bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1727 commits 1 branch 0 tags 261 MiB
Commit graph

292 commits

Author SHA1 Message Date
Offensive Security
c6ebf8bc23 DB: 2018-12-19 
10 changes to exploits/shellcodes

VMware Fusion 2.0.5 - vmx86 kext Local Buffer Overflow (PoC)
Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write
AnyBurn 4.3 - Local Buffer Overflow Denial of Service
Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service
MegaPing - Local Buffer Overflow Denial of Service

Exim 4.41 - 'dns_build_reverse' Local
Exim 4.41 - 'dns_build_reverse' Local Buffer Overflow

Microsoft Jet Database - 'msjet40.dll' Reverse Shell (2)
Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2)

Microsoft Windows Server 2003 - Token Kidnapping Local
Microsoft Windows Server 2003 - Token Kidnapping Local Privilege Escalation

VMware Fusion 2.0.5 - vmx86 kext Local

Nsauditor 3.0.28.0 - Local SEH Buffer Overflow

Google Android 2.0 < 2.1 - Reverse Shell
Google Android 2.0 < 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222/TCP)

MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method

SDL Web Content Manager 8.5.0 - XML External Entity Injection
 2018-12-19 05:01:45 +00:00
Offensive Security
a9bfc525dd DB: 2018-12-18 
1 changes to exploits/shellcodes

GNU inetutils < 1.9.4 - 'telnet.c' Multiple Overflows (PoC)
 2018-12-18 05:01:47 +00:00
Offensive Security
e3c06fe0f7 DB: 2018-12-15 
16 changes to exploits/shellcodes

Angry IP Scanner 3.5.3 - Denial of Service (PoC)
UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC)

Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)
Cisco RV110W - Password Disclosure / Command Execution
Safari - Proxy Object Type Confusion (Metasploit)

Adminer 4.3.1 - Server-Side Request Forgery
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)
Huawei Router HG532e - Command Execution
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
Double Your Bitcoin Script Automatic - Authentication Bypass
 2018-12-15 05:01:46 +00:00
Offensive Security
04a490a7c2 DB: 2018-12-14 
3 changes to exploits/shellcodes

Linux - 'userfaultfd' Bypasses tmpfs File Permissions
WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains

CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
 2018-12-14 05:01:46 +00:00
Offensive Security
25e5c32779 DB: 2018-12-13 
2 changes to exploits/shellcodes

Xlight FTP Server 1.25/1.41 - 'PASS'  Remote Buffer Overflow
Xlight FTP Server 1.25/1.41 - 'PASS' Remote Buffer Overflow

HP Printer FTP Print Server 2.4.5 - 'LIST'  Buffer Overflow
HP Printer FTP Print Server 2.4.5 - 'LIST' Buffer Overflow

Qbik WinGate 6.2.2 - 'LIST'  Remote Denial of Service
Qbik WinGate 6.2.2 - 'LIST' Remote Denial of Service

Quick 'n Easy FTP Server 3.9.1 - 'USER'  Remote Buffer Overflow
Quick 'n Easy FTP Server 3.9.1 - 'USER' Remote Buffer Overflow

Linux Kernel - 'AF_PACKET' Use-After-Free
Linux Kernel - 'AF_PACKET' Use-After-Free (2)

Linux Kernel - 'AF_PACKET' Use-After-Free
Linux Kernel - 'AF_PACKET' Use-After-Free (1)

WebRTC - VP9 Frame Processing  Out-of-Bounds Memory Access
WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access

Oracle VirtualBox Manager 5.2.18 r124319  - 'Name Attribute' Denial of Service (PoC)
Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)

Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation
Systrace 1.x (Linux Kernel  x64) - Aware Local Privilege Escalation

PonyOS 3.0 - TTY 'ioctl()' Local Kernel
PonyOS 3.0 - TTY 'ioctl()' Kernel Local Privilege Escalation

Microsoft Windows 10  (Build 1703  Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
Microsoft Windows 10 (Build 1703 Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation

Linux Kernel <  4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation
Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation

Linux Kernel  4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

Microsoft Windows - JPEG GDI+ All-in-One Bind/Reverse/Admin/FileDownload
Microsoft Windows - JPEG GDI+ Bind/Reverse/Admin/File Download

Golden FTP Server 4.70 - 'PASS'  Buffer Overflow
Golden FTP Server 4.70 - 'PASS' Buffer Overflow

EasyFTP Server 1.7.0.11 - 'LIST'  Stack Buffer Overflow (Metasploit)
EasyFTP Server 1.7.0.11 - 'LIST' Stack Buffer Overflow (Metasploit)

