bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2416 commits 1 branch 0 tags 258 MiB
Commit graph

138 commits

Author SHA1 Message Date
Offensive Security
c385c8068c DB: 2021-07-20 
6 changes to exploits/shellcodes

WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated)
WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS)
Dolibarr ERP/CRM 10.0.6 - Login Brute Force
PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection

Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
 2021-07-20 05:01:52 +00:00
Offensive Security
906bbc4943 DB: 2021-07-14 
8 changes to exploits/shellcodes

Apache Tomcat 9.0.0.M1 - Open Redirect
WordPress Plugin WPFront Notification Bar 1.9.1.04012 - Stored Cross-Site Scripting (XSS)
Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)
Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated) (2)
Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload

Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)
Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)
 2021-07-14 05:01:54 +00:00
Offensive Security
eaff7043e2 DB: 2021-06-11 
6 changes to exploits/shellcodes

Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
n+otes 1.6.2 - Denial of Service (PoC)

memono Notepad Version 4.2 - Denial of Service (PoC)
Student Result Management System 1.0 - 'class' SQL Injection
TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)

Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes_ xor encoded)
 2021-06-11 05:01:56 +00:00
Offensive Security
599b380301 DB: 2021-05-11 
7 changes to exploits/shellcodes

DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path
BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path
TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path

Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution
Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution

PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: May 3rd 2021
PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection
PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
Human Resource Information System  0.1  - 'First Name' Persistent Cross-Site Scripting (Authenticated)
Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)

Linux/x86 - setreuid(0) + execve(_/bin/sh_) Shellcode (29 bytes)
 2021-05-11 05:01:57 +00:00
Offensive Security
dcd1229758 DB: 2021-05-04 
7 changes to exploits/shellcodes

GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE
Voting System 1.0 - Time based SQLI  (Unauthenticated SQL injection)
Piwigo 11.3.0 - 'language' SQL
GitLab Community Edition (CE) 13.10.3 - User Enumeration
GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration

Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes)
Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes)
 2021-05-04 05:01:59 +00:00
Offensive Security
53c15c17c6 DB: 2021-04-16 
6 changes to exploits/shellcodes

glFTPd 2.11a - Remote Denial of Service
Horde Groupware Webmail 5.2.22 - Stored XSS
Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)

Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
 2021-04-16 05:02:00 +00:00
Offensive Security
338282491b DB: 2021-02-25 
8 changes to exploits/shellcodes

SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path
Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path
python jsonpickle 2.0.0 - Remote Code Execution
Unified Remote 3.9.0.2463 - Remote Code Execution

LayerBB 1.1.4 - 'search_query' SQL Injection

Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)
 2021-02-25 05:01:54 +00:00
Offensive Security
0ebed6d4c4 DB: 2021-02-10 
5 changes to exploits/shellcodes

Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquote Service Path
AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path
Online Car Rental System 1.0 - Stored Cross Site Scripting
Adobe Connect 10 - Username Disclosure

Linux/x64 - execve _cat /etc/shadow_ Shellcode (66 bytes)
 2021-02-10 05:01:58 +00:00
Offensive Security
3fa3a8be65 DB: 2021-01-26 
8 changes to exploits/shellcodes

MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
Library System 1.0 - 'category' SQL Injection
Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)

Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
 2021-01-26 05:01:58 +00:00
Offensive Security
3e80d07fdb DB: 2021-01-23 
15 changes to exploits/shellcodes

Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation
Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)
Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)
Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
Library System 1.0 - Authentication Bypass Via SQL Injection
CASAP Automated Enrollment System 1.0 - Authentication Bypass
ERPNext 12.14.0 - SQL Injection (Authenticated)
Atlassian Confluence Widget Connector Macro - SSTI

Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Socat Bind Shellcode (113 bytes)
Linux/x64 - Reverse (127.1.1.1:4444/TCP) Shell (/bin/sh) Shellcode (123 Bytes)
Linux/x86 - Bind Socat (0.0.0.0:1000/TCP) Shell (Bash) Shellcode (113 bytes)

Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)
Linux/x86 - Egghunter (0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)

Windows/x86 - Download File (http://10.10.10.5:8080/2NWyfQ9T.hta) Via mshta + Execute + Stager Shellcode (143 bytes)
 2021-01-23 05:01:59 +00:00
Offensive Security
d65226277c DB: 2021-01-21 
4 changes to exploits/shellcodes

ChurchRota 2.6.4 - RCE (Authenticated)
Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS
Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)

