G LTE Network Extender - Weak Credentials Algorithm
Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Request Forgery (CSRF)
Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)
Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure

Scriptcase 9.7 - Remote Code Execution (RCE)
WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - SQL Injection
Easy Appointments 1.4.2 - Information Disclosure
WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)
WordPress Plugin Popup Maker 1.16.5 - Stored Cross-Site Scripting (Authenticated)
REDCap 11.3.9 - Stored Cross Site Scripting
PKP Open Journals System 3.3 - Cross-Site Scripting (XSS)
WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)
Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)
 2022-04-20 05:01:45 +00:00
Offensive Security
6457d1796d DB: 2022-04-12 
7 changes to exploits/shellcodes

MiniTool Partition Wizard - Unquoted Service Path

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion (LFI)
SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference (IDOR)
Telesquare TLR-2855KS6 - Arbitrary File Creation
Telesquare TLR-2855KS6 - Arbitrary File Deletion
Razer Sila - Local File Inclusion (LFI)
Razer Sila - Command Injection
 2022-04-12 05:01:35 +00:00