Actfax FTP Server 4.27 - 'USER'  Stack Buffer Overflow (Metasploit)
Actfax FTP Server 4.27 - 'USER' Stack Buffer Overflow (Metasploit)

Sami FTP Server 2.0.1 - 'LIST'  Buffer Overflow
Sami FTP Server 2.0.1 - 'LIST' Buffer Overflow

Sami FTP Server - 'LIST'  Buffer Overflow (Metasploit)
Sami FTP Server - 'LIST' Buffer Overflow (Metasploit)
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (2)
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)

IGSuite 3.2.4 - Reverse Shell Blind SQL Injection
IGSuite 3.2.4 - Reverse Shell / Blind SQL Injection

Sitemakin SLAC 1.0 -  'my_item_search' SQL Injection
Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection

Dolibarr ERP/CRM  < 7.0.3 - PHP Code Injection
Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection

MTGAS  MOGG Web Simulator Script - SQL Injection
MTGAS MOGG Web Simulator Script - SQL Injection

Tourism Website Blog - Remote Code Execution / SQL Injection
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution

Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
Linux/x86 - Bind (1337/TCP) Ncat (/usr/bin/ncat) Shell (/bin/bash) + Null-Free Shellcode (95 bytes)
 2018-12-13 05:01:45 +00:00
Offensive Security
a07949d1c7 DB: 2018-12-12 
21 changes to exploits/shellcodes

SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation

DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting

Tourism Website Blog - Remote Code Execution / SQL Injection
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
PrestaShop 1.6.x/1.7.x - Remote Code Execution
DomainMOD 4.11.01 - Cross-Site Scripting
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion
TP-Link wireless router Archer C1200 - Cross-Site Scripting
Huawei B315s-22 - Information Leak
ZTE ZXHN H168N - Improper Access Restrictions
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting
Apache OFBiz 16.11.05 - Cross-Site Scripting
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
Adobe ColdFusion 2018 - Arbitrary File Upload

Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
 2018-12-12 05:01:43 +00:00
Offensive Security
9bd9fb0da3 DB: 2018-12-11 
2 changes to exploits/shellcodes

Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting
DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting
DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
 2018-12-11 05:01:44 +00:00
Offensive Security
c49a1520f1 DB: 2018-12-10 
4 changes to exploits/shellcodes

Textpad 8.1.2 - Denial Of Service (PoC)
i-doit CMDB 1.11.2 - Remote Code Execution
Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting
DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
 2018-12-10 05:01:40 +00:00
Offensive Security
516678356d DB: 2018-12-06 
2 changes to exploits/shellcodes

ImageMagick - Memory Leak
Apache Superset 0.23 - Remote Code Execution
Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
Apache Superset < 0.23 - Remote Code Execution
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting

HasanMWB 1.0 - SQL Injection
 2018-12-06 05:01:45 +00:00
Offensive Security
60710bbfd9 DB: 2018-12-05 
19 changes to exploits/shellcodes

Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
Wireshark - 'find_signature' Heap Out-of-Bounds Read
Xorg X11 Server (AIX) - Local Privilege Escalation
Emacs - movemail Privilege Escalation (Metasploit)
OpenSSH < 7.7 - User Enumeration (2)
HP Intelligent Management - Java Deserialization RCE (Metasploit)
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
KeyBase Botnet 1.5 - SQL Injection
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting

Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
 2018-12-05 05:01:44 +00:00
Offensive Security
0a4925cc93 DB: 2018-12-04 
10 changes to exploits/shellcodes

Mozilla Firefox 63.0.1 - Denial of Service (PoC)
Budabot 4.0 - Denial of Service (PoC)

CyberArk 9.7 - Memory Disclosure
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
Apache Superset 0.23 - Remote Code Execution
Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
 2018-12-04 05:01:48 +00:00
Offensive Security
7cc86c322f DB: 2018-12-01 
8 changes to exploits/shellcodes

Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
VBScript - 'rtFilter' Out-of-Bounds Read
HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation

Apache Spark - Unauthenticated Command Execution (Metasploit)
Schneider Electric PLC - Session Calculation Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
 2018-12-01 05:01:40 +00:00
Offensive Security
62445895aa DB: 2018-11-30 
8 changes to exploits/shellcodes

WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object
Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit)
Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
PHP imap_open - Remote Code Execution (Metasploit)
TeamCity Agent - XML-RPC Command Execution (Metasploit)
 2018-11-30 05:01:41 +00:00
Offensive Security
dfd1e454e1 DB: 2018-11-28 
10 changes to exploits/shellcodes