Linux/x86 - Socat Bind Shellcode (113 bytes)
 2021-01-21 05:01:57 +00:00
Offensive Security
62b25db87d DB: 2021-01-20 
2 changes to exploits/shellcodes

osTicket 1.14.2 - SSRF

Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes)
 2021-01-20 05:02:00 +00:00
Offensive Security
969e7d6c90 DB: 2021-01-16 
13 changes to exploits/shellcodes

Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS
E-Learning System 1.0 - Authentication Bypass & RCE POC
Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)
PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message)
WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)
Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting
Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
EyesOfNetwork 5.3 - File Upload Remote Code Execution

BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes)
BSD/x86 - execve(/bin/sh) + Encoded Shellcode (49 bytes)
FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes)
FreeBSD x86/x64 - execve(/bin/sh) + Anti-Debugging Shellcode (140 bytes)
FreeBSD/x86 - setreuid() + execve(pfctl -d) Shellcode (56 bytes)

FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve(/bin/sh) + Encoded Shellcode (48 bytes)

Linux/PPC - read + exec Shellcode (32 bytes)
Linux/PPC - read() + exec Shellcode (32 bytes)

Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Append RSA Key To /root/.ssh/authorized_keys2 Shellcode (295 bytes)

Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download File (cb) + Execute Shellcode (149 bytes)

Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)
Linux/x86 - Reverse PHP (Writes To /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)

Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)
Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive + Payload Loader Shellcode (68+ bytes)

BSD/x86 - symlink . /bin/sh Shellcode (32 bytes)
BSD/x86 - symlink /bin/sh Shellcode (32 bytes)

Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Linux/x86 - Overwrite MBR On /dev/sda With _LOL!' Shellcode (43 bytes)

Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes)
Linux/x86 - Add Root User (toor) To /etc/passwd + No Password + exit() Shellcode (107 bytes)

Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)
Linux/x86 - execve(_/bin/sh__ _0__ _0_) With umask 16 (sys_umask(14)) Shellcode (45 bytes)

Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x64 - setuid(0) + chmod (/etc/passwd 0777) + exit(0) Shellcode (63 bytes)
Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes)
Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)
Linux/ARM - chmod(/etc/shadow 0777) + Polymorphic Shellcode (84 bytes)
Linux/ARM - chmod(/etc/shadow 0777) Shellcode (35 bytes)

Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind (6778/TCP) Shell + Polymorphic + XOR Encoded Shellcode (125 bytes)

Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode
Linux/ARM - Bind (0x1337/TCP) Listener + Receive + Payload Loader Shellcode

Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod (/etc/shadow 0666) + exit(0) Shellcode (43 bytes)

Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit)
Windows - Download File + Execute Via DNS + IPv6 Shellcode (Generator) (Metasploit)

Linux/MIPS (Little Endian) - system() Shellcode (80 bytes)
Linux/MIPS (Little Endian) - system(telnetd -l /bin/sh) Shellcode (80 bytes)

Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid() + Execute /bin/bash Obfuscated Shellcode (521 bytes)

Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes)
Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts Shellcode (77 bytes)

Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (77-85/90-98 bytes)
Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)
Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)
Windows/x64 (XP) - Download File + Execute Shellcode Using PowerShell (Generator)
Linux/MIPS (Little Endian) - chmod(/etc/shadow 666) Shellcode (55 bytes)
Linux/MIPS (Little Endian) - chmod(/etc/passwd 666) Shellcode (55 bytes)

Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - execve(/bin/sh) + ROT13 Encoded Shellcode (68 bytes)

Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes)
Linux/x86 - Add Map (127.1.1.1 google.com) To /etc/hosts + Obfuscated Shellcode (98 bytes)

Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - Custom execve() + 'Followtheleader' Shellcode (Encoder/Decoder) (Generator)

Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)
Linux/x86 - mkdir(HACK) + chmod 777 + exit(0) Shellcode (29 bytes)

Linux/x86 - Reboot() Shellcode (28 bytes)
Linux/x86 - reboot() Shellcode (28 bytes)

Linux/x64 - execve() Encoded Shellcode (57 bytes)
Linux/x64 - execve() + Encoded Shellcode (57 bytes)

Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)
Windows/x86 - Download File (//192.168.1.19/c) Via WebDAV + Execute Null-Free Shellcode (96 bytes)

Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes)
Windows - Keylogger To File (./log.bin) + Null-Free Shellcode (431 bytes)

Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes)
Windows - Keylogger To File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes)

BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
BSD / Linux / Windows (x86/x64) - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Shellcode (194 bytes) (Generator)

Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing Via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)
Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)
BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes)
BSD/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes)
Linux/x86 - Write To /etc/passwd With uid(0) + gid(0) Shellcode (74 bytes)
BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (31 bytes)

Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes)
Linux/x86 - Audio (knock knock knock) Via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes)

Linux/x86 - Remote File Download Shellcode (42 bytes)
Linux/x86 - Download File Shellcode (42 bytes)

Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes)
Linux/x86 - reboot() + Mutated + Null-Free Shellcode (55 bytes)

Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes)
Linux/x86 - execve(wget) + Mutated + Null-Free Shellcode (96 bytes)
Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes)
Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes)
Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes)
Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + Execute Shellcode (108 bytes)
Linux/x86 - execve(/bin/sh) Using jump/call/pop Shellcode (52 bytes)
Linux/x86 - Copy /etc/passwd To /tmp/outfile Shellcode (97 bytes)

Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)
Linux/x64 - execve(/bin/sh -c reboot) Shellcode (89 bytes)

Linux/x64 - mkdir() Shellcode (25 bytes)
Linux/x64 - mkdir(ajit) Shellcode (25 bytes)

IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes)
IRIX - Bind (/TCP) Shell (/bin/sh) Shellcode (364 bytes)
Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes)
Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes)
Linux/ARM - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (79 bytes)
Linux/ARM - chmod(/etc/passwd 0777) Shellcode (39 bytes)

Linux/x64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (27 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (110 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) To /etc/hosts Shellcode (96 bytes)
Linux/x64 - shutdown -h now Shellcode (65 bytes)
Linux/x64 - shutdown -h now Shellcode (64 bytes)
Linux/x64 - /sbin/shutdown -h now Shellcode (65 bytes)
Linux/x64 - /sbin/shutdown -h now Shellcode (64 bytes)
Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode
Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator)
Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode
Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes)
Linux/x64 - execve(/bin/sh) + Custom Encoded XOR Shellcode
Linux/x64 - execve(/bin/sh)  + Custom Encoded XOR + Polymorphic Shellcode (Generator)
Linux/x64 - execve(/bin/sh) + Twofish Encoded + DNS (CNAME) Password + Shellcode
Linux/x86 - execve(/bin/sh) + NOT Encoder / Decoder Shellcode (44 bytes)

Linux/x64 - x64 Assembly Shellcode (Generator)
Linux/x64 - execve() Assembly Shellcode (Generator)

Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)
Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (37 bytes)

Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + (Dual IPv4 and IPv6) Shellcode (146 bytes)
Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + IPv4/6 Shellcode (146 bytes)
Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes)
Linux/ARM -  execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager Shellcode (28 Bytes)
Linux/ARM - execve(_/bin/sh__ NULL_ NULL) + read(0_ buf_ 0xff) Stager  Shellcode (20 Bytes)

Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)
Linux/x86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)

Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)
Linux/ARM -  execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (4 Bytes)

Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP (192.168.2.157/31337) Shellcode (181 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse (192.168.2.157:31337/TCP) Shellcode (181 bytes)

Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x86 - execve(/usr/bin/head -n99 cat etc/passwd) Shellcode (61 Bytes)
Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + execute Shellcode (119 bytes)
Windows/x86 - Download With TFTP And Execute Shellcode (51-60 bytes) (Generator)
Linux/x86 - execve(/bin/sh -c) + wget (http://127.0.0.1:8080/evilfile) + chmod 777 + Execute Shellcode (119 bytes)
Windows/x86 (XP Pro SP3) - Download File Via TFTP + Execute Shellcode (51-60 bytes) (Generator)
Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes)
Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes)
Linux/ARM - Reverse (192.168.1.124:4321/TCP) Shell (/bin/sh) Shellcode (64 bytes)
Windows/x86 - Download File (http://192.168.0.13/ms.msi) Via msiexec + Execute Shellcode (95 bytes)

Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
Apple macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (119 bytes)

Linux/x86 - Add User (sshd/root) to /etc/passwd Shellcode (149 bytes)
Linux/x86 - Add User (sshd/root) To /etc/passwd Shellcode (149 bytes)

Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes)
Linux/x86 - cat .bash_history + base64 Encode + cURL (http://localhost:8080) Shellcode (125 bytes)

Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes)
Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) Shellcode (91 Bytes) (Generator)

Linux/x86 - Shred file (test.txt) Shellcode (72 bytes)
Linux/x86 - Shred File (test.txt) Shellcode (72 bytes)

Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (23 bytes)

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
Linux/x86 -  execve(/bin/sh)  + Reposition + INC Encoder Shellcode (66 bytes)

Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe _c:\evil.exe_) Shellcode (210 Bytes)
Windows/x86 - Download File (http://192.168.10.10/evil.exe _c:\evil.exe_) Via bitsadmin  + Execute Shellcode (210 Bytes)

Linux/x86 - Chmod + Execute (/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes)
Linux/x86 - chmod + execute(/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes)

Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (140 bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 -  execve(_/bin/sh__ NULL_ NULL) + mmap() + read() Stager Shellcode (60 Bytes)
Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) + Jump Back Shellcode (8 Bytes)

Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) Using JMP-CALL-POP Shellcode (21 bytes)
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes)
Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)
Linux/x86 - execve(/bin/sh)  + NOT +SHIFT-N+ XOR-N Encoded Shellcode (168 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + Polymorphic Shellcode (53 bytes)
Linux/x86 -  Disable ASLR Security  + Polymorphic Shellcode (107 bytes)

Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)
Linux/x86_64 - execve(_/bin/sh_) + AVX2 XOR Decoder Shellcode (62 bytes)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)
Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes)
Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (107 Bytes)
Linux/x86 - Bind (43690/TCP) + Null-Free Shellcode (53 Bytes)
Linux/x86 - execve(/bin/sh)  + NOT + XOR-N + Random Encoded Shellcode (132 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Byte Free Shellcode (188 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Windows/7 - Screen Lock Shellcode (9 bytes)
Linux/x86 - Add Root User (vl43ck/test) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) To /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (25 bytes)
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) Socket Reuse Shellcode (42 bytes)
Linux/x86 - execve(/bin/sh) + NOT|ROT+8 Encoded + Null-Free Shellcode (47 bytes)
Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Free Shellcode (188 bytes)
Linux/x86 - execve() + Alphanumeric Shellcode (66 bytes)
Linux/x86 - execve(/bin/sh) + Random Bytes Encoder + XOR/SUB/NOT/ROR Shellcode (114 bytes)
Windows/x64 (7) - Screen Lock Shellcode (9 bytes)

Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
Windows/x86 - WinExec Calc.exe +  Null-Free Shellcode (195 bytes)

Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes)
Linux/x86 - Reboot + Polymorphic Shellcode (26 bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
Linux/ARM - execve /bin/dash Shellcode (32 bytes)
Windows/x86 - MSVCRT System + Dynamic Null-Free + Add RDP Admin (MajinBuu/TurnU2C@ndy!!) + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Password (P3WP3Wl4ZerZ) + Null-free Shellcode (272 Bytes)
Linux/ARM - execve(/bin/dash) Shellcode (32 bytes)

Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes)
Linux/x86 -  Disable ASLR Security + Polymorphic Shellcode (124 bytes)

Windows/x86 - Download using mshta.exe Shellcode (100 bytes)
Windows/x86 - Download File (http://192.168.43.192:8080/9MKWaRO.hta) Via mshta Shellcode (100 bytes)
 2021-01-16 05:01:56 +00:00
Offensive Security
91f4f8025d DB: 2021-01-13 
4 changes to exploits/shellcodes

Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)
Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
SmartAgent 3.1.0 - Privilege Escalation

Linux/x86 - bind shell on port 13377 Shellcode (65 bytes)
 2021-01-13 05:01:55 +00:00
Offensive Security
cb83a6e2dd DB: 2020-12-19 
17 changes to exploits/shellcodes

docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)
FRITZ!Box 7.20 - DNS Rebinding Protection Bypass
SyncBreeze 10.0.28 - 'login' Denial of Service (Poc)
Xeroneit Library Management System 3.1 - _Add Book Category _ Stored XSS
Point of Sale System 1.0 - Authentication Bypass
Alumni Management System 1.0 - Unrestricted File Upload To RCE
Alumni Management System 1.0 - _Course Form_ Stored XSS
Alumni Management System 1.0 - 'id' SQL Injection
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)
Smart Hospital 3.1 - _Add Patient_ Stored XSS

Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes)

Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)
 2020-12-19 05:01:57 +00:00
Offensive Security
720fabd066 DB: 2020-07-28 
114 changes to exploits/shellcodes

Notepad++ < 7.7 (x64)  - Denial of Service

winrar 5.80 64bit - Denial of Service
WinRAR 5.80 (x64) - Denial of Service

Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter 'target_offset' Out-of-Bounds Privilege Escalation

TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change

Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Windows 7 SP1 (x86) - GDI Palette Objects Local Privilege Escalation (MS17-017)

Microsoft Word 2007 (x86) - Information Disclosure

IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation

ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation

Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution
Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution

Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation

R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)

MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation
MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation

Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)

Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation

Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation

R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)

Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation

Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation

Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)

Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path

DEWESoft X3 SP1 (64-bit) - Remote Command Execution
DEWESoft X3 SP1 (x64) - Remote Command Execution

CompleteFTP Professional 12.1.3 - Remote Code Execution

TeamCity Agent XML-RPC 10.0 - Remote Code Execution

eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution

FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
FreeBSD x86/x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)

Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)

Linux/x86 - Kill All Processes Shellcode (14 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux/x86 - 'reboot' polymorphic Shellcode (26 bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
 2020-07-28 05:01:59 +00:00
Offensive Security
e46d9f65ff DB: 2020-07-27 
32 changes to exploits/shellcodes

Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH)
Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)
DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter)
Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter)
Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH)
Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)
docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)
GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)
ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution
UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin)
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)
Bludit 3.9.2 - Directory Traversal
LibreHealth 2.0.0 - Authenticated Remote Code Execution
Online Course Registration 1.0 - Unauthenticated Remote Code Execution
elaniin CMS - Authentication Bypass
Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated)
PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting
Bio Star 2.8.2 - Local File Inclusion
Webtareas 2.1p - Arbitrary File Upload (Authenticated)
F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)
Socket.io-file 2.0.31 - Arbitrary File Upload
pfSense 2.4.4-p3 - Cross-Site Request Forgery
Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting
Rails 5.0.1 - Remote Code Execution

Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes)
Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)
Windows/x86 - Download using mshta.exe Shellcode (100 bytes)
 2020-07-27 05:02:04 +00:00
Offensive Security
1979df6cb3 DB: 2020-06-19 
51 changes to exploits/shellcodes

Tor Browser < 0.3.2.10 - Use After Free (PoC)
Notepad++ < 7.7 (x64)  - Denial of Service
SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
InputMapper 1.6.10 - Denial of Service

SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)

XnConvert 1.82 - Denial of Service (PoC)

SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC)

SpotDialup 1.6.7 - 'Key' Denial of Service (PoC)

Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)

FreeBSD 12.0 - 'fd' Local Privilege Escalation
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH)

DeviceViewer 3.12.0.1 - Arbitrary Password Change

Winrar 5.80 - XML External Entity Injection

Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution

Siemens TIA Portal - Remote Command Execution

Android 7 < 9 - Remote Code Execution
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)
CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit)

MyBB < 1.8.21 - Remote Code Execution

Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation

Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)

Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery

Publisure Hybrid - Multiple Vulnerabilities

NetGain EM Plus 10.1.68 - Remote Command Execution

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection

WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion

DotNetNuke 9.3.2 - Cross-Site Scripting

VehicleWorkshop 1.0 - 'bookingid' SQL Injection
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload

WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion

WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting

WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
Joomla! 3.9.0 < 3.9.7 - CSV Injection
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
Wing FTP Server - Authenticated CSRF (Delete Admin)

WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification

UADMIN Botnet 1.0 - 'link' SQL Injection

Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload

Wordpress Plugin PicUploader 1.0 - Remote File Upload

PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution

WordPress Plugin Helpful 2.4.11 - SQL Injection

Prestashop 1.7.6.4 - Cross-Site Request Forgery

WordPress Plugin Simple File List 5.4 - Remote Code Execution

Library CMS Powerful Book Management System 2.2.0 - Session Fixation

Joomla! J2 Store 3.3.11 - 'filter_order_Dir' SQL Injection (Authenticated)
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection

Beauty Parlour Management System 1.0 - Authentication Bypass

Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)

Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
Windows/x64 - WinExec Add-Admin (ROOT/I@mR00T$) Dynamic Null-Free Shellcode (210 Bytes)

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
Linux/x64 - Password (P3WP3Wl4ZerZ) + Bind (0.0.0.0:4444/TCP) Shell (/bin/bash) + Null-free Shellcode (272 Bytes)
 2020-06-19 05:02:01 +00:00
Offensive Security
bb9f12afc7 DB: 2020-06-16 
3 changes to exploits/shellcodes

SOS JobScheduler 1.13.3 - Stored Password Decryption

Linux/ARM - execve /bin/dash Shellcode (32 bytes)
Linux/ARM - Bind (0.0.0.0:1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (100 bytes)
 2020-06-16 05:01:56 +00:00
Offensive Security
7b87f30fbc DB: 2020-04-25 
5 changes to exploits/shellcodes