MariaDB Client 10.1.26 - Denial of Service (PoC)
Arm Whois 3.11 - Buffer Overflow (ASLR)
Xorg X11 Server - SUID privilege escalation (Metasploit)
ELBA5 5.8.0 - Remote Code Execution
Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
Ticketly 1.0 - 'kind_id' SQL Injection
No-Cms 1.0 - 'order_by' SQL Injection
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
 2018-11-28 11:08:29 +00:00
Offensive Security
7967efda82 DB: 2018-11-22 
4 changes to exploits/shellcodes

macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)
Apple macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)
Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)
Ticketly 1.0 - 'name' SQL Injection
WordPress CherryFramework Themes 3.1.4 - Backup File Download
WebOfisi E-Ticaret V4 - 'urun' SQL Injection
 2018-11-22 05:01:42 +00:00
Offensive Security
e3299ef341 DB: 2018-11-21 
4 changes to exploits/shellcodes

macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)

Qpopper 4.0.x - poppassd Privilege Escalation
Qpopper 4.0.x - 'poppassd' Privilege Escalation

HP-UX 11.0/11.11 - swxxx Privilege Escalation
HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation

ABRT - raceabrt Privilege Escalation(Metasploit)
ABRT - 'raceabrt' Privilege Escalation (Metasploit)
ImageMagick - Memory Leak
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation

Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Simple E-Document 1.31 - 'username' SQL Injection
2-Plan Team 1.0.4 - Arbitrary File Upload
PHP Mass Mail 1.0 - Arbitrary File Upload
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
Helpdezk 1.1.1 - Arbitrary File Upload
DomainMOD 4.11.01 - Cross-Site Scripting
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Simple E-Document 1.31 - 'username' SQL Injection
2-Plan Team 1.0.4 - Arbitrary File Upload
PHP Mass Mail 1.0 - Arbitrary File Upload
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
Helpdezk 1.1.1 - Arbitrary File Upload
DomainMOD 4.11.01 - Cross-Site Scripting
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)
 2018-11-21 05:01:38 +00:00
Offensive Security
dcc75fdf49 DB: 2018-11-20 
3 changes to exploits/shellcodes

XMPlay 3.8.3 - '.m3u' Denial of Service (PoC)
Microsoft Edge Chakra - OP_Memset Type Confusion

HTML Video Player 1.2.5 - Buffer-Overflow (SEH)
 2018-11-20 05:01:39 +00:00
Offensive Security
9496a4320a DB: 2018-11-18 
4 changes to exploits/shellcodes

systemd - reexec State Injection
systemd - chown_one() can Dereference Symlinks
systemd - 'reexec' State Injection

Centos 7.1 / Fedora 22 - abrt Privilege Escalation
abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation

Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download
Google Chrome (Fedora 25 / Ubuntu 16.04) - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download

glibc - 'getcwd()' Local Privilege Escalation
glibc < 2.26 - 'getcwd()' Local Privilege Escalation

Linux Kernel <  4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation
Linux Kernel <  4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation

systemd - 'chown_one()' Dereference Symlinks

SilverStripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - (Multiple Vulnerabilities) Cross-Site Scripting / Cross-Site Request Forgery

EditMe CMS - Cross-Site Request Forgery (Add New Admin)
EditMe CMS - Cross-Site Request Forgery (Add Admin)

Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure
WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure

WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User)
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)

Drupal < 7.58 - 'drupalgeddon3' (Authenticated) Remote Code Execution (PoC)
Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)

IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)

KingMedia 4.1 - Remote Code Execution
KingMedia 4.1 - File Upload

CMS Made Simple 2.2.7 - Remote Code Execution
CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution

LibreHealth 2.0.0 - Arbitrary File Actions
LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
 2018-11-18 05:01:40 +00:00
Offensive Security
5643770257 DB: 2018-11-17 
6 changes to exploits/shellcodes

Mumsoft Easy Software 2.0 - Denial of Service (PoC)
Easy Outlook Express Recovery 2.0 - Denial of Service (PoC)

Linux - Broken uid/gid Mapping for Nested User Namespaces

Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
Helpdezk 1.1.1 - Arbitrary File Upload
DomainMOD 4.11.01 - Cross-Site Scripting
 2018-11-17 05:01:40 +00:00
Offensive Security
268e737bb6 DB: 2018-11-16 
21 changes to exploits/shellcodes

Notepad3 1.0.2.350 - Denial of Service (PoC)

PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / Disable Functions Bypass

PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass
PHP 5.2.4 ionCube - 'ioncube_read_file' Safe Mode / Disable Functions Bypass

PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass
PHP 5.x COM - Safe Mode / Disable Functions Bypass

VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation
VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation

Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation
Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation

Libuser - 'roothelper' Privilege Escalation (Metasploit)
Libuser - 'roothelper' Local Privilege Escalation (Metasploit)

Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)
Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)

Sun Solaris 11.3 AVS - Local Kernel root Exploit
Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation
PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass
Webkit (Safari) - Universal Cross-site Scripting
Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting

PHP < 5.6.2 - 'Shellshock' 'disable_functions()' Bypass Command Injection
PHP < 5.6.2 - 'Shellshock' Safe Mode / Disable Functions Bypass / Command Injection

PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function
PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' Disable Functions Bypass / Load Dynamic Library

PHP Imagick 3.3.0 - disable_functions Bypass
Imagick 3.3.0 (PHP 5.4) - Disable Functions Bypass
Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)
PHP-Proxy 5.1.0 - Local File Inclusion
BitZoom 1.0 - 'rollno' SQL Injection
Net-Billetterie 2.9 - 'login' SQL Injection
Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection
EverSync 0.5 - Arbitrary File Download
Meneame English Pligg 5.8 - 'search' SQL Injection
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Simple E-Document 1.31 - 'username' SQL Injection
2-Plan Team 1.0.4 - Arbitrary File Upload
PHP Mass Mail 1.0 - Arbitrary File Upload
Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
 2018-11-16 05:01:40 +00:00
Offensive Security
1d25aee539 DB: 2018-11-15 
15 changes to exploits/shellcodes

AMPPS 2.7 - Denial of Service (PoC)
Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)
ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)
SwitchVPN for macOS 2.1012.03 - Privilege Escalation

Atlassian Jira - Authenticated Upload Code Execution (Metasploit)
iServiceOnline 1.0 - 'r' SQL Injection
Helpdezk 1.1.1 - 'query' SQL Injection
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
EdTv 2 - 'id' SQL Injection
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
Advanced Comment System 1.0 - SQL Injection
Rmedia SMS 1.0 - SQL Injection
Pedidos 1.0 - SQL Injection
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
 2018-11-15 05:01:40 +00:00
Offensive Security
3a7153b2ac DB: 2018-11-14 
24 changes to exploits/shellcodes

CuteFTP Mac 3.1 - Denial of Service (PoC)
Evince 3.24.0 - Command Injection
Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service
XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
xorg-x11-server < 1.20.1 - Local Privilege Escalation

Data Center Audit 2.6.2 - 'username' SQL Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection

Nominas 0.27 - 'username' SQL Injection
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
Surreal ToDo 0.6.1.2 - SQL Injection
Surreal ToDo 0.6.1.2 - Local File Inclusion
Alienor Web Libre 2.0 - SQL Injection
Musicco 2.0.0 - Arbitrary Directory Download
Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin)
Tina4 Stack 1.0.3 - SQL Injection / Database File Download
Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)
Easyndexer 1.0 - Arbitrary File Download
ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)
Gumbo CMS 0.99 - SQL Injection
Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload
Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download
Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
Webiness Inventory 2.3 - SQL Injection
SIPve 0.0.2-R19 - SQL Injection

Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)
 2018-11-14 05:01:43 +00:00
Offensive Security
3a6748b9d9 DB: 2018-11-13 
15 changes to exploits/shellcodes

HeidiSQL 9.5.0.5196 - Denial of Service (PoC)
CuteFTP 9.3.0.3 - Denial of Service (PoC)
Mongoose Web Server 6.9 - Denial of Service (PoC)
Data Center Audit 2.6.2 - 'username' SQL Injection
TufinOS 2.17 Build 1193 - XML External Entity Injection
Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)
The Don 1.0.1 - 'login' SQL Injection
Facturation System 1.0 - 'modid' SQL Injection
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
GPS Tracking System 2.12 - 'username' SQL Injection
ServerZilla 1.0 - 'email' SQL Injection
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
Nominas 0.27 - 'username' SQL Injection
 2018-11-13 05:01:42 +00:00
Offensive Security
925e6e0629 DB: 2018-11-10 
2 changes to exploits/shellcodes

Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)
Microsoft Windows 10 (x86/x64) - WLAN AutoConfig Denial of Service (PoC)
Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation
Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation

openslp 2.0.0 - Double-Free
OpenSLP 2.0.0 - Double-Free

Windows Speech Recognition - Buffer Overflow (PoC)
Microsoft Windows Speech Recognition - Buffer Overflow (PoC)

Microsoft Windows Utility Manager - Local SYSTEM (MS04-011)
Microsoft Windows Utility Manager - Local Privilege Escalation (MS04-011)

Windows Firewall Control - Unquoted Service Path Privilege Escalation
Microsoft Windows Firewall Control - Unquoted Service Path Privilege Escalation