Popcorn Time 6.2 - 'Update service' Unquoted Service Path
EspoCRM 5.8.5 - Privilege Escalation
Edimax EW-7438RPn 1.13 - Remote Code Execution
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
 2020-04-25 05:01:51 +00:00
Offensive Security
1c5c38825d DB: 2020-04-22 
10 changes to exploits/shellcodes

Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation

WordPress 2.0.2 - 'cache' Remote Shell Injection
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption
WordPress Core 2.0.2 - 'cache' Remote Shell Injection
CSZ CMS 1.2.7 - Persistent Cross-Site Scripting
PMB 5.6 - 'logid' SQL Injection
CSZ CMS 1.2.7 - 'title' HTML Injection
IQrouter 3.3.1 Firmware - Remote Code Execution
NSClient++ 0.5.2.35 - Authenticated Remote Code Execution
jizhi CMS 1.6.7 - Arbitrary File Download
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)

Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
 2020-04-22 05:01:47 +00:00
Offensive Security
606ad946d3 DB: 2020-03-26 
7 changes to exploits/shellcodes

AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path
10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path
10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)

Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting
Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
Joomla! Component GMapFP 3.30 - Arbitrary File Upload
LeptonCMS 4.5.0 - Persistent Cross-Site Scripting

Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
 2020-03-26 05:01:48 +00:00
Offensive Security
b84d953124 DB: 2020-03-24 
10 changes to exploits/shellcodes

ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)

CyberArk PSMP 10.9.1 - Policy Restriction Bypass

PHPMailer < 5.2.18 - Remote Code Execution (Bash)
FIBARO System Home Center 5.021 - Remote File Include
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection

Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
 2020-03-24 05:01:50 +00:00
Offensive Security
85cdf30cea DB: 2020-03-19 
7 changes to exploits/shellcodes

NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path
Microsoft VSCode Python Extension - Code Execution
VMWare Fusion - Local Privilege Escalation

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

Netlink GPON Router 1.0.11 - Remote Code Execution

Windows\x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode (232 bytes)
 2020-03-19 05:01:49 +00:00
Offensive Security
cf92ea269e DB: 2020-02-25 
22 changes to exploits/shellcodes

Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)
Go SSH servers 0.0.2 - Denial of Service (PoC)
Android Binder - Use-After-Free (Metasploit)
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)

Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
Real Web Pentesting Tutorial Step by Step - [Persian]
AMSS++ v 4.31 - 'id' SQL Injection
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
AMSS++ 4.7 - Backdoor Admin Account
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
ATutor 2.2.4 - 'id' SQL Injection
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
eLection 2.0 - 'id' SQL Injection
DotNetNuke 9.5 - Persistent Cross-Site Scripting
DotNetNuke 9.5 - File Upload Restrictions Bypass
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
Cacti 1.2.8 - Remote Code Execution

Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
 2020-02-25 05:01:52 +00:00
Offensive Security
8cbf7883c1 DB: 2020-02-11 
11 changes to exploits/shellcodes

Dota 2 7.23f - Denial of Service (PoC)
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
Ricoh Driver - Privilege Escalation (Metasploit)
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting

Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
 2020-02-11 05:02:02 +00:00
Offensive Security
9f56865d3d DB: 2020-01-31 
3 changes to exploits/shellcodes

OpenSMTPD 6.6.2 - Remote Code Execution

rConfig 3.9.3 - Authenticated Remote Code Execution

Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
 2020-01-31 05:02:01 +00:00
Offensive Security
82e6691834 DB: 2020-01-23 
4 changes to exploits/shellcodes

KeePass 2.44 - Denial of Service (PoC)

Citrix XenMobile Server 10.8 - XML External Entity Injection

Windows/7 - Screen Lock Shellcode (9 bytes)
 2020-01-23 05:02:01 +00:00
Offensive Security
c7085a57b4 DB: 2020-01-09 
9 changes to exploits/shellcodes

Cisco DCNM JBoss 10.4 - Credential Leakage
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
ASTPP VoIP 4.0.1 - Remote Code Execution
JetBrains TeamCity 2018.2.4 - Remote Code Execution
Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting
Online Book Store 1.0 - Unauthenticated Remote Code Execution
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape
Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)

Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)
 2020-01-09 05:02:04 +00:00
Offensive Security
95c6eeab79 DB: 2020-01-07 
33 changes to exploits/shellcodes

NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
SpotIE 2.9.5 - 'Key' Denial of Service (PoC)
Dnss Domain Name Search Software - 'Key' Denial of Service (PoC)
BlueAuditor 1.7.2.0 - 'Name' Denial of Service (PoC)
ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service (PoC)
NetShareWatcher 1.5.8.0 - 'Key' Denial of Service (PoC)
Dnss Domain Name Search Software - 'Name' Denial of Service (PoC)
TextCrawler Pro3.1.1 - Denial of Service (PoC)
RemShutdown 2.9.0.0 - 'Key' Denial of Service (PoC)
Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service (PoC)
RemShutdown 2.9.0.0 - 'Name' Denial of Service (PoC)
NBMonitor 1.6.6.0 - 'Key' Denial of Service (PoC)
Office Product Key Finder 1.5.4 - Denial of Service (PoC)
SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service (PoC)
SpotMSN 2.4.6 - 'Name' Denial of Service (PoC)
SpotIM 2.2 - 'Name' Denial Of Service
FTPGetter Professional 5.97.0.223 -  Denial of Service (PoC)
Duplicate Cleaner Pro 4 - Denial of Service (PoC)
Microsoft Outlook VCF cards - Denial of Service (PoC)
Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path
Windows - Shell COM Server Registrar Local Privilege Escalation
Dairy Farm Shop Management System 1.0 - 'username' SQL Injection
Complaint Management System 4.0 - 'cid' SQL injection
IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting
Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)
Hostel Management System 2.0 - 'id' SQL Injection
elaniin CMS 1.0 - Authentication Bypass
Small CRM 2.0 - Authentication Bypass
Voyager 1.3.0 - Directory Traversal
Codoforum 4.8.3 - Persistent Cross-Site Scripting
Django < 3.0 < 2.2 < 1.11 - Account Hijack

Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)
 2020-01-07 05:02:07 +00:00
Offensive Security
b92604bb93 DB: 2019-12-18 
7 changes to exploits/shellcodes

D-Link DIR-615 Wireless Router  -  Persistent Cross-Site Scripting
Roxy Fileman 1.4.5 - Directory Traversal
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting
Netgear R6400 - Remote Code Execution
NopCommerce 4.2.0 -  Privilege Escalation

Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)
 2019-12-18 05:02:05 +00:00
Offensive Security
caad53ed8d DB: 2019-10-31 
6 changes to exploits/shellcodes

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
Ajenti 2.1.31 - Remote Code Exection (Metasploit)
Citrix StoreFront Server 7.15 - XML External Entity Injection
iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure

Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)
 2019-10-31 05:01:41 +00:00
Offensive Security
a464ad083a DB: 2019-10-23 
5 changes to exploits/shellcodes

winrar 5.80 - XML External Entity Injection
Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)
Moxa EDR-810 - Command Injection / Information Disclosure

Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
 2019-10-23 05:01:41 +00:00
Offensive Security
588067072a DB: 2019-10-17 
15 changes to exploits/shellcodes

sudo 1.8.28 - Security Bypass
sudo 1.2.27 - Security Bypass
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path
X.Org X Server 1.20.4 - Local Stack Overflow
LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
Solaris xscreensaver 11.4 - Privilege Escalation
Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path

Whatsapp 2.19.216 - Remote Code Execution
Accounts Accounting 7.02 - Persistent Cross-Site Scripting
CyberArk Password Vault 10.6 - Authentication Bypass

Linux/x86 -  Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
 2019-10-17 05:01:44 +00:00
Offensive Security
c4b3e48aea DB: 2019-10-11 
10 changes to exploits/shellcodes

Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit_ DEP Bypass)

freeFTP 1.0.8 - Remote Buffer Overflow
freeFTP 1.0.8 - 'PASS' Remote Buffer Overflow
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
TP-Link TL-WR1043ND 2 - Authentication Bypass

Linux/x86 -  Add User to /etc/passwd Shellcode (59 bytes)
 2019-10-11 05:01:46 +00:00
Offensive Security
54bc76dcfd DB: 2019-10-09 
3 changes to exploits/shellcodes

vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution
vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution
Zabbix 4.4 - Authentication Bypass
vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution

Linux/ARM - Fork Bomb Shellcode (20 bytes)
 2019-10-09 05:01:45 +00:00
Offensive Security
0486c1c8ad DB: 2019-10-05 
4 changes to exploits/shellcodes

Android - Binder Driver Use-After-Free

PHP 7.1 < 7.3 - disable_functions Bypass
PHP 7.1 < 7.3 - 'json serializer' Disable Functions Bypass
LabCollector 5.423 - SQL Injection
PHP 7.0 < 7.3 (Unix) - 'gc' Disable Functions Bypass

Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)
 2019-10-05 05:01:46 +00:00
Offensive Security
432e1efb44 DB: 2019-09-18 
1 changes to exploits/shellcodes

Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes)
 2019-09-18 05:02:14 +00:00
Offensive Security
835218237b DB: 2019-09-06 
2 changes to exploits/shellcodes

AwindInc SNMP Service - Command Injection (Metasploit)

Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
 2019-09-06 05:02:26 +00:00
Offensive Security
0a59eb70a8 DB: 2019-08-21 
3 changes to exploits/shellcodes

SilverSHielD 6.x - Local Privilege Escalation

WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery

Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes)
Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (129 bytes)
Linux/x86_64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (pass) Shellcode (120 bytes)

Linux/MIPS64 - Reverse (localhost:4444/TCP) Shell Shellcode (157 bytes)
 2019-08-21 05:02:32 +00:00
Offensive Security
c0ff0bbedd DB: 2019-08-20 
10 changes to exploits/shellcodes

RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service
Kimai 2 - Persistent Cross-Site Scripting
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
Neo Billing 3.5 - Persistent Cross-Site Scripting
Webmin 1.920 - Remote Code Execution
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection

Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes)
Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)
Linux/x86_64 - AVX2 XOR Decoder + execve(_/bin/sh_) Shellcode (62 bytes)
 2019-08-20 05:02:44 +00:00
Offensive Security
998fb1eeec DB: 2019-08-14 
6 changes to exploits/shellcodes

Steam Windows Client - Local Privilege Escalation
Agent Tesla Botnet - Arbitrary Code Execution
AZORult Botnet - SQL Injection

Linux/Tru64 alpha - execve(/bin/sh) Shellcode (108 bytes)
Linux/x86 - execve(_/bin/sh_) + tolower() Shellcode
Linux/x86 - Multiple In-Memory Modules (Prompt + Privilege Restore + Break­ Chroot Jail + Backdoor) + Signature Evasion Shellcode
 2019-08-14 05:02:24 +00:00
Offensive Security
2b7a0122f2 DB: 2019-08-02 
6 changes to exploits/shellcodes

Ultimate Loan Manager 2.0 - Cross-Site Scripting
WebIncorp ERP - SQL injection
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery

Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) Polymorphic Shellcode (53 bytes)
Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)
Linux/x86 - Force Reboot Shellcode (51 bytes)
 2019-08-02 05:02:24 +00:00
Offensive Security
852694f982 DB: 2019-07-30 
6 changes to exploits/shellcodes

Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)
WP Database Backup < 5.2 - Remote Code Execution (Metasploit)
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting
GigToDo 1.3 - Cross-Site Scripting

Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode
 2019-07-30 05:02:12 +00:00
Offensive Security
5c06a41d94 DB: 2019-07-24 
1 changes to exploits/shellcodes

Linux/x86_64 - Wget Linux Enumeration Script Shellcode (155 Bytes)
 2019-07-24 05:02:23 +00:00
Offensive Security
978c16266a DB: 2019-07-13 
9 changes to exploits/shellcodes

Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData

SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow
Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation

Xymon 4.3.25 - useradm Command Execution (Metasploit)
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
Sahi Pro 8.0.0 - Remote Command Execution
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution

Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)
 2019-07-13 05:02:17 +00:00
Offensive Security
1a13989f12 DB: 2019-07-04 
5 changes to exploits/shellcodes

Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)

Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)

AZADMIN CMS 1.0 - SQL Injection
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection

Symantec DLP 15.5 MP1 - Cross-Site Scripting

Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-04 05:01:54 +00:00
Offensive Security
4afcc04eda DB: 2019-07-02 
24 changes to exploits/shellcodes

Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
 2019-07-02 05:01:50 +00:00
Offensive Security
70484f5916 DB: 2019-06-29 
3 changes to exploits/shellcodes

LibreNMS 1.46 - 'addhost' Remote Code Execution

Windows/x86 - Start iexplore.exe Shellcode (191 Bytes)
Linux/x86 - chmod + execute + hide output via /usr/bin/wget Shellcode (129 bytes)
 2019-06-29 05:01:51 +00:00
Offensive Security
5632d13fea DB: 2019-06-28 
2 changes to exploits/shellcodes

Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
Linux/x86_64 - Reverse (0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
Linux/x86 - ASCII AND_ SUB_ PUSH_ POPAD Encoder Shellcode
Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe _c:\evil.exe_) Shellcode (210 Bytes)
 2019-06-28 05:01:52 +00:00