Windows DVD Maker 6.1.7 - XML External Entity Injection
Microsoft Windows DVD Maker 6.1.7 - XML External Entity Injection

Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)

Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
Microsoft Windows 10  (Build 1703  Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation

Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation
Microsoft Windows Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation

Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation
Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation

Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
Microsoft Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
OpenSLP 2.0.0 - Multiple Vulnerabilities
Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)
 2018-11-10 05:01:40 +00:00
Offensive Security
2ab2c94376 DB: 2018-11-08 
1 changes to exploits/shellcodes

Grocery crud 1.6.1 - 'search_field' SQL Injection
OOP CMS BLOG 1.0 - 'search' SQL Injection
OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
LibreHealth 2.0.0 - Arbitrary File Actions
Grocery crud 1.6.1 - 'search_field' SQL Injection
OOP CMS BLOG 1.0 - 'search' SQL Injection
OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
LibreHealth 2.0.0 - Arbitrary File Actions
PlayJoom 0.10.1 - 'catid' SQL Injection
 2018-11-08 05:01:45 +00:00
Offensive Security
11366ca935 DB: 2018-11-07 
18 changes to exploits/shellcodes

FaceTime - RTP Video Processing Heap Corruption
FaceTime - 'readSPSandGetDecoderParams' Stack Corruption
FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption
Blue Server 1.1 - Denial of Service (PoC)
eToolz 3.4.8.0 - Denial of Service (PoC)
VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)
Arm Whois 3.11 - Buffer Overflow (SEH)
libiec61850 1.3 - Stack Based Buffer Overflow
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)

PHP Proxy 3.0.3 - Local File Inclusion

Voovi Social Networking Script 1.0 - 'user' SQL Injection
CMS Made Simple 2.2.7 - Remote Code Execution
OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)
Grocery crud 1.6.1 - 'search_field' SQL Injection
OOP CMS BLOG 1.0 - 'search' SQL Injection
OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
LibreHealth 2.0.0 - Arbitrary File Actions
 2018-11-07 05:01:44 +00:00
Offensive Security
363500a603 DB: 2018-11-06 
13 changes to exploits/shellcodes

Softros LAN Messenger 9.2 - Denial of Service (PoC)
Microsoft Internet Explorer 11 - Null Pointer Dereference
LiquidVPN 1.36 / 1.37 - Privilege Escalation
Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
SiAdmin 1.1 - 'id' SQL Injection
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
WebVet 0.1a - 'id' SQL Injection
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
Mongo Web Admin 6.0 - Information Disclosure
PHP Proxy 3.0.3 - Local File Inclusion
Royal TS/X - Information Disclosure
Voovi Social Networking Script 1.0 - 'user' SQL Injection
 2018-11-06 05:01:40 +00:00
Offensive Security
b786988389 DB: 2018-11-03 
9 changes to exploits/shellcodes

WinMTR 0.91 - Denial of Service (PoC)
CdCatalog 2.3.1 - Denial of Service (PoC)
Zint Barcode Generator 2.6 - Denial of Service (PoC)

Anviz AIM CrossChex Standard 4.3 - CSV Injection
Fantastic Blog CMS 1.0 - 'id' SQL Injection
Jelastic 5.4 - 'host' SQL Injection
Gate Pass Management System 2.1 - 'login' SQL Injection
qdPM 9.1 - 'filter_by' SQL Injection
Yot CMS 3.3.1 - 'aid' SQL Injection
 2018-11-03 05:01:48 +00:00
Offensive Security
3cce70ac56 DB: 2018-11-02 
3 changes to exploits/shellcodes

Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)
WebDrive 18.00.5057 - Denial of Service (PoC)
Arm Whois 3.11 - Denial of Service (PoC)
 2018-11-02 05:01:46 +00:00
Offensive Security
fb45f84056 DB: 2018-11-01 
2 changes to exploits/shellcodes

SmartFTP Client 9.0.2615.0 - Denial of Service (PoC)

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
 2018-11-01 05:01:53 +00:00
Offensive Security
ef70ec156b DB: 2018-10-31 
22 changes to exploits/shellcodes

ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
SIPp 3.3.990 - Local Buffer Overflow (PoC)
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
xorg-x11-server 1.20.3 - Privilege Escalation
Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)

Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
Electricks eCommerce 1.0 - 'prodid' SQL Injection
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
Webiness Inventory 2.9 - Arbitrary File Upload
NETGEAR WiFi Router R6120 - Credential Disclosure
MyBB Downloads 2.0.3 - SQL Injection
Expense Management 1.0 - Arbitrary File Upload
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
Notes Manager 1.0 - Arbitrary File Upload
Instagram Clone 1.0 - Arbitrary File Upload
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
CI User Login and Management 1.0 - Arbitrary File Upload

Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)
 2018-10-31 05:01:53 +00:00
Offensive Security
15b77b5965 DB: 2018-10-30 
33 changes to exploits/shellcodes

Navicat 12.0.29 - 'SSH' Denial of Service (PoC)
AlienIP 2.41 - Denial of Service (PoC)
Local Server 1.0.9 - Denial of Service (PoC)
systemd - reexec State Injection
systemd - chown_one() can Dereference Symlinks
ASRock Drivers - Privilege Escalation
Modbus Slave 7.0.0 - Denial of Service (PoC)
School Equipment Monitoring System 1.0 - 'login' SQL Injection
Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)

Paramiko 2.4.1 - Authentication Bypass
Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection
Grapixel New Media 2 - 'pageref' SQL Injection
Library Management System 1.0 - 'frmListBooks' SQL Injection
Open Faculty Evaluation System 7 - 'batch_name' SQL Injection
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
MTGAS  MOGG Web Simulator Script - SQL Injection
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
Curriculum Evaluation System 1.0 - SQL Injection
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection
School Event Management System 1.0 - SQL Injection
School Event Management System 1.0 - Arbitrary File Upload
School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
School Attendance Monitoring System 1.0 - Arbitrary File Upload
School Attendance Monitoring System 1.0 - SQL Injection
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
RhinOS CMS 3.x - Arbitrary File Download
E-Negosyo System 1.0 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)
SaltOS Erp Crm 3.1 r8126 - Database File Download
K-iwi Framework 1775 - SQL Injection
 2018-10-30 05:01:46 +00:00
Offensive Security
bbbf700308 DB: 2018-10-27 
5 changes to exploits/shellcodes

xorg-x11-server < 1.20.3 - Local Privilege Escalation
Quick Count 2.0 - 'txtInstID' SQL Injection
MPS Box 0.1.8.0 - Arbitrary File Upload
Delta Sql 1.8.2 - 'id' SQL Injection
Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
 2018-10-27 05:01:46 +00:00
Offensive Security
832a222df4 DB: 2018-10-26 
21 changes to exploits/shellcodes

ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)
BORGChat 1.0.0 build 438 - Denial of Service (PoC)

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
Adult Filter 1.0 - Buffer Overflow (SEH)
WebEx - Local Service Permissions Exploit (Metasploit)

exim 4.90 - Remote Code Execution
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
exim 4.90 - Remote Code Execution
WebExec - Authenticated User Code Execution (Metasploit)

ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
phptpoint Pharmacy Management System 1.0 - 'username' SQL injection
phptpoint Hospital Management System 1.0 - 'user' SQL injection
Simple Chat System 1.0 - 'id' SQL Injection
Delta Sql 1.8.2 - Arbitrary File Upload
User Management 1.1 - Cross-Site Scripting
ClipBucket 2.8 - 'id' SQL Injection
Simple POS and Inventory 1.0 - 'cat' SQL Injection
AiOPMSD Final 1.0.0 - 'q' SQL Injection
AjentiCP 1.2.23.13 - Cross-Site Scripting
MPS Box 0.1.8.0 - 'uuid' SQL Injection
Open STA Manager 2.3 - Arbitrary File Download
 2018-10-26 05:01:46 +00:00
Offensive Security
dac8dd4731 DB: 2018-10-25 
15 changes to exploits/shellcodes

Adult Filter 1.0 - Denial of Service (PoC)

Microsoft Data Sharing - Local Privilege Escalation (PoC)

Webmin 1.5 - Web Brute Force (CGI)

exim 4.90 - Remote Code Execution
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
SG ERP 1.0 - 'info' SQL Injection
Fifa Master XLS 2.3.2 - 'usw' SQL Injection
Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
Apache OFBiz 16.11.04 - XML External Entity Injection
D-Link Routers - Command Injection
D-Link Routers - Plaintext Password
D-Link Routers - Directory Traversal

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes
 2018-10-25 05:01:46 +00:00
Offensive Security
4f60a3d8f2 DB: 2018-10-24 
9 changes to exploits/shellcodes

AudaCity 2.3 - Denial of Service (PoC)
Audacity 2.3 - Denial of Service (PoC)

ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)

Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass)
Appsource School Management System 1.0 - 'student_id' SQL Injection
SIM-PKH 2.4.1 - Arbitrary File Upload
ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
School ERP Pro+Responsive 1.0 - Arbitrary File Download
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
SIM-PKH 2.4.1 - 'id' SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
 2018-10-24 05:02:04 +00:00
Offensive Security
defa138d04 DB: 2018-10-23 
17 changes to exploits/shellcodes

Modbus Poll 7.2.2 - Denial of Service (PoC)
AudaCity 2.3 - Denial of Service (PoC)
Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking
Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas

Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)

Countly - Persistent Cross-Site Scripting
Countly - Cross-Site Scripting
MySQL Edit Table 1.0 - 'id' SQL Injection
School ERP Ultimate 2018 - Arbitrary File Download
Oracle Siebel CRM 8.1.1 - CSV Injection
The Open ISES Project 3.30A - 'tick_lat' SQL Injection
School ERP Ultimate 2018 - 'fid' SQL Injection
eNdonesia Portal 8.7 - 'artid' SQL Injection
The Open ISES Project 3.30A - Arbitrary File Download
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
 2018-10-23 05:01:48 +00:00
Offensive Security
60464134cb DB: 2018-10-20 
1 changes to exploits/shellcodes

libSSH - Authentication Bypass

PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin)
PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)
 2018-10-20 05:01:44 +00:00
Offensive Security
fa0fe9b6cf DB: 2018-10-19 
3 changes to exploits/shellcodes

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
HaPe PKH 1.1 - 'id' SQL Injection
LUYA CMS 1.0.12 - Cross-Site Scripting
Phoenix Contact WebVisit 2985725 - Authentication Bypass
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
CAMALEON CMS 2.4 - Cross-Site Scripting
HaPe PKH 1.1 - Arbitrary File Upload
SugarCRM 6.5.26 - Cross-Site Scripting
HaPe PKH 1.1 - 'id' SQL Injection
LUYA CMS 1.0.12 - Cross-Site Scripting
Phoenix Contact WebVisit 2985725 - Authentication Bypass
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
CAMALEON CMS 2.4 - Cross-Site Scripting
HaPe PKH 1.1 - Arbitrary File Upload
SugarCRM 6.5.26 - Cross-Site Scripting

Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
AlchemyCMS 4.1 - Cross-Site Scripting
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
AlchemyCMS 4.1 - Cross-Site Scripting

College Notes Management System 1.0 - 'user' SQL Injection
Academic Timetable Final Build 7.0 - Information Disclosure
KORA 2.7.0 - 'cid' SQL Injection
HotelDruid 2.2.4 - 'anno' SQL Injection
Navigate CMS 2.8.5 - Arbitrary File Download
Library CMS 2.1.1 - Cross-Site Scripting
Kados R10 GreenBee - 'release_id' SQL Injection
Vishesh Auto Index 3.1 - 'fid' SQL Injection
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
Academic Timetable Final Build 7.0 - Information Disclosure
KORA 2.7.0 - 'cid' SQL Injection
HotelDruid 2.2.4 - 'anno' SQL Injection
Navigate CMS 2.8.5 - Arbitrary File Download
Library CMS 2.1.1 - Cross-Site Scripting
Kados R10 GreenBee - 'release_id' SQL Injection
Vishesh Auto Index 3.1 - 'fid' SQL Injection
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection

BigTree CMS 4.2.23 - Cross-Site Scripting
Learning with Texts 1.6.2 - 'start' SQL Injection
PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin)
OwnTicket 1.0 - 'TicketID' SQL Injection
 2018-10-19 05:01:47 +00:00
Offensive Security
635345499a DB: 2018-10-18 
15 changes to exploits/shellcodes

Git Submodule - Arbitrary Code Execution
Git Submodule - Arbitrary Code Execution (PoC)
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
Git Submodule - Arbitrary Code Execution

Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)

Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials
BigTree CMS 4.2.23 - Cross-Site Scripting
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
Time and Expense Management System 3.0 - 'table' SQL Injection
 2018-10-18 05:01:46 +00:00
Offensive Security
712d629b6b DB: 2018-10-17 
13 changes to exploits/shellcodes

Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
VLC Media Player - MKV Use-After-Free (Metasploit)
HotelDruid 2.2.4 - 'anno' SQL Injection
Navigate CMS 2.8.5 - Arbitrary File Download
Library CMS 2.1.1 - Cross-Site Scripting
Kados R10 GreenBee - 'release_id' SQL Injection
Vishesh Auto Index 3.1 - 'fid' SQL Injection
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
 2018-10-17 05:01:42 +00:00
Offensive Security
731dd0f423 DB: 2018-10-16 
22 changes to exploits/shellcodes

Snes9K 0.0.9z - Buffer Overflow (SEH)

NoMachine < 5.3.27 - Remote Code Execution

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
FLIR Brickstream 3D+ - RTSP Stream Disclosure
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure

CAMALEON CMS 2.4 - Cross-Site Scripting
Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
AlchemyCMS 4.1 - Cross-Site Scripting
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
College Notes Management System 1.0 - 'user' SQL Injection
Advanced HRM 1.6 - Remote Code Execution
Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
Academic Timetable Final Build 7.0 - Information Disclosure
KORA 2.7.0 - 'cid' SQL Injection
 2018-10-16 05:01:45 +00:00
Offensive Security
9d143a6b42 DB: 2018-10-13 
22 changes to exploits/shellcodes

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection
Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection
Wikidforum 2.20 - Cross-Site Scripting
WAGO 750-881 01.09.18 - Cross-Site Scripting
E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
Phoenix Contact WebVisit 6.40.00 - Password Disclosure
HaPe PKH 1.1 - 'id' SQL Injection
LUYA CMS 1.0.12 - Cross-Site Scripting
Phoenix Contact WebVisit 2985725 - Authentication Bypass
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
CAMALEON CMS 2.4 - Cross-Site Scripting
HaPe PKH 1.1 - Arbitrary File Upload
SugarCRM 6.5.26 - Cross-Site Scripting
FluxBB < 1.5.6 - SQL Injection
 2018-10-13 05:01:46 +00:00
Offensive Security
038ac7b860 DB: 2018-10-11 
4 changes to exploits/shellcodes

FileZilla 3.33 - Buffer Overflow (PoC)

WhatsApp - RTP Processing Heap Corruption

MicroTik RouterOS < 6.43rc3 - Remote Root

Ektron CMS 9.20 SP2 - Improper Access Restrictions
 2018-10-11 05:01:43 +00:00
Offensive Security
6fe17058fb DB: 2018-10-10 
15 changes to exploits/shellcodes

Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass
Microsoft Edge Chakra JIT - Type Confusion

Seqrite End Point Security 7.4 - Privilege Escalation

Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass)

360 3.5.0.1033 - Sandbox Escape
ghostscript - executeonly Bypass with errorhandler Setup
ifwatchd - Privilege Escalation (Metasploit)

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit)

Wikidforum 2.20 - 'select_sort' SQL Injection

Wikidforum 2.20 - 'message_id' SQL Injection

Monstra 3.0.4 - Cross-Site Scripting
 2018-10-10 05:01:44 +00:00
Offensive Security
b311000a22 DB: 2018-10-09 
16 changes to exploits/shellcodes

net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC)
net-snmp 5.7.3 - Authenticated Denial of Service (PoC)
Linux - Kernel Pointer Leak via BPF
Android - sdcardfs Changes current->fs Without Proper Locking
360 3.5.0.1033 - Sandbox Escape
Git Submodule - Arbitrary Code Execution
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)
Cisco Prime Infrastructure - Unauthenticated Remote Code Execution
Unitrends UEB - HTTP API Remote Code Execution (Metasploit)
Navigate CMS - Unauthenticated Remote Code Execution (Metasploit)
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
Imperva SecureSphere 13 - Remote Command Execution

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
 2018-10-09 05:01:44 +00:00
Offensive Security
b602c2f493 DB: 2018-10-07 
2 changes to exploits/shellcodes

Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure
 2018-10-07 05:02:05 +00:00
Offensive Security
21717894fe DB: 2018-10-06 
4 changes to exploits/shellcodes

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR & DEP Bypass)

NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR)
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities
ISPConfig < 3.1.13 - Remote Command Execution
Chamilo LMS 1.11.8 - Cross-Site Scripting

Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)
Linux/x86 - execve(/bin/sh) + ROT-N/Shift-N/XOR-N Encoded Shellcode (77 bytes)

Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)
Linux/x86 - execve(/bin/sh) + ROT-13/RShift-2/XOR Encoded Shellcode (44 bytes)

Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (50 byes)
Linux/x86 - execve(/bin/sh) + NOT/SHIFT-N/XOR-N Encoded Shellcode (50 byes)
 2018-10-06 05:01:59 +00:00
Offensive Security
89530e070b DB: 2018-10-05 
5 changes to exploits/shellcodes

virtualenv 16.0.0 - Sandbox Escape
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR)

LayerBB Forum 1.1.1 - 'search_query' SQL Injection

Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (50 byes)
 2018-10-05 05:02:07 +00:00
Offensive Security
05328d91a4 DB: 2018-10-04 
5 changes to exploits/shellcodes

FTP Voyager 16.2.0 - Denial of Service (PoC)

OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
Zechat 1.5 - 'uname' SQL Injection
Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection
Airties AIR5342 1.0.0.18 - Cross-Site Scripting
RICOH MP C1803 JPN Printer - Cross-Site Scripting
 2018-10-04 05:01:54 +00:00